Privacy Policy - Il lombrico infinito

This Website collects some Personal Data from its Users.

Summary of the Policy

Personal Data collected for the following purposes and using the following services:

•Contacting the User

•Mailing list or newsletter

Personal Data: email

•Contact form

Personal Data: email, name, and phone number

•Payment management

•PayPal

Personal Data: various types of Data as specified by the privacy policy of the service

•Registration and authentication

•Direct registration

Personal Data: surname, email, name, and password

•Statistics

•Google Analytics

Personal Data: Cookies and usage data

Additional Information on Personal Data

•Preference saving, optimization, and statistics

This Website uses Cookies to save browsing preferences and optimize the User’s browsing experience. These Cookies include, for example, those for setting language and currency or for managing statistics by the Website Owner.

•Activities strictly necessary for the functioning of the Website

This Website uses Cookies to save the User’s session and perform other activities strictly necessary for its operation, for example, related to traffic distribution.

•Sale of goods and services online

Personal Data collected is used to provide services to the User or sell products, including payment and possible delivery. The Personal Data collected to complete the payment may include credit card details, bank account used for the transfer, or other payment methods provided. The payment data collected by this Website depends on the payment system used.

Contact Information

•Data Controller

Il Lombrico Infinito by Ruben Paolo Gemme, VAT No. 02600580068, with registered office at Strada Lacello 18, 15016 Cassine (AL), info@illombricoinfinito.it

(General Data Protection Regulation – GDPR)

This policy describes the processing of personal data of users who visit the website www.illombricoinfinito.it (hereinafter referred to as the “Website”) or who use the services provided through it by Il Lombrico Infinito by Ruben Paolo Gemme (hereinafter referred to as the “Company”).

In compliance with the principles recognized by European Regulation 679/2016 (hereinafter referred to as the “Regulation”), this policy provides the user, as the data subject, with all necessary information to ensure maximum fairness and transparency in the processing of their personal data.

This information does not concern other websites, pages, or online services accessible via links that may be published on this Website, such as redirects to social media pages (Facebook, YouTube, etc.).

1. Data Controller

The Data Controller and Processor is:

Il Lombrico Infinito by Ruben Paolo Gemme

The contact email for the Data Protection Officer is: info@illombricoinfinito.it

2. Types of Data Processed, Purposes, and Legal Basis for Processing

As a result of browsing this Website or using the services provided through it, the following types of personal data of users may be processed:

•a) Browsing data

The computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, it could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are used solely to obtain anonymous statistical information on the use of the Website and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or third parties: except for this possibility, at present, web contact data do not persist for more than seven days.

•b) For the website illombricoinfinito.it, personal data voluntarily provided by the user

The personal data freely and voluntarily provided by users of this Website include:

1.Necessary for the conclusion of e-commerce transactions, within the scope of online purchases.

Payment management services allow this Website to process payments via credit card, bank transfer, PayPal, and cash on delivery. The data used for payment is acquired directly by the payment service provider requested without being processed in any way by the Company (e.g., PayPal is a payment service provided by PayPal Inc., which allows the user to make online payments using their PayPal credentials).

2.Data entered in forms available on certain sections of the Website (e.g., the “Contact” section), or sent via email to the addresses indicated on the Website, or data entered for website registration or for subscribing to the newsletter, to the extent necessary to respond to the user’s requests.

The personal data freely and voluntarily provided by users are collected and processed for the following purposes:

•Provision of products requested by the user and management of related payments;

•Website registration;

•Subscription and sending of newsletters via email;

•Responding to information requests;

•Statistical purposes.

The legal basis for processing for the aforementioned purposes is not only the necessity to perform the contract to which the user is a party or to respond to their requests but also the necessity to comply with legal obligations to which the Company is subject.

For processing carried out for the purpose of direct mailing of its own advertising materials or commercial communications related to products or services similar to those already requested by users, the Company may use email and postal addresses in accordance with and within the limits permitted by the provision of the Data Protection Authority dated June 19, 2008, as the legal basis for such processing is the pursuit of its own legitimate interest.

In any case, pursuant to Article 21 of the Regulation, the user has the right to object to this processing at any time, initially or on the occasion of subsequent communications, easily and free of charge, by contacting the Data Controller or the Data Protection Officer at the above-mentioned contact details. The user also has the right to obtain an immediate confirmation of the cessation of such processing.

Regarding statistical purposes, data will be processed in an anonymous and aggregated form.

3. Mandatory or Optional Nature of Providing Users’ Personal Data

Providing personal data to the Data Controller—particularly personal details, email address, postal address for product delivery, and phone number—is necessary for the conclusion of the purchase contract for products on the Website or for the registration process.

Failure to provide personal data marked with an asterisk may result in the inability to complete the registration process, execute the purchase contract for products on the Website, or use the services available on the Website.

4. Recipients of Users’ Personal Data

The personal data of users who visit this Website or use the services provided through it will be disclosed to:

•Register S.p.A. as the data processor for hosting services for the website illombricoinfinito.it;

•Kiway S.r.l.s. as the data processor for maintenance and technical support services;

•MailUp for managing Newsletter services;

•Couriers for product delivery management;

•Entities, authorities, or organizations to whom the communication of personal data is mandatory by law or by order of competent authorities.

Users’ personal data will not be transferred abroad to countries or international organizations outside the European Union that do not guarantee an adequate level of protection, as recognized under Article 45 of the Regulation, based on an adequacy decision by the European Commission.

If necessary for the provision of services, the transfer of personal data to non-EU countries or international organizations will be carried out in compliance with Articles 45-49 of the Regulation.

5. Retention of Users’ Personal Data

Personal data voluntarily provided by users will be stored in a form that allows the identification of the data subjects for the time strictly necessary to achieve the purposes for which the data was collected and subsequently processed and, in any case, within legal limits.

Personal data related to online product purchases will be stored for 10 years.

6. Data Subject’s Rights

Articles 15-22 of the Regulation grant the data subject the right to:

•Request confirmation as to whether or not personal data concerning them exists (Art. 15, par. 1);

•Obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be disclosed, and, when possible, the retention period (Art. 15, par. 1, letters a, c);

•Obtain the rectification or erasure of data (Arts. 16 and 17);

•Obtain the restriction of processing (Art. 18);

•Obtain information from the Data Controller regarding the recipients to whom personal data has been transmitted, as well as any rectifications, erasures, or restrictions of processing (Art. 19);

•Obtain data portability, i.e., to receive their personal data from a Data Controller in a structured, commonly used, and machine-readable format, and to transmit that data to another Data Controller without hindrance (Art. 20);

•Object to automated decision-making processes concerning them, including profiling (Arts. 21 and 22);

•Withdraw consent at any time if the processing is based on consent (Art. 7, par. 3);

•Be informed of personal data breaches without undue delay when such breaches are likely to result in a high risk to the rights and freedoms of natural persons (Art. 34).

Data subjects can contact the Data Protection Officer for any issues related to the processing of their personal data and to exercise their rights under this Regulation by sending an email to: info@illombricoinfinito.it

Users who believe that the processing of their personal data carried out through this Website violates the current data protection regulations have the right to file a complaint with the Supervisory Authority pursuant to Art. 77 of the Regulation or to take appropriate legal action.

7. Changes and Updates to This Privacy Policy

Any changes and updates to this Privacy Policy will be notified to users on the Website’s homepage or via email (for registered users) as soon as they are adopted. These changes will be binding as soon as they are published on the Website in this same section.