The Data Controller is Le Lavande Srl, P.IVA 06829390480 with registered offices in Via della Leccia 3, Montespertoli, 50025 which can be contacted via email at firstname.lastname@example.org or by telephone at +39 3703474325 or +39 3477926787.
Personal information you provide us with
We will process the following data when you send us a request via the contact form, subscribe to the newsletter, create an account or make a purchase on the Website:
If the personal data requested is mandatory (for example your email address for sending the newsletter), the refusal to provide it will make it impossible for us to provide the specific services affected by the aforementioned mandatory data.
Personal data we collect automatically
Every time you access the Website, we automatically collect and process the following personal data:
We will process your personal data for the following purposes:
The legal basis of the processing of your personal data according to the purposes described above is as follows:
We will include information about how to unsubscribe in an easy and free way in all our commercial communications. We will respond to your request as soon as possible and, in any case, within the established legal deadline.
In cases where we need your personal data to fulfil our legal or contractual obligations, the provision of this necessary personal data is mandatory. If such data is not provided, we will not be able to maintain our contractual relationship with you or fulfil our obligations.
We can communicate your data to the competent Authorities when it is legally required, in addition to payment platforms, with the aim of detecting and preventing fraud and managing payments when you purchase a product or the provision of a service on this Website.
The Data Controller has signed contracts with suppliers for the provision of certain services (for example IT services, virtual infrastructures, cloud computing, consultancy services and integral management of digital marketing actions, etc.), which can access and/or process personal data with our authorisation. In any case, your personal data will not be transferred to countries located outside the European Union that do not offer an adequate level of security or do not provide the appropriate guarantees of protection.
As part of the contractual relationship between the Data Controller and its suppliers, for some of the purposes indicated above your personal data may be transferred outside the EU, including through its inclusion in databases which are shared and managed by third-party companies. The management of the database and the processing of such data are bound to the purposes for which it was collected and is carried out in full compliance with the standards of confidentiality and security as per the applicable data protection laws. Whenever your personal data should be transferred internationally outside the EU, the Data Controller will take all appropriate contractual measures necessary to guarantee an adequate level of protection of your personal data in accordance with the provisions on the processing of personal data indicated within this policy, including, among others, the Standard Contractual Clauses approved by the European Commission.
The data will be stored for a period of time not exceeding that which is necessary for the purposes for which it was collected or subsequently processed, in accordance with the provisions of the legal obligations.
As a data subject, you are granted the following rights regarding the personal data collected and processed by the Data Controller for the purposes indicated above: (i) the right to access, in particular requesting, at any time, confirmation of the existence of your personal data in the Company’s archives and the clear and intelligible provision of such data, as well as the right to know the origin, logic and purpose of the processing with an express and specific indication of the persons assigned to and responsible for its processing and the third parties to which your data may be disclosed; (ii) the right to obtain updating and rectification of data (except for evaluation data), deletion of superfluous data or its transformation into anonymous form, as well as the blocking of processing and definitive deletion in case of unlawful processing; and (iii) if the conditions are met, the limitation to its processing and data portability. The law also recognises your right to lodge a complaint with the Guarantor for the protection of personal data, should you detect a violation of your rights regarding the protection of personal data under applicable law.
To exercise the rights listed above or for further information about the processing of your data, contact us through the contact details at the top of the page in the paragraph “Data Controller”.
Last update 24/07/2018