Information on the processing of personal data pursuant to art. 13 of EU Reg. 679/2016 (GDPR)
Registration and purchase forms
The Data Controller informs you regarding the processing of personal data collected through the registration forms and those necessary to proceed with the purchase of the items on the site.
Interested parties: customers/users of e_commerce functionality.
Data controller : Pompea Spa a Socio Unico with registered office in Via San Damaso, 10 - 46046 Medole (MN), VAT number 01789800206, contact email: info@pompea.com
Responsible for the protection of personal data
Pursuant to art. 37 of the GDPR, the Data Controller has appointed Progetto Qualità e Ambiente Srl in the person of Armando Iovino, who can be contacted at the email address: dpo@pqa.it . Protocol No. 20220004350.
Purpose of processing: your data will be processed for the following purposes on the basis of the relevant legal bases:
|
no |
Purpose |
Legal basis |
|
1 |
Follow up on your request to register on our website |
The processing is necessary to process the user's request; therefore, failure to communicate could make it impossible to process your contact request. Article 6 par. 1 paragraph b)
|
|
2 |
Carry out purchase transactions using the e-commerce functionality of the website. Manage sales and delivery operations of purchased items. |
The processing is necessary for the execution of a contract of which the interested party is a party. Article 6 par. 1 paragraph b) |
|
3 |
Obligations deriving from the application of accounting and tax legislation |
The processing is necessary to fulfill a legal obligation to which the data controller is subject. Article 6 par. 1 paragraph c) |
|
4 |
Provision of after-sales customer care services. Detection of the degree of customer satisfaction. Dispute management |
The processing is necessary for the pursuit of the legitimate interests of the owner or third parties. Article 6 par. 1 paragraph f) |
|
5 |
Being able to access reserved discounts and relative acceptance of sending communications via newsletter to keep you updated on the development of new products, promotions, services and/or events organized by us. |
The processing is carried out with the consent of the interested party. Article 6 par. 1 paragraph a) |
In no way will an automated decision-making process (profiling) be applied to your personal data.
Categories of personal data processed: for the above purposes it is necessary to process:
- Name and surname, delivery addresses, tax code
- Email address and telephone numbers
Treatment methods
The personal data collected will be processed mainly with company IT systems in compliance with the security measures provided for by the art. 32 of the GDPR. Personal data may be collected via email accounts assigned to employees expressly authorized to process pursuant to Art. 29 of the GDPR.
Communication of personal data
Personal data may be communicated to:
- Companies that deal with the assistance and maintenance of the website database;
- Providers that provide CMS and hosting services, in particular Shopify;
- Companies that provide compliant digital preservation services;
- Platforms that provide DEM services for sending newsletters;
- Public and/or private bodies whose communication is necessary to fulfill legislative obligations;
- Consultants and freelancers also in associated form;
- Freight forwarders, transporters, logistics companies, post offices, etc.
The above-mentioned subjects have been expressly appointed as data controllers pursuant to Art. 28 of the GDPR or process the data as independent data controllers.
Dissemination of personal data: Personal data will not be disclosed in any way.
Transfer of data to third countries: Personal data may also be processed outside the EU. In any case, the Data Controller hereby ensures that the transfer of data to non-EU countries will take place in compliance with the art. 44 et seq. of the GDPR.
Data retention period: the storage of your personal data is established according to the following logic:
|
Purpose |
Retention period |
|
Conservation of tax accounting records |
your data will be kept for 10 years, the length of time the tax accounting records are kept. Art. 2220 of the Civil Code.
|
|
Sending newsletters |
your data will be kept on our mailing lists until you request cancellation using the appropriate function in the body of the email, in any case after 24 months of inactivity with respect to communications you will be asked to confirm that you can maintain your contacts in the our lists. |
Rights of the interested party: pursuant to articles. 15-22 of the GDPR the interested party may request the Data Controller to exercise the right of access, rectification, cancellation (oblivion), limitation of processing, portability, opposition to processing and revocation of consent.
For further information relating to the rights of the interested party, you can consult the website www.garanteprivacy.it
Pursuant to art. 77 of the GDPR, the interested party can submit a report or complaint by contacting the Guarantor Authority for the protection of personal data based in Piazza Venezia, 11 – 00186 Rome email: urp@gpdp.it