Privacy policy

1. INTRODUCTION

We, the COMPANY DELAGO RUDI, hereby inform you in accordance with Article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) on the processing of person data concerning you (hereinafter referred to as “Your Data”) when you visit our webshop, which you reach at www.rudi-delago.com (hereinafter referred to as “Webshop”), or when you make a purchase in it.

The present notice does not concern other websites, including those to which we may refer by link. In fact, we have no influence on such third-party websites.

 

2. DATA CONTROLLER AND CONTACT DETAILS

We, the COMPANY DELAGO RUDI, are the data controller within the meaning of Article 4(7) GDPR as we determine the purposes and means of the processing of Your Data.

 

Our contact details are:

DELAGO RUDI

Str. Dorives 20A

39048 Sëlva/Selva di Val Gardena (BZ)

South Tyrol, Italy

Tel.: +39 3337660218

Email: info@rudi-delago.com

 

3. CATEGORIES OF DATA AND PURPOSES OF THE PROCESSING

The categories of data we process, and relevant purposes, depend on whether you (a) just visit our Webshop or (b) you also make a purchase.

 

(a) Log data: If you visit our Webshop – as with any other website as well – your browser (e.g. Internet Explorer or Safari) automatically sends information to the server of our Webshop. Such

(b) information is temporarily stored in a server log file and therefore called log data. Log data may include, in particular, the IP address of your terminal equipment (e.g. computer, smartphone or tablet), the time stamp of access (date, time, time difference), the content of the request (specific page), the HTTP status code (e.g. “200” for a successful request), the amount of data sent (bytes) and information on the browser used and the operating system of your terminal equipment (e.g. Windows or iOS).

Log data may be processed for the following purposes:

(i) for establishing a connection between your terminal equipment and our Webshop;

(ii) for evaluating system security and stability and for identifying errors; and

(iii) for investigating abusive page accesses (e.g. DoS/DDoS attacks). Such processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) clearly resulting from the said purposes.

Data necessary for a purchase: If you wish to make a purchase in our Webshop, we process your first and last name, your email address, your geographical address and delivery address as well as payment data. These data are necessary for the conclusion of a relevant contract and the processing of your order (e.g. for sending the confirmation of the order and delivering the goods) as well as for accounting and tax purposes. Such processing is necessary in order to take steps prior to entering into a contract or for the performance of a contract (Article 6(1)(b) GDPR). If you are an Italian customer and wish to receive an invoice, we are also legally obliged to process your fiscal code. Such processing is thus based on a legal obligation (Article 6(1)(c) GDPR in conjunction with Article 21 of the Italian Decree of the President of the Republic of 26 October 1972, no. 633).

The provision of these data – with the exception of your fiscal code – is thus a requirement necessary to enter into a contract. On the other hand, the provision of the fiscal code is, as described above, required by law if you are an Italian customer and wish to receive an invoice. If you do not provide us with your fiscal code, we can still conclude a contract with you, but we will not be able to issue an invoice.

We may also process Your Data if and to the extent that this is necessary for the establishment, exercise or defence of legal claims. Such processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) clearly resulting from the said purposes.

 

4. RECIPIENTS OF YOUR DATA

In the following we inform you to which categories of recipients Your Data can be disclosed if and to the extent this is necessary within the scope of the above-mentioned purposes:

(a) Log data:

Categories of recipients: (i) our employees who, under our direct authority, are authorised to process your data and subject to an obligation of confidentiality; (ii) our external IT service providers (e.g. hosting provider), acting as processors who are bound to us by a relevant processor agreement and subject to an obligation of confidentiality15; and (iii) our external advisers (e.g. IT advisers), who we have obliged to maintain confidentiality. Disclosures of Your Data to such recipients are also based on our overriding legitimate interests (Article 6(a)(f) GDPR) in efficient business management.

