Notice provided pursuant to Article 13 of European Regulation 2016/679
This section describes the site management methods adopted by DEPECHE Srl Unipersonale, a single-shareholder company managed and coordinated by Portovenere Srl Unipersonale, in relation to the processing of the personal data of users who access and browse the site. In compliance with Article 13 of EU Regulation 2016/679 on the protection of natural persons with regards to the processing of personal data, in addition to the free movement of such data, DEPECHE S.r.l. Unipersonale hereby provides the following information to those who interact with the services offered by this site, which can be accessed online using the following address: www.aniyeby.com
The data controller
In order to provide its web services, DEPECHE may process data relating to identified or identifiable natural or legal persons. The data controller is DEPECHE S.R.L Unipersonale, a company managed and coordinated by Portovenere S.r.l. Unipersonale, with head office in Italy, at Via dell’Agricoltura n. 47/49, Carpi (MO) 41012.
Place of data processing and disclosure and dissemination
The following site is "hosted" physically in Italy at DF SOLUTION, while technical assistance is handled by authorised personnel acting in the capacity of data processor. The data controller may disclose the data stored on the site to public bodies or authorities when so required by law or when necessary to protect the data controller's rights. No data originating from the web service is disseminated.
Types of data processed
Navigation data During standard operation, the computer systems and software procedures used to operate this website acquire certain items of personal data automatically through the use of Internet communication protocols. This information is not collected in order to be associated with identified individuals; however, the nature of this information is such that it could - through processing and association of data held by third parties - allow users to be identified. This kind of data includes IP addresses, domain names of computers used by users connecting to the website, as well as the URI (Uniform Resource Identifier) addresses of any resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the server reply status (successful, error, etc..) and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information about site usage and to check that the site is working properly. This data is deleted immediately after processing. This data could be used to ascertain liability in the event of computer crimes against the site. Data provided voluntarily by the user Users can interact with the site and in doing so provide their own personal data when registering their “account” or by subscribing for the “Newsletter”. Detailed information is provided in the specific data consent forms linked to the account and newsletter.
Purposes of the processing and legal basis
We intend to process your data, with your specific consent where necessary, for the following purposes:
to allow the user to navigate and browse the website;
to allow the user to purchase our products by signing up for a user account;
to send newsletter with commercial and advertising emails relating to Aniyeby initiatives and products;
For “Soft Spam”, i.e. to send marketing emails to its customers regarding promotional and commercial initiatives concerning products and services similar to those they have purchased through the site and offering discounts therefor;
to meet legal, accounting, and tax requirements;
to process non-identifying statistics.
The legal basis of the processing of personal data for the purposes stated in sections a-b is set out in Article 6, section 1, subsection b,) of the EU Regulation (processing is necessary in order to perform an agreement to which data subject is a party or to take action prior to entering into an agreement) as the processing is necessary in order to provide the services you have requested or to meet a legitimate interest of the data controller to meet users' requests (article 6, section 1, subsection f, of the GDPR). The provision of personal data is compulsory for these purposes in order for your request to be met and failure to provide such data would make it impossible to render the services requested. In order to send you the newsletter (subsection c), your data is processed by DEPECHE following a request for your consent (Article 6, section 1, subsection a) of the GDPR). The provision of data in this case is optional and the user may unsubscribe from the newsletter at any time. The processing of "soft spam" (subsection d) is based on the data controller's pursuit of a legitimate interest consisting in the performance of direct marketing activities aimed at the customers thereof under the conditions established by Article 130 section 4 of Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101 of 2018 and by section 47 of the recitals of the GDPR. The user may object to the processing at any time by sending an email to:[email protected] Finally, the purpose stated in subsection e) finds its legal basis in the need to meet a legal requirement (Article 6, section 1, subsection c, of the GDPR), while for the creation of statistics, anonymous data is used that is not covered by the data protection legislation.
When you sign up for an account on this site, we gather information about you, including your first name, surname, email address, and the password you create. Through this account, you will be able to place orders and view and track your purchases. At the time of payment (check out), other data will be requested, such as your address, telephone number, and payment methods, in order complete your order and ship your purchase. This information will be used to:
generate your account to enable you to place orders in compliance with our General Conditions;
identify yourself when accessing your account;
provide assistance relating to your purchases;
process your order and provide a payment receipt;
inform the courier of your order;
carry out anonymous analyses and research to develop and improve our services (for example, to identify the most clicked product).
