Terms and Conditions

Terms and Conditions

Privacy Policy

Customer service

Contact InfoPayment methodsReturns and RefundsFind your orderShipping

Legal Area

Terms and Conditions of SaleGeneral Terms of UseCookie policyPrivacy PolicyAccessibility StatementPrize competitionPrivacy Policy Rimini Wellness
PRIVACY POLICY

Introduction
This policy is provided pursuant to Article 13 of EU Regulation 2016/679 on the protection of personal data (hereinafter referred to as "GDPR") and in accordance with the provisions of Italian Legislative Decree 196/03 (the "Privacy Code") in order to provide the user with information on the processing of his/her personal data related to the navigation and functionality of this website.
We inform the Data Subject, user or visitor of the website, that the EU Regulation 2016/679 (hereinafter, 'GDPR') provides for the protection of the processing of their personal data. In particular, the GDPR, together with Italian Legislative Decree No. 196/2003 (the so-called 'Personal Data Protection Code', hereinafter the 'Code') and other relevant legislation in force, stipulate that the processing of personal data must be based on the principles of fairness, lawfulness and transparency in respect of the fundamental rights and freedoms, the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to protection of personal data.
This policy is subject to updates, which are published on the website.

1.        Definitions. 
2.        Data Controller and Data Protection Officer 
3.        Place of Data Processing. 
4.        Purpose of processing and type of Personal Data. 
5.        Methods and duration of Processing. 
6.        Optional provision of data. 
7.        Possible recipients of Personal Data. 
8.        Information Security. 
9.        Rights of the Data Subject 

1.Definitions

For the purposes of this Privacy Policy:
Personal data’ means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information;
‘Authorised person’ means the natural person authorised by the Data Controller or Processor to carry out processing operations;
Data Subject’ means the natural person to whom the Personal Data refer;
'Data Processor' means the natural person, the legal person, the public administration and any other body, association or organisation that processes data on behalf of the Data Controller;
‘Data Protection Officer (DPO)’ means the person or entity appointed by the Data Controller pursuant to Articles 37-39 of the GDPR;
'Website' means the website https://shop.dececco.com
Data Controller’ means the natural person, the legal person, the public administration and any other body, association or organisation responsible, also jointly with other Data Controller(s), for deciding on the purposes and means of the processing of Personal Data and the instruments used, including security measures;
Processing’ means any operation or set of operations, carried out with or without the help of electronic means, concerning the collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data, whether the latter are contained or not in a database;
Disclosure’ means any disclosure likely to make Personal Data known to one or more specified parties other than the Data Subject, the Data Controller's representative in the territory of the State, the Data Processor and the Authorised Persons, in any form whatsoever, including by making available or consulting the Personal Data;
Consent’ means any manifestation of the Data Subject's free, specific, informed and unambiguous will, by means of a statement or unambiguous affirmative action, whereby the Data Subject indicates his/her assent to Personal Data relating to him/her being processed;
Profiling’ means any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural or legal person, in particular to analyse or predict aspects of that person's professional performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements, willingness to purchase, etc.;
Pseudonymisation’ means the Processing of Personal Data in such a way that it cannot be attributed to a Data Subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organisational measures to ensure that the Personal Data is not attributed to the identified or identifiable Data Subject;
User’ means any natural person using the Website.

2.Data Controller and Data Protection Officer

  1. The Data Controller is F.LLI DE CECCO DI FILIPPO FARA SAN MARTINO S.p.A. with registered office in Via F. De Cecco, Fara San Martino (CH), Italian Tax code - VAT number 00628450694, in the person of its Legal Representative Cav. Filippo Antonio De Cecco, (hereinafter referred to as 'OWNER’ or ‘Company')
  2. Information and requests concerning privacy, including those relating to the exercise of the rights of the Data Subject indicated in Article 9 below, may be addressed to the Company by e-mail at the address privacy@dececco.it.
  3. The Data Protection Officer (DPO) appointed by the Company is Giulio Maria Garofalo, who can be contacted at the e-mail address DPO@dececco.it.

