INFORMATION NOTICE
PURSUANT SECTION 13 OF REGULATION (EU) 2016/679
Dear User,
in compliance with section 13 of Regulation (EU) 2016/679 (so called GDPR), Legami S.p.A. Società Benefit informs you about the processing of your personal data in the context of your visit to the website.
Who will process your personal data?
Your personal data will be processed by Legami S.p.A. Società Benefit (hereinafter, also “Legami”), with registered office in 24126 Bergamo (BG), Via Federico Ozanam n°2, Italy, which will act in quality of “Data Controller”; you will be able to contact the Data Controller at the following email address: privacy@legami.com
Personal data can be processed in the name and on behalf of Legami also by others subjects who will be duly appointed “Data Processors”, belonging to the following categories: software providers, software-maintenance providers, payment-platforms providers, carriers, social media, marketing-services providers, reviews-platforms providers.
Data Controller appointed a Data Protection Officer (so called, DPO), who can be contacted at the following email address: dpo@legami.it
How and why we will process your personal data?
Your personal data - with reference to the purpose below, each of them duly submitted to a data protection impact assessment (DPIA) - will be processed as following:
N° 1 PURPOSE: Evaluation of job applications
LEGAL BASE: Execution of a contract; Section 111-bis Legislative Decree 196/2003
PERIOD OF STORAGE: 1 year from the receiving of the Curriculum Vitae (2 years in case Legami has managed the application by means of, at least, one action)
N° 2 PURPOSE: Online sale as a guest user (with no registration on the website)
LEGAL BASE: Execution of a contract; Legal obligation of the Data Controller
PERIOD OF STORAGE: 10 years from the termination of the contract
N° 3 PURPOSE: Registration on the website with the purpose to facilitate a future purchase or registration at the same time of the purchase
LEGAL BASE: Execution of a contract; Legal obligation of the Data Controller (in case of registration at the same time of the purchase)
PERIOD OF STORAGE: 5 years (in case the customer does not make an order); 10 years from the termination of the contract (in case the customer makes at least one order)
N° 4 PURPOSE: Sending newsletters
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 5 PURPOSE: Replying to enquiries of the users (before the purchase)
LEGAL BASE: Execution of a contract
PERIOD OF STORAGE: 10 years from the termination of the contract
N° 6 PURPOSE: Facilitation of the web-experience (cookies) – please make reference to the Cookie Policy for more details
LEGAL BASE: Legitimate interest
PERIOD OF STORAGE: Up to the end of the session
N° 7 PURPOSE: Data transfer to social networks (e.g. Facebook, Instagram etc) for sending, on behalf of Legami, commercial or advertising communications to the customers
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 8 PURPOSE: Customer loyalty (“Legami Loves You” program – Loyalty card)
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 9 PURPOSE: Profiling the customers enrolled in the “Legami Loves You” program
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 10 PURPOSE: Replying to enquiries of all the users for post-sale matters (returns, withdrawals, non-compliance problems)
LEGAL BASE: Execution of a contract
PERIOD OF STORAGE: 10 years from the termination of the contract
N° 11 PURPOSE: Requesting the review of the products and of the e-store and the consent to publish the relevant feedback
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 12 PURPOSE: Social media marketing (interaction with the customers on the facebook fan page of Legami)
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
N° 13 PURPOSE: Data transfer to third parties for co-marketing purposes (under consent, users shall receive commercial communication from those third parties)
LEGAL BASE: Consent
PERIOD OF STORAGE: Up to withdrawal of the consent
Furthermore, please take in due consideration the following information:
DATA PROVISION
- When Legami asks for your consent, the provision of your personal data is not mandatory. Hence, in lack of data provision, the sole consequence will be that Legami will be not able to process the data for the relevant purposes.
- When Legami does not ask for your consent, the provision of your personal data is mandatory and necessary to fulfil contractual or statutory provisions and to correctly perform company activities. Hence, in lack of the data provision, it will not be possible to fulfil the relevant obligations and correctly perform companies’ activities.
