Privacy policy

PRIVACY POLICY
Dear user/visitor,
Welcome to our website www.sissiottostyle.com (hereinafter, the “Site”).
Browsing the Site and/or accessing certain sections of the Site and/or any requests for information or services by users of the Site may involve the processing of personal data.
The user acknowledges that any provision of personal data and contact information of any third party other than the user (for example, when completing the data entry form on the Site) constitutes the processing of personal data for which the user acts as an independent data controller, assuming all obligations and responsibilities under applicable law. In this regard, the user guarantees that any data of third parties so provided by the user (and which will consequently be treated as if the third party had provided informed consent) has been acquired by the user in full compliance with applicable laws. In this regard, the user fully indemnifies the user against any dispute, claim, or request for compensation for damages arising from the processing that may be received from any interested third party due to the provision of the data provided by the user in violation of applicable data protection laws.

The protection of personal data is of fundamental importance to us, and we want to ensure that the processing of personal data, whether automated or manual, takes place in full compliance with the safeguards and rights recognized by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the "Regulation") and other applicable data protection regulations.

The Regulation requires that, before processing personal data - with this term being understood, according to the definition contained in Article 4, point 2) of the Regulation, "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" (hereinafter "Processing") - the individual to whom such personal data belongs must be informed of the reasons for which such data is requested and how it will be used.

In this regard, this document aims to provide you, in a simple and intuitive manner, with information on the type of information and personal data collected through the Site and all the useful and necessary information so that you can provide your personal data in an informed and responsible manner and, at any time, request and obtain clarifications and/or corrections.

This information (hereinafter, the "Privacy Policy") has been drawn up based on the principle of transparency and all the elements required by Article 13 of the Regulation. It is divided into individual sections, each of which deals with a specific topic, to make reading quicker, easier, and more understandable.

This Privacy Policy applies only to this Site and not to other websites that may be accessed via links.

Sections:

A. What is meant by personal data?
B. Who is the data controller?
Q. Who can you contact?
Q. What data do we collect and use?
E. Why do we process personal data and what is the legal basis for the processing?
Q. Is it necessary to provide personal data and what are the consequences of refusal?
G. Data relating to minors
H. Who has access to personal data and with whom is it shared?
I. How do we process personal data and how long do we keep it?
J. Can we transfer personal data to third countries or international organizations?
K. What rights can you exercise and how?
Q. Is it possible to file a complaint?
M. Updates



A. What is meant by personal data?
Personal data means any information useful for identifying an individual, which is already held by the data controller or which the latter may come into possession of.
For example, personal data includes: first and last name; address; telephone number; email address; and location. Personal data also includes data generated through the use of the services offered through the Site, such as: browser and device information; IP address; Site usage data; information collected through cookies and other technologies, provided by you and which does not reveal your specific identity; demographic information and other information provided by you which does not reveal your specific identity (hereinafter, "Personal Data").
B. Who is the data controller?
The company that will process your Personal Data and which, therefore, will act as data controller according to the definition contained in Article 4, point 7) of the Regulation, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is: Simona Bertolotto – via dell'Arsenale 35/Bis - 10121 TURIN ITALY (hereinafter, “Data Controller”).

Q. Who can you contact?
In order to facilitate the relationship between you, as the data subject, i.e. the "identified or identifiable natural person" to whom the Personal Data refers pursuant to Article 4, point 1) of the Regulation (hereinafter the "Data Subject"), and the Data Controller, the Regulation has provided, in some specific cases, for the appointment of a supervisory and support figure who, among the various tasks assigned, also acts as a point of contact for the Data Subject.
The Data Controller has adopted the role of “data protection officer”, the so-called “Data Protection Officer”, pursuant to Article 37 of the Regulation (hereinafter, the “DPO”).
As provided for by Article 38 of the Regulation, you may freely contact the DPO for all matters relating to the Processing of your Personal Data and/or if you wish to exercise your rights under this Privacy Policy, by sending a written communication to sissiottostyle@gmail.com and/or by writing to the DPO at the Data Controller's headquarters.