3.Place of Data Processing

Personal Data are processed on servers located within the European Union. Currently, the servers are located in Italy. Personal Data will not be not transferred outside the European Union. The Controller reserves the right to change the location of the servers also outside the European Union, in such case ensuring that the transfer takes place in accordance with the applicable legal provisions, with the appropriate guarantees provided for in Article 46 of the GDPR.

4.Purpose of processing and type of Personal Data

  1. Browsing Personal Data
The computer systems and software procedures used to run the Website acquire certain Personal Data during their normal operation, as they are implicitly transmitted by Internet communication protocols. This is information that is not collected in order to be associated with identified Data Subjects, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of Personal Data includes the IP addresses or domain names of the computers used by Users who connect to the Website of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment. These Personal Data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning, and are deleted immediately after processing. These Personal Data could be used to ascertain liability in case of computer crimes against the Website. In any case, these Personal Data are kept for the period of time strictly necessary and in any case in accordance with the relevant regulations in force.
  1. Cookies
    1. Full details on this type of Data are provided in the dedicated "cookie policy" section that can be consulted at the link https://shop.dececco.com/area-legale/cookie-policy and by means of specific information text displayed before the collection of cookies for which the User's consent is required.
    2. Newsletter subscription
By filling in the dedicated form, the user can subscribe to the newsletter, thereby consenting to receiving communications of an informative and commercial nature by e-mail.
  1. The Personal Data collected include the e-mail address and are processed for marketing and communication purposes. Users may unsubscribe at any time through the opt-out mechanism provided in each communication or through their personal area or by sending a request to privacy@dececco.it
  1. Website Registration
By registering in the appropriate section of the Website ("Login"), the User authorises the Controller to process Personal Data such as, but not limited to, name, surname, telephone number and e-mail address, in order to complete and manage the Login process.
  1. The Personal Data collected include first name, last name, e-mail address, password, date of birth*, shipping/billing address*, purchase history, purchase preferences (whishlist), which are collected and processed, until the user voluntarily unsubscribes, for the following purposes:
  1. management of the User's Login to the Website to enable the User to benefit from services reserved for members (whishlist, purchase history, consent management, coupon management, etc.)
  2. subject to specific consent, the sending of communications of an informative and commercial nature (newsletter)
  3. subject to the granting of specific consent, profiling activities that include sending communications of a commercial nature customised on the basis of the analysis of the user's preferences.
    1. Purchases
In order to use the e-commerce service and purchase products on our e-shop, the User must fill in the payment form and the shipping form.
Through these forms, the Controller collects and processes identifying, personal and contact data such as: first name, last name, billing address; shipping address for purchased products, city, postcode, e-mail address, telephone number, and any notes for delivery. Payment Data such as credit card number, expiry date, security code, first name and surname of the cardholder are NOT accessible to the Data Controller, but are managed through a party acting as a separate autonomous data controller, and information on the processing carried out by such party will be available in the payment area. The company is not responsible for that procedure and does not receive or in any other way manage data relating to the payment methods used by Data Subjects or Users.
  1.  the aforementioned personal data are processed for the following purposes:
  1. Management of the contractual relationship, including customer registration, administrative management of the order, shipment and/or delivery of products; the legal basis for such processing is the performance of an existing contract with the Data Subject [Article 6(1)(b) GDPR].
  2. Fulfilment of legal obligations related to the contract; the legal basis for such processing is the fulfilment of obligations under the law or EU legislation [Article 6(1)(c) GDPR].
  3. Protection of rights in the event of disputes or complaints; the legal basis for such processing is the legitimate interest of the Controller to have its rights protected [Article 6(1)(f) GDPR].
  4. Soft spam: sending commercial communications by e-mail referring to products similar to those purchased by the user. These communications are based on the legitimate interest of the User, who may, however, object at any time through the opt-out mechanism present in each communication, or by writing to the address privacy@dececco.it
  5. Profiling
  6.  Statistical analysis based on anonymised data and sales performance; the legal basis for this processing is the legitimate interest of the Data Controller [Article 6(1)(f) GDPR].
    1. Requests for information and submission of reports
      1. By filling in the contact forms on this website, sending paper or electronic mail messages to the addresses published on the website, or issuing comments or requests via social media pages, the Data Controller acquires the personal and contact data (first name, surname, e-mail address, telephone number) and any personal data entered by the User in the communications. These data are processed for the sole purpose and for the period necessary to provide feedback on users' requests, for a maximum of three years. The legal basis for the Processing is therefore the execution of a request by the data subject.
    2. Personal Data voluntarily provided by Users
      1. The voluntary, optional and explicit forwarding of Personal Data by the User (e.g. when entering his/her Personal Data by filling in specific forms, sending e-mails to the addresses indicated on the Website, etc.) entails the subsequent acquisition of the sender's address and of the Personal Data provided by the same, for the Processing of which the Data Controller is justified by the need to prepare or execute a contract requested by the Data Subject, pursuant to Article 6.1.b) of the GDPR.

