Privacy Policy

Introduction and legal basis

This Privacy Policy, which can be downloaded by the User for storage, is governed by EU Regulation 679/2016, regarding the processing of personal data, in order to promote awareness and facilitate public understanding of the risks, rules, guarantees and rights in relation to the processing of personal data and to promote the awareness of Data Controllers and Data Processors regarding the obligations imposed on them by the EU Regulation.

Users are invited to periodically visit this section in order to be always updated on any regulatory changes.

Controllers and processors of personal data

The Data Controller is Prodes Italia S.r.l. - VAT number 09808810965, in the person of its administrator, with registered office in via Via Sansovino, 6 - 20133 - Milan - Italy - info@prodesitalia.com - tel. +39 02 36580208

General Risk Disclosure

The Data Controller, in the person specified above, informs Users that, due to the particular nature of the medium used, there is a general risk of violation of network security, a risk that may arise outside the scope of the security measures adopted in accordance with current legislation.

Therefore, it is recommended that Users ensure that their navigation tool has all the necessary requirements to ensure the security of data transmission over the network.

Object of the collection and processing:

  • Personal data provided by the User: data released voluntarily and knowingly such as name, surname and email address released through the registration form
  • Data obtained through the User's device: device manufacturer, device model, operating system, browser type, IP address;
  • Data obtained from social media: the User ID and/or username associated with a given social media service and the link to the User's profile in the case of access or registration to the Site through a social media service (e.g. Facebook). The access to the service through social media services requires the communication of the aforementioned data. If the User does not intend to communicate the aforementioned information, he must use other means to access the website.
  • Geolocation: the location of the User's device, subject to the latter's consent which may be revoked at any time by the User.

With reference to the data collected through cookies and how to remove them, the user is invited to carefully examine our Cookie Policy, available in the dedicated section.

Purposes and methods of collection and processing

Personal data are collected to allow the main functions of the website, i.e. to allow Users to perform registration operations, to manage requests for information sent by users, to comply with applicable regulations and/or respond to requests from public and administrative authorities, to carry out the activities necessary for the sale of activities or company branches, acquisitions, mergers, divisions or other transformations and for the execution of the aforementioned operations, to allow a limited activity of profiling the preferences, characteristics, habits or consumption habits of Users, in order to allow the carrying out of marketing activities focused on the specific interests and needs of the Users, with their prior consent.

Furthermore, the data are collected to allow www.overjewels.com, to send newsletters, subject to the consent of the User who has voluntarily subscribed to it through the appropriate field 'subscribe to the newsletter', or the User by ticking on the appropriate box in the registration form consents to the receipt of the newsletter. In any case, the User can always unsubscribe from the newsletter by accessing their own reserved area.

Legal basis

At the basis of the processing of personal data there are first of all the contractual purposes. In this case, the processing is mandatory, as it is necessary for the provision of the requested services.

Therefore, if the User does not want his personal data to be used for these purposes, he must not use the services and the website.

Furthermore, the processing takes place on the basis of the legitimate interest of www.overjewels.com, of their counterparties and partners for the realization of economic activities, within and within the limits strictly necessary for the performance of these activities, in line with the interest of the User.

Finally, the legitimate interest in data processing is found in carrying out profiling activities, for the purpose of sending marketing communications, based on the interests and needs of the User.

In all these cases, the data processing activities are not mandatory and the User may object at any time, according to the methods indicated below, or using the form available on the website www.overjewels.com.

The Marketing Purposes are optional

However, failure to provide consent, for their realization, would make it impossible for www.overjewels.com and their Partners to send the User generic and/or personalized marketing communications and services/products of the Partners.

The User may at any time revoke his consent to the processing of personal data for Marketing Purposes by sending the appropriate form, available for download, on www.overjewels.com, to the email address info@prodesitalia.com

Method of giving consent. Active consent

www.overjewels.com does not use automatic or predefined boxes for the acquisition of consent to the processing of personal data by the interested party.

In fact, the User, as required by EU legislation, must express his consent in a clear, determined and conscious way by clicking on the appropriate ‘I accept’ button, only after having carefully read the text of the statement.

In this way, the system will consider the consent to the processing and storage of personal data as acquired.

Once the User has knowingly given his consent, by carrying out the procedure guided by the system, he takes the responsibility of having read the statement, relieving the Controller of any responsibility.

The user is required to give his consent also regarding the receipt of the newsletter to which he has voluntarily subscribed through the appropriate field ‘subscribe to the newsletter’, or by ticking the appropriate box ‘subscribe also to the newsletter’ inside the registration form.

