PRIVACY POLICY
Information on the processing of personal data pursuant to art. 13 EU Regulation 679/2016 "GDPR"
This information describes how personal data collected during browsing and use of the services made available through the ottodame.it website and integrates any further information relating to the processing of data provided to our customers on the various occasions of interaction.
- Data Controller
- Type of data
- Provision of data
- Purposes of processing and legal bases
- Retention period
- Processing methods
- Communication of personal data
- Transfer of personal data
- Links to other websites or social networks
- Rights of the data subject
- Updates and changes
- Cookie Policy
Data Controller
The Data Controller is H. EICH SRL, with registered office in via G. Amendola 9/11, 50058 Signa (FI) Italy, e-mail address privacy@ottodame.com.
Type of data
a. Browsing data
While browsing the website, some data may be acquired through cookies or other tracking technologies. This category of data could include the IP addresses or domain names of the devices used, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters relating to the User's operating system and IT environment. To find out more details on the type of cookies or other tracking tools used, the purposes and the data retention time, please refer to the Cookie Policy..
b. Personal and contact data
c. Shipping information
d. Payment and billing information
To use our services, we will ask you to provide us with your personal data (name, surname, date of birth) and contact details (telephone, e-mail address). We will also collect your shipping address, data related to invoicing (tax code/VAT number, any company you belong to), data relating to the payment methods chosen and the orders placed. The procedure for filling out the registration form can be bypassed by social login. This is an alternative filling procedure that allows you to enter data automatically by transferring information directly from your Facebook, Google, or Twitter profile.
e. Purchase data: products purchased and total amount
f. Behavioral data related to the use of the website
The navigation path within the website (including information on the pages visited, product and service views, product preferences, clicks on links, page loading and response times, browsing duration) is monitored (Clickstream analysis) to analyze the main activities of users.
Provision of data
The mandatory or optional nature of the provision is specified from time to time – with reference to the individual information requested – by affixing a special symbol (*) to the mandatory information. Any refusal to communicate the data marked as mandatory makes it impossible for the Data Controller to perform the contract or provide the available services. The provision of additional data is, however, optional.
Purposes of processing and legal bases
| Purpose | Legal basis |
|---|---|
| To allow navigation of the website, o guarantee its functionality and to analyse data relating to its use. | Legitimate interest of the Data Controller (Art. 6 (f) GDPR). |
| Follow up on the registration request, by creating a user account, to speed up the purchase process, view the status of orders, update your data, view your return history, and save your favorite items in the wishlist. | Execution of pre-contractual and contractual measures (Art. 6 (b) GDPR). |
| Fulfill orders, make shipments, record payments, guarantee returns and refunds. | Execution of pre-contractual and contractual measures (Art. 6 (b) GDPR). |
| To provide customer assistance, , including via live chat, to provide information relating to shipments, returns, payment methods, order status, etc. | Execution of pre-contractual and contractual measures (Art. 6 (b) GDPR). |
| Marketing, to send news on goods, services, initiatives, promotions, and events promoted by the Company, by e-mail, text message, telephone, WhatsApp, or other digital communication tools or to send other commercial communications, for example, relating to abandoned carts. | Consent of the data subject (Art. 6 (a) GDPR). |
| Retargeting and remarketing,, to display our advertising content to our users - on their social networks or on third-party websites. | Consent of the data subject (Art. 6 (a) GDPR) expressed through cookies or other similar tracking methods. For any further information, please consult our Cookie Policy. |
| Profiling, to send personalized communications via e-mail, text message, telephone, WhatsApp, or other digital communication tools, in line with the interests, purchasing habits and preferences demonstrated. | Consent of the data subject (Art. 6 (a) GDPR). |
| Send service communications (for example, relating to the store of attendance or the initiatives in which the User has participated). | Legitimate interest of the Data Controller (Art. 6 (f) GDPR). |
| To send e-mail communications relating to goods or services similar to those already purchased or used(“soft spam”). | Article 130, paragraph 4, Legislative Decree 196/2003 as amended. |
| Respond to user requests and manage any problems relating to the products or services purchased (Customer care). | Execution of pre-contractual and contractual measures (Art. 6 (b) GDPR). |
| Analysis and optimization of the user experience: to monitor and analyze interactions with the site, improve usability and personalization of the offer. | Legitimate interest of the Data Controller (Art. 6 (f) GDPR). |
Retention period
The personal data necessary to manage orders and purchases will be stored for the entire duration of the pre-contractual and contractual relationship and, subsequently, for the period established by tax and accounting obligations. Customer care data are stored for the time necessary to resolve the issues raised. Data processed for marketing purposes will be stored for 24 months, while data used for profiling purposes will be stored for 12 months. The consents expressed will be considered in force until a specific request for revocation is received.