5.Methods and duration of Processing

The Personal Data collected are:
  1. processed by means of automated electronic and computerised devices and telecommunications, or by manual processing in manners in line with to the purposes for which the Personal Data were collected;
  2. processed lawfully, fairly and transparently as regards the Data Subject;
  3. collected for specified, explicit and legitimate purposes, and subsequently processed in a manner consistent with those purposes;
  4. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  5. exact and, if necessary, updated;
  6. stored in such a way as to allow identification of the Data Subject for a period of time not exceeding the achievement of the purposes for which they are processed;
  7. processed in such a way as to ensure adequate security - including protection, through appropriate technical and organisational measures - against unauthorised or unlawful processing and accidental loss, destruction or damage.
The Processing of Personal Data is based on the principles of fairness, lawfulness and transparency.

6.Optional provision of data

Except for Personal Data related to browsing, the provision of Personal Data by the Data Subject is optional, but refusal may prevent the timely and correct handling of the contact request, prevent the User's Login to the Website and also the conclusion or execution of purchase orders.

7.Possible recipients of Personal Data

  1. Personal Data shall not be disclosed to third parties, unless this is indispensable and, in that case, the Disclosure shall only concern the Personal Data strictly necessary to achieve the purposes of the Processing indicated in the Privacy Policy.
  1. Personal Data may be disclosed to third parties who, on the Company's behalf, provide services necessary for the operation of the Website, the receipt and processing of orders and after-sales services, all of whom shall be appropriately authorised or appointed as data processors pursuant to Article 28 of the GDPR;
  2. administrative or judicial authorities for the fulfilment of legal obligations.
    1. For payment services, the company uses a provider who acts as an autonomous separate data controller, and information on the processing carried out by such party will be available in the payment area. The company is not responsible for that procedure and does not receive or in any other way manage data relating to the payment methods used by Data Subjects or Users.

8.Information Security

  1. All information collected on the website is stored and maintained in secure facilities that restrict access to authorised personnel only. The website is regularly monitored for security breaches and to ensure that the information collected is safe from unauthorised viewing. The Data Controller complies with the security measures prescribed by applicable laws and regulations and all appropriate measures in accordance with the current state-of-the-art criteria, in order to ensure and guarantee the confidentiality of the User's Personal Data and to minimise, as far as possible, the dangers of unauthorised access, removal, loss and/or damage to the User's Personal Data.
  2. In accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing of Personal Data, as well as the risks (with different degrees of probability and severity) to the rights and freedoms of natural persons posed by the Processing of Personal Data, the Controller shall implement appropriate technical and organisational measures, both when determining the means of Processing and during the Processing itself. These measures shall include Pseudonymisation and encryption of Personal Data and shall be designed to ensure effective compliance with Data Protection principles such as minimisation. They integrate the Processing of Personal Data with the necessary safeguards to comply with the requirements of the GDPR and to protect the rights of Data Subjects.

