Data protection notice
- SCOPE OF THIS NOTICE
- DATA CONTROLLER AND CONTACT DETAILS
- PURPOSES OF PROCESSING AND LEGAL BASIS?
- RECIPIENTS OF YOUR DATA
- NOT TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
- NO AUTOMATED INDIVIDUAL DECISION-MAKING
- RETENTION PERIOD
- DATA SECURITY
- YOUR LEGAL RIGHTS
- RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
- CHANGES TO THIS NOTICE
1. SCOPE OF THIS NOTICE
This notice pursuant to article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) relates to the processing of personal data concerning you (hereinafter referred to as “Your Data”) when you visit our website https://dasganzeleben.it (hereinafter referred to as our “Website”), send us an enquiry or subscribe to our newsletter. Please also read our Cookie Notice, which forms an integral part of this Data Protection Notice.
This notice does not apply to any other websites, not even to those to which we refer by link. We are not responsible for such websites and therefore recommend that you read the notices on the other websites you visit.
2. DATA CONTROLLER AND CONTACT DETAILS
We, die Das ganze Leben GmbH, are the data controller within the meaning of Article 4(7) GDPR as we determine the purposes and means of the processing of Your Data.
Our contact details are:
Das ganze Leben S.r.l.
Strada Principale 16
39035 Monguelfo (BZ)
South Tyrol / Italy
Phone: +39 0474 771510
We are not required to appoint a data protection officer (DPO).
3. PURPOSES OF PROCESSING AND LEGAL BASIS
Depending on how you interact with us, Your Data may be processed for different purposes, which we have summarised for you below:
3.1 Just visiting our Website
If you visit our Website – as with any other website as well – your browser (e.g. Internet Explorer or Safari) automatically sends information to the server of our Website. Such information is temporarily stored in a server log file (hereinafter referred to as “Log Data”). Log Data may include, in particular, the IP address of your terminal device (e.g. computer, smartphone or tablet), the time stamp of access (date, time, time difference), the content of the request (specific page), the HTTP status code (e.g. “200” for a successful request), the amount of data sent (bytes) and information on the browser used and the operating system of your terminal equipment (e.g. Windows or iOS). Log Data may be processed for the following purposes: (a) for establishing a connection between your terminal device and our Website; (b) for evaluating system security and stability and for identifying errors; and (c) for investigating abuse page accesses (e.g. DoS or DDoS attacks). The legal basis for such processing activities are our overriding legitimate interests (Article (6)(1)(f) GDPR) resulting from the said purposes.
In addition to Log Data, cookies and similar technologies may be used when you visit our Website. In this connection, please read, as mentioned above, our Cookie Notice.
3.2 Answering your enquiries
When you contact us by e-mail or our contact form, which you can find on our Website, the data you provide will be stored by us in order to answer your enquiry (hereinafter referred to as “Enquiry Data”). Enquiry Data may include, in particular, your name and surname, your e-mail address and other data resulting from your enquiry. The legal basis for this is to take steps prior to entering into a contract (Article 6(1)(b) GRPD).
3.3 Subscribing to our newsletter
If you would like to subscribe to our newsletter, we need your e-mail address to send you the newsletter. The indication of further data (name, surname) is voluntary and serves exclusively to address you personally in the newsletter. Such data is hereinafter collectively referred to as “Newsletter Subscription Data”. The basis for the processing of such data is therefore your consent (Article 6(1)(a) GDPR), which you can revoke at any time with effect for the future. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by e-mail to email@example.com or by contacting us by other means (see the contact details above).
4. RECIPIENTS OF YOUR DATA
If and to the extent necessary for at least one of the above-mentioned purposes, the following categories of recipients may become aware of Your Data: (a) our employees who, under our direct responsibility, are authorised to process Your Data and who we have bound to confidentiality; (b) our external IT service providers (e.g. hosting providers) who act as processors and whom we have bound to us by an appropriate contract for the processing of orders and have undertaken to maintain confidentiality; (c) our external consultants (e.g. IT consultants) whom we have either bound to confidentiality or are subject to an appropriate statutory duty of confidentiality. Disclosure of Your Data to these categories of recipients also corresponds to our overriding legitimate interests (Article (6)(1)(f) GDPR) in efficient business management.
Where processing is necessary for the assertion, exercise or defence of legal claims, Your Data can typically also be disclosed, in particular, to lawyers, experts and court authorities.
5. NO TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
We do not intend to transfer Your Data to a third country (e.g. USA or China) or international
6. NO AUTOMATED INDIVIDUAL DECISION-MAKING
You are not subject to a decision based solely on automated processing, including profiling, within the meaning of Article 22(1) GDPR.
7. RETENTION PERIOD
How long Your Data is retained depends primarily on the purposes for which they were collected, described in point 3 above. A distinction is made as follows:
7.1 Log Data
Log Data (see point 3.1 above) are deleted on a daily basis.
7.2 Enquiry Data
Your Enquiry Data (see point 3.2 above) will be retained primarily for as long as is necessary to process your enquiry and, in applicable, to complete an order. The maximum retention period depends on the applicable prescription periods for the assertion, exercise and defence of legal claims. The legal basis for such retention are our overriding legitimate interests (Article 6(1)(f) GDPR) as well, which result from the aforementioned purposes.
7.3 Newsletter Subscription Data
The Newsletter Subscription Data (see point 3.3 above) are retained until your consent is withdrawn. Further information on how to withdraw your consent can be found above under point 3.3.
8. DATA SECURITY
The transmission of information over the internet is, unfortunately, never completely secure. However, we protect our Webshop against data breaches through appropriate technical and organisational measures. In particular, data in our Webshop is transmitted in encrypted form. For such purposes, we use the cryptographic protocol SSL (Secure Sockets Layer).
9. YOUR LEGAL RIGHTS
As data subjects, you have certain rights towards us under the GDPR:
9.1 Right of access
Subject to the conditions of Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where this is the case, you have the right to obtain the information listed in the said provision and a copy of Your Data.
9.2 Right to rectification
Subject to the conditions of Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate data and to have incomplete data completed.
9.3 Right to erasure (“right to be forgotten”)
Subject to the conditions of Article 17 GDPR, you have the right to obtain from us the erasure of Your Data without undue delay. Such “right to be forgotten” shall not apply to the extent that processing is necessary, for example, for the establishment, exercise or defence of legal claims.
9.4 Right to restriction of processing
Subject to the conditions of Article 18 GDPR, you have the right to obtain from us restriction of processing where one of the prerequisites set forth in the said provision are met. Such a prerequisite is met, for example, where you contest the accuracy of Your Data. In this case, restriction can be obtained for a period enabling us to verify the accuracy of the data.
9.5 Right to data portability
Subject to the conditions of Article 20 GDPR, you have the right to receive Your Data in a structured, commonly used and machine- readable format and to have the them transmitted directly to another controller, where technically feasible. We assume, however, that such right is not applicable in the context of the processing in question.
9.6 Right to object
Where Your Data is processed based on our legitimate interests (Article 6(1)(f) GDPR) and subject to the conditions of Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of Your Data. Where the legal requirements are met, we will then no longer process Your Data.
If you wish to exercise any of these rights, please write to us, preferably by e-mail to firstname.lastname@example.org. Please state “Exercise of data subjects‘ rights under the GDPR” in the subject line of the message so that we do not miss your request and can respond in due time.
10. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Your Data infringes the GDPR (Article 77 GDPR).
11. CHANGES TO THIS NOTICE
We may change this notice at any time with effect for the future. This may occur, for example, as a result of the further development of data protection law (also in light of new court rulings) or a change in our processing activities.