NOTICE ON THE TREATMENT OF PERSONAL DATA

Pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 concerning the protection of individuals with regard to the treatment of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)
As required by the General Regulation on the Protection of Personal Data of the European Union (GDPR 2016/679, Article 13), before proceeding with the treatment, the interested party (user of the website www.verdiani.it) is informed that the personal data collected through the site are processed by the Company through IT and/or telematic means, for the purposes indicated in this notice.
To this end, the interested party is subjected to the Privacy Statement prepared by Diliar srl (hereinafter also “VERDIANI” or “the Company” or “the Treatment Owner”), creator and promoter of the activities available on the site www.verdiani.it

 TREATMENT OWNER

The treatment owner of personal data is DILIAR S.R.L. , with registered office in Via Palmiro Togliatti n.7 50052, Certaldo (FI), VAT number: IT00380680488.
Treatment information
The personal data being processed are collected directly by DILIAR SRL or by third parties expressly authorized by it, or communicated by the Company to these third parties for the pursuit of the purposes described below.

Legal basis and purpose of the treatment
The personal data provided by the user when browsing the website www.verdiani.it are processed by the Owner in accordance with the current legislation on the protection of personal data.
The legal basis of the treatment is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of the online sales contract concluded between the parties and in the obligations to the same contract connected and/or directly and/or indirectly derived from the same.
The processing of personal data by DILIAR SRL is aimed at the pursuing the following purposes:
1) REGISTRATION TO THE VERDIANI.IT NEWSLETTER: in the event that the user decides to subscribe to the “VERDIANI Newsletter”, only following a possible and specific consent, the personal data will be processed by the Treatment Owner, for sending commercial or promotional communications, updates concerning for example the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the appropriate unsubscribe link at the bottom of the received emails or by writing to shop@verdiani.it
2) REGISTRATION ON VERDIANI.IT: in the event that the user decides to register on the site verdiani.it, only following a possible and specific consent, the personal data will be processed by the Treatment Owner for the registration on Verdiani.it. In particular, upon giving your name, surname, e-mail address and setting an access password, these will be treated for the creation of a personal account, to speed up the purchase procedure, to allow the user to view the status of the orders and receive updates on the purchases made, modify the personal settings and update the account, view the history of returns and requests for exchange of goods.

3) ONLINE SHOPPING ACTIVITIES: the personal data provided will be used for the establishment, management, execution and/or conclusion of the online sales contract. The data provided will be processed by the Treatment Owner for the purpose of managing the purchase order with reference, by way of example, to the activity of payment, shipment, taking charge of any returns, for customer assistance, for the execution of administrative-accounting purposes related to the management of the order, for the fulfillment of obligations provided by the current legislation. In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiry date, security code) will be processed by Banca Sella – Paypal or, eventually, by companies in charge of anti-fraud control through encrypted protocol and without any third parties having access to it in any way. However, this information will never be viewed or stored by the seller (DILIAR SRL.).
4) PROFILING OF THE PHYSICAL PERSON: only after a possible and explicit consent, the personal data provided may be processed by the Treatment Owner for profiling activities, meaning an analysis of the preferences aimed at creating personalized content and offers.

Nature of Treatment
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to their processing is optional. Any failure to provide the consent will make it impossible for the Company to allow the registration to the “VERDIANI Newsletter”, to send commercial or promotional communications, or updates concerning, for example, the latest trends, new arrivals, exclusive offers, special events and promotions.
If the user decides to proceed with the subscription to the newsletter through the section of the site dedicated solely to this activity, the provision of personal data and the consent to their processing is mandatory.
In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to their treatment is mandatory. Any failure to grant consent implies the impossibility for the Company to allow the registration on verdiani.it, the creation of a personal account, the speeding up of the purchase procedure, the display of the status of orders and the receipt of updates on purchases made, the possibility for the user to change personal settings and update the account, to view the history of returns and requests for exchange of goods.
In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to their treatment is mandatory. Any failure to grant consent implies the impossibility for the Company to proceed with the establishment, management, execution and / or conclusion of the on-line sales contract, therefore the impossibility to perform, as an example, the activities related to the payment, shipping, taking charge of any returns, customer assistance activities, execution of administrative – accounting purposes related to order management, and fulfillment of obligations under current legislation.
[Again] In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to their processing is optional. Any failure to grant consent implies the impossibility for the Company to carry out profiling activities, or to carry out analysis of preferences aimed at creating personalized content and offers.

Personal data processed
The personal data subject to processing by the Owner are those provided by the user when browsing the website www.verdiani.it, on the occasion of registration / accession to the services / programs available to VERDIANI and/or the possible purchase of products made available to VERDIANI, such as, by way of example: name, surname and e-mail address, in addition to the data necessary for the provision of the online sales service such as, for example, those functional to the execution of the payment and shipping/exchange of purchased products.

