Information on the processing of personal data provided pursuant to art. 13-14 of Reg. (EU) 2016/679 GDPR (General Data Protection Regulation) and art. 13 of Legislative Decree 30 June 2003 n. 196 (Privacy Code)
Cashmere Company understands the importance of protecting personal data and respecting the privacy of our users. We therefore handle all information provided to us with extreme care and ensure security and confidentiality when processing our users' personal information.
This Policy describes the methods of managing the personal data that we acquire - independently or through third parties - through the Cashmere Company website (www.cashmere-company.it) and is valid for visitors/users of this site. It does not apply to information collected through channels other than this website.
2. General information
Users (hereinafter "interested parties", as defined in the GDPR and the Privacy Code) are informed of the following general profiles, valid for all areas of processing:
• all data is processed in a lawful, correct and transparent manner towards the interested party, in compliance with the general principles established by the GDPR and the Privacy Code;
• we collect and process your data only for the purposes indicated in this Policy or for the specific purposes already shared with you and/or for which you have expressed consent;
• we aim to collect, process and use as little personal data as possible;
• when we need to collect your personal data, we ensure that it is as accurate and up-to-date as possible;
• if the personal data we collect is no longer necessary for any purpose and we are not required to retain it by law, we will do everything possible to delete, destroy or anonymize it;
• specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access;
• your personal data will not be shared, sold, made available or communicated to parties other than those indicated in the Policy.
3. Data collection methods
We inform you that the data collected in the ways indicated below will be processed with the support of paper (registration forms, order forms, etc.), IT (management, accounting software, etc.) and telematic means with organization and processing logics. strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data themselves in compliance with the organisational, physical and logical measures envisaged by the provisions in force. Where the person providing the data is under the age of 16, such processing is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility for whom the identification data and copy of the documents are acquired. of recognition.
3.1 Browsing data
The computer systems and software procedures used to operate the websites indicated above acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could - through processing and association with data held by third parties - allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).
The data is processed exclusively by internal staff, duly authorized and trained in processing and will not be communicated to external parties, disclosed or transferred to non-EU countries. Only in the event of an investigation can they be made available to the competent authorities. The data is normally stored for short periods of time, with the exception of any extensions connected to investigation activities. The data is not provided by the interested party but acquired automatically by the site's technological systems.
Cookies are text files stored on your computer or mobile device that are used by the websites indicated above to make the user experience more efficient.
To comply with the European Regulation which requires that the "site visitor/platform user" expresses consent to the processing of personal data concerning him through a direct, explicit, unequivocal and distinguishable act also for the so-called "technical cookies", we have created a "GDPR Cookie" module which provides all the technical mechanisms for the management and possible revocation of the consent granted pursuant to the new Regulation and offers greater levels of security of the cloud service. By acting on the form, the interested party is independently able to view the consent granted and, possibly, to revoke consent to one or more areas of cookie activity.
3.3 Data collected with the user's consent and purposes of processing
The data collected in the forms on the site will be processed for the following purposes:
- to provide interested parties with the requested information on products, services and methods of use of the site;
- for sending newsletters and commercial and promotional communications from the site;
- to provide interested retailers with the possibility of downloading commercial documentation from the site;
- to guarantee site customers the correct fulfillment of the purchase contract for products and services;
- for administrative and accounting purposes related to orders for products and services placed on the site;
- for market research, statistics and marketing on advertising communications, preferences on products and services, etc.;
- for processing related to VAT regulations (VAT tax register, etc.).
The data is collected on the following pages or forms:
Subscribe to the Newsletter ( https://cashmere-company.it/associazione-nl/ ) the page or a specific pop-up window on the site allows you to subscribe to the Cashmere Company newsletter of commercial information and promotional offers. A series of personal data are required (Name, Surname, Email) all of which are mandatory. Registration is subject to the acceptance of specific, free and informed consent. The data is processed exclusively by personnel duly authorized and trained in processing. The data is retained until any "unsubscription" from the newsletter service, which can be done freely at any time via the link contained at the bottom of each message sent. Failure to provide the email address or consent will make it impossible to obtain the newsletter service.
