PURSUANT TO ART. 13 et seq. EU Reg. 679/16 on the protection of individuals with regard to the processing of personal data (hereinafter ‘GDPR’)
This Privacy Policy is intended for:
- users of products and services Castelli SpA (hereinafter ‘Castelli‘),
- visitors to the www.castelli1938.com websites (hereinafter referred to individually as the ‘Site’, jointly as the ‘Sites‘) owned by Castelli
and describes how the personal data of users consulting or interacting with the Sites are processed.
Our Privacy Policy states what personal data we collect and how we collect it. It explains what we use your personal data for and how we protect and keep it safe.
Personal data means any information or part of information that could be directly (e.g. your name) or indirectly (e.g. a unique identification number) traced back to you.
In this Privacy Policy, we will explain:
1. who is the Data Controller of your personal data ;
2. what personal data are collected;
3. how personal data are collected;
4. how/purpose of use of personal data;
5. on what basis we use personal data;
6. how long we keep personal data;
7. with whom we share personal data;
8. countries to which we transfer personal data;
9. data protection measures;
10. personal data rights.
- Who is the Data Controller of your personal data?
Castelli SpA with registered office in via Dante Alighieri n,12 – 24060 San Paolo D’Argon (BG) is the Data Controller of the personal data that can be contacted at the following e-mail address: privacy@castelli1938.com.
The Data Protection Officer pursuant to Art. 37 of the GDPR is Giampiero Zingari, lawyer, who can be contacted by e-mail at dpo@castelli1938.com.
- What personal data do we collect?
The personal data we collect and process may include:
- Basic information: name, surname, sex, age or date of birth;
- Contact information: information that enables us to contact you, such as your personal or company e-mail, telephone number, postal address, physical address; company name; VAT number; tax code; country; postal code;
- Technical and network activity information: information about your device and your use of our Sites, applications and systems, including your IP address, device number, hardware model and version, mobile network information, operating system and other online identifiers, browser type, browsing history, search history, time of access, pages viewed, URLs visited, forms submitted and physical location;
- Product use: data about your use of our products (including reviews), your purchase history and preferences, your interactions with us, your preferred method of communication with us and the services you may use;
- Visual material: your photos, pictures.
You can choose not to provide us with personal data when we ask you to. If you choose not to provide us with your personal data, this may limit our relationship with you. For example, we may not be able to provide you with the services you request.
- How do we obtain personal data?
Directly from you when:
- Create an account and profile on one of the Websites;
- He registers to purchase products and/or use services;
- Use your company signature or another third-party authentication service (e.g. Microsoft, Google login page) to gain access to our systems;
- Communicate and send your e-mail to receive promotional material;
- Contact support or leave a review.
- How/for what purpose do we use your personal data?
We use your personal data for the purposes described below in this Privacy Policy or for purposes reasonably compatible with those described.
To manage our relationship with you. We will use your personal data for:
- Manage and finalise the purchase you have requested and the related services required in connection with the purchase (e.g. transport of purchased products, possible handling of returns);
- Provide you with our products and services;
- Fulfilment of legal and accounting obligations;
- Manage your account on our Websites;
- Identify you and authenticate your access rights to our Websites;
- Subject to your explicit consent, given by ticking the appropriate box after carefully reading this Privacy Policy, carry out activities of a commercial and promotional nature such as the sending of: newsletters, information and promotional material on products, special initiatives and/or promotions by traditional mail, e-mail;
- Invite you to leave a review, participate in research, surveys or events;
- Personalise your experience when interacting with Castelli ;
- Perform analysis, market research and segmentation to understand your preferences, improve our products and services and our communications.
We will also use your personal data for:
- To respond to requests from competent public authorities: to defend a right of Castelli before a judicial authority or elsewhere;
- To inform you about changes to our terms, conditions;
- To investigate and act against illegal or harmful user behaviour.
- On what legal basis do we use your personal data?
