This information is provided pursuant to articles 13 and 14 of European Regulation no. 2016/679 (hereafter, “Regulation” or “GDPR”) to those who interact with the web services of the website https://www.valmontoneoutlet.com/ (hereafter, “Website”).
This information does not concern other websites, pages or online services that can be reached via hypertextual links that may be published on the Website but that refer to resources external to the domain https://www.valmontoneoutlet.com/.
1. CONTROLLER RESPONSIBLE FOR PERSONAL DATA PROCESSING
The Controller of Personal Data Processing is DWS Grundbesitz GmbH , with registered office in Frankfurt am Main, Mainzer LandstraBe 11,17 (Germany) acting through its secondary headquarters, with registered office in Milan at via Filippo Turati no. 25/27, tax code and VAT no. 12650270155, acting on behalf of the German property investment company “grundbesitz Europa”, in the person of its legal representative p.t., Email: email@example.com
The Data Processor, representing the business management and marketing offices, and the management of relations with the Outlet’s data subjects, is Promos S.r.l. – tax code and V.A.T. no.: 03123920179 – Via San Zeno 173– 25124 Brescia (BS), Phone: +39 030 2422862– Fax: +39 +39 030 , Email: firstname.lastname@example.org.
2. PRINCIPLES APPLIED IN DATA PROCESSING
In processing the personal data of the data subjects, DWS will ensure application of principles of legality, correctness and transparency. The personal data will be collected for specific, explicit and legitimate purposes (limitation of the purposes) and will be adequate, pertinent and limited with respect to the purposes for which they are processed (minimization of data). They will always be updated and exact and will be preserved for a period of time no longer than necessary to achieve the purposes of the data controller (limitation of conservation), after which they will be deleted. Finally, all the security measures adequate to ensure the integrity and inaccessibility of the data by unauthorized third parties will be applied (integrity, confidentiality and unavailability).
3. DATA PROCESSED
a) Data acquired during navigation
The digital systems and software applications dedicated to the operation of this website collect, during their normal operation, data whose transmission is implicit in the use of the communication protocols typical of the Internet.
These data in this case are not collected in order to be associated with identified Users but, by their nature, they could be processed and associated with data controlled by others so as to identify the users. The collected data include the IP addresses and domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in indicating the status of the server response (successful, error, etc.) and other parameters pertaining to the operating system and the computing environment used by the user. These data are used, only to obtain anonymous statistical information on use of the site and to control its regular operation. The data could be used to ascertain liability in case of hypothetical information crimes against the website.
b) Data provided voluntarily by the user
DWS also collects personal data provided voluntarily by the users when they interact with the services of the Website or fill out data collection forms. Also, when subscribing to the newsletter or registering for initiatives offered on the Website, requesting information and other messages.
If the users, during the course of their use of the services on the website, supply the personal data of third parties, they guarantee to provide that the persons have received this information and have given their consent to communication of their personal data, if necessary.
d) Specific information
In case of further collection of personal data, specific information will be provided to the data subjects (e.g. Virtual Cards).
4. PURPOSES AND LEGAL BASIS FOR PROCESSING DATA.
Any personal data provided will be processed for the following purposes:
a) Visiting the website.
PURPOSE: to enable users to visit the website.
LEGAL BASIS: the need to respond to specific requests of data subjects and fulfill any contract agreements with them.
NATURE OF PROVISION: necessary to visit the Website and use its services.
b) Newsletter and other marketing initiatives.
PURPOSE: to enable users to sign up for the newsletter and other communications issued by the data controller about promotions, offers, initiatives, etc. via e-mail, text messages, video messages or other, as well as using traditional media (regular mail and telephone calls via operator).
LEGAL BASIS: user consent. After consenting, users can revoke their consent at any time to opt out of receiving marketing communications. To do this, it is sufficient to use the “Unsubscribe” option provided in every e-mail sent.
NATURE OF PROVISION: the provision of data to register for the newsletter and to receive other promotional messages from the Data Controller, though optional, is necessary in any case, in order to receive them.
c) VALMONTONE VIRTUAL CARD:
PURPOSE: to enable users to enjoy the advantages and access the special initiatives reserved for possessors of the fidelity card of the outlet, and to offer any other services they may request, including participation in contests and, more in general, for the fulfillment of any relative contractual and administrative provisions. To view the complete information on this type of process, click on the link https://myvirtualcard.it/Content/Docs/0000030/Regolamento_e_Informativa.pdf
LEGAL BASIS: performance of contracts with the data subjects and/or performance of precontractual measures taken at their request (for purposes of increasing loyalty) and consent of the data subjects (promotional and marketing purposes).
