1. Definitions and Data Controller
JWA SRL Unipersonale
VAT number: IT02075040515
Tax Code: IT02075040515
Via Montefalco 38
52100 AREZZO AR
Personal data: all the information provided by the interested party (as listed in Article 2 below) as well as, if registered on the www.dp69.it website, navigation data (IP addresses, devices and programs used).
Processing: any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison, or interconnection, limitation, cancellation or destruction.
2. How to exercise the right of withdrawal
The Data Controller markets consumer goods online and, therefore, acquires, stores and uses the Personal Data of the Data Subjects in order to correctly fulfill the contractual obligations deriving from its activity.
In any case, the Data Controller only acquires, stores and uses the following Personal Data:
name and surname or denomination;
address of residence and/or shipping of the goods;
Tax Code and/or VAT number;
In any case, if the payment is made by credit/debit card, the relative data are not communicated to the Data Controller but directly to the payment service manager.
Under no circumstances does the Data Controller request, store or process:
sensitive and judicial data;
credit card numbers or access credentials to the payment systems used by the customer.
The aforementioned personal data of the interested party are processed by the Company for the following purposes on the basis of the connected legal bases:
contractual purposes: execution of the contract of which the interested party is a party and use of the services offered by the Company;
legal obligations and civil liability of the Company: fulfillment of the obligations established by national and supranational legislation, especially of an accounting and tax nature, as well as prevention of any form of civil liability for the Company for the activity carried out (e.g., by way of by way of example but not exhaustively, the Personal Data that can be used to contact the Data Subject is necessary if the Company decides to proceed with a recall campaign for a product that is suspected to be defective);
rights of the Data Controller: ascertain, exercise or defend the rights of the Company in court or out of court if necessary;
functioning of the site: the personal data of the interested party entered therein are necessary for its functioning and for the use of the services offered by the Company through the same.
3. Methods of acquiring and storing data
Personal data is acquired:
directly to the interested party, by filling in the appropriate online forms or by telephone;
not from the interested party, but through third parties (so-called "Marketplaces" such as, for example, Amazon, eBay, ManoMano, etc.) who, as intermediaries in the sale, send them to the Data Controller
In the case of Personal Data not acquired from the interested party, but through third parties, the Data Controller will bring this information to the attention of the interested party by e-mail or a suitable notice in the form attached to the goods shipped. The aforementioned information will be provided by the Data Controller at the latest within one month of obtaining the Personal Data or, if the latter are intended for communication with the interested party, at the latest at the time of the first communication with the same, or, if communication to another recipient is envisaged, no later than the first communication of Personal Data.
The Data acquired in this way is stored electronically on servers made available to the Data Controller by IT service providers.
A complete and updated list of the appointed Data Processors can be obtained by contacting the Company by registered letter with return receipt to the addresses referred to in Art. 1, attaching in this case a signed copy of an identity document.
4. Obligation to provide
The provision of personal data by the interested party is mandatory and necessary for the fulfillment of contractual obligations and for compliance with the mandatory provisions of the law regarding tax, tributary and accounting obligations.
In case of refusal of the provision by the interested party, the Data Controller will not be able to accept any order or execute any contract.
The provision of personal data relating to the date of birth and the generic title of the interested party is purely optional and possible. These data will be treated in an impersonal manner exclusively for internal statistical purposes.
5. Data Retention Period
The Personal Data of the interested party will be kept for the entire duration of the contract and, after termination, for the term referred to in art. 2220 of the civil code for the purpose of fulfilling the related fiscal and tax obligations.
In the event of judicial or extrajudicial litigation, the Personal Data will be kept for the entire duration of the same and until the terms for the appeal actions have expired.
Once the aforementioned terms have elapsed, the Personal Data of the interested party will be deleted, compatibly with the technical procedures set up for this purpose.
6. Independent Data Controllers, Data Processors and Recipients of Personal Data
In addition to the Data Controller, the Personal Data of the Data Subject may be processed by external subjects operating as independent Data Controllers such as, by way of example, companies that offer goods transport and shipment services or pre- and post-sales assistance.
Furthermore, as in the case of IT services referred to in Art. 3, personal data may be processed, on behalf of the Company, by external subjects authorized and designated as personal data processing managers, who are given adequate operating instructions. A complete and updated list of the appointed Personal Data Processing Managers can be obtained by contacting the Company by registered letter with return receipt to the addresses referred to in Art. 1, attaching in this case a signed copy of an identity document.
Finally, the Recipients of the personal data of the interested party may be the Judicial or Administrative Authority to which they must be communicated for the fulfillment of specific legal obligations.
7. Rights of the interested party and complaint to the Supervisory Authority
The interested party has the right:
to access the Personal Data concerning him;
to obtain the rectification of such data or the limitation of the processing that concerns him;
to oppose the Treatment;
to obtain the cancellation of Personal Data concerning him;
to revoke the consent at any time without prejudice to the lawfulness of the Data Processing based on the consent given before the revocation;
to receive, if the Processing is based on consent or on the contract and is carried out with automated tools, in a structured format, commonly used and readable by an automatic device, their Personal Data, as well as, if technically possible, to transmit them to another holder without impediments.
To exercise the aforementioned rights, the interested party can contact the Company by registered letter with return receipt at the addresses referred to in Art. 1, attaching in this case a signed copy of an identity document.
The interested party also has the right to lodge a complaint with the competent Supervisory Authority in the Member State in which he habitually resides or works or in the State in which the alleged violation occurred.
If the interested party has registered on the website www.dp69.it, by accessing his account, he can view his personal data and/or correct them.
In order to prevent fraud and/or allow the Judicial or Administrative Authority to prosecute the same, the Owner keeps the history of the changes made as well as the origin of the connection (IP address).
9. Security of Personal Data
The Data Controller has adopted specific security measures to prevent the loss of the Data Subject's Personal Data, illicit or incorrect use and unauthorized access. However, it is necessary for the interested party to use devices equipped with tools suitable for this purpose (such as, for example, updated antivirus and an internet connection that guarantees data transmission through firewalls, anti-spam filters, etc.).
Use of data for marketing purposes
If the interested party has given his specific consent, his Personal Data may be used for marketing activities such as sending communications, newsletters, etc., both by the Data Controller and by subjects designated for this purpose.
In this case, the Personal Data will be kept and used for this purpose until the consent is revoked by the interested party.
Newsletter via e-mail, sms, whatsapp, and other messaging systems
of our Newsletter which may also contain special offers and commercial proposals of various types.
I send notifications about abandoned carts via e-mail, sms, whatsapp, and other messaging systems
The data of the interested party strictly necessary and instrumental for this purpose will be used to send notifications regarding the possible presence of a cart created by the user which is not followed by the finalization of the order, including the links and/or the instructions for recovering the cart and finalizing the order, with the possible contextual proposal of special commercial conditions.