(b) Data necessary for a purchase:

Categories of recipients: (i) our employees who, under our direct authority, are authorised to process Your Data and subject to an obligation of confidentiality; (ii) our external IT service providers (e.g. hosting provider), acting as processors who are bound to us by a relevant processor agreement and subject to an obligation of confidentiality; (iii) our external advisers (e.g. IT and tax advisers), who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and (iv) other external service providers (e.g. postal and shipping service providers), who are typically used in online trading. Disclosures of Your Data to such recipients are also based on our overriding legitimate interests (Article 6(a)(f) GDPR) in efficient business management. Moreover, if you are a foreign private customer or if, as described in point 3(b) above, you are an Italian private customer and wish to receive an invoice, we are legally obliged to send the invoice data to the Revenue Agency. This is thus based on a legal obligation (Article 6(1)(c) GDPR in conjunction with Article 1(3) or 1(3-bis) of the Italian Legislative Decree of 5 August 2015, no. 127).

If the processing of Your Data becomes necessary for the establishment, exercise or defence of legal claims, Your Data can typically also be disclosed, in particular, to lawyers, experts and judicial authorities.

 

5. NO TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

We do not intend to transfer Your Data to a third country (e.g. USA or China) or international organisations.

 

6. NO AUTOMATED INDIVIDUAL DECISION-MAKING

You are not subject to a decision based solely on automated processing, including profiling, within the meaning of Article 22(1) GDPR.

 

7. RETENTION PERIODS

A distinction has to be made between the different categories of data also with regard to the period for which Your Data will be stored:

 

(a) Log data: These data are automatically deleted after 7 days, unless a security incident occurs (e.g. a DOS or DDoS attack). In this latter case the log data will be stored until we have resolved the incident. If legal claims are established, exercised or defended in this connection, the further retention is determined by relevant prescription periods.

(b) Data necessary for a purchase: These data are, first of all, stored until the sales contract has been fully performed. Further storage will then be depend on the relevant accounting and tax retention periods and will thus be based on legal obligations (Article 6(1)(c) GDPR in conjunction with Article 2220 of the Italian Civil Code, Article 39(2) of the Italian Decree of the President of the Republic of 26 October 1972, no. 633 and the Italian Legislative Decree of 7 March 2005, no. 82 in conjunction with the Italian Ministerial Decree of 17 June 2014). Moreover, any further storage is subject to prescription periods if legal claims are to be, in this connection, established, exercised or defended. This processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) resulting from the said purposes.

 

8. DATA SECURITY

The transmission of information over the internet is, unfortunately, never completely secure. However, we protect our Webshop against data breaches through appropriate technical and organisational measures. In particular, data in our Webshop is transmitted in encrypted form. For such purposes, we use the cryptographic protocol SSL (Secure Sockets Layer).

 

9. YOUR LEGAL RIGHTS

We are required to mention the following rights under the GDPR:

(a) Access: Subject to the conditions of Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where this is the case, you have the right to obtain the information listed in the said provision and a copy of Your Data.

(b) Rectification: Subject to the conditions of Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate data and to have incomplete data completed.

(c) Erasure: Subject to the conditions of Article 17 GDPR, you have the right to obtain from us the erasure of Your Data without undue delay. Such “right to be forgotten” shall not apply to the extent that processing is necessary, for example, for the establishment, exercise or defence of legal claims.

(d) Restriction: Subject to the conditions of Article 18 GDPR, you have the right to obtain from us restriction of processing where one of the prerequisites set forth in the said provision are met. Such a prerequisite is met, for example, where you contest the accuracy of Your Data. In this case, restriction can be obtained for a period enabling us to verify the accuracy of the data.

(e) Data portability: Subject to the conditions of Article 20 GDPR, you have the right to receive Your Data in a structured, commonly used and machine-readable format and to have the them transmitted directly to another controller, where technically feasible.

(f) Objection: Where Your Data is processed based on our legitimate interests (Article 6(1)(f) GDPR) and subject to the conditions of Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of Your Data. Where the legal requirements are met, we will then no longer process Your Data.

You can exercise these rights by sending us a relevant email to info@rudi-delago.com. Please note, however, that further restrictions and possibly an exclusion of these rights may result from the GDPR itself.

 

Moreover, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Your Data infringes the GDPR (Article 77 GDPR).

 

The lead supervisory authority competent for us is:

 

Garante per la protezione dei dati personali

Piazza Venezia 11

00187 Roma

https://www.garanteprivacy.it/web/garante-privacy-en/home_en

 

10. CHANGES TO THIS NOTICE

We may change this notice at any time with effect for the future. This may occur, for example, as a result of the further development of data protection law (also in light of new court rulings) or a change in our processing activities.

Version: 01 December 2020