Privacy Policy

With this Privacy Policy, provided pursuant to art. 13 of Regulation (EU) 2016/679 (“GDPR” or “Regulation”), we wish to inform the User about the ways in which their Personal Data will be processed (i.e. any information capable of directly or indirectly identifying them) when they visit and/or or purchase on the website www.damea.it (hereinafter, the “ Site ”). This information, together with the Cookie Policy and the Terms of Use and General Conditions of Sale , establishes the basis on which the personal data of Users will be processed.

Owner of the processing of personal data

The Data Controller of personal data collected through the Site is: Tlep srls, with registered office in Crotone (KR) Viale Cristoforo Colombo 27c (cap 88900), VAT no. 03877150791 (hereinafter ' Data Controller ' or just ' Data Controller '), e-mail address: care@damea.it

Method of Processing of Personal Data

We take into utmost consideration the right to privacy and protection of the personal data of our Users which will be processed lawfully.

The Personal Data provided or acquired will be processed based on the principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations, through appropriate security measures aimed at preventing access, disclosure, modification or unauthorized destruction of Personal Data. Among the security measures adopted there are also the SSL certificate and the HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.

The Processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.

Personal data processed

When the User visits the Site, contacts us (by email, telephone, post, etc.), subscribes to the newsletter or sends an order, we process some of his Personal Data, either independently or through third parties.

We list the categories of personal data processed:

  1. Identification, contact and access data : name and surname, email address, shipping address, telephone number, and account access credentials, as well as any other Personal Data voluntarily communicated by the User.

  2. Purchase data : data referring to purchases made;

  3. Browsing data : relating to the connection, IP addresses, domain names and other parameters relating to the browser and operating system used;

  4. Usage Data : information generated by visiting the Site or making purchases on it: log data, data relating to registrations made, interaction and transaction processes, performance indicators, data relating to navigation flows and use of features;

  5. Billing data : if the User requests the issuance of an invoice.

 

Purpose of the Processing and Legal Basis

The Owner will process the Users' Personal Data, as listed above, to carry out its economic and commercial activities, for the specific purposes indicated below.

  1. Purposes relating to the Contract and Legal Obligations

to. Browsing the Site;
b. Registration and management of the account (recovery of credentials, cancellation, etc.) and use of connected services;
c. Activities necessary for the conclusion of the contract for the purchase of products sold by the Site and its execution;
d. Order processing;
And. Assistance and customer care activities as well as to respond to requests, complaints, reports and complaints from Users via email to the Owner's addresses or through other communication channels;
f. Management of User requests via remote communication tools, such as e-mail, chat, telephone, SMS, chatbots, banners, notification systems and other remote communication tools present on the Site;
g. Fulfillment of obligations deriving from current law, regulations or community legislation (e.g. tax and accounting obligations) or management and response to requests from the competent administrative, fiscal and judicial authorities;
h. Activities of an administrative, accounting and fiscal nature such as activities connected to the contract concluded through the Site, such as, by way of example, the issuing of receipts and/or invoices, the keeping of accounting records;
the. Response to requests to exercise the rights recognized to Users by the contract stipulated with the Owner, by the law in relation to this contract or by the GDPR, and consequent activities.

    For these purposes, the legal basis is the need to execute the pre-contractual and contractual obligations to which the User is a party (art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Data Controller is subject (art. 6.1.c) of the GDPR).

    Therefore, with the exception of account registration data which is optional, their processing is necessary to allow the conclusion and execution of the contract through the Site or to respond to pre-contractual requests made by the User in relation to the Site. Failure communication of the data, therefore, will make it impossible for the User to conclude a contract via the Site and/or to receive a response to the requests made.

    1. Analysis and statistical purposes and other purposes not based on consent

    j. Carry out statistical analyzes regarding the use of the Site, navigation, product research, to improve the site and the offer of products sold through it;
    k. Guarantee compliance with the contractual rights of the Data Controller or demonstrate that you have fulfilled the obligations arising from the contract with the interested party or imposed by law, to prevent and/or repress fraudulent or harmful actions;
    L. Remind the User who has undertaken the purchase process that he has added a product to his shopping cart.

