PRIVACY POLICY

 

Data controller

Data controller is B1SHOP S.r.l., a company incorporated under the laws of Italy, Registy of Companies of Bergamo number BG – 457701, tax and vat code 04371000169, with registered office in Bergamo, Via Goffredo Mameli n. 10 and office in Dalmine, Via Pasubio n. 5 at the premises of Point.

Users can contact the data controller by sending an e-mail to admin@b1shop.it or by sending a letter to the address: Via Pasubio n. 5, Dalmine (BG), Point.

Legal basis for the processing

Data processing of data collected by the Website is based on user’s consent. The user may give his consent by accepting the Website’s privacy and cookie policy or just by browsing the Website, which constitutes a positive conduct of acceptance. In particular, by using or browsing the Website, users accept this privacy and cookie policy and agree on the processing of their data in the way and for the purposes that are described below, including the communication of their data to third parties if this is required to provide a service.

The provision of personal data is not statutory nor a contractual requirement: users may deny their consent to the processing and revoke their consent at any time (this can be done through the banner at the bottom of the page, or by changing settings of your browser or by contacting the data controller). However, if users do not agree on data processing, they may not use some services and the browsing experience may be hindered.

Data is also processed to maintain the Website secure and protect it from misuse and spam, as well as to analyse user’s traffic for statistical purposes. This data cannot be related to the user and is processed on the basis of data controller’s legitimate interest to the Website’s and user’s data security. In these cases, the user has the right to object to the processing at any time (see paragraph on user’s rights).

The processing of personal data for advisory services or other professional assignments is necessary for the performance of a contract to which the data subject is party and for compliance with a legal obligation to which the data controller is subject. In these cases, a specific privacy policy will be provided.

Purposes of processing

The purposes of data processing are the following:

– Data analysis

Data is processed to verify that the Website works properly. This type of data cannot be attributed to the single user and does not identify the user.

– Security

Data is processed to maintain the Website secure (i.e. antispam filters, firewalls, virus detection) so that also users are protected from frauds and damages to the Website. This type of data is registered automatically and can include personal data (i.e. IP address) which may be used in compliance with laws and regulations to block activities that may damage the Website or other users, as well as criminal activities. This data, which is periodically deleted, will never be used to identify or track user’s preferences.

– Other activities

Data may be sent to third parties who provide services that are material to the functioning of the Website. Our suppliers have access to data that they need to provide their services only and undertake to not use data for other purposes and commit to process data in compliance with applicable laws.

– Advisory and professional engagements

Data that is provided spontaneously when requesting an advisory service or another professional engagement will be processed for the sole purpose of examining and performing the service. In this case, a specific privacy policy will be provided.

Categories of data

The Website processes two categories of user’s data.

Data that is processed automatically

While browsing the Website, the following data may be processed and stored as log files in the Website’s server:

– Internet Protocol (IP) address;

– browser type;

– characteristics of the device that has been used to connect to the Website;

– name of the Internet Service Provider (ISP);

– date and time of the visit;

– user’s webpage of entry and exit;

– number of clicks.

This data is processed for the sole purpose of data analysis in a form that does not identify the user. The IP address is processed for security reasons only and it is not matched with any other data.

Data that is provided on a voluntary basis

The Website may also process data that is provided by users when they use the services on the Website, i.e. when they leave a comment or send a query. This data will only be used to provide the service that has been requested and includes:

– name and surname;

– email address;

– any other data that is provided on a voluntary basis.

Where data is processed

Data is processed at the data controller’s offices and at the data center of the web hosting service provider, which is IONOS. The web hosting service provider acts as data processor because he processes data on behalf of the data controller. IONOS is located in the EEA and operates in compliance with the European regulations ( https://www.ionos.it/terms-gtc/condizioni-generali-per-litalia/).

Data storage

Data that is processed automatically by the Website during its operations will be stored as long as it is strictly necessary to carry out the activities that have been described above. After that time, data will be deleted or pseudonomised, unless there are other reasons to keep it. Data that is used for security (i.e. IP address and attempts to damage the Websites) will be stored for 30 days.

Transfer of data to third parties

Data is not transferred to third parties, unless: (I) there is a lwaful request from a court; (II) the transfer is necessary to provide a specific service requested by the user; and (III) we have to perform security checks on the Website or work on its optimisation.

Transfer of data outside the EU

The Website may share some data with service providers located outside the EEA. In particular with Google, Facebook and Microsoft (LinkedIn) via the social plugins and Google Analytics. This type of transfer has been authorised by specific decisions of the European Union Commission (decision no. 1250/2016, Privacy Shield) and the Italian Commissioner for data protection, therefore no additional user’s consent is required for the transfer. The abovementioned companies warrant their adherence to the Privacy Shield.

Security measures

Data is processed in a lawful and correct way and is protected with security measures that are aimed to prevent unauthorized accesses, publication, changes or unauthorized distruction of data. We commit to maintain security on data communication, by applying Secure Sockets Layer (SSL) software which encrypts information in transit. Data is processed by digital and/or online devices, with organisational and technical measures that are strictly related to the purposes of processing indicated above. Besides data processors, data may be processed by people that work on the Website or other service providers (i.e. technical suppliers, hosting providers).

Cookies

Cookies are small text files that websites send to the user’s computer, where they are stored to be used by the said websites when the user visits them the next times. Third-party cookies are instead installed by a different website than the one that the user is visiting. This happens because every website may contain objects that may be located in different servers than the one that hosts the visited website (i.e. images, maps, sounds, links to external websited, etc.).