9.Rights of the Data Subject

  1. The Data Subject may, at any time, exercise the rights set out in Chapter III of the GDPR. In particular, the Data Subject has the following rights:
access to Personal Data concerning him/her in order to obtain information on the methods and purposes of Processing;
rectification of the Personal Data provided, if inaccurate;
erasure of the Personal Data provided, which shall occur upon revocation by the Data Subject of their Consent to the Processing or upon objection to it (in addition to the obligation to erase Personal Data in cases of unlawful Processing or when there is a legal obligation to delete them);
limitation of the Processing of Personal Data, when one of the conditions set out in Article 18 of the GDPR applies;
object, at any time, to the processing of Personal Data, unless there is a legitimate interest of the Controller to proceed with the Processing that overrides the right to object;
portability, which consists in the right of the Data Subject to request to receive Personal Data, or to have them transmitted to another Data Controller designated for that purpose, in a structured, commonly used and machine-readable format.
  1. Furthermore, pursuant to Article 7(3) GDPR, the Data Subject may exercise the right to withdraw Consent at any time. Withdrawal of Consent shall not affect the lawfulness of the Processing of Personal Data for the period during which the Consent was effective. If Consent is revoked, however, the Controller may continue with the processing of data whose legal basis is different from Consent.
  2. These rights may be exercised by sending us a specific request by email to the address privacy@dececco.it.
  3. The Data Subject also has the right to lodge a complaint before the supervisory Authority, which for Italy is the Italian Data Protection Authority. It can be contacted at www.garanteprivacy.it

Date of last update: 26-06-2024
Introduction

This information is provided pursuant to art. 13 of EU Regulation 2016/679 on the protection of personal data (hereinafter "GDPR") and in compliance with to the provisions of the Legislative Decree. 196/03 (so-called Privacy Code) in order to provide the user with information relating to the processing operations of his personal data connected to navigation and functionalities. of this website.
The interested party, user or visitor of the website, is hereby informed that EU Regulation 2016/679 (hereinafter, "GDPR") provides for the protection of the processing of his/her personal data. In particular, the GDPR, together with the Legislative Decree. n. 196/2003 (so-called “Code regarding the protection of Personal Data”, hereinafter, “Code”) and the further legislation in force on the matter, establish that the processing of personal data is based on the principles of correctness, lawfulness and and transparency in respect of rights and freedoms fundamentals, of dignity of the interested party, with particular reference to confidentiality, identity and personal data and the right to the protection of personal data.
This information is subject to updates of which it is advertising date on the Website.

1.         Definitions 
2.         Data Controller and Responsible for the protection of personal data
3.         Place of Data Processing 
4.         Purpose of the processing and Type of Personal Data
5.         Method and duration of the Treatment. 
6.         Optional of the provision of the Data 
7.         Any recipients of the Personal Data
8.         Information security 
9.         Rights of the interested party.

