GDPR PRIVACY POLICY (Articles 13 and 14 EU Reg. 679/2016 GDPR)
In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (GDPR), the following information is provided to the Users of this Website, Data Subjects, which refers exclusively to the processing carried out through this Website and not through other websites that may be visited through links, for which please see the relevant disclosures made by the respective Data Controllers.
Data controller and contact details
The Data Controller is Kador Occhialeria S.r.l. a socio unico, with registered office in Via Montanel, 10 - 32042 Calalzo di Cadore (BL), VAT No.: 00061860250, registered under No. 00061860250 - REA BL - 33011 of the Register of Companies at the Chamber of Commerce of Belluno and Treviso, e-mail address privacy@kador.it, PEC kadorsrl@pec.reviviscar.it
Data Protection Officer (DPO) and contact details
The personal data of the Website's Users, as described above, will be processed in the manner and in the form prescribed by the GDPR, in general for the purpose of performing the Website's functions, consulting its contents and using its services.
In particular, the processing of personal data pursues the following purposes
1. for the visit to the Website, the consultation of the information published therein and the use of its services, including the e-commerce services performed therein and the related services of sale of goods and services as offered on the Website, delivery and the like
2. for the management of browsing data and for functional or technical reasons that allow the same enjoyment of the contents, also through technical cookies, for reasons of aggregate statistical data collection, also through analytics cookies, for the provision of personalised content or services, also through profiling cookies, if envisaged and subject to prior consent; in any case, under the conditions set out in the Cookie Policy linked in the footer, which refers to the Guidelines of the Italian Data Protection Authority dated 10 June 2021, published on 9 July 2021
3. for responding to requests made by the User through the Website and its communication tools (contact forms, information request forms and the like) and for any subsequent, related, connected, consequential and similar communication and processing for the better management of the request
4. for the possible subscription to the newsletter, where foreseen, and the consequent sending of various informative communications concerning the sector in which the Controller operates
5. for legal and other compulsory purposes, such as invoicing or anti-money laundering profiles
6. for other purposes ancillary or connected or consequential to those indicated above and falling within the scope of the Website's activities;
7. for the processing of the e-mail address, provided by the User in the context of a previous relationship of sale (intended in any meaning, of supply, delivery and similar) of goods or services, also aimed at sending, without further consent, communications for subsequent similar information, pursuant to and within the limits of Article 130 paragraph 4 of the Privacy Code (Legislative Decree 196/2003); the data subject may in any case express his/her refusal and object to such processing, both initially and subsequently, easily and free of charge, by following the instructions given in each such subsequent communication
8. for the possible receipt of Curricula Vitae from candidates wishing to apply to the Controller.
Legal bases for processing
For all personal data, the processing of personal data is based on the following lawfulness conditions (legal bases):
art. 6 par. 1 lett. a) GDPR = consent: for the handling of profiling cookies as per purpose no. 2 and for other processing subject to consent, including purposes ancillary to the main ones that do not fall under the other legal bases, as per purpose no. 6; for newsletter subscription as per purpose no. 4, if ancillary or additional to other processing;
art. 6 par. 1 lett. b) GDPR = contractual or pre-contractual obligation: for the same visit to the Website or for access to services, also of an informative nature, published on the Website itself and for the processing of related surfing information, as well as for all e-commerce services carried out therein and related services of sale of goods and services as offered on the Website, delivery and the like, as per purpose no. 1; for the management of cookies as per purpose no. 2, other than profiling cookies; for the processing of requests made by the Data Subject and related replies, as per purpose no. 3; for subscribing to the newsletter when this is the sole or main purpose of providing personal data, in particular the e-mail address, as per purpose no. 4; for other processing operations connected, functional and consequential to those just mentioned, as per purpose no. 6; for the management of Curricula Vitae and related requests, as per purpose no. 8;
art. 6 par. 1 lett. c) GDPR = fulfilment of a legal obligation: for the processing of all data necessary to comply with legal obligations, including the processing of tax data related to invoicing profiles or other processing required by law, as per purpose no. 5; for other processing connected, functional and consequential to those just mentioned, as per purpose no. 6;
Article 6(1)(f) GDPR = legitimate interest, for all processing included in the information society services, as well as for information purposes of the Controller. In this regard, the Controller invokes the legitimate interest for further communications sent to the e-mail address of the Data Subject pursuant to Art. 130 para. 4 Privacy Code as per purpose no. 7, subject to the free right of objection of the Data Subject as explained therein.
For special data within the meaning of Art. 9 GDPR that may be voluntarily provided by the data subject through surfing and also through contact forms or similar, the Data Controller indicates the following further conditions of lawfulness within the meaning of Art. 9 GDPR
Art. 9 para. 2 lit. a) GDPR: consent, for processing for which expressly given
Art. 9 para. 2 lit. e) GDPR: data made manifestly public by the data subject, for data independently communicated or disclosed by the data subject.