NATURE OF PROVISION: The provision of the data for issuance and use of the fidelity cards, , though optional, is necessary, in any case, for anyone who wants to obtain it.
d) GIFT CARD:
The data controller for processing of personal data that the data subjects provide in order to obtain issuance and use of Gift Cards is Epipoli s.p.a. The information provided by Epipoli s.p.a. Is available on the link https://valmontone.mygiftcard.it/privacy/
e) Collection of data through the form “Promote your business”.
LEGAL BASIS: performance of precontractual measures adopted at the users’ request.
NATURE OF PROVISION: the provision of data about your company, though optional, is in any case necessary if you want DWS to consider the request.
5. MODE AND DURATION OF PROCESSING
Fully automated decisional processes that produce legal effects for the data subjects or affect them personally in significant ways are not used.
The personal data of the users will be kept for the time necessary to manage their interaction with the website and ensure them the use of the relative goods and/or services. Once these purposes have been achieved, the data will be conserved for the time required by law for administrative, accounting and fiscal purposes and to validate any contractual rights.
Data processed for purposes of marketing and profiling of data subjects are kept until consent is revoked or their use has been opposed by the data subjects, in accordance with the most recent provisions of the Guaranteeing Authority for the Protection of Personal Data.
6. RECIPIENTS OF PERSONAL DATA
Personal data may be communicated to third parties who perform activities necessary for the provision of the services offered on the website, who will process the data either as appointed data processors or as independent data controllers. Specifically, the data will be processed by the following parties or categories of parties:
- companies affiliated with the data controller or partners that provide IT services;
- suppliers of services acting on behalf of the data controller on the basis of contract agreements for the purpose of performing activities linked to administrative, commercial and advertising management of the Outlet;
- companies and consultants, engaged in assistance and consulting services on legal, accounting and fiscal matters;
- parties that provide services for the management of information systems and telecommunications networks, including electronic mail;
- authorities appointed to ensure compliance with legal obligations.
The data processed for purposes of marketing and sending newsletters are not communicated to third parties but may be processed by other companies responsible for processing, pursuant to art. 28 EU Regulation no. 2016/679.
By clicking the icons of the social networks displayed on the website, some of the users’ data could be transmitted to the social networks. With respect to their use of them, made outside of this website, we recommend consulting their specific privacy information.
All the parties listed above are required to use the information received only for the purposes of processing as indicated above, and to keep the data confidential, intact and inaccessible to unauthorized third parties. The data of data subjects are not made public.
7. TRANSFER OF PERSONAL DATA
Data subjects’ information may be transfered outside the European Union, if the servers used by the parties with which DWS has stipulated specific contracts are located there. In that case, the data controller will take appropriate measures, as required by the EU Regulation NO. 2016/679, to protect the personal data of data subjects.
8. RIGHTS OF DATA SUBJECTS
The articles from 15 to 22 of the GDPR grant the data subjects specific rights that they may exercise. Art. 15 recognizes the right of data subjects to access their personal data and obtain a copy of it. The right to obtain a copy of their data shall not infringe on the rights and freedoms of others.
With the request of access, the data subjects have the right to obtain from the data controller confirmation or denial of the fact that their data are being processed and to know the purposes and categories of data processed, the third parties to which they have been communicated and whether the data have been transferred to a country outside Europe with adequate guarantees. The data subjects also have the right to know for how long their personal data will be used, in respect of the aforementioned purposes.
With respect to their personal data, data subjects may request correction of incorrect data and completion of incomplete data, as well as deletion (right to oblivion) at the conditions indicated by art. 17 of the Regulation, and may request limitation of processing and portability of data.
Data subjects have the right at any time to oppose the use or revoke their consent to use of their data with regard to purposes of marketing and profiling if connected to marketing.
To stop receiving marketing messages such as e-mails and texts, just send an e-mail at any time to the address email@example.com subject “delete me” or use click unsubscribe in our e-mails.
The data controller will issue a statement to the data subject certifying that the operations mentioned above have been notified to those to whom the data had been notified and disclosed, unless this should be found to to be impossible or imply the use of means clearly disproportionate to the right protected.
To exercise the above rights, it will be necessary to contact the data controller at the e-mail firstname.lastname@example.org, or at the address of the registered office.
To provide a response, it may be necessary to identify the data subjects by asking them to supply a copy of their identity document. The data controller will provide a written answer without undue delay and, in any case, no later than one month after receipt of the request.
9. CLAIMS WITH THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA
Data subjects who believe that their personal data may have been used in violation of the provisions of the Regulation or local legislation on the subject of data protection have the right to file a claim with Guarantor for the Protection of Personal data, with office in Rome, pursuant to art. 77 of EU Regulation no. 2016/679, as well as with the courts of law.
Version 0.2 of March 2023