Last update May 2018
BEAR Projects S.r.l. takes the rights of customers and other related contacts very seriously regarding the protection of personal data and our obligation to them. This information clearly describes the type of personal data collected through the website www.holyfreedom.com (hereinafter called Website) and through other means (e.g. email, social networks, cookies, etc.) and the methods with to which they are treated, in accordance with the General Data Protection Regulation EU 2016/679 (hereinafter called GDPR) and Legislative Decree 196/2003 (hereinafter called the Privacy Code).
Upali Arnaldo, as sole owner and legal representative of the company BEAR Projects S.r.l., , is the data controller (hereinafter called Controller). Under the GDPR, the data controller is the one who, alone or in cooperation with others, defines the purposes and means of processing personal information. The Controller can be contacted by sending an email to firstname.lastname@example.org or by sending a trackable registered letter with proof of delivery, to the following address: BEAR Projects S.r.l., strada Felice Cavallotti 15, CAP 43121 Parma, Italia.
The Controller collects various types of personal, identifying and non-sensitive data (hereinafter called Personal Data or Data) communicated by customers or potential customers, suppliers, collaborators or other stakeholders (hereinafter called Contact) for the purposes described as follows:
Contact details such as name, surname, company name, Tax Code and / or VAT Reg. No., email, telephone number, billing and / or shipping address, bank account details, provided by the contact during registration, completion of an order or request for information, (by filling in appropriate forms on the Website, or provided via correspondence by email, telephone, letter or via social network;
Data of any transactions made by the Contact;
Data concerning the use and navigation of the Contact on our Website, such as the IP address and other identifiers of the device, the operating system and the type of browser and the information concerning the pages of the website site visited, collected through cookies or other tracking technologies;
Data collected from third parties, such as data that the Contact accepts to share on publicly accessible social networks (e.g. Facebook, Instagram, etc.) and / or that can be collected from other publicly accessible databases.
The Personal Data necessary for the correct management of the order or other services are indicated on the Website by the symbol (*). If the necessary Personal Data is requested by other means of communication, it will be appropriately reported. The Contact is under no obligation to provide personal data, however their provision is necessary for the correct management of the relationship. Failure to communicate, or incorrect communication, of any necessary information, may make it impossible for the Controller to fulfill its contractual and legal obligations (e.g. processing of the order, issuing of the invoice, payment for the supplies, etc. ).
The Website and the services offered by the Controller are not intended for minors under the age of 18. In the event that personal information referring to them is inadvertently recorded and the owner becomes aware of it, it will delete it in a timely manner. By registering or purchasing on the Website, the Contact confirms that he / she has reached the age of majority established by his / her country of residence.
PURPOSE AND MODE OF DATA PROCESSING
The processing of Personal Data means the collection, registration, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction or the combination of two or more of these operations. The processing of the Contact’s Personal Data by the Controller is carried out on the basis of a legitimate justification or legal basis for the purposes listed below:
Fulfillment of the sales contract (see Terms and Conditions);
Accounting and administrative management;
Pre and post sales assistance;
Quality control of products and services offered;
Compliance with legal, administrative, tax or accounting obligations;
Compliance with legal obligations in the field of occupational health and safety;
Preparation or exercise of legal action;
Credit recovery activities.
Personal Data are processed both on paper and by electronic means, for the time strictly necessary to achieve the purposes for which they are collected. They will be processed only by internal personnel and / or by external subjects expressly authorized and appointed by the Controller.
COMMUNICATION OF DATA TO THIRD PARTIES
Personal Data processed by the Controller may be disclosed to third parties in charge of data processing (hereinafter called Processors) for the purposes previously described, such as:
Transport and shipping service providers;
IT service providers;
Service providers in advertising, digital, marketing or social networks;
Providers of legal, administrative, tax or accounting services;
Service providers on safety or occupational health;
Electronic payment service providers (e.g. Paypal);
Banks and credit institutions;
Credit recovery service providers;
Other public and / or private subjects in the case of corporate restructuring;
Other public and / or private subjects in order to fulfill the sales contract;
Other public and / or private subjects for whom the communication of data is mandatory in compliance with legal obligations.
The Controller does not transfer Personal Data outside the European Union unless the Contact has explicitly authorized such transfer, or it is permitted by the GDPR on another legal basis. In case of transfer of Personal Data outside the European Union, EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks is applied, using standard clauses approved by the European Commission and adopting the measures allowed by European Union legislation to ensure adequate security measures or obtain your consent.
In accordance with the GDPR, the Controller adopts specific security measures to protect Personal Data in order to prevent its destruction, loss, theft, alteration, communication, whether accidental, unauthorized or illicit. However, the risks deriving from the communication of Personal Data via the Internet or other instruments can not be totally excluded. The Controller and / or the Processors cannot be held responsible for any breach of security, unless such breaches are due to negligence or willful misconduct. The Website may contain links to Internet sites or third-party platforms. The Controller can not control and / or be held responsible for the conduct of such websites or third-party platforms. Contacts are invited to read the third party privacy statements to see how they collect and process personal information.
Personal Data are stored on servers located in the European Union. The Controller will keep Personal Data for the time strictly necessary for the pursuit of the purposes for which it was collected, in compliance with legal, administrative, tax, accounting, safety or occupational health requirements. In order to determine an appropriate retention period, the Controller will take into account multiple factors, including:
The purpose for which such Personal Data are stored;
Legal, administrative, tax, accounting, safety or occupational health related to such Personal Data;
The type of relationship in progress with the Contact (e.g. how often he accesses his Website account, how often he requests information, if he continues to receive marketing communications, etc.);
Any specific request by the Contact connected to the deletion of personal information;
Legitimate commercial interests.
RIGHTS OF CONTACTS
All Contacts, according to the GDPR, can exercise the following rights:
Be informed about the collection and use of your personal information;
Access their personal information at no cost;
Obtain the correction or completion of inaccurate or incomplete personal information;
To obtain the cancellation of personal information (the right for information to be destroyed);
Under specific conditions, obtain the restriction or deletion of your personal information;
Obtain and reuse your personal information for your own purposes according to different services when their treatment is based on a contract, or consent, and is performed automatically (the right to data portability);
Under specific conditions, oppose the processing of their personal information;
Oppose at any time the use of personal information for the purpose of profiling or making automated decisions.
The right to complain about the collection and processing of personal information to the competent supervisory authority;
The right to withdraw consent to the processing of personal data at any time.
Contacts may exercise their rights regarding privacy by sending an email to email@example.com or by sending a trackable registered letter with proof of delivery, to the following address: BEAR Projects S.r.l., strada Felice Cavallotti 15, CAP 43121 Parma, Italia.