1. Definitions

For the purposes of the Information, the following definitions apply:
"Personal Data": any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information;
"Appointee": the natural person authorized to carry out Processing operations by the Data Controller or Processor;
"Interested": the natural person to whom the Personal Data refers;
"Data Controller", the natural person, the legal person, the public administration and any other body, association or organization that processes data on behalf of the Data Controller;
"Data Protection Officer (DPO)": the person appointed by the Data Controller pursuant to articles. 37-39 of the GDPR;
"Website": the site https://shop.dececco.com
"Data Controller": the natural person, the legal person, the public administration and any other body, association or organization to which they are responsible, even together with other Data Controller(s), the decisions regarding the purposes, methods and of the Processing of Personal Data and the tools used, including the security profile;
"Processing": any operation or set of operations, carried out even without the aid of electronic instruments, concerning the collection, recording, organisation, conservation, consultation, processing , modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not recorded in a database; /> "Communication": any disclosure suitable for giving knowledge of the Personal Data to one or more specific subjects other than the interested party, the representative of the Data Controller in the territory of the State, the Manager and the Persons in charge, in any form, including by making available or consulting the Perso Data nals;
"Consent": any expression of will free, specific, informed and unequivocal of the interested party, by means of a declaration or unequivocal positive action, with which the latter expresses his/her consent for the the Personal Data concerning him are subject to Processing;
"Profiling": any form of automated processing of Personal Data consisting of the use of such Personal Data to evaluate certain personal aspects relating to a natural or legal person, in particular to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel, propensity to purchase etc.;
"Pseudonymisation": the Processing of Personal Data in such a way that it cannot be attributed to a Data Subject without the use of additional information, provided that such additional information is kept separately and subject to measures technical and organizational measures aimed at ensuring that Personal Data is not attributed to the interested party, identified or identifiable;
"User": any natural person who uses the Website.


2. Data Controller and Responsible for the protection of personal data

2.1 The Data Controller is F.LLI DE CECCO DI FILIPPO FARA SAN MARTINO S.p.A. with registered office in Via F. De Cecco, Fara San Martino (CH), CF - VAT number 00628450694 in the person of the Legal Representative Cav. Filippo Antonio De Cecco, (hereinafter, "OWNER or Company")

2.2 Information and requests regarding privacy, also relating to the exercise of the rights of the interested party indicated in the following article 9, can be addressed to the Company. by email to the address privacy@dececco.it.

2.3 The Data Protection Officer (DPO) appointed by the Company is the lawyer Giulio Maria Garofalo, reachable at the email address DPO@dececco.it.


3. Place of Data Processing

The Processing of Personal Data takes place on servers located within the European Union. Currently, the servers are located in Italy. Personal Data is not transferred outside the European Union. The Data Controller reserves the right to to change the location of the servers even outside the European Union, ensuring, in this case, that the transfer takes place in compliance with to the applicable legal provisions, with the adequate guarantees provided for by art. 46 of the GDPR.


4. Purpose of the processing and Type of Personal Data

4.1 Personal browsing data
The IT systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of Personal Data includes the IP addresses or domain names of the computers used by the Users who connect to the Website of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc. ) and other parameters relating to the operating system and the User's IT environment. This Personal Data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing. This Personal Data could be used to ascertain liability in the event of hypothetical computer crimes to the detriment of the Website. In any case, this Personal Data is kept for the strictly necessary period and in any case in compliance with the relevant regulatory provisions in force.

4.2 Cookies
4.2.1 Complete details on this type of Data are provided in the dedicated "Cookie Policy" consavailable at the link and through specific information text displayed before the collection of cookies for which it is the release of Consent by the User is necessary.

4.3 Newsletter Subscription
By filling out the dedicated form, the user can subscribe to the newsletter, agreeing to receive informative and commercial communications by e-mail.
4.3.1 The Personal Data collected includes the e-mail address and is processed for the purposes of marketing and communications. The user can unsubscribe at any time through the opt put mechanism provided in each communication or through your personal area or by sending a request to privacy@dececco.it

4.4 Registration on the Website
By registering in the specific section of the Website (“Log-in”), the User authorizes the Owner to process Personal Data such as, by way of example and not limited to, name, surname, telephone number and ;email address, in order to complete and manage the Log-In process.

