Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal data is information such as name, email address or telephone number, but also information about hobbies, memberships or which other websites were visited by the data subject.
We only collect, use and share personal data in accordance with what is legally permissible, and with the user’s consent. Consent is any voluntarily given, unambiguous statement of agreement in a specific case, given in an informed manner in the form of a statement, or other clearly affirming consenting action, with which the data subject indicates that they agree to the processing of their personal data.
We (or the webspace provider) collect data on each of your visit to the federico pazienza website (this data is referred to as “server log files”) (“access data”). This access data includes: name of the website accessed, file, date and time of access, volume of data transmitted, protocol on successfully access, browser type and version, the user’s operating system, referrer URL (i.e. page previously visited), IP address and the requesting provider. If the user is using a mobile device, the access data additionally comprises: country code, language, name of device, name of operating system and version, GPS location data.
We use this access data only for statistical evaluations for the purpose of operation, security and optimization of our offer on our website. However, reserve the right to review these data at a later date, if concrete indications of unlawful use become known to us. This data is then stored as it is understood to be the only way to prevent misuse of our offer; if necessary this data will be reviewed to investigate past offenses. In this regard, since we are the party responsible for data processing, storing this data is necessary to ensure our security. This data will not be shared with third parties unless required by law or for the purpose of criminal prosecution.
Purchase data and any other data you provide in the purchase will be used on the our website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures, i.e. use of our website and purchase of products in the webshop.
Payment data is not processed by us, but exclusively by our external provider Stripe or PayPal or Ideal.
When you contact us (for example by email), also outside of a contractual relationship with us, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.
In general, the legal basis for data processing of data when using our website and services is Art. 6 (1) b. GDPR, i.e. the data is processed insofar as it is required to fulfill the sales contract between you and us or to fulfill pre-contractual measures that you requested. Art. 6 (1) a. GDPR is also the legal basis for the processing of data for specific purposes, provided and to the extent that you and/or the data subject have given their prior consent.
Art. 6 (1) c. GDPR is also the legal basis for any processing of your data by us when this is required to fulfill a legal obligation to which we and/or other responsible persons are subject. This can be the case for example when our data is collected when you visit our web page, if we choose this method to ensure security of our website and services.
Data processing may also be carried out on the basis of Art. 6 (1) e. GDPR, if this is necessary to perform a legal obligation in the public interest or in the exercise of official authority that we or the responsible party have been vested in.
Moreover, Art. 6 (1) f. GDPR also forms the legal basis for example when data is collected when visiting the federico pazienza website or when data is transmitted to our shareholders and external service providers. The processing takes place if it is necessary to safeguard our legitimate interests and does not outweigh your interests, fundamental rights and fundamental freedoms that might require the protection of personal data.
A legitimate interest is to be assumed in the case of a legitimate relationship between you (or the person in question) and us (or the responsible party), i.e. if you are a customer and/or user of our website and services.
For further details we refer to the explanations of processing operations in this privacy statement.
We do not use profiling or automated decision-making when you visit our website and use our services. However, in individual cases it is possible that such profiling is carried out by the third-party providers we use. We point this out as much as possible in this privacy statement.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Examples of such profiling include the analysis of data (e.g. on the basis of statistical methods) with the aim of displaying personalised advertising to the user or giving shopping tips.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is required by EU law or law of its member states to which the data controller is subject and such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) with explicit consent of the data subject. In these exceptions, the responsible party takes appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.
We only transfer personal data to third parties insofar as it is necessary in the framework of fulfilling the terms of the agreement and only within the scope stated in this privacy statement. Furthermore, data is only transmitted if we are legally obliged to do so or if the person concerned has given their consent and has not revoked it, or if this is necessary to enforce our rights. In some cases, processing may take place in other EU countries, but we make sure that the level of data protection is always in compliance with EU requirements.
We work together with external service providers that support us in carrying out the online or offline steps necessary to execution of our service. We only transfer personal data to third parties insofar as it is permissible by law (i.e. in order to execution our service on the website, in accordance with Art. 6 (1) b. GDPR) or with your given consent (in accordance with Art. 6 (1) a. GDPR) or if you instruct us to do so. Please contact email@example.com for more information.
This relates for example to the transmission of data to our shipping service provider(s). Moreover, as part of our affiliate program, we may share information with our affiliate partners who use the information on our behalf for marketing purposes and to improve our services. These affiliate partners process the data exclusively within the EU and in compliance with the relevant legal bases. Among other things, the affiliate partners receive the customer’s ID.
Data may be transferred outside the EU when visiting or using the website – this is the case for the services of Google, Facebook or Twitter, as described in the section “Social Plugins”. The US companies offering Google, Facebook and Twitter services are each certified under the EU-US Privacy Shield agreement and thus guarantee compliance with EU data protection regulations.
Data may be transferred outside the EU when visiting or using the website. This is the case for example with the services of the payment service provider Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Stripe processes payment data in order to process payments on the website. Stripe, Inc. is certified according to the EU-US Privacy Shield agreement and thus guarantees compliance with data protection regulations in the EU. For more information about Stripe please refer to https://stripe.com/de/privacy.
It is possible that third-party content is integrated within our website, such as videos hosted by YouTube, maps by Google Maps, RSS feeds or graphics from other websites. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the user’s IP address, since the IP address is required to send content to the user’s browser. The IP address is therefore required to display this content. Where possible, we will only use content whose respective third-party providers use the IP address solely for the delivery of the content and point this out accordingly. However, we have no influence on the actions of third-party providers if they store the IP address, e.g. for statistical purposes. The users will be informed if such behavior by third party service providers is known to us.