Q. What data do we collect and use?
To access the Site, you do not need to register. However, there are services within the Site that require the provision of your Personal Data. Personal Data will be processed solely for the relevant purposes and for the time strictly necessary.
The Personal Data you provide to us and collected through the Site, including, for example, your name, surname, home address, telephone number, and email address, will be processed in full compliance with confidentiality and in compliance with all applicable laws (and therefore also in compliance with the principles of fairness, lawfulness, transparency, proportionality, and protection of privacy and rights) and with logic strictly related to the purposes indicated in this Privacy Policy.
In addition to the personal data provided directly by the user when connecting to the Site, the computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is browsing data, information that is not collected to be associated with identified Data Subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
This data is used solely to obtain anonymous statistical information on the use of the Site and to monitor its proper functioning. The data may be used to ascertain liability in the event of hypothetical computer crimes against the Site, only at the request of the appropriate supervisory authorities.
For information on the cookies used by this Site, see the Cookie Policy.
E. Why do we process personal data and what is the legal basis for the processing?
Depending on the needs expressed from time to time when accessing the various sections of the Site (and subject to specific rules and information for individual operations that require the provision of specific Personal Data, published from time to time on the Site), the purposes of the Processing of Personal Data are indicated below, namely those provided directly by users by completing online forms, or those acquired automatically through navigation:
a) where applicable, manage user registration on the Site or subscription to the services offered;
b) where applicable, manage and administer users' personal accounts;
c) follow up on any requests made by users themselves, for example by spontaneously sending emails or traditional mail to the addresses indicated on the Site, which entail the subsequent acquisition of the sender's address, including email address, or the relevant telephone number necessary to respond to the requests, as well as any other Personal Data included in the related communications;
d) improve the quality of the services offered through the Site through anonymization;
e) direct marketing and/or profiling activities if the user has selected one or both of these options;
f) manage and conduct, directly or on behalf of third parties, prize competitions, operations, surveys or other promotional activities or events (collectively hereinafter “Promotional Activities”);
g) conclude and execute contracts with commercial partners; in this case, it is possible to process the contact details of professionals and employees who interact with Sissiottostyle.com, as well as those of the people who sign the various commercial contracts, in order to establish or maintain the commercial and contractual relationship;
h) fulfill an obligation established by law, by a regulation or by community legislation;
i) to ascertain, exercise or defend our rights in court;
j) obtain anonymous statistical information on the use of the Site and to check its correct functioning;
k) management, administrative, accounting and tax obligations.

The processing of such data information is permitted by the Regulation, as:
a) necessary to follow up on requests made by users themselves;
b) necessary to fulfill obligations arising from a contract;
c) necessary for our legitimate interests in pursuing the aforementioned purposes (for example, verifying the proper functioning of the site and for security reasons, organizational and production needs to constantly improve the services provided to users, and the quality and effectiveness of customer care). These interests, in any case, do not conflict with users' right to privacy;
d) in some cases, necessary to comply with a legal obligation, for example in the case of communication to authorities, government or regulatory bodies;
e) necessary to initiate, carry out or defend legal claims;
f) is based on the user's consent (for example, for marketing and profiling activities).

Regarding commercial communications, we will inform you in each commercial communication how to unsubscribe easily and free of charge. We will respond to your request as soon as possible and, in any case, within the legally established deadline.
We may process Personal Data for reasons other than those set out in this Privacy Policy, if such further processing is compatible with the purpose for which the data was initially collected or with your consent and, in any case, subject to the provision of appropriate information.
Q. Is it necessary to provide personal data and what are the consequences of refusal?
Providing your Personal Data, which is requested at various times during collection, may be necessary to achieve the purposes identified in the specific information, or optional.
The mandatory or optional nature of the provision is specified by the symbol (*) placed next to the mandatory information.
Any refusal to communicate certain of your Personal Data marked as mandatory makes it impossible to pursue the primary purpose of the specific collection: such refusal could, for example, make it impossible to provide the services available on the site.
The provision of additional Personal Data, other than that marked as essential, is optional and does not entail any consequences in terms of pursuing the primary purpose of the collection.

G. Data relating to minors
The Personal Data of minors under the age of 16 will not be processed by the Data Controller unless prior authorization from the holder of parental responsibility is obtained.