4.4.1 The Personal Data collected includes name, surname, e-mail address, password, date of birth*, shipping/billing address*, purchase history, purchasing preferences (whish list) which are collected and are processed, until the user voluntarily unsubscribes, for the following purposes:
  1. management of the User's Log-In to the Website to allow the User to use the services reserved for members (whish lists, purchase histories, consent management, coupon management, etc.)
  2. subject to specific consent, sending of communications of an informative and commercial nature (so-called newsletter)
  3. subject to specific consent for activities profiling which includes sending personalized commercial communications based on the analysis of user preferences.
4.5 Purchases
To use the e-commerce service and purchase the products on our E-shop, the User must: fill out the payment form and the shipping form.
Through these forms the Data Controller collects and processes identification, personal and contact data such as: name, surname, billing address; shipping address of the purchased products, city, postcode, e-mail address, telephone number, any delivery notes. Payment data such as credit card number, expiry date, security code, name and surname of the credit card holder are NOT accessible to the Cardholder, but are managed through an individual >who acts in a capacity of an independent separate data controller and the information relating to the processing carried out by that person will be available in the payment environment. The company is not serious; responsible for that procedure and does not receive any has in no other way the data relating to the modalities payment methods used by interested parties or users.

4.5.1 The aforementioned personal data are processed for the following purposes:
  1. Management of the contractual relationship, including the opening of the customer registry, the administrative management of the order, the shipping and/or delivery of the products; the legal basis of such processing and the execution of an existing contract with the interested party [art. 6, par. 1, letter. b GDPR].
  2. Fulfillment of legal obligations related to the contract; the legal basis of this processing is the fulfillment of the obligations established by law or community legislation [art. 6, par. 1, letter. c GDPR].
  3. Protection of rights in case of disputes or complaints; the legal basis of this processing is the legitimate interest of the Data Controller in seeing their rights protected [art. 6, par. 1, letter. f GDPR].
  4. Soft spam: sending commercial communications by e-mail referring to products similar to those purchased by the user. These communications are based on the legitimate interest of the User who can however, object at any time through the opt-out mechanism present in every communication, or by writing to the address privacy@dececco.it
  5. Profiling
  6. Statistical analysis on an anonymized and sales performance basis; the legal basis of this processing is the legitimate interest of the Data Controller [art. 6, par. 1, letter. f GDPR].
4.6 Requests for information and sending reports
4.6.1 By filling in the contact forms on this site, sending traditional or electronic mail messages to the addresses published on the same, issuing comments or requests via the social pages, the Owner acquires personal and contact data (name, surname, email address, telephone number) and any personal data entered by the User in communications. These data are processed for the sole purpose and for the period necessary to provide feedback to user requests, for a maximum of three years. The legal basis of the processing is, therefore, constituted by the execution of a request from the interested party.

4.7 Personal Data provided voluntarily by Users
4.7.1 The voluntary, optional and explicit sending of Personal Data by the User (e.g. when entering their Personal Data by completing specific forms, sending e-mails to the addresses indicated on the Website, etc.) involves the subsequent acquisition of the sender's address and the Personal Data provided by the same, for the processing of which the Data Controller is responsible. legitimized by necessity to prepare or execute a contract requested by the interested party, pursuant to art. 6.1.b) of the GDPR.


5. Method and duration of the Treatment

The Personal Data collected are:
  1. processed using automated electronic, IT and telematic tools, or through manual processing with logic related to the purposes for which the Personal Data was collected;
  2. processed in a lawful, correct and transparent manner with reference to the interested party;
  3. collected for purposes determined, explicit and legitimate, and subsequently processed in a manner consistent with these purposes
  4. adequate, relevant and limited to what is necessary with respect to the purposes of the for which they are processed;
  5. accurate and, if necessary, updated;
  6. kept in such a way as to allow the identification of the interested party for a period of time not exceeding the achievement of the purposes for which they are processed;
  7. processed in a manner that guarantees adequate security of the Personal Data – including protection, through appropriate technical and organizational measures – from unauthorized or illicit processing and from accidental loss, destruction or damage.
The Processing of Personal Data is based on principles of correctness, lawfulness and and transparency.


