Art. 13 EU Regulation 2016/679
The EU Reg. 2016/679 ("General Data Protection Regulation" - GDPR) requires the Data Controller to process personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.
Pursuant to Art. 13 of the GDPR, the following information is provided to the User.
Who is the Data Controller?
3DZ S.p.A., with registered office in Castelfranco Veneto (TV), via dei Pini n. 32 (Tax Code and VAT no.: 05142580264)
Which Personal Data is processed?
Personal data communicated voluntarily.
Personal data provided by the User during registration and when sending the purchase order, necessary for the conclusion of contracts for the sale of products sold on the site.
Why is Personal Data processed?
Navigation data is processed for the purpose of allowing the use of, and access to, the pages of the website and to evaluate and analyse any statistical information.
Personal data communicated voluntarily by e-mail or through the contact form on the site is processed for the sole purpose of responding to requests received.
Data provided by the user during registration and at the time of making the purchase order is processed in order to execute purchase orders, and in order to allow the User to take advantage of services reserved for registered users.
The aforementioned data will also be processed in order to comply with legal obligations and in order to comply with any orders from public authorities.
What is the legal basis of the processing?
The legal basis for the processing of navigation data is the legitimate interest of the Data Controller.
The legal basis for the processing of personal data communicated by the User is the fulfilment of pre-contractual or contractual obligations assumed at the request of the User.
The legal basis for the processing of data provided by the User during registration and when sending the purchase order, is the execution of the contract for the purchase of products on the site.
The data may also be processed for the fulfilment of any legal obligations.
How is personal data processed?
Exclusively through electronic means, and in compliance with every precautionary measure applicable to the Data Controller that guarantees security, confidentiality and control.
It is possible that the data is processed at servers located outside the territory of the European Community, but always in compliance with the GDPR.
Categories Of Recipients Of Personal Data And Disclosure Of Data
➢ entities/persons entitled by law to access the data;
➢ persons trained by 3DZ S.p.A., appointed and/or authorized by the same;
➢ suppliers of services related to the activities carried out by 3DZ S.p.A., which will act as data processors;
➢ persons to whom the communication is necessary for the fulfilment of contractual services;
➢ to Public Authorities.
The personal data processed by the Data Controller will not be subject to disclosure.
How long is personal data stored?
The User's data will be stored for the following periods of time:
➢ For the time necessary to pursue the purposes related to the processing, and in any case:
- until revocation of consent by the User;
- for the maximum time allowed by the regulations in force to protect the rights and/or interests of the Data Controller;
Is the provision of personal data compulsory?
No. However, if the User wishes to allow 3DZ S.p.A. to respond to the User's requests, the User must provide the data requested and the data that the User deems necessary, providing explicit consent only in the event that it is necessary for particular categories of data. In the latter case it will be the responsibility of the Data Controller to communicate the need to collect consent for that category of data.
With reference to the registration and execution of purchase contracts, the provision of data is a contractual obligation. The User is entitled to decide whether or not to communicate his/her data, but without it will not be possible to proceed with the registration, conclude contracts and execute them.
What happens in case of refusal to communicate personal data?
Any refusal and/or failure to provide data may render it impossible or difficult to view the website; it could make it impossible to respond to any specific requests received; it may not be possible to proceed with the registration of the User, to form purchase contracts with the User or execute such contracts.
What rights do Users have?
1. to access their data and request its communication in intelligible form;
2. to request the updating, rectification and/or integration of data;
3. to request erasure of data (i.e. "right to oblivion");
4. to request the restriction of processing;
5. to request notification of the updating, rectification, cancellation, restriction of data;
6. to request the portability of data;
7. to oppose processing and refuse the automated decision-making process, including profiling;
8. to revoke the consent given;
9. to submit a complaint to a supervisory authority.
How can Users exercise their rights?
With regard to the rights referred to in points 1 - 8 of the above paragraph, by sending an e-mail to firstname.lastname@example.org, and indicating the right intended to be exercised.
To exercise the right in point 9 of the previous paragraph, the Legal Authority or Italian Data Protection Authority must be contacted. In the latter case, a communication must be sent to the e-mail address email@example.com or to the pec address firstname.lastname@example.org, submitting a complaint pursuant to art. 77 of the GDPR.
In this policy, the following words and expressions will have the meanings attributed to them below.
Cookies: text fragments that allow the web server to store information on the browser to be reused during the same visit to the site (session cookies) or later, even after days (persistent cookies). Cookies are stored, according to the User's preferences, by the individual browser on the specific device used (computer, tablet, smartphone).