H. Who has access to personal data and with whom is it shared?
Your Personal Data may be disclosed to specific entities considered recipients of such Personal Data. In fact, Article 4, point 9) of the Regulation defines a recipient of Personal Data as "a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not" (hereinafter the "Recipients").
From this perspective, in order to correctly carry out all the Processing activities necessary to pursue the purposes set out in this Privacy Policy, the following Recipients may be required to process your Personal Data:
· third parties who perform part of the Processing activities and/or related and instrumental activities on behalf of the Data Controller (such as IT system management). These parties have been appointed as data processors, which, pursuant to Article 4, point 8) of the Regulation, individually means "the natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller" (hereinafter the "Data Processor"). The third parties who process data on our behalf and under our authority have been appropriately selected and are experienced, capable, and reliable, and offer adequate guarantees of full compliance with applicable data processing regulations, including data security. We periodically verify that the Data Processors have punctually fulfilled the tasks assigned to them and that they continue to provide adequate guarantees of full compliance with data protection regulations;
· individuals, employees, and/or collaborators of the Data Controller who have been entrusted with specific and/or multiple Processing activities involving your Personal Data. These individuals have been given specific instructions regarding the security and proper use of Personal Data and are defined, pursuant to Article 4, point 10) of the Regulation, as "persons authorized to process Personal Data under the direct authority of the Data Controller or the Data Processor" (hereinafter the "Authorized Persons");
· Third parties who may act as independent controllers, even if the processing is related to "related processing." This applies to cases where a purpose is pursued that, in fact, underlies the primary processing, can or should be considered "instrumental" and therefore enjoys a certain degree of autonomy, by virtue of which the entity implementing it is considered the independent controller of related processing. For example, we may share Personal Data with our business partners for the provision of their services. In such cases, the subsequent processing and use of the data we receive are governed by their privacy policies and are not under our control.
Where required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without them being designated as Recipients. In fact, pursuant to Article 4, point 9), of the Regulation, "public authorities which may receive Personal Data in the framework of a particular investigation in accordance with Union or Member State law shall not be regarded as Recipients."
A detailed and updated list of these entities, as well as those who act as data controllers, can be easily obtained by sending an email to: sissiottostyle@gmail.com

I. How do we process personal data and how long do we keep it?
Data processing occurs with or without the aid of electronic or otherwise automated, computerized, or telematic tools, using methods strictly related to the purposes stated above. Data processing will be carried out lawfully and fairly, and in any case in compliance with the aforementioned legislation, using tools that guarantee security and confidentiality. It may also be performed using automated tools to store, manage, and transmit the data.
When processing data that can directly or indirectly identify you, we strive to adhere to the principle of strict necessity.
For this reason, we have configured the Site to minimize the use of your Personal Data: therefore, we exclude the Processing of your data when the purposes pursued in individual cases can be achieved through the use of anonymous data (such as, for example, analyses aimed at improving services) or through other methods that allow the Data Subject to be identified only when necessary or at the request of the authorities and the police (such as, for example, data relating to traffic and your presence on the website or your IP address).
Your Personal Data will be processed for the minimum period of time necessary to achieve the purposes for which the data is collected, without prejudice to any further retention period that may be required by law, and in any case deleted without undue delay.
Where possible, we indicate the data retention period in the individual notices. In any case, the criteria used to determine the applicable retention period are: (i) the time necessary to achieve the relevant purpose, (ii) the time necessary to complete the business relationship with the user, (iii) the time accepted by the user, and/or (iv) the time required by applicable laws. Upon expiration of the retention period, the data will be deleted, securely destroyed where possible, or anonymized.
Your data will be retained for a further period in relation to the purposes of disputes and any legal obligations.

J. Can we transfer personal data to third countries or international organizations?
Your Personal Data will be processed by the Data Controller within the European Union.
If, for technical and/or operational reasons, it becomes necessary to use entities located outside the European Union, we hereby inform you that such entities will be appointed as Data Processors pursuant to and for the purposes of Article 28 of the Regulation, and the transfer of your Personal Data to such entities, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken to ensure the full protection of your Personal Data, basing such transfer: (a) on adequacy decisions of the recipient third-party countries expressed by the European Commission; (b) on adequate guarantees expressed by the recipient third-party pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules.
Personal Data may be transferred to the USA for storage on servers following the stipulation of standard contractual clauses with the server providers and/or third-party services.
In any case, you may request further details from the Data Controller if your Personal Data has been processed outside the European Union, requesting evidence of the specific guarantees adopted.

K. How is the security of personal data guaranteed?

We adopt appropriate security measures to minimize the risk of destruction or loss—even accidental—of data, unauthorized access, or processing that is unauthorized or inconsistent with the collection purposes indicated in our Privacy Policy.
The transfer, storage, and processing of your data collected through the Site are secured using appropriate technical measures. However, we cannot guarantee users that the measures adopted for the security of the Site and the transmission of data and information on the Site limit or exclude any risk of unauthorized access or data loss by user devices. We recommend that you ensure your computer is equipped with appropriate software to protect incoming and outgoing data transmission (such as updated antivirus systems) and that your Internet service provider has adopted appropriate measures to secure data transmission over the network (such as firewalls and anti-spam filters).