Processing methods
The processing of personal data is carried out by the Data Controller using both paper and electronic or telematic methods, using personnel specifically authorized to process and trained in the protection of personal data. Technical and organisational measures are adopted to minimise the risks of destruction or loss - even accidental - of data, unauthorised access or processing that is not permitted or does not comply with the purposes for which it was collected.
Communication of personal data
The User's personal data will not be disclosed to unspecified subjects; however, they may be shared with:
- our affiliates and business partners who act under our direction and control as data processors. This is to ensure that customers enjoy the same services in each of our shops. These subjects will process personal data only in relation to the functions entrusted to them;
- suppliers, legal and natural persons, who provide outsourced services of a technical and organizational nature, such as IT services, communication services, e-mail marketing services, logistics services, accounting and legal consultancy,. etc. They operate as duly appointed data controllers or data processors, in full compliance with the current legislation indicated above; they are provided only with the information necessary for the performance of their functions;
- digital platforms (Meta, Google) which, as part of our marketing campaigns, limit themselves to processing data on our behalf and guarantee their confidentiality, including by means of special encryption systems (hashing);
- online payment providers available at checkout (e.g., PayPal, ScalaPay, Amazon Pay, etc.) or payment intermediaries, as parties of payments made on our e-commerce. These parties will process the data as data controllers;
- subjects who have the right to access them by virtue of legal provisions,, within the limits and for the purposes set out in these regulations;
- banks, credit institutions, debt collection companies and insurance agencies.
The complete and updated list of data processors or subjects involved in various capacities is available on request.
Transfer of personal data
Any transfer of personal data to non-EU countries that is necessary to fulfil the existing contract with the User or to guarantee the services offered (e.g. in the case of suppliers based in third countries) is carried out in accordance with art. 44 et seq. of the GDPR, preparing specific tools that guarantee adequate guarantees of protection of personal data.
Links to other websites or social networks
This information is provided only for this website and not for other websites and social platforms that can be reached by the User through links and social buttons, the buttons that depict the icons of the main social networks. Please note that the social network acquires data relating to the User's visit; to prevent the data processed on this website from being linked back to your social profile, you must log out of it. You understand that, depending on your social media account settings, the personal data contained in your profile may be visible to us if you simply interact with our social media pages. For more information on the processing of data carried out by these third parties, please refer to their respective privacy policies.
ights of the data subject
At any time, pursuant to art. 15 et seq. GDPR, the User may exercise the following rights:
- obtain confirmation as to whether processing is underway and access personal data;
- obtain information about the origin of the data, the purposes of the processing, the categories of personal data, the recipients, or categories of recipients to whom the personal data have been or will be disclosed, the retention period or the criteria used to determine it;
- request the rectification, limitation of processing and deletion of data, provided that the deletion is compatible with the legal obligations of tax and accounting retention to which the Data Controller is bound;
- object to the processing;
- request data portability, where possible;
- withdraw consent, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
The exercise of rights may take place by sending a request to the e-mail address privacy@ottodame.com or to the address of the Data Controller's registered office.
Please note that the data subject may also lodge a complaint with the Data Protection Authority or take legal action.
Updates and changes
In the future, the Data Controller may amend or simply update, in whole or in part, this Privacy Policy, also in consideration of changes in the laws or regulations governing this matter and protecting the rights of the data subject. Changes and updates to the Privacy Policy will be binding as soon as they are published online. We therefore invite the User to regularly access this section to check the publication of the most recent and updated Privacy Policy.
Login and Registration Form