Technical Cookies: cookies essential for the proper functioning of the website, used for the sole purpose of carrying out the transmission of a communication over an electronic communication network, or to the extent strictly necessary for the provider of a service explicitly requested by the User to provide such service.
Analytical Cookies: cookies used to collect and analyse traffic and use of the site in an anonymous manner. Although they do not identify the User, they make it possible to detect whether the same User returns to log on at different times, to monitor the system and improve its performance and usability. These cookies can be deactivated without any loss of functionality.
Personal Data: any information relating to a natural person (so-called "interested party"), identified or identifiable, even indirectly.
Identifying Data: Personal Data that allows the direct identification of the interested party.
Particular Data: "Sensitive" Personal Data, i.e., data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life or orientation; Personal Data that is “judicial” in nature, i.e. that capable of revealing measures relating to criminal records, the register of administrative sanctions dependent on crime and related pending charges, or the status of being accused or investigated; Personal Data that is “genetic” in nature, such as Personal Data, relating to the hereditary or acquired genetic characteristics of a natural person that provide unequivocal information on that person's physiology or health, and that result from the analysis of a biological sample of the person; "biometric" Personal Data, which is obtained by specific technical processing and relates to physical, physiological or behavioural characteristics of a natural person that allow or confirm their unambiguous identification, such as facial image or dactyloscopic data; "health-related" Personal Data, which relates to the physical or mental health of a natural person, including the provision of health care services, and reveals information about the person's state of health.
Navigation Data: data that computer systems and software procedures used to operate the Site acquire during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server and other parameters relating to the operating system and computer environment. They are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of computer crimes against the site: except for this last eventuality, the data on web contacts do not persist for more than seven days.
Dissemination: giving knowledge, in any form, of Personal Data to unspecified subjects.
Profiling: any form of automated processing of Personal Data consisting in the use of such data to evaluate personal aspects relating to a natural person, in particular to analyse or predict aspects relating to professional activities, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
1. Data Controller
The Data Controller of personal data is the company 3DZ S.p.A., with headquarters in Castelfranco Veneto (TV), via dei Pini n. 32 (C.F. and P.IVA: 05108400267).
2. Categories of Personal Data processed
The data provided and collected by the Data Controller concern Personal Data and Navigation Data, to the extent that this is necessary for the requested activity and in compliance with the provisions of art. 9 GDPR and other provisions that refer to it, in any case subject to appropriate written consent where necessary.
In particular, the Personal Data necessary to conclude and execute purchases made on the Site, such as name and surname, e-mail address, shipping address, billing address, telephone number and payment information will be processed. For registration on the Site, Personal Data such as first and last name, e-mail address and password will be processed. For registered Users, information will be collected regarding access to the private area of the Site.
3. Purpose and legal basis of personal data processing
The Data Controller will process the data collected or provided by the User for the following purposes:
3.a. Navigation Data will be processed exclusively for the purpose of allowing the use of, and access to, the pages of the Site and to evaluate and analyse any statistical information on the operation and performance of the services offered.
The legal basis underlying the processing of data for this purpose is the legitimate interest of the Data Controller. Any refusal to provide such data will make it impossible to consult and view the Site.
3.b. Personal and Identifying Data voluntarily provided by contacting the Data Controller via the dedicated email account on the Site, or any other contact form, will be processed by the Data Controller for the sole purpose of responding to the User's request for information.
The legal basis underlying the processing of data for this purpose is the fulfilment of contractual or pre-contractual obligations arising from the express request of the User.
The provision of Personal Data for this purpose is optional. However, any decision not to provide Personal Data may prevent the User from obtaining the information requested.
3.c. The Personal Data provided by the User during registration and at the time of sending the purchase order will be processed by the Data Controller in order to conclude and execute the contract for the purchase of goods offered on the Site, to allow registration on the Site, as well as to use the services reserved for registered Users.
The legal basis is the execution of the contract of purchase of products on the Site.
The provision of Personal Data for this purpose is a contractual obligation. Without the requested data it will not be possible to conclude or execute the contract, and in any case to follow up on the User's requests.
3.d. The processing of data is also permitted by current data protection legislation because, in some cases, it is necessary to meet legal or regulatory obligations of the Data Controller, for example in communications with Authorities, Government or Regulatory bodies.
4. Methods of Processing
In relation to the above-mentioned purposes, the User's data will be treated only with information technology and telematic tools. Specific security measures will be observed by the Data Controller to prevent the loss, modification or elimination of data, illicit and/or incorrect use, unauthorized access or transmission.