Request catalogs ( https://cashmere-company.it/richiedi-cataloghi ) This page allows clothing retailers to request the possibility of downloading the model catalogue, price list and order form for upcoming Cashmere Company collections. A series of personal data are requested (Name, Surname, Company, City, Email, Telephone) in order to be able to contact retailers directly via electronic or telephone means and to periodically inform interested retailers of the site's commercial activities and news. Registration is subject to the acceptance of specific, free and informed consent. At the same time as requesting information, interested retailers can also subscribe to the site's newsletter service by checking the appropriate box which confirms acceptance of specific, free and informed consent for this service. The data are processed exclusively by personnel duly authorized and trained in processing and the data are stored for times compatible with the specific purpose of the collection. The provision of data is necessary to obtain a specific response to your request and failure to provide the indicated data or consent will make it impossible to access the services.
BtB Requests ( https://cashmere-company.it/richieste-b2b ) This page allows clothing companies to request contact with Cashmere Company. A series of personal data is requested (Name, Surname, Company, City, Email, Telephone) in order to be able to contact companies directly via electronic or telephone means and to periodically inform them of the site's commercial activities and news. Registration is subject to the acceptance of specific, free and informed consent. At the same time as requesting information, interested companies can also subscribe to the site's newsletter service by checking the appropriate box which confirms acceptance of specific, free and informed consent for this service. The data are processed exclusively by personnel duly authorized and trained in processing and the data are stored for times compatible with the specific purpose of the collection. The provision of data is necessary to obtain a specific response to your request and failure to provide the indicated data or consent will make it impossible to access the services.
4. Categories of recipients
Without prejudice to communications carried out in compliance with legal and contractual obligations, all data collected and processed may be communicated exclusively for the purposes specified above to the following categories of interested parties: Companies or professional firms that provide consultancy or collaboration in accounting matters, fiscal, legal, commercial; Public administrations for the performance of institutional functions within the limits established by law; to third party service providers to whom communication is necessary for the performance of the services covered by the contract.
5. Retention period
Mandatory data for contractual, accounting and service-related purposes are retained for the time necessary to carry out the contractual relationship, including the relevant applicable legislative requirements. The data of those who do not purchase or use products/services, despite having had previous contact with company representatives, will be immediately deleted or processed anonymously, where their conservation is not otherwise justified, unless it has been validly acquired the informed consent of the interested parties relating to a subsequent commercial promotion or market research activity.
6. Legal basis
7. Rights of the interested party
Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the interested party may, according to the methods and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access);
- know its origin;
- receive intelligible communication;
- have information about the logic, methods and purposes of the processing;
- request its updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary for the pursuit of the purposes for which they were collected;
- in cases of processing based on consent, receive your data provided to the owner, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- the right to lodge a complaint with the Supervisory Authority.
The exercise of your rights may take place by sending a request via email to the address of the Data Controller.
8. Transfer of personal data outside the EU area
The management and storage of Personal Data will take place on servers located within the European Union of the Data Controller and/or duly appointed third-party companies. The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
9. Data controller and contacts
The Data Controller is the undersigned Cashmere Company srls, Viale del Piave 56, 25123 BRESCIA, VAT number/Fiscal Code 04066720980, in the person of its legal representative, who can be contacted at the following numbers: telephone 030/3762608, email info@cashmere-company .it , which you can contact to exercise all the rights provided by the GDPR and the Privacy Code (right of access, rectification, cancellation, limitation, portability, opposition), as well as revoke a previously granted consent; in case of failure to respond to their requests, interested parties can lodge a complaint with the Supervisory Authority for the protection of personal data.
10. Update of the Policy
This Information was last updated on 30 September 2020, and may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the homepage of the site for a suitable period of time. However, the interested party is invited to periodically consult this Policy.