We use your personal data on one or more of these legal bases:
- Execution of contractual obligations of related pre-contractual measures for the proper handling of your purchase;
- Need to fulfil a legal obligation;
We usually need your consent in the following circumstances:
- We place cookies on your device to find out how you use our websites, so that we can personalise what you see, tailoring content and notifications to what interests you; refusal to provide information necessary for browsing may make it impossible to carry out activities strictly related to browsing. Navigation data is collected through the use of cookies. To find out more about how cookies work, and how to activate and deactivate them, please consult the cookie policy https://www.castelli1938.com/cookie-policy ;
- for the processing of your commercial profile, through the detection and processing of your choices and purchasing habits on the Site, in order both to monitor the degree of customer satisfaction to ensure better satisfaction of your needs, and to send you advertising material, related to Castelli’s products and/or services, of your specific interest, by means of automated systems, such as e-mail (profiling purposes);
- Before sending you some commercial communications by telematic means;
- In any other situation where the processing of personal data is based on your consent.
You may revoke your consent at any time.
- How long do we keep personal data?
For marketing and profiling purposes, we will keep your data until you withdraw your consent. The personal data that you may provide us with for marketing and profiling purposes will be kept for three years from the date of your last purchase on the Site and/or your last interaction, of which there is evidence, with the e-mail sent for marketing or profiling purposes (e.g. click and open), unless you withdraw your consent beforehand. We will retain your personal data for 10 (ten) years after your purchase and related services if this is necessary to comply with a legal obligation or to defend a right of Castelli before a judicial authority.
As stipulated in Article 2220 of the Civil Code, invoices, as well as all accounting records in general, are kept for a minimum period of ten years from the date of registration, so that they can be presented in the event of an audit.
Your personal data will only be stored for as long as is necessary to ensure the proper provision of the services offered through the Site.
- With whom do we share personal data?
Your personal data can be accessed by the Data Protection Officer, the relevant personnel in charge of the service you have requested, and external data processors (e.g. IT consultants, e-commerce platform, etc.). Your data may also be disclosed to the following categories of persons:
- Public and private entities for the fulfilment of legal obligations.
- External companies for transport services of products purchased by you. In particular, Castelli communicates the personal data of customers requesting delivery in Italy and abroad to BRT S.p.A., a company appointed as External Data Processor, for the performance of logistics activities aimed at shipping and possible return of purchased products. The party to whom the data are communicated undertakes to use them only for the processing purposes indicated above, to keep them confidential and secure and to act in compliance with the applicable privacy regulations.
- Third-party companies appointed to provide us with support in the area of advertising, marketing and public relations, if you have given your consent for this purpose.
- Third-party companies providing the online payment system. In particular , Castelli uses third party payment systems to assist in the secure processing of personal payment information. The use of personal information by such third-party processors is governed by their respective privacy policies, which may or may not contain protective privacy protections such as this Privacy Policy. Payments are currently processed and handled using the selected third party provider at the time of Stripe payment. Please refer to the privacy policy of the selected payment processor for more information. To access Stripe’s privacy policy, click here https://stripe.com/privacy .
We point out the possible sharing of data with third party companies in the event of mergers, acquisitions, transfer of a company or business branch or other extraordinary operations; professionals, self-employed collaborators, also in associated form, and business partners (i.e. third parties who provide services of a commercial, professional and technical nature for the management of the Site and the pursuit of the purposes specified above).
- Transfer of personal data
There are no plans to transfer the collected data outside the European Union.
To protect data subjects’ information, the data controller implements and uses appropriate organisational and technical measures to protect data against loss, misuse, unauthorised access, disclosure, accidental damage or destruction.
- What are the rights of data subjects?
You are entitled to exercise your rights under Articles 12 et seq. of the GDPR. You have:
– the right to access personal data in Castelli’s paper and/or electronic files;
– the right to request their rectification, updating and deletion, if incomplete or erroneous, as well as to object to their processing for legitimate and specific reasons;
– the right to obtain rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
– the right to obtain the deletion of personal data concerning him/her without undue delay if one of the grounds set out in Article 17(1) of the GDPR applies;
– the right to obtain restriction of processing when one of the cases referred to in Article 18(1) of the GDPR applies;
– the right to data portability within the limits and in the manner provided for in Article 20 of the GDPR and the Guidelines on Data Portability;
– the right to lodge complaints with the competent authority.
Relevant requests must be brought to the attention of the Data Controller by e-mail to:
Date of publication on the Site and entry into force: 08-01-2024