Privacy Policy


This Privacy Policy is provided in accordance with the art. 13 of the EU Regulation 2016/679 (hereinafter: "GDPR") as well as of the Italian Legislative Decree no. 196/2003, as following amended (hereinafter the "Code"), and is intended to inform the users of the Site (hereinafter, "Users") about the methods of processing their Personal Data.

"Personal data" means any information suitable for identifying, directly or indirectly, the person of the User.

"Processing of personal data” means any operation or set of operations, carried out with or without the aid of automated processes and applied to Personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of disposal available, comparison or interconnection, limitation, cancellation or destruction.

In general terms, the processing of the User's Personal Data will be based on principles of correctness, lawfulness, transparency, limitation of the purpose and of the conservation, as well as the principle of responsibility under article 5 of the GDPR.

In general, Personal Data will be processed in accordance with the provisions of the GDPR and of the other applicable laws.

1. Data Controller

Vernisse S.r.l.s., with registered office in Rome, via Antonio Bertoloni 26, 00197 tax code and vat number 15190541001 registered at the Rome companies house (hereinafter defined as the “Controller”)

2. Personal Data subject to processing

The Personal Data processed through the Site are the following:

a. Browsing Data

During their normal operation, the computer systems and software procedures used to operate the Site acquire some Personal Data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified subjects, but by their very nature could identify Users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by Users connected to the Site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer of the User’s IT environment. These data are used in order only to obtain anonymous statistical information about the Site and to allow its proper operation, to permit the proper delivery of services, for motives of security; navigation data are normally deleted after sixty days.

b. Data provided voluntarily by the User

The Site offers Users the opportunity to voluntarily provide personal information through, for example, registering a contact form during the acquisition process of the products offered on the Site or during the creation of the personal account, requesting services, information or quotes, the optional sending of an e-mail to the addresses listed on the Site, etc. This Privacy Policy is intended also for the processing of Data provided voluntarily through the Site.

c. Cookies

 

What are the Cookies?

Cookies are small text files that websites visited by the user send and record on the computer or mobile device of the same, and then are transmitted back to the relative Site during the next visit of the User.

 

That kind of cookies does DPI use? How can I disable them and with what consequences?

Some of the Cookies used on the Site ("technical" Cookies) are strictly necessary to guarantee the technical operation of the Site or to provide services explicitly requested by the User in the event of registration, to browse the Website and use all its functions (for example, function for storing the access password, etc.). These are mostly so-called "session cookies" used in order to offer a more efficient service. The use of these cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server). These cookies do not collect information about the User that could be used for marketing purposes or track web browsing. The installation of these Cookies is a necessary condition for using the Site; blocking them does not allow it to work.

Our Site uses the following technical or session cookies:

Name

Duration

Function

PHPSESSID

Closed browser

The PHPSESSID cookie is a PHP native cookie and allows websites to store session state data. The website is used to establish a user session and to communicate status data through a temporary cookie, commonly referred to as session cookies. Since the PHPSESSID cookie does not have a time limit, it disappears when the client is closed.

woocommerce_cart_hash

wc_cart_created

Closed browser

This is a session cookie used to track items in the cart. The first two cookies contain information about the entire cart and help WooCommerce to know when the information in the cart changes. The last cookie contains a unique code for each User, so that it is possible to find the cart information from a database created for each User. No personal information is stored in these cookies.

_icl_current_language

1 day

We use a market product called WPML to manage content in multiple languages. To facilitate the User's browsing, this cookie remembers the language code of the last visited page: for example "en" for English or "it" for Italian

The Website uses another type of cookie (so-called "analytics” Cookies) to analyze accesses / visits to the Site, exclusively for statistical purposes, through the collection of information in anonymous and aggregate form. The use of these Cookies does not require the prior consent of the User. Our Website uses the following analytics Cookies:

• Google Analytics :

Name

Duration

Function

_ga

730 days

Register a unique ID used to generate statistical data on how the visitor uses the website

_gid

1 day


Register a unique ID used to generate statistical data on how the visitor uses the website

_gat_UA-144766257-1

1 day

The _gat cookie is part of the Google Analytics analysis and monitoring service. This is a cookie that expires 10 minutes after creation or update. It is used to block the number of analysis script requests in order to consider user visits unique.

Our Website also uses some Cookies called Targeting (or Advertising) Cookies. These cookies control the user's browsing, tracking it in order to monitor and profile the user. The use of these Cookies allows to know which web pages are visited by the User, what is read on the network, purchased etc. The User can be profiled for tastes, habits, consumption choices etc., also for the purpose of sending personalized advertising. The use of these Cookies requires the prior consent of the User.

Our Website uses the following Targeting (or Advertising) Cookies:

https://www.shopify.com/legal/cookies

At any time, the User will have the right to accept or decline the use of Cookies by modifying the settings of their browser.

In the event of deactivation of Cookies on the User's computer, the latter may not be able to access certain sections of the Site.

The User may modify the browser's parameters relating to Cookies in the manner specific to each individual browser. Here is the path to follow to change the parameters of the following browsers:

• Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies

• Safari: https://support.apple.com/kb/PH21411?locale=it_IT

• Chrome: https://support.google.com/accounts/answer/61416?hl=it

• Firefox: https://support.mozilla.org/it/kb/Attivare_e_disattivare_i_cookie

• Opera: http://www.opera.com/help/tutorials/security/privacy/

To disable Google Analytics cookies, you can download the Google Analytics opt-out browser extension: https://tools.google.com/dlpage/gaoptout.