Cookies are small files that are automatically stored on your access device that allow us to store information related to your device. On the one hand, cookies enhance the user-friendliness of websites and thus serve the users (e.g. by storing login data). On the other hand, they are used to collect statistical data on the use of the website and to analyze it in view of improving our website.
When the user visits the federico pazienza website, temporary “session cookies” are generated and stored on the user’s device, but they are deleted as soon as the user closes their browser window. The session cookies are stored at benötigt in order to assign successive page views to the respective users who access the platform at the same time.
Users can manage many companies’ advertisement cookies from by using the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices.
We use Google Analytics, a web analysis service of Google Inc, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on the users’ device to help the website analyze how they use the site. The cookie generates information such as browser type/version; operating system used; referrer URL (page previously visited); host name of the accessing computer (IP address); time of the server request when using the website. This information is usually transmitted to a Google server in the USA and stored there, but given that IP anonymization is activated on our website, our users’ IP addresses will be previously abbreviated within EU member states or other parties to the Agreement on the European Economic Area. This means that the full IP address will not be transmitted to a Google server in the USA and shortened there. IP anonymization is activated on our website. On behalf of the operator of this website Google will use this information to evaluate your usage of the website, to create reports on website activities and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google.
By using appropriate settings you can prevent the storage of cookies in your browser. In this case however we would like to point out that you might not be able to fully use all functions of the Pamono website(s). It is also possible to prevent the collection of data generated by the cookie and related to the usage of the website to Google as well as the processing of these data by Google by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=de
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Every user has a right to access the personal data stored about their person at any time and free of charge.
This right of access to stored personal data includes the right to know whether personal data concerning the data subject is being processed and, if so, the following related information:
purpose(s) of data processing; categories of personal data being processed; recipient(s) or categories of recipient(s) who the personal data has been disclosed to or is currently being disclosed to, especially in the case of recipients established in third countries or international organisations;
if possible the planned duration that personal data is to be stored for, or, if this is not possible to tell, the criteria that determine this duration;
the existence of a right of correction or deletion of the user’s personal data or restrictions of processing by the party responsible or of a right of opposition to such processing; the existence of a right to lodge complaints with a regulatory authority;
if the personal data is not collected from the data subject themselves, all available information about the data’s origin; the existence of automated decision-making including profiling (according to GDPR) and – at least in these cases – relevant information about the applied logic as well as the scope and the intended effects of such processing for the data subject.
The right of access to stored personal data does not exist if the data is only stored because it may not be deleted by reason of statutory, constitutional and contractual regulations on retention and for data backup and data protection control, and if therefore the provision of information would require disproportionate effort, and if appropriate technical and organizational measures preclude processing of personal data for further purposes.
The user has the right to revoke their consent regarding the use, processing or transmission of their data at any time. To this end the user can contact us at firstname.lastname@example.org.
In the case of the withdrawal of your consent for the storing, processing and use of your personal data, we will immediately delete all of your saved data. This does not apply if compelling legitimate grounds are given for processing that outweigh your interests, fundamental rights and fundamental freedoms or if data processing is required to establish, exercise or defend legal claims.
We will therefore continue to use this data, for example, if it is still necessary for the implementation of the contractual relationship, for example.
You have the right to have any inaccurate personal data immediately corrected. You have the right to request the rectification of your personal data (for example by submitting an explanation about the inaccuracy of the data) in view of the given processing purposes. For this purpose please contact email@example.com.
You have the right to demand that we delete your personal data immediately. For this, please contact firstname.lastname@example.org
Your personal data will be deleted immediately in the following cases:
if we no longer need your personal data for the purposes for which they were initially collected or otherwise processed;
if you revoke your consent that formed the basis for the processing, and there is no other legal basis for processing;
if you object to the processing and there are no proper overriding legitimate reasons for processing;
if the personal data has been unlawfully collected;
if the deletion of the personal data is required to fulfil a legal obligation under EU law or the law of the Member States to which we are subject;
if the personal data relating to information society services offered directly was collected from a child under 16 years of age without parental consent.
Data will not be deleted if processing of the data is necessary (i) to perform a legal obligation in the public interest or in the exercise of official authority that we have been vested in; (ii) to exercise the right to free speech and information; (iii) on grounds of public interest in the field of public health; or (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, if the right to deletion presents a serious obstacle to reaching the objectives of this processing or makes it.
In the case of non-automated data processing, data need not be deleted if it this would require disproportionate effort or if it is impossible, and if your interest in deleting is seen as small. In this case, data processing will be restricted instead of the data erased.
Moreover, we will restrict data processing rather than delete the data as long and as far as we have reason to believe that erasure would adversely affect legitimate interests of the data subject. We will inform the data subject of the restriction of processing if doing so is not impossible or would not involve a disproportionate effort.
Please also refer to the following sections 4.5 below.
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met: (i) The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data; (ii) The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data; (iii) We no longer need the personal data for the purposes of processing, you need the data to assert, exercise or defend legal claims; or (iv) You have filed an objection against the processing and it is not yet clear whether the legitimate reasons of our company outweigh your legitimate reasons for the objection. If the above conditions are met and you wish to have your personal data stored by us restricted, you can contact us at email@example.com at any time. We will then arrange for processing to be restricted. If you have been confirmed that the processing of your personal data is restricted, we will inform you in advance if we lift this restriction again.
Instead of personal data being deleted, its processing may be restricted. Please refer to the previous section for more details.
You have the right to receive your personal data (that you have provided to us) in a structured, commonly used and machine-readable format. For this, please contact us at firstname.lastname@example.org. You also have the right to transmit those data to another controller without hindrance from us (who was provided with the personal data), provided that the processing is based on consent or on a contract to which the data subject is a party and provided that the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
This right shall apply if it adversely affects the rights and freedoms of others, or if processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Please contact us by email at email@example.com if you have any questions about data protection.