      The legal basis of this processing is legitimate interest (art. 6.1.f) of the Regulation). Sometimes the Legal Basis consists in the legitimate interest (art. 6, paragraph 1, letter f) in conjunction with recital 47 of the Regulation), for sending transactional email communications (e.g. abandoned cart).

      1. Direct Marketing Purposes

      m. With your consent, we will send commercial emails to show you updates, news, offers and promotions, market research, also through automated processing tools such as emails and newsletters.

        For this purpose, the processing, including the final decision regarding the promotional communication to be sent or displayed to the user based on the cluster(s) to which they belong, takes place automatically, without human intervention, on the basis of algorithms whose parameters have been previously set.

        The legal basis is the express consent of the User to the processing of personal data for this purpose (art. 6.1.a) of the Regulation. The provision of data for this purpose is optional. In case of lack of consent, revocation of the same or exercise of the right of opposition, the User's ability to make purchases on the Site will not be affected in any way. 

        1. Soft spam

        To send commercial communications to the User's email address issued as part of the purchase of products through the Site to propose the direct sale of similar products. This activity does not require the acquisition of a prior express consent from the interested party as it is exercised on the legal basis referred to in the art. 130, paragraph 4, of the Privacy Code (Legislative Decree 30 June 2003, n. 196) which expressly allows it, provided that the user does not refuse such use, initially or on the occasion of subsequent communications.

        Modification of choices and revocation of consent

        If consent is granted, the User may at any time revoke the consent given and/or object to the processing of personal data for generic marketing and profiling purposes through the methods indicated in the 'Rights of Interested Parties' section later in this information .

        In the event of revocation of consent, the processing carried out on the basis of the consent given before its revocation will still be considered legitimate.  In case of revocation of consent and/or opposition to the processing of your data for the purpose of generic marketing, the user's data will no longer be processed for this purpose and will be stored by the Data Controller only in the circumstance in which another legal basis exists which legitimizes the processing (e.g. contractual execution; legal obligation; legitimate interest).

        Storage time

        The Owner will process the Users' personal data for the time necessary to achieve the purposes for which such data were collected, as defined in this information. However, for each of the purposes indicated, the personal data collected will be kept for the time specified below:

        1. For the purposes inherent to the Contract, the Data Controller will process the User's data for the time strictly necessary to carry out the individual processing activities, without prejudice to the fact that, once this deadline has expired, the Data Controller may retain the data for the purposes and for the maximum periods of conservation referred to in the other sections of this information, if relevant and/or, in any case, in the cases established by the GDPR and/or by law.

        2. For fiscal, administrative, accounting and legal purposes, until the expiry of the legal deadlines established for carrying out each obligation and/or for the retention times established by law. In the event of closure of the account on the initiative of the User, the data contained therein will be retained for administrative purposes for a period of 3 months from the request to close the account.

        3. For the purposes based on the legitimate interest of the Owner, the latter will process the User's data for the time strictly necessary to satisfy such interest, unless, in the event of disputes and/or complaints, the Owner needs to retain the personal data to carry out defense activities (letter k) for the following 10 years (prescription) or, in the presence of litigation, further conservation is determined by the duration of the litigation or by specific requests from the authority. The User can obtain more information on the legitimate interest pursued by contacting the Owner.

        4. For the purposes of direct marketing, as long as the consent is not revoked and in any case for a period of 3 years from when the consent was given or renewed by the User.

        After these retention times, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, cancellation, rectification and portability of the Data.

        Communication and dissemination of data

        In addition to the Owner, in some cases, they may have access to the Data:

        1. subjects involved in the organization of the Website (for example: administrative, commercial, marketing staff);

        2. third parties who carry out ancillary and instrumental tasks with respect to the Data Controller's activity and who process personal data on behalf of the Data Controller (for example: payment services, lawyers, accountants, system administrators, logistics companies, newsletter services, producers for repair of products);

        3. public or private subjects who can access the Data in compliance with the law, regulations and provisions issued by the competent authorities;

        4. potential buyers of the Owner company and entities resulting from the merger or any other form of transformation.

