Epiphany Srl (“Epiphany”), Via degli Ammirati 6 – 73100 Lecce (LE), P.IVA 04145270759 (hereinafter “Company”).
1 – DATA PROCESSING PURPOSES
1.1 – Contractual purposes: purchasing our products in our retail shop, surfing web pages and use the services of the website www.epiphanysociety.com (“Website”).
1.2 – Marketing purposes: sending, with automated methods of contact (such as sms, mms and e-mail) and traditional (such as phone calls with operator and traditional mail), promotional and commercial communications relating to services / products offered by the Company or reporting of corporate events, as well as realization market studies and statistical analysis.
1.3 – Profiling purposes: analysis of your preferences, habits, behaviors or interests in order to send you personalized commercial communications.
1.4 – Legal Obligations: fulfill obligations under regulations and applicable national and supranational legislation.
1.5 – Newsletter: if requested by registration with this service.
1.6 – Data Controller rights: if necessary, to ascertain, exercise or defend the rights of the controller in court.
1.7 – Out-of-court debt recovery: in order to allow the Company to recover its credits without having recourse to a judicial authority.
1.8 – Website operations: the computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified, but by their very nature could, through processing and association with data held by the Company or third parties, allow users to be identified on the Website.
2 – LEGAL BASIS FOR DATA PROCESSING
2.1 – Contractual purposes: execution of a contract of which you are a part, or for the booking and purchase of products and services of the Website.
2.2 – Marketing and profiling purposes: consent (optional and revocable at any time).
2.3 – Legal Obligations: fulfill legal obligations.
2.4 – Newsletter: execution of a contract of which you are a part, subscribing newsletter service.
2.5 – Data Controller rights and Out-of-court debt recovery: legitimate interest.
3 – DATA RETENTION PERIOD
3.1 – Contractual purposes, Legal Obligations and Newsletter: Contractual duration and, after termination, for the ordinary limitation period of 10 years.3.2 – Marketing and profiling purposes: until the withdrawal of consent for these purposes. The only data relating to the details of the purchases will be kept for 24 months, the terms provided by the provision of the Italian data protection authority (Garante Privacy) of February 24, 2005 and subsequent amendments.3.3 – Data Controller rights and Out-of-court debt recovery: in the case of judicial litigation, for the entire duration of the same, up to the exhaustion of the terms of practicability of the appeals.3.4 – Website operations: for the entire duration of the browsing session on the Site.Once the aforementioned retention period has lapsed data will be destroyed or made anonymous compatibly with technical erasure and backup procedures.
4 – PERSONAL DATA
4.1 – PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES – LEGAL OBLIATIONS – CONTROLLER RIGHTS – OUT OF COURT DEBT RECOVERYTitle, name, surname, social security number, mobile and landline number, country, address, city, post code, email, password.
4.2 – PERSONAL DATA PROCESSED FOR MARKETING AND PROFILING PURPOSESTitle, name, surname, tax code, mobile and landline number, country, address, city, postal code, email address, password, purchase data made on the Site, data collected from cookies installed by the Site.
4.3 – PERSONAL DATA PROCESSED FOR NEWSLETTERName, surname, country and email address.
4.4 – PERSONAL DATA PROCESSED FOR WEBSITE OPERATIONSThe IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.), other parameters related to the operating system and the user’s computer environment, information relating to user behavior on the Website, to the pages that have been visited or searched, in order to select and make specific announcements to the user of the Website and the data relating to the browsing behavior held on the Website using, for example, cookies.
5 – COMPULSORINESS OF DATA PROVISION
The provision of personal data referred to in point
4.1 for the purposes referred to in paragraph 1.1 is mandatory. The refusal to provide the aforementioned personal data does not allow, therefore, the possibility of using the services of the Website relating to sales of products. The provision of personal data referred to in point
4.2 for the purposes referred to in points 1.2 and 1.3 is optional and subject to your consent. Some personal data referred to in point 4.4 are strictly necessary for the operation of the Website, others are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. In the processing of personal data that can directly or indirectly identify your person, we try to respect a principle of strict necessity. For this reason, we have configured the Website in such a way that the use of personal data is kept to a minimum and in order to limit the processing of personal data that allow identifying it only in case of need or at the request of the authorities and police (as, for example, for data relating to traffic and your stay on the Website or to your IP address) or for ascertaining responsibility in the event of hypothetical computer crimes against the Website.
6 – DATA RECIPIENTS
The data can be processed, as well as by the Company, also by:
1. designated employees and collaborators in charge of processing who manage the Company’s physical stores or e-commerce and who can view, modify and update the data entered in the CRM system;
2. external subjects operating as autonomous holders such as, for example, authorities and supervisory and control bodies and in general subjects, public or private, entitled to request data;
3. external subjects designated as processor, who are given appropriate operating instructions, included in the following categories:
a. companies that offer e-mail sending services;
b. companies that offer site maintenance and development services;
c. companies that offer support in carrying out market studies.
d. third parties established in the European Union and also outside the European Union, data processor, which the Company relies in particular for data acquisition and data entry services, shipping, mailing of promotional material, after-sales assistance, research market, management and maintenance of the CRM system and other company information systems.
7 – PARTIES AUTHORISED TO PROCESS DATA
8– DATA SUBJECTS’ RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY
9 – SECURITY OF DATA
Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data when operations can be performed through the use of data anonymous or by other means.We have adopted specific security measures to prevent the loss of personal data, illicit or incorrect use and unauthorized access, but please do not forget that it is essential for the security of your data that your device is equipped with tools such as antivirus constantly updated and that the provider providing the connection to the Internet guarantees the secure transmission of data through firewalls, anti-spam filters and similar safeguards.