Cookies are used for different purposes: digital authentication, session monitoring, recording of website settings, recording of preferences, etc.

The website uses the following types of cookies:

technical cookies: they have the sole purpose of allowing the user to browse the Website or providing a service requested by the user. Without these cookies, some operations would not be possible or would be more complicated and/or unsecure than it would be with them. The Website uses technical cookies for the sole purposes of transmitting electronic comminications, visualizing the Website and browsing it. Some technical cookies are deleted when the browser is closed (i.e. session cookies), while others remain active after that (i.e. the cookie that stores user’s consent to the use of cookies which last one year).

cookies for data analysis: they are used by the website’s operator to collect aggregated information on the number of users and on the way they visit the website. The Website uses cookies for data analysis that are provided by Google Analytics (see section on third-party cookies for more details).

cookies for profiling: they are used to collect data on user’s preferences and create profiles on what he likes, his habits, choices, etc. By using these cookies, an advertiser can send the user personalised marketing messages that are in line with user’s preferences that have been tracked while browsing the internet. The Website uses cookies for profiling that are provided by third parties (see section on third-party cookies for more details).

By clicking the OK button on the banner or by browsing the Website, the user agrees on the use of cookies and on the installation of said cookies in his computer for the purposes indicated above and on the fact that cookies can access information in his computer.

Disabiling cookies

The user may block the cookies and may revoke his consent to their use at any time. Since cookies are linked to the user’s browser, the user may refuse or revoke his consent to the use of cookies by changing the browser settings directly, according to the steps of his browser. The user can also change his preferences on cookies through the banner at the bottom of the page.

If cookies are turned off, some functions of the Website, i.e. third-party services, may not be available, and the following objects may not be visualised:

– social plugins;

– Google maps.

Third-party cookies

This Website uses third-party cookies (i.e. social plugin buttons) with the aim to offer additional services to the users, facilitate the use of the Website or provide personalised marketing messages. The Webiste does not have any control over these cookies that are fully managed by third parties and does not have access to the information collected by them. Details on the use of these cookies, on their purposes and on how they may be turned off are provided by the third parties directly at the pages indicated below.

We remind that user’s tracking does not usually identify the user, unless he has subscribed to the third-party service and is logged in the service when using the social plugin. In this case, the user has already agreed on the processing of his data by giving his consent to the third party directly (i.e. Facebook).

The Website uses the following third-party cookies:

Google Ireland Limited

To understand how Google Ireland ltd processes personal data we advise you to look at Google’s privacy policy (https://policies.google.com/privacy?fg=1&hl=en-GB) and to Google’s privacy policy when using partner’s websites and apps (https://policies.google.com/technologies/cookies?hl=en-GB).

Google Analytics: it is used to analyse how users use the Website, to send reports on Website’s activities and reports on user’s behaviour, to verify how often users visit the Website, how the Website is located by users and what pages are visited the most. This information is also used to compare the Webiste with other similar websites.

Categories of data: browser identification, browsing date and time, originating page and IP address.

Where data is processed: European Union.

Data does not identify the users and is not matched with other data of the same users. Data is processed in aggregated form and it is anonimised (last eight digits are truncated). Google Inc. may not match this data with the one collected from other services, in compliance with a specific agreement (DPA).

More information on Google Analytics cookies is available on Google Analytics Cookie Usage on Websites page (Google Analytics Cookie Usage on Websites).

The user may disable (opt out of) Google Analytics by installing on his browser the specific app provided by Google.

Social network plugins

The Website includes some plugins and/or buttons that facilitate the sharing of information on your favourite social networks. When you visit a page of the Website that shows a plugin, your browser connects directly to the social network’ servers, from which the plugins have been uploaded. These servers may track your visit to the Website and associate it to your social network account, expecially if your are logged in the social network or if you have recently visited a website with social plugins. If you do not want the social network to register data in relation to your visit to the Website, you have to log out of the social network and probably delete cookies that the social network has installed on your browser.

The Website contains plugins that have been designed to protect user’s privacy and they do so by processing user’s data only if the user clicks the plugin and not when he just opens the page that hosts the plugins.

To know more about the way third parties process your data you can refer to the privacy policy of each service provider, as follows:

– Facebook (https://www.facebook.com/about/privacy)

– Twitter (https://help.twitter.com/en/rules-and-policies/twitter-cookies and https://twitter.com/en/privacy)

– LinkedIn (https://www.linkedin.com/legal/privacy-policy)

– Pinterest (https://policy.pinterest.com/en/privacy-policy)

User’s rights on his data

In compliance with the GDPR, the user may exercise the following rights according to and within the limits of the applicable law:

– to object to all of part of the processing for legitimate reasons;

– to demand confirmation as to whether or not personal data concerning him is being processed;

– to know the source of data;

– to obtain information on the logic, purposes of the processing and how processing is being done;

– to demand un update, rectification, integration, deletion and pseudonymization of data;

– to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format;

– to lodge a complaint with a supervisory authority (i.e. the Italian Data Protection Commissioner – https://www.garanteprivacy.it/web/guest/home_en);

– to exercise all other statutory rights.

Requests may be addressed to the data controller.

Updates

This privacy and cookie policy has been updated on 10/03/2020.

(Versione in italiano)