Privacy Policy

With this Privacy Policy, pursuant to Art. 13 of European Union Regulation 2016/679, we would like to inform the User about the collection and process of its personal data through our Website, and how it will be able to update, manage, export, and delete its personal data.
Our interest is to provide the User with all the information it needs for a transparent and safe browsing of the Website. It is important to carefully read the Privacy Policy here below, and if the User does not accept its content, we invite it to stop browsing the Website.

Types of data collected

The processing of personal data collected through our Website will be carried out complying with the rights of the User, as well as their dignity, privacy, and identity.

All our information technology and software are set to minimize the use of personal and identification data, to exclude data processing in the event we can efficiently use anonymous data, identifying the data subject only if necessary.

Personal data given by the User will be treated to supply the requested services, as, for example, services related to quotation, selling of products, payments services, information, and updates on the products.

In particular, through the website, we collect the following personal data:

• Browsing data: such data are collected when the User enters the website and starts browsing it. For further information about the type of data collected, we recommend reading our cookie policy, available on our website.

The following data are included:

• Information related to Internet communication protocols, IP addresses, and logs of computer systems;
• Browsing data and websites previously visited;
• Data provided by the Browser used by the User;
• Data voluntarily provided: such data are provided directly by the User, by filling out the contact forms on our Website.

The following data are included:

• identity data (e.g.: name, surname, address, tax code)
• contact details (e.g.: telephone number, email address, etc.)
• delivery address
• accounting data (e.g. VAT number, means of payment)
• data included in contents sent by the User (e.g.: by email)
• Third-party data voluntarily provided by the User: The User may also voluntarily provide third-party data, which have no relationship with the Owner, for example through the uploading of content on the website. The User is responsible for all third-party Personal Data provided to the Data Controller, and confirm that it has obtained the consent to communicate their data to us.

The following data are included:

• contact details
• delivery address
• data included in contents sent by the User (e.g.: by email)

Conditions applicable the Users below the age of 16 years

Where the User is below the age of 16 years, the processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the User.

Purposes of Data Processing

All information provided through our Website will be treated exclusively for purposes related to services requested by the User and which personal data are supplied for.

Personal data will be treated for these main purposes:

• Products sales;
• Products delivery;
• Products assistance;
• Payment;
• Management of relationships and communications with the User;
• Billing;
• Providing marketing information and communications;
• Marketing analysis (also through anonymous data);

Subject to the User’s consent, we may also:

• send information and updates related to offers, promotions, and events referring to our business;
• carry out a direct sales service.

Legal basis of processing

We may process User’s personal data only in the following cases:

1. the User has given consent to the processing of its personal data for one or more specific purposes indicated in this privacy policy;
2. processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract;
3. processing is necessary for compliance with a legal obligation to which we are subject;
4. processing is necessary in order to protect the vital interests of the User or of another natural person;
5. processing is necessary for a task that is carried out in the public interest or in the exercise of official authority vested in us;
6. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

Processing methods

Personal data are processed at our offices, both in analogic and electronic ways.

In any case, personal data are processed in a way that complies with all security measures provided by Reg. 679/2016. Personal data are processed in a manner that ensures appropriate security of the same, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

We also use security systems through backup modes and data recovery.

We may also store personal data remotely (i.e. Cloud Systems) in order to improve services supplied by us. In this case, we will use mainly remote servers located within the European Union, or in other countries / by international organization that ensures an adequate level of protection within the meaning of Article 45 of GDPR. Moreover, even in case of no application of Article 45, Par. 2 of GDPR, any transfer of Personal data to a third country or to an international organization, only with appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.

In any case, by accepting this privacy policy, the User agrees to transfer their personal data outside the European Union.

Treatment duration

All personal data will be processed only for the time to provide the required services (see section “Purpose of the Data Processing”) and in any case in accordance with the provisions of the law.

After such use, depending on the type, all data will be used solely for administrative and accounting purposes, statistical, anonymized, or destroyed.

Newsletter

We may use, with the consent of the User and in accordance with the GDPR, personal information in order to send promotional and business information in relation to services rendered through our activities, also using automatic electronic communication systems.

The User is entitled to block the use of the personal data for mailing newsletters, using tools provided in the same, or giving notice to the Data Controller in a due manner, including through the tools provided in the same email (link at the bottom of the email), or exercising rights under art. 21 of the European Union Regulation 679/2016 to the addresses given below.

Communication of data to third parties

The personal data of the User will not be communicated to third parties without
specific consent.

In any case, personal data may be communicated to third parties if necessary to provide our services.

We may communicate such data to third parties in order to deliver products, send marketing communications and promotional information (subject to consent), handle requests for information, perform administrative and accounting management activities, or reply to complaints.

We may also communicate personal information to the Judicial Authority if required for the protection of our rights or suppliers.

Subjects provided with personal data become independent data controllers. Collected data will never be disclosed.

Data subject’s rights

The User has the right to:

• access personal data we hold about it;
• require us to correct any mistakes in their personal data;
• require us to delete its personal data in certain situations where there is no good reason for us to continue to process it;
• request that we transfer their personal data to it or another service provider in a simple, structured format;
• object at any time to processing their personal data for direct marketing purposes;
• object to automated decision making which produces legal effects concerning it or similarly significantly affects it;
• object in certain other situations to our continued processing of its personal data;
• restrict or temporarily stop our processing of its personal data in certain circumstances.

In addition, subject to applicable law, the User has the right to request access to, correct, and delete its personal data, and to ask for data portability (if applicable).

The User may also object to our processing of your personal data or ask that we restrict the processing of its personal data in certain instances.

If the User wishes to do any of these things, they can contact us at the addresses indicated above.

Contact Details

The User may exercise rights provided by the European Union Regulation
679/2016, here below, in order to access, review, and modify their personal data, by
sending a request to: hello@cravestitch.com