INFORMATION NOTICE E-COMMERCE CLIENTS
In accordance with the provision set forth by the Regulation (EU) 2016/679 of the EU Parliament and of the Council of 27thApril 2016, on protection of natural persons with regard to the processing of personal data (hereinafter, the “Regulation” or the “GDPR”), and the national applicable legislation on the processing of personal data, the present information notice is provided in order to inform the data subjects with regard to the purposes of the processing of personal data and the processing operations carried out in order to execute the contract in compliance with the General Terms and Conditions of Services, available on the website: https://cicaboom.com/.
Cicaboom S.r.l. informs that its services are not aimed at minors below the age of 14. Therefore, the clients who access the services declare to be of legal age, in accordance with the applicable legislation. Minors can have access to the website https://cicaboom.com/ and purchase the products presented therein only with the assistance and under the supervision of parents or guardians. Purchases made by children under the age of 14 will not be allowed under any circumstances.
In this regard, children under the age of 16 will not send, under any circumstances, his personal data to Cicaboom S.r.l. In any case, Cicaboom S.r.l. does not assume any liability concerning the accuracy and the truthfulness of the information provided by the minor. Should Cicaboom S.r.l. detects untrue statements, it will delete any and all personal data acquired and processed, unless the consent to the processing of the minor’s personal data has been expressly given or the processing has been expressly authorised by the holder of parental rights.
CICABOOM S.r.l., having its legal offices in Via Caffaro 2/1, 16124 Genova (GE), Italian Taxpayer Identification Number and VAT number n. IT02411280999, e-mail address: firstname.lastname@example.org, certified e-mail address: email@example.com(hereinafter, “CICABOOM” or the “Controller”), in person of its pro tempore legal representative, in its quality of data controller, is glad to provide you with the following information notice pursuant to Section 13 and 14, GDPR, (hereinafter, the “Information Notice”).
INFORMATION NOTICE pursuant to Sections 13 and 14, GDPR
- Identity and Contact details of the Controller
CICABOOM S.r.l., having its legal offices in Via Caffaro 2/1, 16124 Genova (GE), Italian Taxpayer Identification Number and VAT number n. IT02411280999, e-mail address: firstname.lastname@example.org, certified e-mail address: email@example.com, in person of its pro tempore legal representative
- Purposes of the processing for which the personal data are collected and related legal basis
Personal data will be processed:
(i) without your consent (Section 6, items b, c and f, GDPR), for the following purposes:
a. performance of pre-contractual and contractual obligations deriving from the execution of a possible contract (provision of goods), including e-commerce contracts, in accordance with the General Terms and Conditions of Services, available on the website https://www.cicaboom.com/;
b. compliance with legal obligations, as provided for by a regulation or a law (national or EU), or performance of an order of public or judicial Authority or controlling Authority to which the Controller is subject;
c. exercise of the rights of the Controller, with particular reference to judicial defensive rights.
(ii) with your consent (Section 7, GDPR), for the following purposes:
a. marketing, distribution of information / promotional materials such as, by way of example: sending out of commercial communications regarding sales of discounted products by Cicaboom, in case the client proceeds to purchase the items previously left in the shopping basket, or in case the client shares its purchase on social networks, or for all purchases over the value of Euro 30,00s; sending out of promotional communications concerning the possibility to buy gift cards;
b. sending out of commercial and promotional newsletters and publications, phone contacts, sending out of text messages and/or email to the User for commercial and/or promotional purposes, as well as to reply and fulfil support requests;
c. organization of commercial activities, such as sending out of email confirming the receipt of the order and its processing, the receipt of the payment and the communication concerning the delivery of the goods;
d. performance of surveys and Users’ satisfaction questionnaires, in order for the Users to send and publish their comments on the structure and content of the website and, specifically, sending of notifications of comments on the same content;
e. storage of information related to the above activities.
For the purposes under par. (i) above, the collection of your personal data is mandatory. Any express refusal to provide such data and/or refusal of consent, may cause the impossibility for the Controller to execute the contract, to perform the contractual services and to comply with contractual and /or other legal obligations to which the Controller is subject.