        These recipients, depending on the case, process the personal data of the Users as persons in charge, data controllers or independent data controllers. The User can request the updated list of Data Processors referred to in the art. 28 GDPR.

        Place of processing and transfer of data abroad

        Data processing essentially takes place in Italy and in the countries of the European Union. Some third-party tools may process the data of users of this website in countries outside the European Economic Area (the “Third Countries”).

        The transfer of data to third countries can also take place through the use of external tools that allow certain services (e.g. statistical analysis, newsletter, remarketing, advertising, use of social buttons).

        Sometimes the use of these tools may imply the transfer of personal data of users who visit this website to a third country, such as for example the United States, for which there is no adequacy decision from the European Commission.

        If there is a need to transfer data to third countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as required by Article 45 GDPR; such transfer will be regulated on the basis of the standard contractual data protection clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.

        Cookies

        This website uses cookies. Cookies are small text files that can be installed by websites on users' devices to make the browsing experience more efficient and to personalize content and ads, provide social network functions and analyze traffic. For further information, read the Cookie Policy .

        Personal Data Processing Tools

        1. CONTACT FORM

        By filling out the contact form, the User consents to the processing of personal data entered therein and their use to respond to requests for information. The personal data processed are those requested by the form (name, surname, email address) and all other personal data entered by the user in the body of the message.

        2. NEWSLETTER

        The newsletter service allows the Data Controller to send users commercial communications, promotions, updates on new products and similar via email. The management of email addresses takes place through a database containing the user's email address, which is added to the list of users subscribed to the newsletter, when the user subscribes to the newsletter by consenting to the sending of commercial communications, or makes a purchase (in the case of soft spam). In both cases, the user can unsubscribe from the Newsletter service using the relevant button present in the emails. After your cancellation request, the user's data will be deleted from the database of the software used by the Site to send the newsletter.  The Personal Data processed by this service are: name, surname, email address. However, the software used by the Site to send the newsletter may also process Data relating to the date and time of display of the message or clicks on the links inserted in the body of the same. This Site uses the following email sending service:

        Email Marketing (Aruba Business Srl)

        Email Marketing is an address management and email message sending service provided by Aruba Business Srl. Place of processing: European Union – For further information on the data processed, consult the Privacy Policy of the service.

        Shopify Inbox (Shopify International Ltd.)

        Shopify Inbox is a chat management and message sending service provided by Shopify International Ltd. Place of processing: IRELAND and UNITED STATES – For more information on the data processed, see the Privacy Policy. of the service.

        Mailchimp (The Rocket Science Group LLC)
        Mailchimp is an email address management and message sending service provided by The Rocket Science Group LLC. Place of processing: UNITED STATES – View the Privacy Policy ( https://mailchimp.com/legal/privacy/ ) of the service to find out about the data processed by it. If the User does not want their personal data to be managed by Mailchimp, they will need to unsubscribe from the newsletter. To this end, the Owner provides an unsubscribe button ( unsubscribe link) in every commercial communication.

        1. SOCIAL NETWORK KEYS

        The User can use the social buttons to visit the social pages of the Site, through the following social tools which however collect users' personal data such as traffic data on the pages visited and on which they are installed. The Site makes the following social buttons available:

        Instagram (Meta Platforms Ireland Limited) The Instagram button is a service for interaction with the Instagram social network, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies, Usage data and other data as per the relevant privacy policy. Place of processing: IRELAND – UNITED STATES - Privacy Policy

        Facebook (Meta Platforms Ireland Limited) The Facebook social button and widgets are services for interaction with the Facebook social network, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies and Usage Data. Place of processing: IRELAND – UNITED STATES  Privacy Policy

        TikTok (TikTok Technology Limited) The TikTok social button and widgets are interaction services with the TikTok social network, provided by TikTok Technology Limited. Personal Data collected: Cookies and Usage Data. Place of processing: IRELAND – Privacy Policy

        4. STATISTICS

        Statistics services allow the Data Controller to monitor and analyze traffic data and serve to keep track of the User's behavior. This Site uses the following third-party services:

         

        Google Analytics (Google Ireland Limited)

        Google Analytics is an analysis service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize the ads of its advertising network. Google may also transfer this information to third parties where this is required by law or where such third parties process the aforementioned information on behalf of Google. The IP address anonymization function is active on this site. The IP address transmitted by the browser for purposes related to Google Analytics will not be incorporated into other data already held by Google.