The Data Controller also undertakes to take all further measures reasonably necessary to ensure that the Personal Data is processed securely and in accordance with the relevant legislation in force.
Data may also be stored and processed on servers located outside the European Community, but in any case in compliance with the processing methods provided for by the GDPR.
5. Categories of recipients of Personal Data
To facilitate efficient use of the information and Personal Data communicated to the Data Controller and to provide the services requested, the information and Personal Data collected may be communicated to third parties. In particular, the data may be communicated to:
a) subjects to whom the right to access Personal Data is recognized by provisions of Law, Regulations or EU legislation;
b) Subjects in respect of whom communication is required by law or regulations, or public entities for the performance of their institutional functions;
c) Adequately trained collaborators and employees of the Data Controller;
d) subjects necessary for the regular operation of the Site and related operations as Data Processors;
e) subjects to whom the communication is necessary for the fulfilment of contractual services performed by the Data Controller, as well as suppliers of services related to the activities carried out by the Data Controller, as Data Processors.
The recipients will have access to the personal information provided and the data collected only to the extent required to perform their functions, and cannot in any case use them for other purposes. Recipients will also be bound by contractual obligations of confidentiality.
Under no circumstances will the Personal Data collected and provided be disseminated.
6. Storage of Personal Data
The Data Controller will keep the data in a form that allows its identification for the period necessary to fulfil contractual, legal and/or regulatory obligations for the purposes for which the data was collected. The retention period for Personal Information derives from the purpose for which the data is processed, and the means by which such Personal Information is processed.
The storage period for Personal Data provided voluntarily cannot be longer than twenty-four months from the request, or until the express revocation of the consent given or the termination of the relationship. In order to protect its own rights, the Data Controller is permitted to retain the data for the maximum term provided for by the Italian rules on forfeiture/prescription and tax regulations.
The data of the registered User will be kept until the User requests the cancellation of his account.
The data collected to conclude and execute purchase contracts on the Site will be kept until the conclusion of the administrative-accounting formalities. The data relating to payment will be kept until the certification of the payment and the conclusion of the relative administrative-accounting formalities. Invoicing data will be kept for ten years from the date of invoicing.
Once the above periods have expired, the Data Controller will delete the User's Personal Data.
7. Rights of the Interested Party (art. 15-22 GDPR)
As a data subject with respect to his/her personal and identification data, the User has at any time the right to:
a) request confirmation from the Data Controller that his/her personal data is or is not being processed, and in this case: i) obtain access to said data; ii) request its communication in intelligible form;
b) ask the Data Controller to update, correct and integrate the data;
c) request the Data Controller to erase the data (so-called "right to be forgotten") without undue delay, or request limited processing of their data if one of the reasons provided by the GDPR applies;
d) request from the Data Controller the notification of the updating/rectification/deletion/limitation of Personal Data;
e) request the Data Controller to process or transfer the data to a party other than the Data Controller ("right to data portability"), in the event of processing carried out by automated means pursuant to the User's consent or a contractual relationship;
f) to object, in whole or in part, for reasons related to their particular situation, to the processing of their Personal Data and to refuse the automated decision-making process, including Profiling, without prejudice to the restrictions imposed by legal obligations to retain Personal Data.
To the extent that the processing of Personal Data is based on the User's consent, the User shall also have the right to withdraw the consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal. In this case, the User's Personal Data will be removed from the Data Controller's archives as soon as possible.
The aforementioned rights may be exercised in the forms and terms of Article 12 of the GDPR, by means of a written request accompanied by a photocopy of the User's identity document sent to the e-mail address .
The Data Controller will adequately respond to the User's request in the shortest time possible, and in any case within one month from receipt of the request.
Further established is the right to lodge a complaint under Art. 77 GDPR to a supervisory authority, which is identified in Italy as the Italian Data Protection Authority.
The forms, methods and terms of proposing the complaint are provided for and governed by national legislation in force. The complaint does not affect the administrative and judicial actions, which may be proposed alternatively to the same Data Protection Authority or competent court.
The changes referred to in the preceding paragraph will be promptly published in this section of the Site, which the User is invited to consult regularly.
Unless explicitly provided for in the appropriate pop-up window of the Site, no Analytical (Profiling) Cookies will be used, and only Technical Cookies will be used, which do not require consent.
It is however possible to uninstall Technical Cookies, with the understanding that such an operation could compromise and/or limit the navigability of the site.
To deactivate Technical Cookies, the instructions given in the following links should be followed, depending on the browser used:
Safari for Mac
Safari for iOS
Last updated: February 28, 2022