Tosh S.r.l., a company incorporated under the laws of Italy, having its registered office at Via Lambro 84, 20089 Quinto de Stampi, Rozzano, (MI) (the “Company
”), as data controller, pursuant to Article 13 of the EU Reg. no. 2016/679 (“GDPR
”), is committed to protecting and respecting the privacy of the Website users.
- Data processing
This policy (together with other documents referred to herein) describes what personal data (“Personal Data”) the Company collects from the Website user and how it processes such personal data.
- The Company may collect information on visits to the Website including, but not limited to, traffic data, location data, weblogs, contact forms and other communication data and the resources that the user may access.
This information will make the users’ visit to the Website easier in the future since the Company might suggest Content or Services depending on the location the user accesses the Website from.
- The Company may collect all the information the user provides by submitting the contact forms as well as in the “Customer area” and the “Support” page, in particular name, surname, e-mail address, Tax Identification/Social Security Number, telephone number, Region, VAT Number, business name.
The provision of the personal information by means of contact forms is not a legal or contractual requirement; however, please note that all the data requests marked with an asterisk (*) are mandatory, since the Company requires this information in order to fulfil and reply to the user’s request. Additional information or personal information can be discretionally provided by the user by filling the contact form. If the user contacts the Company, the Company may keep a record of that correspondence.
- The Company may use personal information for direct marketing via e-mail, if this option has been accepted by the user in the relating contact form or registration page. The user may at any time opt-out of receiving future marketing communication.
- Scope of the data processing
The personal data are collected and managed by the Company in order:
- to customize Content or Services according to the user’s preferences;
- to reply to the user’s request and questions and to keep the user informed by e-mail or telephone;
- to send by e-mail further information or communication the user may be interested into;
- to help the Company create, publish and improve the Content and Services in the most appropriate manner for the user;
- to ensure that the Content and Services provided through the Website are delivered in the most effective manner according to the user’s devices;
- to allow the user to interact with the Website, if the user wishes to;
- to further develop and improve the Website, the Company’s Services and systems for a better customer satisfaction.
The use of the information abovementioned is allowed by legal provisions on the protection of personal data, since it is necessary:
- for the legitimate interests of the Company to pursue the abovementioned scope of the data processing; such interests, in any case, do not result in a conflict with the privacy rights of the users;
- in some cases, to comply with legal and regulatory liabilities of the Company, for example in relation to communication obligation to the authorities, government and regulatory bodies;
- in some cases, to fulfil of actions of public interest and, when the Company uses particular categories of personal data, or to engage, carry out and defend itself in legal actions, or when the data processing regards personal information manifestly of public domain;
- in limited circumstances on the basis of a case by case user’s consent such as, for example, when the user accepts to receive marketing news and communication by e-mail.
The Company does not take decisions only based on automated decision-making, including profiling, which may produce legal effects on the user or similar consequences.
The Company stores the personal data for a period of time necessary for the fulfilment of its legal obligations. The storage period of the personal data depends on the scope according to which the personal data are processed and on the instruments by means of which the data are treated.
However, it is not possible to indicate in this policy the estimate of the storage period of the personal data. The criteria used to determine the applicable period are strictly connected to the time (i) necessary for the accomplishment of the related scope, (ii) necessary for the completion of the business relationship with the user, (iii) accepted by the user and/or (iv) required by the applicable legal provisions.
- Disclosure of information with third parties
To ease an efficient use of the user’s data, and to provide the user with the best service and/or opportunities, it may sometimes be necessary for the Company to share information with third parties. However, the disclosure will only occur in the following circumstances:
- to suppliers, contractors and agents: the Company may engage or employ other companies and individuals to perform functions on its behalf. Examples may include hosting and/or maintenance of the Website content or supply of specific functions contained in the Website, supply of marketing services or economic updating required by the user. Such recipients will only have access to data required by them to perform their functions and are not permitted to use such data for any other purposes. These recipients will be subject to contractual confidentiality obligations;
- to judicial or governmental authorities, if and to the extent that the Company believes that they are legally entitled to request them.
- IP address and cookies
The Company may collect information about the user’s computer or other electronic devices. This information may include (when available) IP address, operating system and browser type, for system administration. This is statistical data about the Company’s user’s browsing actions and patterns and does not identify the users or any individual.
- Data transfer abroad
Personal data may be transferred and processed in one or more States within the European Union or outside the European Union. A transfer of personal data to a third country outside the EU may take place where the European Commission has decided that the third country ensures an adequate level of protection or where the Company has provided adequate safeguards to preserve the confidentiality of this information.
- Data security
Although the Company endeavours to take all steps reasonably necessary to safeguard the personal data, please note that the transmission of information via internet is not totally safe and it is not possible to ensure a complete security of the personal data transmitted to the Website or to third parties; for this reason, any transmission of data occurs at the user’s own risk.
However, the Company applies strict operating procedures and adequate technical and organisational security measures in order to prevent any access, modification, erasure or unauthorised transmission of personal data.
- Rights of the user
Articles from 15 to 22 of the GDPR grant the user, as data subject, certain specific rights, as indicated hereinbelow:
- right to access and obtain a copy of the user’s personal data:
the user has the right to claim confirmation of the fact that the Company is processing any his/her personal data. In this case, the user can have access to his/her personal data and to some information regarding the processing. In some cases, the user can require to the Company an electronic copy of his/her personal data;
- right to rectification:
in case the user is able to demonstrate that his/her personal data concerning are not correct, the user has the righto to ask the updating or the rectification of the data;
- right to be forgotten/ to erasure of the data:
in specific circumstances, the user has the right to obtain the erasure of his/her personal data. The request can be filed at any time and the Company will assess the possibility to accept the request. However, this right is subject to legal duties and obligations that may impose the conservation to the Company. In the event that, pursuant to the legal provisions, the request of erasure of the personal data may be accepted, the Company will proceed to erase the date without undue delay;
- right to object:
although the user’s data processing by the Company is based on the legitimate interest of the Company (without any other reason for the processing), the user has the right to object to the processing modality of his/her personal data implemented by the Company in relation to the user’s specific situation;
- right to withdraw the consent:
since the data processing is based on the user’s consent, the user is entitled to withdraw the consent at any time. The consent withdrawal does not affect the lawfulness of processing based on a consent formerly granted.
- Modality of the exercise of the user’s rights
In order to exercise his/her rights, the user can submit an e-mail to the following e-mail address: firstname.lastname@example.org.
It is also possible to lodge a complaint regarding the data processing to the competent supervisory authority.
- Marketing communications
The Company delivers marketing communications by e-mail only if the user has given his consent for this operation.
Usually, the forms used by the Company to collect personal data contain a checkable box to select when the user is willing to receive marketing communication. When marketing communications are sent by e-mail, the user can decide to not receive further communications by clicking on “Unsubscribe” or on the e-mail function to renounce to it. Moreover, it is possible to exercise the withdrawal right at any time by contacting the Company at the following e-mail address: email@example.com and providing the following information: name, e-mail address, telephone number and the marketing communications the user is not willing to receive anymore.
The Company informs that questions, comments and requests regarding this Policy must be submitted to the following e-mail address: firstname.lastname@example.org.