If the User does not interact with the consent forms referred to in the aforementioned links and leaves the information by closing or continuing to browse the Site, consent to the use of all Cookies.

3. Purpose of the processing

The purposes of the processing of User’s Personal Data that we intend to carry out, following r explicit consent when necessary, are the following:

a. to provide the services requested (an example , in relation to a purchase of a product, a contact request or a request of quote, a subscription to the Newsletter) and to allow you to browse and explore the Site;
b. to answer specific requests addressed to Controller;
c. to carry out marketing activities, conduct studies, research, market statistics and send you advertising and information material related to the activities, the products and the services of Controller . In accordance with the “Guidelines on Marketing and Against Spam – 4 July 2013 [Web doc 2542348]” issued by the Italian Data Protection Authority, if the User decide to give own consent to receive information related to promotional activities of the Data Controller including market research, we inform you that said activity can be performed, as provided for in the applicable regulations, by way of postal mail, a telephone contacts operator (“traditional methods”), e-mail, SMS and through the use social networks (“automated methods”). If the User can always object to such processing activities for marketing purposes by writing to info@vernisse.it , without prejudice to the lawfulness of the processing founded on your previous consent.
d.. to fulfill the obligations provided for by law, regulations or EU legislation or request from competent Authorities;
e. to carry out statistical analysis without the possibility to identify the User;
f. to carry out direct marketing activities via e-mail for services similar to those you have subscribed to, unless the User objected to such processing initially or in subsequent communications, by writing to info@vernisse.it ,

4. Legal basis and mandatory or optional nature of the processing

The legal basis of the processing of Personal Data for the purposes referred to in section 3a. and 3.b is Article 6 (1) (b) of the GDPR (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), since processing operations are required in order to provide the services or to respond to User’s request . The provision of Personal Data for these purposes is optional, however, failure to provide them would imply the inability to initiate the requested services or respond to User’s requests.

The processing of User’s Personal Data performed for the purpose of marketing as described in section 3 c. is founded in the consent of the User pursuant to Article 6 (1) (a) of the GDPR (“[...] the data subject expressed the consent to the processing of his own Personal Data for one or more specific purposes”)
The processing of User’sPersonal Data described in section 3 (d) represents a legitimate processing of personal data pursuant to Article 6 (1) (c) of the GDPR (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”).

The processing of Personal Data referred to in the section 3 (e) is not performed on the personal data and can be freely carried out.

The processing of Personal Data for the purposes described in section 3 (f) represents a legitimate processing under the applicable law on personal data protection, which does not require the consent. The User can object to the processing of own Personal Data for this purpose both when requesting the products and services available on the Site and on subsequent communications by the Data Controller by writing to info@vernisse.it.

5. Recipients of Personal Data

For the purposes referred to in Section 3 User’sPersonal Data may be shared with:
a. subjects typically acting as data processors, namely: i) persons, companies or professional firms providing Controller with advice and consulting in administrative and legal matters related to the provision of the services; ii) subjects to engage with in order to provide the services (for instance, hosting providers) iii) persons authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks); b. subjects, bodies or authorities to mandatory disclose your Personal Data to in accordance with the provisions of law or under the orders of the authorities or in case of abuse reports to investigate complaints and identify the source of messages received from users;
c. persons authorised by Controller to process the Personal Data required for carrying out activities strictly related to the provision of the services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (for instance Controllers employees);
d. business partners for their own autonomous and separate purposes, only if the User have given a specific consent.

6. Transfers of Personal Data

The Data Controller does not intend to transfer User’s Personal Data outside the European Economic Area.

7. Retention of Personal Data

The Personal Data processed for the purposes referred to in section 3 a. and 3 b. will be retained for the period deemed strictly necessary to fulfill such purposes. In any case, since the Personal Data are processed for the provision of the services, Controller will retain the Personal Data for the period allowed by Italian law to protect its interests (art. 2946 and ensuing articles of the Italian Civil Code).
For the purposes referred to in section 3 (c), the Personal Data may be processed until the User withdraws the consent.
The Personal Data processed for the purposes referred to in section 3 (e) will be retained for the period required by the specific obligations or by applicable law.
The Personal Data referred to in section 3 (f)will be processed until the User objects the processing
Further information on the data retention period and the criteria adopted in determining this period may be requested in writing to the following address: info@vernisse.it . The Controller has, in any case, the possibility of retaining User’s Personal Data for the period allowed by Italian law to protect its interests (art. 2947 (1) (3) of the Italian Civil Code).

8. Data Usersrights

Under Articles 15 and following of the GDPR, User, as a data subject, is entitled to request to the Controller, at any time, access to the Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing according to Article 21 of the GDPR, the restriction of the processing of your Personal Data in the cases set out in Article 18 of the GDPR, as well as to obtain the Personal Data provided in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation.
Requests should be made in writing to info@rainbowjewels.shop
In any case, User is will always be entitled to file a complaint with the competent supervisory authority (the Italian Data Protection Authority), pursuant to Article 77 of the GDPR, if User believes that the processing of owndata violates applicable law

9. Amendments

The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. Controller will inform User of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Site. Controller therefore invites you to regularly visit the Site in order to acquaint with the latest, updated version of this Privacy Policy.