KORI JEWELS protects the personal data and the necessary requirements of protection for each event confidentially. As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to the art. 13, the information required by law concerning the nature, purposes and methods of processing personal data through this site.
- A) Identification of the title of processing and the nature of the data processed
(Article 13, paragraph 1, letter a, Article 15, letter b GDPR)
KORI JEWELS of SV based in via P.Canonici 8, 40141 Bologna, can be reached at the PHONE NUMBER 3756319599 from Monday to Friday from 10 to 17. E-MAIL email@example.com; firstname.lastname@example.org; is the title of personal data, is the person of its legal representative, collects and / or receives information concerning the interested party and makes decisions about the methods and rights of the processing of personal data. The complete list of all data of the appointed data is available upon request to the Data Controller. Exemplification of the data type and their purpose (Article 13, paragraph 1 of the GDPR) Navigation data like all websites. This site also acquires some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with the individual person, but by their very nature could, through processing and association with data held by third parties, allow to identify it. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. Personal data and e-mail addresses. This is data entered voluntarily by the user in the appropriate fields of compilation provided by this site: name and surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, tax code, address / e-mails, shipping address.
KORI JEWELS does not require the Data Subject to provide data c.d. “Particulars”, that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, data biometrics designed to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested to KORI JEWELS requires the processing of such data, the interested party will receive prior notice and will be required to give appropriate consent.
- A) Purposes related to the processing of personal data of the interested party
(Article 13, paragraph 1 of the GDPR)
The data are used by the Data Controller to process the registration request and the contract for the supply of the selected Service and / or the purchased Product, to manage and execute the contact requests sent by the Interested Party, provide assistance, fulfill legal obligations and regulations to which the owner is held according to the activity exercised. Under no circumstances does KORI JEWELS resell the personal data of the interested party to third parties or use them for undeclared purposes. The collection and processing of personal data is necessary to follow up the requested services as well as the provision of the Service and / or the supply of the requested Product. If the Data Subject does not provide the personal data expressly provided for as necessary in the order form or the registration form, the Data Controller will not be able to process the processing of the requested services and / or the contract and the Services / Products connected to it, or to the obligations that depend on them. In particular the data of the interested party will be processed for:
1) Registration of personal data and requests for contact and / or information material. The processing of personal data of the interested party takes place to carry out preliminary activities and consequent to the registration request, the management of requests for information and contact and / or sending information material through newsletters, as well as for the fulfillment of each other obligation deriving, for example administrative and accounting activities connected with the online purchase (Article 6 paragraph 1 letter b) Reg. 2016/679). The data could be used for marketing and promotional purposes and customer satisfaction, including sending the newsletter, through automatic means, such as e-mail and text messages, as well as traditional means, such as telephone contact with operator, in full compliance with the principles of lawfulness and correctness and the provisions of law (this purpose only concerns users who have given the optional consent).
KORI JEWELS may use the contact details provided by the Interested Party, for the purpose of direct sale of its Services / Products, limited to the case in which it is similar Services / Products or promotional activities of different products to those object of sale, unless that the interested party does not explicitly oppose. In the event that the interested party does not give his consent to the processing of personal data for such purposes, said processing will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he has already consent if requested. In the event that the interested party has given consent and should subsequently withdraw or oppose the treatment for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or detrimental effects for the interested party and for the requested services.
2) The management of the contractual relationship. The processing of personal data of the interested party takes place to carry out preliminary activities and consequent to the purchase of a Service and / or a Product, the management of the related order, the provision of the Service itself and / or production and / or the shipment of the purchased Product, the related invoicing and the management of the payment, the handling of complaints and / or reports to the assistance service and the provision of the assistance itself, the prevention of fraud and the fulfillment of any other obligation arising from the contract. The legal basis for these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
3) Profiling and computer security. The Owner, in line with the provisions of Recital 49 of the GDPR, treats, also through its suppliers (third parties and / or recipients) the navigation data, in order to obtain anonymous statistical information on the use of the Site (most visited pages , number of visitors per time slot or daily, geographical areas of origin, etc.) and to check its correct functioning. The personal data of the interested party may be processed for the purposes of profiling (such as analysis of the transmitted data and the selected Services / Products, proposing advertising messages and / or commercial proposals in line with the choices expressed by the users themselves) only in case The interested party has provided an explicit and informed consent. The legal basis of such processing is the consent given by the interested party prior to the processing itself, which can be revoked by the interested party freely and at any time. To allow – given the architecture of the systems used – the correct provision of the various functions required, for reasons of security and assessment of responsibility in case of hypothetical computer crimes to the detriment of the Site or third parties, the personal data of the interested party related to traffic is used strictly and proportionately to ensure network and information security, ie the ability of a network or information system to withstand, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted. The Data Controller will promptly inform the Interested parties, if there is a particular risk of violation of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR concerning notifications of violation of personal data. The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing related to the protection of the company assets and the security of the KORI JEWELS offices and systems.
