Customer privacy information

With this disclosure, as required by current legislation on the protection of personal data (articles 13 and 14 of the General Data Protection Regulation, hereinafter also GDPR or Regulation), Cocoon L&R Italia Srl, in the person of the legal representative pro tempore, (hereinafter also “Owner” or “Company”) provides customers (“interested parties”) who make purchases through the marineelements.com website (hereinafter also “website”) information relating to the processing of their data .

 

WHO IS THE OWNER AND HOW TO CONTACT HIM

The Data Controller is Cocoon L&R Italia Srl, with headquarters in Corso Sommeiller 35, Turin, VAT number 12353500015. The Company can be contacted via the email address info@marineelements.com

 

WHICH DATA IS PROCESSED

The establishment and management of the relationship deriving from the purchase of products on the website involves the processing of personal data provided by the interested party during the purchase phase.

 

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE TREATMENT?

Personal data is processed to allow the user to purchase the selected products through the website and for the management of activities connected and instrumental to the sale (such as: taking charge of the order, warehouse management, shipping, returns management and complaints, accounting management of purchases).

The legal basis for the processing of such data is therefore the execution of pre-contractual and contractual measures and legal obligations.

The e-mail address collected during the purchase may be used to send commercial and promotional communications for products similar to those already purchased, unless the interested party objects (at the time of purchase or on the occasion of subsequent communications). The sending of such commercial and promotional communications of similar products (which falls under the so-called “soft spam”) takes place on the basis of legitimate interest and, as expressly established by art. 130, paragraph 4, of the Privacy Code, does not require any consent.

If necessary, the data may also be used against the legitimate interest of the owner to carry out defensive activities or to assert or defend a right in court

 

WHO CAN KNOW THE DATA?

The data will be processed by the Data Controller’s employees authorized for processing.

The external subjects who will be able to know the data being processed are: the Swiss company Cocoon L&R Sarl which collaborates with the owner for the management of the activities connected to the purchases, the companies and consultants who provide consultancy services in accounting and tax matters for the purposes administrative accounting related to the contractual relationship and to the legal obligations to which the owner is subject, banking institutions for the management of collections deriving from the existing relationship, shipping and logistics companies for activities related to the purchase, IT service providers which the owner makes use of, the legal consultants for the management of the dispute and for legal assistance, the consultants and the companies to which the marketing and mailing list management activities are delegated.

It should be noted that some of the subjects indicated operate as data processors and that the communication to those who operate as independent data controllers is carried out because prescribed by legal obligations or necessary to implement the obligations deriving from the contractual relationship or the legitimate interest of the data controller consisting in maintaining the security of IT systems with maintenance interventions and in carrying out defensive activities through legal advisors. The interested party may request from the Data Controller the list of external subjects who carry out their activity as data controllers. The communication or access to data is in any case limited only to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.

 

HOW IS THE DATA MANAGED?

The data collected is processed with IT tools and in paper form, in compliance with the security obligations prescribed by current legislation to prevent data loss, illicit or incorrect use and unauthorized access.

 

Storage times

The data processed for the management of purchases are stored according to the terms of the law related to administrative and accounting purposes and, in any case, within the prescription terms set for the rights and obligations underlying the processing.

Without prejudice to any defensive needs for which the data may be kept even beyond the indicated terms.

The data processed for sending promotional emails concerning products similar to those purchased will be kept until the interested party requests cancellation and in any case within two years.

 

Data transfer abroad

For the processing of data connected to the website services, servers located within the European territory are used.

To send promotional emails concerning products similar to those purchased, the Data Controller uses a service (MailChimp) offered by an American company, which involves the transmission of data to the United States; the transfer takes place on the basis of the standard contractual clauses.

The transmission of data to the company Cocoon L&R Sarl results in a transfer of data to Switzerland; the transfer takes place on the basis of the adequacy decision of the European Commission.

 

WHAT HAPPENS IF THE DATA ARE NOT PROVIDED?

The provision of data is optional but necessary to be able to make purchases on the site.

 

WHAT ARE THE RIGHTS OF THE INTERESTED PARTY?

The law recognizes the interested party’s right to ask the data controller to access personal data and to rectify or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability.

In particular, we remind you of the possibility of objecting to the processing of data carried out for marketing purposes.

The interested party may assert his rights at any time, without formalities, by contacting the data controller.

The rights recognized by current legislation on the protection of personal data are detailed below.

• Right of access, i.e. the right to obtain confirmation from the data controller as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject. If personal data is transferred to a third country or to an international organization, the interested party then has the right to be informed of the existence of adequate guarantees relating to the transfer.
• Right of rectification, i.e. the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
• Right to cancellation, i.e. the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay if: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the treatment is based and if there is no other legal basis for the treatment; c) the interested party opposes the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public powers vested in the owner or for the pursuit of legitimate interest and there is no overriding legitimate reason to proceed with the processing, or opposes the processing for direct marketing purposes; d) the personal data have been processed unlawfully; e) personal data must be canceled to fulfill a legal obligation established by the law of the Union or of the Member State to which the data controller is subject; f) personal data have been collected in relation to the offer of information society services to minors. However, the cancellation request cannot be accepted if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation which requires the treatment envisaged by the law of the Union or of the Member State to which the data controller is subject or for the execution of a task carried out in the public interest or in the exercise of public powers with which the data controller is invested; c) for reasons of public interest in the field of public health; d) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, to the extent that deletion risks making impossible or seriously jeopardizing the achievement of the objectives of such processing; or e) for the assessment, exercise or defense of a right in court.
• Right of limitation, i.e. the right to obtain that the data be processed, except for conservation, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of a other natural or legal person or for reasons of significant public interest of the Union or of a Member State if: a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has opposed the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public powers vested in the holder or for the pursuit of the legitimate interest of the holder of the treatment or of third parties, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. ?
• Right to portability, i.e. the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the owner and has the right to transmit such data to another owner without impediments by the owner to whom he has provided them, as well as the right to obtain the direct transmission of personal data from one holder to another, if technically feasible, if the treatment is based on consent or on a contract and the treatment is carried out by automated means. This right does not affect the right to cancellation.
• Right of opposition, i.e. the right of the interested party to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public powers of to which the data controller is invested or for the pursuit of the legitimate interest of the data controller or of third parties. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him carried out for these purposes, including profiling to the extent that it is connected to such direct marketing.

The interested party is then informed that, if he believes that the processing of his personal data takes place in violation of the provisions of the GDPR, he has the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself or to take the appropriate judicial offices (art. 79 of the Regulation).

Interaction with live chat platforms

ClickDesk Widgets

Personal Data: Data communicated while using the service; Usage data; Tracking Tool

Zendesk Chat

Personal Data: Data communicated while using the service

Interaction with support and feedback platforms

Zendesk widgets

Personal Data: Usage data

Management of support and contact requests

zendesk

Personal Data: various types of Data as specified in the privacy policy of the service