Free shipping in Italy

Privacy


Information notice pursuant to EU Regulation 2016/679 (“GDPR”)

1. What types of data do we collect?

When you browse our website, you agree that our company collects some of your personal data. This page aims to tell you what data we collect, why and how we use it.

We process two types of data:

  • data voluntarily provided by the user
  • data we collect automatically

Data provided by the user

You are not required to provide us with any personal data to browse the website. However, if you fill in the form on the website, if you make a purchase, or if you spontaneously send us messages, by email or traditional mail, to the addresses indicated on the website, you are providing us with some of your information (email address, telephone, etc.) which is necessary for us to contact you and answer your questions. This data will be used solely to follow up on your request and may only be communicated to third parties if this is necessary for this purpose. The data will be processed by appointed personnel using procedures, technical and IT tools suitable for protecting the confidentiality and security of the data, and consists of their collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, destruction, including the combination of two or more of the aforementioned activities.

Data we collect automatically

We collect the following data through the services you use:

  • technical data: for example, IP address, browser type, information about your computer, data relating to the current (approximate) location of the device you are using;
  • data collected using cookies or similar technologies: for more information, please visit the "Cookies" section.

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: apart from this eventuality, at present, data on web contacts do not persist for more than seven days.

2. How do we use the collected data?

We use the collected data solely to follow up on your request and we may communicate it to third parties only if this is necessary for that purpose. This data is stored for the time strictly necessary to provide the user with the requested service and is deleted immediately thereafter, subject to further legal retention obligations. The data will not be disseminated.

3. Is providing data mandatory?

Except as specified for navigation data, the user is free to provide personal data indicated in request forms or otherwise indicated on the site to request the sending of informative material or other communications. Failure to provide them may make it impossible to obtain what is requested.

4. Who are the data processors?

4.1. Data Controller

The Data Controller is BERTO’S s.a.s. in the person of its legal representative, with registered office in Corso del Popolo 13, 31100 Treviso, VAT number 04379510268.

The data controller makes use of data processors to achieve the purposes specified in point 2.

We remind you that you can contact the data controller at any time and send any questions or requests regarding your personal data and respect for your privacy by writing to infobertoshop.com.

4.2. Subjects to whom personal data may be communicated

The data collected as part of the service provision may be communicated to:

  • companies that perform functions strictly connected and instrumental to the operation, such as providers that offer archiving, dissemination (e.g., Mailchimp for sending communications), administrative, payment and billing services
  • administrative and judicial bodies and authorities due to legal obligations

Your personal data may be transferred outside the European Union to be processed by some of our service providers. In this case, we ensure that this transfer takes place in compliance with current legislation and that an adequate level of personal data protection is guaranteed based on an adequacy decision, on standard clauses defined by the European Commission.

Under no circumstances do we sell or transfer personal data to third parties.

5. How can you get information about the data, modify it, delete it or get a copy?

5.1. Access to personal data from your reserved area and withdrawal of consent (opt-out)

You can, at any time, ask to view your personal data, or withdraw the consents you have given, by sending an email to info@bertoshop.com

5.2. Export and deletion of personal data processing

To export your personal data (takeout) or request its deletion, you can send a request to the email address info@bertoshop.com. Your personal data will be exported within 30 days or, if the export proves particularly complex, within three months. The deletion will be carried out within the technical timeframes provided and in accordance with the retention period explained in point 6 below.

5.3. Exercise of your rights

Any individual using our service can:

  • obtain from the controller, at any time, information about the existence of their personal data, its origin, the purposes and methods of processing and, if present, to obtain access to personal data and the information referred to in Article 15 of the GDPR
  • request the updating, rectification, integration, deletion, limitation of data processing if one of the conditions provided for in Article 18 of the GDPR occurs, the transformation into anonymous form or the blocking of personal data, processed in violation of the law, including those for which retention is not necessary in relation to the purposes for which the data were collected and/or subsequently processed
  • object, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of collection and to the processing of personal data for commercial information or sending advertising material or direct sales or for carrying out market research or commercial communication. Each user also has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal
  • receive their personal data, provided knowingly and actively or through the use of the service, in a structured, commonly used and machine-readable format, and to transmit it to another data controller without hindrance
  • lodge a complaint with the Italian Data Protection Authority

We remind you that for any questions or requests relating to your personal data and respect for your privacy, you can write to info@bertoshop.com

6. How and for how long will your data be stored?

The retention of personal data will take place in paper and/or electronic/computerized form and for the time strictly necessary to fulfill the purposes referred to in point 2, respecting your privacy and current regulations.

For analysis purposes aimed at the development and improvement of the service, the user's personal data may be subject to the same retention period.

For direct marketing and profiling purposes, we retain your data for a maximum period equal to that provided by applicable law (respectively 24 and 12 months).

Invoices, accounting documents, and transaction data are stored for 11 years as required by law (including tax obligations).

In the event of exercising the right to be forgotten through an express request for the deletion of personal data processed by the data controller, we remind you that such data will be stored, in a protected form and with limited access, solely for the purpose of ascertaining and prosecuting crimes, for a period not exceeding 12 months from the date of the request and will subsequently be securely deleted or irreversibly anonymized.

Finally, we remind you that for the same purposes, data relating to telematic traffic, excluding the content of communications, will be stored for a period not exceeding 6 years from the date of communication, pursuant to art. 24 of Law no. 167/2017, which transposed EU Directive 2017/541 on anti-terrorism.

If you do not perform any active action (e.g., browsing, searches and/or any other method of using the service) on our site for a period of 27 months, you will be classified as an inactive user and your personal data will be automatically deleted.

7. How do we ensure the protection of your data?

The data is collected by the subjects indicated in point 4, according to the indications of the reference legislation, with particular regard to the security measures provided by the GDPR (art. 32) for their processing using IT, manual and automated tools and with logic strictly related to the purposes indicated in point 2 and in any case in such a way as to guarantee the security and confidentiality of the data itself.

8. Can the privacy policy change over time?

This policy may be subject to changes. Should substantial changes be made to the Data Controller's use of user data, the latter will notify the user by publishing them prominently on its pages or by alternative or similar means.