A. What rights can you exercise and how?
As provided for in Article 15 of the Regulation, you may access your Personal Data, request its rectification and updating if incomplete or incorrect, request its deletion if its collection occurred in violation of a law or regulation, and object to its Processing for legitimate and specific reasons.
In particular, we list below all your rights that you can exercise at any time against the Data Controller:
· Right of access: pursuant to Article 15 of the Regulation, you have the right to obtain from the Data Controller confirmation as to whether or not your Personal Data is being Processed, and, where that is the case, access to such Personal Data and the following information: a) the purposes of the Processing; b) the categories of Personal Data concerned; c) the Recipients or categories of Recipients to whom your Personal Data have been or will be disclosed, in particular Recipients in third countries or international organizations; d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the Data Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning you, or to object to such Processing; f) the right to lodge a complaint with a supervisory authority; g) where the Personal Data is not collected from the Data Subject, any available information as to its source; h) the existence of an automated decision-making process, including profiling, referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such Processing for the Data Subject.
You can find all this information in this Privacy Policy, which will always be available to you in the Privacy section of the Site.
Right to rectification: pursuant to Article 16 of the Regulation, you may obtain the rectification of your inaccurate Personal Data. Furthermore, taking into account the purposes of the Processing, you may have incomplete Personal Data completed, including by providing a supplementary statement.
Right to erasure: pursuant to Article 17 of the Regulation, you may obtain the erasure of your Personal Data without undue delay, and the Data Controller shall be obliged to erase your Personal Data if even one of the following grounds applies: a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) you have withdrawn the consent on which the Processing of your Personal Data is based and there is no other legal basis for its Processing; c) you have objected to the Processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there are no overriding legitimate grounds for the Processing of your Personal Data; d) your Personal Data has been unlawfully processed; e) it is necessary to erase your Personal Data for compliance with a legal obligation under EU or national law.
In some cases, as provided for by Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to delete your Personal Data if their Processing is necessary, for example, to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, or for the establishment, exercise, or defense of legal claims.
· Right to restriction of processing: you may obtain restriction of processing, pursuant to Article 18 of the Regulation, if one of the following applies: a) you have contested the accuracy of your Personal Data (the restriction will last for a period enabling the Data Controller to verify the accuracy of the Personal Data); b) the Processing is unlawful but you oppose the erasure of your Personal Data and request the restriction of its use instead; c) although the Data Controller no longer needs your Personal Data for the purposes of the Processing, your Personal Data is required for the establishment, exercise or defense of legal claims; d) you have objected to the Processing pursuant to Article 21, paragraph 1, of the Regulation and you are pending the verification whether the legitimate grounds of the Data Controller override yours.
If we restrict processing, your Personal Data will be processed, except for storage, only with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest. We will inform you, in any case, before such restriction is lifted.
Right to data portability: You may, at any time, request and receive, pursuant to Article 20 of the Regulation, all your Personal Data processed by the Data Controller in a structured, commonly used, and machine-readable format, or request its transmission to another data controller without hindrance. In this case, you will be responsible for providing us with the exact contact details of the new data controller to whom you intend to transfer your Personal Data, along with your written authorization.
Right to object: Pursuant to Article 20 of the Regulation, you may object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling. You may also object at any time to the processing of your personal data for direct marketing purposes, including profiling to the extent related to such direct marketing. In such cases, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
· Withdrawal of consent: If you have given your consent to the Processing of your Personal Data for one or more purposes for which it was requested, you may, at any time, withdraw it in whole or in part without affecting the lawfulness of the Processing based on the consent given before the withdrawal.
How to exercise your rights
You may exercise your rights at any time by sending an email to sissiottostyle@gmail.com
Please note that if you exercise your rights, we may ask you to identify yourself before proceeding with your request.
For any further questions or concerns regarding this Privacy Policy or for further information on how we protect your data, you can contact the Data Controller at the following email address: sissiottostyle@gmail.com

B. Is it possible to make complaints?
You may file a complaint with the Italian Supervisory Authority where necessary, or contact them to request information regarding the exercise of your rights.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Italian Supervisory Authority if you believe that the processing of your personal data violates the Regulation. Further information is available on the website www.garanteprivacy.it
In any case, Sissiottostyle.com is interested in being informed of any reasons for complaints and invites users to use the contact channels indicated above before referring the matter to the Supervisory Authority, so as to prevent and resolve any disputes amicably and promptly, with the utmost courtesy, professionalism, and discretion.

C. Updates
We reserve the right to revise, modify, or simply update this Privacy Policy, in whole or in part, in any way and/or at any time, without notice, including in light of changes to laws or regulations regarding personal data protection. The date of the last update will be indicated at the bottom of the web page. Changes and updates will be posted on the Site's Home Page as soon as they are adopted and will be binding once published on the Site. Therefore, we ask users to regularly access this section to check for the most recent and updated Privacy Policy.
Last updated 03/17/2023