        The use of Google Analytics may in some cases involve the transfer of personal data of users who visit this website to a third country, such as the United States, for which there is no adequacy decision from the European Commission.

        At the following link https://tools.google.com/dlpage/gaoptout?hl=it the browser add-on for deactivating Google Analytics is made available by Google. Personal Data collected: Cookies, IP Address, Usage Data and other personal data defined in Google's privacy policy .

        Place of processing: IRELAND and in some cases UNITED STATES – Privacy Policy ( https://policies.google.com/privacy?hl=it )

        Facebook Pixel ( Meta Platforms Ireland Limited )

        This site uses the Facebook Pixel, a Facebook conversion tracking tool provided by Meta Platforms, Inc. This analyzes conversions attributable to sponsorships on the Facebook social network through the use and analysis of some of the user's Personal Data. Personal Data collected: Cookies; Usage data. Place of processing: Ireland and in some cases UNITED STATES - Privacy Policy .

        5. PAYMENT MANAGEMENT

        To manage order payments, this Site uses the following third-party tools:

        PayPal (Paypal Europe S.à.rl et Cie, SCA Inc.)
        PayPal is a payment service provided by PayPal Europe S.à.rl et Cie, SCA Inc., which allows the User to make online payments using their PayPal credentials. Personal data collected: Cookies and various types of Data as specified in the privacy policy of the service. Place of processing: LUXEMBOURG - Privacy Policy

        GOOGLE PAY (Google Ireland Limited)

        Google Pay is a payment service provided by Google Ireland Limited that allows the User to make online payments using their credentials. For more information on the data collected by the application, please read the relevant Privacy Policy

        SHOP PAY (Shopify International Ltd.)

        SHOP PAY is a payment service provided by Shopify International Ltd. that allows the User to make online payments using their credentials. For more information on the data collected by the application, please read the relevant Privacy Policy 

        APPLE PAY (Apple Inc)

        Apple Pay is a payment service provided by Apple Inc that allows the User to make online payments using their credentials. For more information on the data collected by the application, please read the relevant Privacy Policy

         

        1. SECURITY MEASURES

        This Site uses security measures designed to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Among the security measures adopted there are also the SSL certificate and the HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.

        Rights of interested parties

        Interested parties have the right to exercise the faculties provided for in the articles. 7, 15-22 of the Regulations.

        In particular, Users have the right to obtain: access, updating, rectification or, when interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; the certification that the above operations have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.

        Furthermore, Users have the right to withdraw consent at any time, if the processing is based on their consent, to request data portability, i.e. to receive all personal data concerning them in a structured, commonly used and readable by an automatic device), to request the limitation of the processing of personal data and/or cancellation ("right to be forgotten"), as well as the right to object to the processing of personal data concerning him and to the processing for the purpose of sending advertising material, direct sales and for carrying out market research.

        Pursuant to the Applicable Regulations, the Owners inform that Users have the right to obtain indication (i) of the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the Data Controllers and managers; (v) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as managers or agents.

        Interested parties will be able to exercise their rights by sending the Data Controller a specific communication via email to: care@damea.it 

        Interested parties, if they believe that the processing concerning them violates the Regulation, also have the right to lodge a complaint with the Privacy Guarantor as supervisory authority regarding the protection of personal data (Guarantor for the protection of personal data, with headquarters in Piazza Venezia no. 11 - 00187 – Rome ( http://www.garanteprivacy.it/ ).

        Changes to this Privacy Policy

        The Data Controller reserves the right to make changes to this Privacy Policy at any time by publicizing them to Users on this page. Please therefore consult this page often, taking as reference the date of last modification indicated at the bottom. In case of non-acceptance of the changes made to this Privacy Policy, the User is required to cease using this Website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that point. The Owner is not responsible for updating all the links that can be viewed in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the sites internet accessed from this link.

        Privacy Policy updated on February 10, 2023