The legal basis of the processing of personal data for account registration purposes is set out in Article 6, section 1, subsection b,) of the EU Regulation (processing is necessary in order to perform an agreement to which data subject is a party or to take action prior to entering into an agreement) as the processing is necessary in order to provide the services you have requested or to meet legal requirements (Article 6, section 1, subsection c, of the EU Regulation). The provision of personal data is compulsory for these purposes in order for your request to be met and failure to provide such data would make it impossible to render the services requested.
Your email address will be requested if you subscribe to newsletters from Depeche with commercial and advertising emails. The processing of user data for newsletter subscription purposes finds its legal basis in the consent request sought from the user for the sending of marketing emails. Provision of data is optional and the only consequence of failure to provide data is that you will not receive newsletters from Depeche. You can unsubscribe from the newsletter at any time using the unsubscribe link in the emails you receive. Depeche is required to delete your data and provide confirmation thereof.
In the "Contacts" page, the user can enter his name, surname and e-mail address (Phone number and Order Number as optional) to request information from DEPECHE. DEPECHE will use this data exclusively to respond to requests received (Article 6, section 1, subsection b).
Recipients of personal data
User data will be processed by Depeche internally, by staff in the marketing and administration departments who have been specifically authorised to carry out this task. Furthermore, data may be disclosed to:
Couriers for the processing and delivery of your order;
Third parties that carry out various activities linked to the promotion and support of our services. These include website assistance and hosting providers, ecommerce software maintenance providers, marketing service providers, partners who manage our email marketing and payment service providers and/or banks which allow payment for purchases;
Companies that provide goods inwards, storage, packaging and packing, and shipping services;
Tax and accounting, legal, and financial advisors for the management of the administrative aspects of the relationship;
Any public body required in order to comply with laws or regulations.
Data storage and retention
Pursuant to Article 5 of EU Regulation n. 679/2016 "Principles relating to processing of personal data", data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. The data required for invoicing purposes will be retained for 10 years as of issue of the payment receipt, following recording of the remuneration in compliance with regulations concerning the keeping of accounting records and the evidentiary purposes thereof. The data gathered for newsletter subscription purposes will be retained until receipt of an unsubscribe request or revocation of consent. The personal data processed for soft spam purposes will be retained by the data controller until receipt of opposition to such processing, which must be sent by email to [email protected]
Transfer of data to outside the EU
Your data will not be transferred to countries outside the European Union.
The Data Controller, if necessary, will have the right to transfer such data abroad to non-European countries.
In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.
Specifically, the data will be transferred abroad to non-European countries, only if the level of data protection of the Third Country has been deemed adequate by the European Commission pursuant to art. 45 of the GDPR or after the adoption of adequate guarantees pursuant to art. 46, 2, lett. c) and d) GDPR (binding corporate clauses, standard contractual clauses, code of conduct, certification mechanism).
In the absence of an adequacy decision, the data transfer can be carried out in the presence of one of the exceptions provided for by art. 49 of the GDPR (e.g. consent, transfer necessary for contractual or pre-contractual purposes, etc.).
Data subjects’ rights
Data subjects may independently access their personal account in order to:
Access their personal data and download copies of this data;
Delete their personal data from the data controller's database;
Rectify, modify, and update their personal data;
Unsubscribe from newsletters.
Furthermore, by sending an email to [email protected] , the data subject may:
Object to the data controller sending commercial emails concerning similar services and products ("soft spam");
Seek a restriction of the processing of their personal data or object to such processing by the data controller, pursuant to Article 18 of the GDPR;
Receive personal data concerning them in a structured, commonly used, and machine-readable format (Right to portability" Art. 20 of EU Regulation 2016/679);
Be informed in the event that their data suffers a serious infringement (Article 34 of the GDPR).
Finally, the data subject may file a complaint with the data protection authority (known as the Garante per la protezione dei dati personali in Italy ) if they feel that the data concerning them has been processed in a way that breaches the said European Regulation.