Data processing and storage methods
The processing of personal data is carried out by the Data Controller in compliance with the provisions of current legislation on Privacy. The Data Controller carries out the processing of personal data using IT and / or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this statement, as well as adopting the appropriate security measures in order to prevent access, disclosure, the unauthorized modification or destruction of personal data, their loss and their illegal and incorrect use. However, the Company cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of data by devices relevant to the user. For this reason, it is suggested to users of the site to ensure that their computer is equipped with adequate software to protect the transmission of data on the network (for example, updated anti-virus) and that their Internet Provider has taken appropriate measures for transmission security of data on the network. The Company also undertakes to process the data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and accurate for the treatment and to allow their use only by authorized personnel. The management and storage of acquired personal data will take place in archives or on servers located within the European Union owned by the Owner and / or third party companies appointed External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in accordance with the regulations in force on the subject.
In any case, the Company will take care to avoid the use of the data for an indefinite period by proceeding, periodically, to adequately verify the actual permanence of the interest of the subject to which they refer.

Treatment’s Recipients and Managers
The data collected will not be disseminated in any way, but will be processed within the limits and for the purposes described by the employees of the Company on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal personnel, system administrators, etc. .). Some data processing may also be carried out by third parties, appointed as External Data Processors, for which the Data Controller uses or could make use of in the management of the contractual relationship, the provision of the services offered and for organizational needs of its activity. In particular, the data could be communicated to:

a) subjects, public and private, that can access the data according to the provision of the law, regulation or community legislation, within the limits set by these rules;
b) subjects who need to access data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, computer companies, communication agencies, mail carriers and shipping companies);
c) consultants, within the limits necessary for the performance of their professional duties.

The updated list of External Managers and persons authorized to process data is kept at the headquarters of the Data Controller and is available to the interested party, upon request to be made by e-mail to shop@verdiani.it

Data transfer abroad
The management and storage of personal data will take place on the Data Controller server and / or third-party companies duly appointed as External Data Processors located within the European Union.
Personal data may be transferred abroad, in accordance with current legislation, even in countries outside the European Union. The transfer to non-EU countries, in addition to the cases in which this is guaranteed by the Commission’s Adequacy Decisions, is carried out in such a way as to provide appropriate guarantees in accordance with articles 46 or 47 or 49 of the Regulation.

Rights of the interested parties
As an interested party, the user may, at any time, exercise the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the GDPR which confer, in particular, the right to:

a) obtain from the Data Controller, in accordance with Article 15, the confirmation that their personal data is being processed and whether, in this case, obtain the access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients located in Third Countries or International Organizations; (iv) when possible, the period for storing the personal data or, if this is not possible, the criteria used to determine this period;
b) to obtain from the Data Controller, in accordance with Article 16, the correction of inaccurate personal data concerning them without unjustified delay; taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
c) to obtain from the Data Controller, in accordance with Article 17, the deletion of personal data concerning him without unjustified delay. The Data Controller is obliged to cancel personal data without unjustified delay if one of the reasons indicated in paragraph 1 of Article 17 exist;
d) obtain from the Data Controller, in accordance with Article 18, the limitation of treatment when one of the hypotheses governed by paragraph 1 of Article 18 occur;
e) to obtain from the Data Controller, in accordance with Article 20, the portability of data, i.e. to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning them provided to a Data Controller. The interested party also has the right to transmit such data to another Data Controller without hindrance by the first Owner to whom he supplied them, if the conditions indicated in Article 20 paragraph 1 occur. Finally, the interested party has the right to obtain direct transmission of personal data from one Data Controller to the other, if technically feasible;
f) object, in whole or in part, in accordance with Article 21, to the treatment of personal data concerning them.

To exercise their rights, the user can send their requests to shop@verdiani.it.
It should also be noted that the interested party has the right to revoke the consent at any time without jeopardizing the lawfulness of the processing based on the consent given before the revocation, without prejudice to the consequences indicated above regarding a possible refusal to provide such personal data. The interested party also has the right to lodge a complaint with a Control Authority.
You can make requests regarding the exercise of these rights by contacting the email address shop@verdiani.it

DILIAR S.R.L. undertakes to respond to the requests of the interested party within one month, except in cases of particular complexity, for which it could take a maximum of three months. In any case, the Data Controller will provide evidence of the reason for the waiting within one month of the request. The outcome of the request will be provided in writing or electronically. In the event of a request for rectification, deletion and limitation of processing, the Data Controller undertakes to communicate the results of the requests received by the interested party to each of the recipients of their data, unless this is proven impossible or involves a disproportionate effort.
The Company specifies that a contribution may be requested from the interested party if the applications are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will set up a register to track the requests for intervention.

Changes to the present statement
The data controller reserves the right to make changes to this Privacy Policy at any time by giving users publicity on the www.verdiani.it website. Please therefore consult this page often, referring to the date of last modification indicated at the end of the document. If the changes made to this Privacy Policy are not accepted, the interested party may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that point.

Privacy policy updated on the 25^th of June 2018.