4) the protection of minors. The Services / Products offered by the Data Controller are reserved for subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations. The Data Controller, in order to prevent illegal access to its services, implements prevention measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.
- B) Communication to third parties and categories of recipients (Article 13, 1st paragraph GDPR)
External professionals / consultants and consulting firm Compliance with legal obligations, exercise of rights, protection of contractual rights, recovery of credit. Subjects formally delegated or with recognized legal title Legal representatives, curators, tutors, etc. The Data Controller imposes on the Third Party’s own suppliers and on the Data Processors the observance of equal or similar security measures to those adopted towards the interested party, restricting the perimeter of action of the Manager to the treatments connected to the requested service. The Data Controller does not transfer your personal data to countries where GDPR (non-EU countries) is not applied, unless there are specific indications to the contrary for which you will be informed in advance and your consent will be requested if necessary. The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest of KORI JEWELS to carry out the necessary treatments for these purposes.
- C) Methods of processing data of the interested party (Article 32 GDPR). The Owner shall use appropriate security measures to preserve the confidentiality, integrity and availability of personal data of the interested party and imposes similar security measures on third party suppliers and persons responsible. The personal data of the interested party are kept in paper, computer and electronic archives located in countries where the GDPR (EU countries) is applied.
- D) Duration of data processing of the data subject (Article 13, paragraph 2, letter to GDPR).Unless the latter expressly express their will to remove them, the personal data of the interested party will be kept until they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of their registration and in any case no later than a maximum period of 12 (twelve) months of inactivity, or if, within this period, no Services are associated and / or purchased of the Products through the the registry itself. In the case of data provided to the Owner for the purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he initially consented, these will be retained for 24 months, subject to revocation of the consent given. In the case of data provided to the Owner for the purposes of profiling, these will be kept for 12 months, subject to revocation of the consent given. It should also be added that, in the event that a user sends unsolicited or unnecessary personal data to KORIJEWELS for the execution of the requested service or for the provision of a service closely connected to it, KORI JEWELS, cannot be considered these data, and will delete them as soon as possible. Regardless of the determination of the interested party to their removal, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations, for the sole purpose of guaranteeing the specific requirements of some Services (by way of example) but not exhaustive, Certified Electronic Mail, Digital Signature, Substitutive Storage – in this regard see the relevant section). Furthermore, personal data will in any case be kept for the fulfillment of the obligations (eg fiscal and accounting) that remain even after the termination of the contract (Article 2220 c.c.); for these purposes the Data Controller will only retain the data necessary for the relative prosecution. Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the interested party, exclusively those necessary for such purposes, will be processed for the time necessary to their pursuit.
E) Rights of the interested party (articles 15 – 20 GDPR) The interested party has the right to obtain from the data controller the following:
- a) confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data and the following information: 1. the purposes of the processing; 2. the categories of personal data in question; 3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; 4. when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; 5. the existence of the right of the data subject to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; 6. the right to lodge a complaint with a supervisory authority pursuant to art. 15 GDPR 7. if the data are not collected from the data subject, all information available on their origin; 8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject. 9. the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
- b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs.
c) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.
- d) the right to obtain from the data controller the cancellation of personal data concerning him without undue delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the case in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law still exist; and in any case if the treatment is not justified by another equally legitimate reason;
- e) the right to obtain from the data controller the limitation of processing, in the cases referred to in art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The Interested Party must be informed, in reasonable time, also of when the suspension period has been completed or the cause of the limitation of treatment has ceased, and therefore the limitation itself revoked;
- f) the right to obtain communication from the holder of the recipients to whom the requests for any corrections or cancellations or limitations of the processing have been transmitted, unless this proves impossible or involves a disproportionate effort.
- g) the right to receive personal data concerning him / her in a structured, commonly used and automatically readable format, and the right to transmit such data to another data controller without impediment by the data controller to whom he / she provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one controller to another, if technically feasible.
Any further information and in any case any of the aforementioned requests, must be communicated to the Data Controller at the address email@example.com, in order to ensure that the rights mentioned above are exercised by the Data Subject and not by unauthorized third parties, the Owner may request the same to provide any additional information necessary for the purpose. For reasons relating to the particular situation of the interested party, the same may object (Art.21 GDPR) at any time, for legitimate reasons, to the processing of their personal data concerning him even if pertinent to the purpose of collection, as well as to the processing of personal data for the purpose of sending advertising material, to the portability of data and revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation. Finally, he has the right to lodge a complaint with a Control Authority (for Italy, the Privacy Guarantor). To exercise the rights it is necessary to send a request to the references of the Owner. The interested party has the right to cancel his / her personal data if there is no legitimate overriding reason for the Data Controller than the one giving rise to the request, and in any case in case the Data Subject opposes the processing for commercial promotion activities.
Texts, images, graphic elements, audio files, animation files, video files and their arrangement on the www.korijewels.com website can not be copied for commercial or informative purposes, nor modified or used on other sites.