Legitimate interest
The processing of personal data is also based on the legitimate interest of the Data Controller under Article 6(1)(f) GDPR, such as the exercise of one's rights to information in the context of the information society, the performance of the services indicated on the Website or the possible implementation of direct marketing operations within the meaning of Recital 47 of the GDPR.
The Data Controller also invokes the right to make use of the processing of the e-mail address of the Data Subject conferred in the context of a sale of goods and services, in order to send further communications addressed to the Data Subject and relating to similar goods or services pursuant to Section 130(4) of the Privacy Code, subject always to the Data Subject's free right to object, as per purpose No. 7.
Compulsory or optional nature of providing data
The provision of browsing data by Users, for the purposes set out above, depends on the degree of privacy that the User has enabled or disabled through their browser, or has managed through the appropriate Cookie Banner commands with regard to cookie management. For technical cookies, disabling them may affect the navigation of the Website.
The provision of certain data is in any case necessary for the very structure of the Website and for the provision of some of its services. In particular, by way of example
in order to send messages via chat, contact forms or to subscribe to the newsletter, if any, the minimum data that may be requested therein, such as the name/surname and/or e-mail address and/or other identification data of the sender and/or the USERNAME, are in any case compulsory; in any case, the chat assistance service, as well as the contact forms or order forms in the e-commerce section indicate which data are compulsory (with an asterisk "*" or similar) and which are not;
for registration and access to the reserved area of the Website, USERNAME and PASSWORD are mandatory in all cases.
The provision of all other data is optional.
Consequences of failure to provide data
Failure to provide compulsory personal data prevents the Controller from sending the information requested or from carrying out the further processing requested by the User or, in some cases, from being able to provide the services offered by the Website.
Failure to provide optional data does not have these consequences, but could affect the processing of the request made by the User or the very navigability of the Website.
Recipients of possible communications and data transfers
The data may be communicated to companies, professionals and other consultants operating in relation to the purposes indicated in this policy or related purposes, exclusively within the territory of the European Union and the European Economic Area, unless otherwise indicated in the Cookie Policy linked in the footer.
In any case, the data may be communicated to data processors and persons authorised to process the data, always for the same purposes of the Website or for purposes related to the services offered by the Website, as well as to any other autonomous Data Controllers within the limits of the related purposes.
Recipients include in particular: the Data Controller's operators as persons authorised to process data, its Data Processors and related persons authorised to process data for related purposes, e.g. of a managerial or tax nature, as well as to any receiving provider, web service provider, as illustrated in the Cookie Policy linked in the footer.
No generalised communication of data will be carried out for further purposes and no dissemination of personal data will take place.
Browsing and similar data, for which reference is made to the above, as well as third-party profiling cookies, for which reference is made to the Cookie Policy linked in the footer, will be communicated to the respective third parties concerned, where they do not already handle them directly as independent Data Controllers, within the limits of the consents given.
The collected data may be entered and managed in the SPACEnet software, provided by CEGEKA S.p.a., under the availability and direct access of the Data Controller, in order to better organise and manage the orders as well as, in general, the fulfilments of the Data Controller in the context of the Relationship. The processing and storage of data within SPACEnet takes place by virtue of an adequacy decision chosen by the Data Controller, observing the best security measures
Retention period
The data provided voluntarily by the Data Subject will be retained until the consent given by the Data Subject is revoked, or until the actions that the Data Subject can take on his or her browser, including cleaning cookies.
Browsing data and technical cookies will be kept for the technical time necessary to perform the functions for which they were collected.
For the retention time of cookies in general, please refer to the appropriate information accessible from the Cookie Banner.
For all other personal data, the retention period is limited to the period of limitation of the relevant rights or the end of the relevant legal or contractual obligations, including those relating to billing and the like.
Rights of the Data Subject
The Data Subject has the right of access, rectification, erasure (forgetting), restriction, receipt of notification in case of rectification, erasure or restriction, portability, objection and not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her in a similar significant way, pursuant to Articles 15 to 22 of the GDPR.
These rights may be exercised in the forms and terms set out in Article 12 GDPR, by written communication sent to the Data Controller by e-mail to the e-mail address above.
The Data Controller will provide an adequate response as soon as possible and in any case within 1 month of receipt of the request, except in cases of extension or justified refusal as provided for in Art. 12 GDPR.
Right to revoke any consent given
Where the processing is based on consent, the Data Subject may revoke it at any time by sending an e-mail to the Data Controller's e-mail address referred to above, or by using the appropriate controls on the Website in particular for the management of profiling cookies, as well as in any case by express communication at the Data Controller's head office.
Right to lodge a complaint
The Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for the Italian State is identified in the Garante per la protezione dei dati personali.
The forms, methods and terms for lodging complaints are provided for and governed by the national legislation in force, for Italy by a specific regulation of the Garante.
The complaint is without prejudice to any other administrative or jurisdictional recourse; for jurisdictional actions for damages, in Italy the action is brought before the competent Court.
Profiling
The personal data provided through navigation on this website may be subject to profiling by third-party providers through third-party profiling cookies, subject to the User's consent expressed through the appropriate Cookie Banner commands.
For further information please read the Cookie Policy linked in the footer.