Whom the data are disclosed to

www.overjewels.com will share the User's personal data, for the purposes already mentioned:

  • with the manufacturing companies (name, surname, delivery address);
  • with service providers that are instrumental to the functioning of the website;
  • both appointed as External Data Processors;
  • with the Competent Authorities in order to collaborate in the investigations aimed at guaranteeing the protection, against illegitimate or unauthorized use of the website, as well as to ensure compliance with Applicable Laws.

The data may also be disclosed to persons delegated to carry out the activities necessary for the execution of the purposes pursued by the website and disseminated exclusively for this purpose.

These are internal company personnel, responsible for the execution of the service offered by the website.

User data may also be disclosed to the following categories of third parties:

  • public authorities in the context of fulfilling specific legal obligations;
  • administrative, judicial and tax authorities, in the cases and with the limitations provided for by law;
  • other entities controlled and/or connected to the company, in the cases and with the limitations provided for by law;
  • service providers or consultants for needs related to the management of the service.

In these cases, the consent of the interested party for the communication of personal data is not required.

Methods of processing personal data

The User's personal data are processed with electronic and non-electronic tools, for the period of time strictly necessary to achieve the purposes for which they were collected.

In the management of the data, collected through www.overjewels.com, the most appropriate measures are adopted in order to prevent the loss, illicit or incorrect use of data as well as unauthorized access.

In addition, reasonable measures are taken to maintain the security of the personal data collected, also by limiting the number of individuals who have material access to our databases and by installing electronic security systems that protect against unauthorized access.

Methods of data transfer

It is possible that, as part of the business, the User's personal data are transferred to third-party companies both within and outside the European Union.

In this case, all appropriate measures will be taken to ensure that this transfer takes place in accordance with the provisions of articles 45 and 46 of the Privacy Regulation.

In the event that the User wishes to receive further information regarding the guarantees in place and request a copy of the same, he can contact us at the following email address info@prodesitalia.com.

Place of storage

The data released by the User will be collected and stored on the servers of ARUBA BUSINESS S.P.A.

For sending newsletters, Prodes Italia S.r.l. use the system called SENDINBLUE, which allows the company to profile customers based on the language or country of origin, for the creation of specific lists, to which to send targeted communications.

Retention time of the collected data

The data collected will be kept for the time necessary to carry out the activities and obligations for which they were collected. They will subsequently be archived by constituting the operator's internal registry, or they will be deleted.

The internal registry will be able to combine and classify User data by associating them with the identification codes used for authentication.

User rights

The interested party enjoys the rights referred to in Regulation 678/2016, including:

  • to ask for confirmation of the existence of their personal data, including data collected by the company;
  • to know their origin, the logic and the purposes of their treatment;
  • to obtain updating, rectification and integration;
  • to request their cancellation and oblivion, transformation into anonymous form or blocking in the event of unlawful processing;
  • to oppose their processing for legitimate reasons or in the case of use of the data for sending advertising material, commercial information, market research, direct sales and interactive commercial communication;
  • to request the transfer of their data to third parties, where possible and necessary.

The exercise of these rights by the User takes place through direct contact with the Data Controller and the Data Processor, to whom the User himself, using the references included in this statement, may ask to proceed with each of the aforementioned charges.

Alternatively, the appropriate form for the exercise of rights is available for download on www.overjewels.com, which the User can fill in and send to the email address info@prodesitalia.com.

Reporting procedure

In case of violation of the rules for the protection of personal data or of an event that determines the loss of the aforementioned data by the Data Controller, Regulation 679/2016 imposes the following procedure:

  • Obligation to report by the interested party

If the interested party is aware of the violation of their personal data, they must make an urgent communication to the Data Controller, using one or more contacts among those indicated in point 2) of this statement. The Data Controller must, within 72 hours, communicate the violation to the Privacy Authority, together with the measures taken to deal with the violation.

Reporting by the Data Controller

The Data Controller, who becomes aware of the violation from other control sources (DPO - Data Processor - Data Processors), must notify the Privacy Authority, as well as the interested party, within 72 hours, also indicating the measures to deal with the violation.

Complaint

The interested party also has the right to lodge a complaint with the Supervisory Authority. For more information on the procedures, please visit the website www.garanteprivacy.it

Compensation for damage

The interested party, who has suffered damage caused by the loss, unauthorized or illegal disclosure of their data, has the right to proceed, before the appropriate offices, to obtain relief.

Competent authority

For reports relating to the violation of personal data or damages suffered as a result of the same, the Privacy Authority www.garanteprivacy.it is competent

Jurisdiction

In the event of disputes relating to the interpretation of this document, the Consumer Court will be competent, pursuant to Legislative Decree 206/2005.