Privacy Policy

PRIVACY POLICY UNDER REGULATION N. 2016/679

I - INFORMATION RELATING TO THE PRIVACY POLICY OF THE SITE

This section contains information relating to the operating methods of Lollipop S.r.l. - E-mail srllollipop@legalmail.it- Piazza San Giorgio 2 - 20123 (MI) in reference to the processing of user data of the site www.lollipopshop.it.

This information also has value for the purposes of art. 13 of Legislative Decree. n. 196/2003, Code regarding the protection of personal data, and for the purposes of art. 13 of the EU Regulation n. 2016/679, concerning the protection of individuals with regard to the processing of personal data as well as the free circulation of such data, for those who interact with www.lollipopshop.it.

The information refers exclusively to the website www.lollipopshop.it and not to other websites, that may be consulted by the user through links contained on the site.

II- DATA PROCESSING

Data owner

The data controller is the natural or legal person, public authority, service or other system, which individually or together with others, determines the purposes and means of processing personal data. It also deals with safety profiles.

With regard to this website, the data controller is Paolillo Fiorentino and for any clarification or exercise of the user's rights, you can contact him at the following email address: srllollipop@legalmail.it.


Responsible for data processing

The data controller is the natural or legal person, public authority, service or other system that processes personal data on behalf of the data controller.

Pursuant to Article 28 of EU Regulation no. 2016/679, upon the appointment of the data owner, the data processing manager of the website www.lollipopshop.it is: Paolillo Fiorentino.


Place of data processing

The processing of data generated by the use of www.lollipopshop.it takes place at the registered office of the company located in Piazza San Giorgio 2 - 20123 (MI) and at the operational headquarters located in Via Rovigo n. 4 - Cairate (VA).


If necessary, the data connected to the newsletter service can be processed by the data controller or data subjects appointed for this purpose at the relevant office.


III- DATA PROCESSED

1. Data processing methods

Like all websites, this site also makes use of log files in which information collected automatically and stored during user visits. The information collected could be the following:

Internet protocol (IP) address;

Type of browser and parameters of the device used to connect to the site;

Name of the internet service provider (ISP);

Date and time of visit;

Web page of origin of the visitor (referral) and exit;

Possibly the number of clicks.

The above information is automated test rate and collected in an exclusively aggregated form in order to verify the correct functioning of the site and for security reasons. This information will be test rate based on the legitimate interests of the owner.

For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with the laws in force on the subject, to block attempts to damage to the site itself or to damage other users or activities that are harmful or constituting a crime. These data are never used for the identification or profiling of the user, but only for protecting the site and its users, such information will be used based on the legitimate interests of the owner.


If the site allows the insertion of comments, or in the case of specific services requested by the user, including the possibility of sending the Curriculum Vitae for a possible working relationship, the site automatically detects and records some identification data of the user, including the email address. The user voluntarily provides these data at the time of the request for service provision. By registering on the site, by entering a comment or other information, the user expressly accepts the privacy policy and, in particular, agrees that the contents entered are freely disseminated to third parties. The data received will be used exclusively for the provision of the requested service and only for the time necessary for the provision of the service.

The information that users of the site will deem to make public through the services and tools, are provided by the user knowingly and voluntarily, exempting this site from any liability for any violations of the law. It is up to the user to verify that they have permission to enter personal data of third parties or content protected by national and international standards.


2. Purpose of data processing

The data collected by the website during its operation are used exclusively for the purpose of concluding and completing an online contact for which the user may have registered, and is stored for the time strictly necessary to carry out the specified activities.

The data used for security purposes (blocking attempts to damage the site) are stored for the time strictly necessary to achieve the previously indicated purpose.


3. Data provided by the user

At the time the registration on the site, all the data provided by the user will be used in order to allow the user to purchase the products as well as the shipment of what was purchased. The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively communicated or displayed on the pages of the site that are set up for particular services on request.


IV- USER RIGHTS

Art. 13 co. 2 of the 2016/679 EU Regulation lists the user's rights.

This website www.lollipopshop.it therefore intends to inform the user about the existence:

- the right to request from the controller access to personal data (Article 15 of the EU Regulation) or restriction of processing concerning the data subject or to object to processing as well as the right to data portability their updating (Article 7, paragraph 3, letter a of Legislative Decree 196/2003), the correction (Article 16 of the EU Regulation), the integration (Article 7, paragraph 3 letter a Legislative Decree 196/2003), the limitation of the processing that concerns them (Article 18 of the EU Regulation) or to oppose, for reasons legitimate, to their processing (Article 21 of the EU Regulation), in addition to the right to data portability (Article 20 of the EU Regulation);

- the right to request erasure(Article 17 of the EU Regulation), transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be stored for the purposes for which the data are been collected or subsequently processed (Article 7 co. 3, letter b of Legislative Decree 196/2003);

- the right to receive confirmation  that the updating, correction, integration of data, cancellation, data blocking, transformation operations have been brought to the attention, including in relation to their content, to those to whom the data was transmitted or widely disseminated, unless this execution is not possible or involves the use of means clearly disproportionate to the protected right (art. 7 co. 3, lett. c of Legislative Decree 196/2003).


Requests can be addressed to the data controller at his abovementioned email address (without formalities) or using the model provided by the Guarantor of the protection of personal data.


Where the processing is based on point (a) of Article 6(1) - express consent to use - or point (a) of Article 9(2), express consent to the use of genetic, biometric, health-related data, revealing religious, philosophical or trade union beliefs, revealing racial or ethnic origin, political opinions - the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;


Likewise, in the event of a violation of the law, the user has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the authority responsible for monitoring the processing in Italy.


For a more detailed examination of your rights, see Articles 15 and ss. Of EU Regulation 2016/679 and art. 7 of Legislative Decree. 196/2003.


V - FULFILLMENTS

The owner notifies the Guarantor of the processing of personal data, which he intends to proceed, only if the processing concerning:

- genetic, biometric data or data indicating the geographical location of persons or objects via an electronic communications network;

- data which are revealing the state of health and sexual life, processed for the purposes of assisted procreation, provision of health services electronically relating to databases or the supply of goods, epidemiological investigations, mental detection, infectious and diffusive diseases , serostatus, organ and tissue transplantation and monitoring of health expenditure;

- data which are revealing sexual life or the psychic sphere, processed by associations, systems and non-profit organizations, even if not recognized, of a political, philosophical, religious or trade union nature;

- data processed with the help of electronic tools aimed at defining the profile or personality of the interested party or to analyse consumption habits and choices or to monitor the use of electronic communication services with the exclusion of treatments technically essential to provide the services to the users;

- sensitive data stored in databases for the purpose of selecting personnel on behalf of third parties as well as sensitive data used for surveys, market research and other sample research;

- data recorded in specific databases managed with electronic tools and relating to the risk on economic solvency, the financial situation, the correct fulfilment of obligations, illegal or fraudulent behaviour.


VI - SECURITY OF PROVIDED DATA 

This site processes user data in a fairly and lawful way, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the indicated purposes.


In addition to the owner, in some cases, categories of employees involved in the organization of the site (administrative, marketing, commercial, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.


VII - CHANGES TO THIS DOCUMENT

This document, published at www.lollipopshop.it forms the privacy policy of this site.

It may be subject to changes or updates. In the case of significant changes and updates, these will be communicated with specific notifications to users.

However, the previous versions of the document will be available, on this page.


The document was updated on 01/04/2019 to comply with the relevant regulations and in particular with EU Regulation 2016/679.