This privacy policy aims to provide all the information regarding the processing of personal data carried out by Peck S.p.A when the User access and browses the website (as better specified below).
Peck S.p.A, with registered offices in Milan – Via Spadari no. 9, 20123, Tax Code/VAT no. 09828820150 (hereinafter the “Controller”), owner of the website https://peck.it/ (hereinafter the “Website”), as the controller of personal data of the users who browse on the Website and may register on it (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
The Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Controller at any time, using the following methods:
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller whose contact details are shown below: the company Shibumi S.r.l., in the designated person of Lapo Curini Galletti, who can be contacted at the following e-mail address: privacy@peck.it.
By browsing the Website, the User can find out about the services offered by the Controller, organised events, points of sale, and, by creating a personal profile and registering, can take advantage of additional features of the Website such as the online shop (hereinafter, the “Shop”), the wish list (hereinafter, the “List”), and the delivery service (hereinafter, the “Delivery” and, all together, the “Service”).
In addition, the User may:
In relation to the activities that can be carried out through the Website, the Controller collects personal data relating to Users.
This Website and any services offered through the Website are reserved for individuals who are 18 years and over. Therefore, the Controller does not collect personal data relating to individuals under 18 years of age. Upon request of the Users, the Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 18.
The personal data of the Users will be processed lawfully by the Controller for the following processing purposes:
The User data collected by the Controller through the mere browsing of the Website by the User includes all personal data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, log files and other parameters relating to the User’s operating system and IT environment.
The data collected by the Controller for the provision of the Shop and the List, through registration, includes: name, surname, date of birth, telephone number, tax code, e-mail address, username, password, country and city (optional), postcode, address, payment details (payment method, amount paid, use of any codes/discounts/concessions) and, if requested at checkout, billing details (VAT number and recipient code), as well as any personal information voluntarily provided by the User during registration.
The data collected by the Controller for the use of the Delivery service includes: name, surname, address, telephone number, tax code, postcode, town, province, email address, payment details (payment method, amount paid, use of any codes/discounts/concessions), as well as VAT number and recipient code, if an invoice is requested. If the order is placed by registering on the Website, the username, password and all personal information voluntarily provided by the User during registration will also be collected.
Unless the User gives the Controller specific and optional consent to process their data for the additional purposes set out in the following paragraphs, the User’s personal data will be used by the Controller for the sole purpose of verifying the User’s identity (including through email address validation), thus preventing possible fraud or abuse, and contacting the User for service reasons only (e.g. to send notifications relating to the Services offered on the Website). Without prejudice to the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties;
b) Administrative and accounting purposes, i.e. to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
c) Legal obligations, i.e. to comply with obligations imposed by law, by an authority, by a regulation or by European legislation.
d) Processing of the User’s request: the personal data of Users is collected and processed by the Controller for the sole purpose of processing their request. The User data collected by the Controller includes: name, surname, e-mail address, telephone number, as well as any additional personal information requested in the form and/or voluntarily published therein by the User. No other processing will be carried out by the Controller in relation to Users’ personal data. Without prejudice to the provisions elsewhere in this privacy policy, under no circumstances will the Controller make Users’ personal data accessible to other Users and/or third parties.
The provision of personal data for the processing purposes indicated above is optional but necessary, as failure to provide such data will make it impossible for the User to (i) register on the Website and consequently use the service offered through the Website or (ii) submit a request for service, application or contact to the Controller.
The personal data necessary for the purposes of processing described in this paragraph 3 are marked with an asterisk in the request form.
4.1 Marketing (sending of advertising material)
With the User’s free and optional consent, some of the User’s personal data (i.e. name, surname, email address and telephone number) may be processed by the Controller for marketing purposes (communication by Peck of commercial information relating to new offers of products and services by Peck and/or companies with which Peck has entered into commercial partnerships) as well as to verify the level of customer satisfaction with products and services, by email, telephone (landline and/or mobile, with automated calling or call communication systems with and/or without the intervention of an operator) and/or SMS or messaging systems.
In case of lack of consent, the possibility of registering on the Website will not be in any way affected.
If consent is given, the User may revoke it at any time by sending a request to the Controller in the manner indicated in paragraph 8 below.
The User may also easily object to further promotional communications being sent by e-mail by clicking on the appropriate link to revoke consent, which is present in each promotional e-mail. Once consent has been withdrawn, the Controller will send the User a message to confirm that consent has been withdrawn. If the User wishes to withdraw their consent to receive promotional communications by telephone, but continue to receive promotional communications by e-mail, or vice versa, please send a request to the Controller using the methods indicated in paragraph 8 below.
The Controller informs you that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (e.g. contact lists already completed shortly before the Controller received the request to object), you may continue to receive some further promotional messages. If the User continues to receive promotional messages after 24 hours have elapsed since exercising the right to object, please report the problem to the Controller using the contact details indicated in paragraph 8 below.
4.2 Soft Spam
The Controller may send Users who have purchased a paid Service, without requesting their consent, informational and commercial communications, exclusively (i) by e-mail and (ii) relating to products and services similar to those already purchased or belonging to the same product category. It will be possible to object at any time, easily and free of charge, to further sending of such communications by means of the automated unsubscribe links included in the communications from the Controller, as well as by the ordinary methods indicated in paragraph 8 below.
Service Management (as described in paragraph 3, letters a) and d) above): the legal basis consists of Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the User’s request prior to entering into a contract.
Administrative and accounting purposes (as described in paragraph 3, letter b) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures taken at the User’s request.
Legal obligations (as described in paragraph 3, letter c) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the controller is subject.
Additional purposes of processing: for processing related to marketing and soft spam activities (as described in paragraphs 4.1 and 4.2 above), the legal basis is Article 6, paragraph 1, letter a) of the Regulation, i.e. the User’s consent to the processing of their personal data for one or more specific purposes. For this reason, the Controller asks the User to give specific, free and optional consent to pursue these purposes of processing. Please note: the purpose of soft spam will be pursued by the Controller without the need to obtain the User’s consent, in line with the exemption provided for in Article 130, paragraph 4, of Legislative Decree No. 196/2003, without prejudice to the User’s right to object easily.
The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
Personal data will be stored:
and in any case as necessary for the civil protection of the interests of both the data subjects and the Controller.
The User’s personal data may be transferred outside the European Union and, in this case, the Controller will ensure that the transfer is carried out in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
The employees and/or collaborators of the Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Controller accordingly to article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as Data Processors, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 8 below.
Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller whose contact details are shown below: the company Shibumi S.r.l., in the designated person of Lapo Curini Galletti, who can be contacted at the following email address: privacy@peck.it.
Pursuant to the Applicable Law, the Controller informs Users that they have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in the case of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as data processors or persons in charge of processing.
Furthermore, Users have the right to obtain:
a. access, updating, rectification or, where interested therein, integration of the data;
b. erasure, anonymisation or restriction of data processed unlawfully, including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where this proves impossible or involves a manifestly disproportionate effort compared to the right being protected.
Pursuant to the Applicable Law, Users have:
a. the right to withdraw consent at any time, if the processing is based on their consent;
b. the right of access to personal data;
c. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
d. the right to object:
e. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 – Rome (http://www.garanteprivacy.it/).
***
The Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.