For the purposes under par. (ii) above, the collection of your personal data is made on voluntary basis, therefore, you may decide not to provide us with your consent or to waive it at any moment.
3. Processed Categories of Personal Data
Pursuant to Section 4, n. 1, GDPR, for “personal data” and within the purposes of processes mentioned under par. 2) above, we shall exclusively process those personal data concerning, by way of example, your name and family name, tax code, date of birth, VAT number, residence, domicile, number of passport and/or ID, work address, email, certified email address, phone and fax numbers, and, possibly, employer company, business role and/or position.
Pursuant to principle of “data minimization” stated by Section 5, no. 1, GDPR, you will not send your personal data to the Controller, except where personal data are strictly necessary to perform contractual and / or commercial activities. In such a case, personal data should be transferred to the Controller anonymously or under pseudonyms, as expressly stated by GDPR.
Should it be necessary to process more data in addition to the ones of legal representative and/or contact persons, for the purpose of executing contractual relationship exclusively with a customer legal entity, (hereinafter, the “Client”), and if these personal data could not be obtained in anonymous form or under pseudonyms, the Client declares and guarantees that the processing of personal data will be in compliance with GDPR for all data that will be communicated to the Controller during the performance of the contract. In particular, the Client declares that it has been provided to any Data Subject an adequate information notice in which it is expressly mentioned the possibility to provide personal data to third entities and to have obtained the necessary consents for any purpose.
The Client undertakes to indicate to its employees and/or collaborators that the present Information Notice is also available on the website https://cicaboom.com/, so that the Information Notice can be provided by the Controller to the data subjects, pursuant to Sections 13 and 14, GDPR.
4. Categories of Personal Data Recipients
Personal data submitted to us for the purposes mentioned under par. 2, above, could be transferred to:
- employees and collaborators of the Controller, in their capacity of persons authorized or data processors;
- any third party (such as provider for management and maintenance of website, providers, credit institutions, professional firms), performing outsourced activities on behalf of the Controller, in their capacity of data processors;
- any judicial or controlling Authority, public entities (whether national or foreign ones).
The updated list of Processors and persons authorized to process personal data is available by Controller’s seat.
5. Storage and Transfer of Personal Data to Third Countries
Personal data are processed and stored on servers located in Italy, at the Controller’s seat, and partly on servers located within EU, belonging to or in the possession of the Controller or of third parties nominated by the Controller and duly appointed as Data Processors.
Personal data are not, unless otherwise required by specific operating needs, transferred to non EU-countries.
Should it be necessary to use activities carried out by third parties, which have their seats outside EU-countries, we inform you, here and now, that:
– the Controller has arranged to appoint these subjects as data processors pursuant to Section 28, Regulation and
– the transfer of your personal data to these subjects is performed in strict compliance with provisions of Section 44 et seq. of the Regulation.
This will ensure you that all the necessary measures to guarantee the complete personal data protection of your personal data will be adopted because such transfer will be based on on standard contractual clauses or other legal basis drafted to safeguard your rights and interests.
Your personal data will not subject to dissemination.
6. Personal Data Storage Period
Your personal data provided for the purposes listed under par. 2, section (i) above, will be processed and stored for the entire duration of the executed contract; as of the termination of such contractual relationship, for whichever reason or cause, personal data will be stored as long as time-barring legal terms will be elapsed.
Personal data provided for the purposes indicated under par. (2), section (ii) above, are processed and stored for the time necessary for the performance of the same purposes and, anyhow, no later than 1 year from the date in which the Controller will receive the consent of the data subject.
7. Exercisable Rights
In compliance with the provisions under Chapter III, Section I, GDPR, you may exercise the rights therein indicated and in particular:
- right of access;
- right to obtain the rectification of personal data or the erasure of personal data or the restriction of processing. In case of the request of erasure, the data subject has the right to obtain that Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data;
- right to object to the processing of personal data;
- right to data portability;
- right to withdraw the consent at any time; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- right to lodge a complaint with the Supervisory Authority.