- If the recipient is a legal entity, Legami S.p.A. Società Benefit does not need to process the data of their representatives or team-members; however, as this circumstance may occur (e.g. in case the characteristics of the email address inserted during the registration is composed by name. surname) Legami will process them according to this information notice. For this reason, Legami S.p.A. Società Benefit invites the user to share this information notice with those representatives / team-members which will deliver their personal data to Legami for the aforementioned reasons.
CATEGORIES OF RECIPIENTS
Data processing should be perfomed by further Data Controller (e.g. Income Revenue Authority)
AUTOMATED DECISION- MAKING PROCESS
The data processing under point 9 (i.e. Profiling the customers registered in the “Legami Loves You” program), will be performed by means of the categorization of the users based on their (i) demographic profile (ii) geolocalization (ii) purchasing behaviour, with the purpose to deliver to the recipient commercial promotions and tailored communication.
TRANSFERS EXTRA EU OR TO INTERNATIONAL ORGANIZATIONS
Subject to our prior verification on the subsistence of adequate guarantee, some of the Data Processors shall transfer your personal data to extra EU countries.
LEGITIMATE INTEREST OF DATA CONTROLLER
The legitimate interest - pertaining purpose under point 6 - is the facilitation of the web-experience of the user on Legami’s website.
Which are your rights?
You can exercise the following rights by sending a specific request to the Data Controller at the following email address: privacy@legami.it
ACCESS (see Article 15 GDPR)
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and to the following information: purpose of management, categories of processed data, recipients (if any), transfer and adequate guarantees (if any), period for which personal data will be stored, rights of data subjects, existence of an automated decision-making process (if any). The Data Controller provides a copy of personal data. If the request is made by electronic means, information are supplied in a commonly used electronic format, unless otherwise indicated.
RECTIFICATION (see Article 16 GDPR)
The data subject has the right to obtain the rectification of wrong personal data and the integration of incomplete personal data.
ERASURE (see Article 17 GDPR)
The data subject shall have the right to obtain from the Data Controller the erasure of his personal data in the following cases: the personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed, withdrawal of consent (and there is no other legal bases for the processing), he opposes the processing for the reasons related to his particular situation (and the are no overriding legitimate grounds for the processing), he opposes the processing for direct marketing purposes, the personal data have been unlawfully processed, the personal data have to be erased for compliance with legal obligation, the data have been collected in relation to the offer of information society services. The right shall not apply if the processing is necessary for exercising the right of freedom of expression and information, for compliance with legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority, for reasons of public interest in the area of public health, for archiving purpose in the public interest, scientific and historical research purpose or statistical purpose, for the establishment, exercise or defence of legal claim.
RESTRICTION OF PROCESSING (see Article 18 GDPR)
The data subject shall have the right to obtain from the Data Controller the restriction of processing if: the accuracy of the personal data is contested by the the data subject (for a period enabling the Controller to verify the accuracy), the processing is unlawful (but the data subject opposes the erasure of the personal data and requests the restriction of their use rather than erasure), the personal data are required by the data subject for the establishment, exercise or defence of legal claim e, although the Data Controller no longer needs it, he exercised the right to object (while the Data Controller verifies the existence of legitimate and prevailing reasons).
OBJECTION (see Article 21 GDPR)
The data subject shall have the right of object to processing of personal data if (i) it is based on public interest or legitimate interest and (ii) if personal data are processed for direct marketing purpose, including profiling.
DATA PORTABILITY (see Article 20 GDPR)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a data Controller, in a structured, commonly used and machine- readable format (applicable to automated decision- making processes).
WITHDRAWAL (see Article 13, d.2, d)
The data subject has the right to withdraw the consent any time without affect the lawfulness of processing based on the consent before withdrawal.
COMPLAINT (see Article 13, d.2, d)
The data subject has the right to pledge a complaint with a supervisory authority.
Trustly, Legami S.p.A. Società Benefit
Last updated: June 9th 2023