6. Optional of the provision of the Data

Except for Personal Navigation Data, the communication of Personal Data by the interested party is optional, but any refusal could prevent the timely and correct management of the contact request, prevent the User from logging in to the Website and also prevent the conclusion or execution of purchase orders.


7. Any recipients of Personal Data

7.1 Personal Data will not be communicated to third parties, unless this is done. is indispensable and, in this case, the Communication will have concerns only the Personal Data strictly necessary to achieve the purposes of the Processing indicated in the Information.
  1. Personal Data may be communicated to third parties who, on behalf of the Company, provide in favor of the Company services necessary for the functioning of the Website, for the reception and fulfillment of orders and after-sales services, all adequately authorized or appointed as data controllers pursuant to art. 28 of the GDPR;
  2. to authorities administrative or judicial for the fulfillment of legal obligations.
7.2 For payment services, the company uses a supplier who acts in the capacity of of an independent separate data controller and the information relating to the processing carried out by that person will be available in the payment environment. The company is not serious; responsible for that procedure and does not receive any has in no other way the data relating to the modalities payment methods used by the interested parties or dagthe Users.


8. Information security

8.1 All information collected on the Website is stored and maintained in secure facilities that limit access to authorized personnel only. The Website is regularly monitored to check for any security breaches and ensure that the information collected is safe from anyone who intends to view it without authorization. The Data Controller complies with the security measures prescribed by the applicable laws and regulations and with all appropriate measures according to the currently most effective criteria. cutting-edge, to ensure and guarantee the confidentiality of the User's Personal Data and minimize, as far as possible, the dangers posed by unauthorized access, removal, loss and/or damage to the User's Personal Data .

8.2 In accordance with art. 32 of the GDPR, taking into account the state of the art and implementation costs, as well as of the nature, scope, context and purposes of the of the Processing of Personal Data, as well as the risks likely to arise and gravity different for rights and freedoms of the natural persons interested in the Processing of Personal Data, both at the time of determining the means of Processing and at the time of the Processing itself, the Data Controller implements adequate technical and organizational measures, such as Pseudonymisation and encryption of Personal Data, aimed at effectively implement the principles of protection of Personal Data, such as minimization, and to integrate the Processing of Personal Data with the necessary guarantees in order to satisfy the requirements of the GDPR and protect the rights of the interested parties.


9. Rights of the interested party

9.1 The interested party may, at any time, exercise the rights set out in Chapter III of the GDPR. In particular, the interested party has the right to:
access to Personal Data concerning him to obtain information on the methods and purposes of the Treatment;
rectification of the Personal Data provided, if inaccurate;
deletion of the Personal Data provided, which must be deleted in cases of revocation by the Interested Party of his Consent to the Processing of Personal Data or of his opposition to the Processing of the same (to which is added the obligation to erase Personal Data in cases of unlawful processing of the same or in the existence of a legal obligation to erase);
limitation of the Processing of Personal Data, when one of the conditions referred to in art. 18 of the GDPR;
opposition, at any time, to the Processing of Personal Data, unless there is a legitimate interest of the Data Controller to proceed with the Processing which prevails over the right of opposition;
portability, which consists of the right of the interested party to request to receive the Personal Data, or to have it transmitted to another Data Controller indicated for this purpose, in a structured, commonly used and readable format from an automatic device.

9.2 Furthermore, pursuant to art. 7, par. 3, GDPR, the interested party can exercise the right to withdraw consent at any time. The revocation of Consent does not affect the lawfulness of the of the Processing of Personal Data relating to the period of effectiveness of the Consent. In case of revocation of the Consent, however, the Data Controller may continue processing data whose legal basis is different from consent.

9.3 The exercise of rights may take place by sending us a specific communication via email to the address privacy@dececco.it.

9.4 The interested party also has right to lodge a complaint before the Authority of control which for Italy is the Guarantor for the Protection of Personal Data and can be contacted at the website www.garanteprivacy.it

Last update date: 26-06-2024