Privacy policy

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("the Regulation" or "GDPR"), we intend to inform users about the methods and purposes of the processing of personal data of those who interact with our website.
This information does not apply to other websites that may be accessed through links  located on the domain of the controller, and the latter shall not be held in any way responsible for the websites of third parties.

Data controller
The Data Controller of the personal data collected through this site is Felicia S.r.l. a Socio Unico with registered office in Via Nicolò Copernico Snc (Zona Pip) - 70024 Gravina in Puglia (BA) Italy - Tax ID no.: 07833110724 - Tel: (+39) 0803255801 (hereinafter also "Felicia S.r.l." or "the Company")

Data Protection Officer (DPO)
The Data Controller appointed a Data Protection Officer (DPO), whom you may contact to exercise your rights as well as to request any information related to privacy at the following addresses: Tel: (+39) 0803255801, Fax: (+39) 0803221304, e-mail: dpo@andrianispa.com

Purposes of processing, legal basis, nature of the provision
Only non-particular personal data will be processed for the purposes expressed in this notice. Data of a personal nature will be processed, in compliance with the conditions of lawfulness under Article 6 of the Regulation, for:

•    allow browsing on this website and the technical management of connections to it
The computer systems used to operate the websites acquire, during their normal operation and for the sole duration of the connection, certain personal data whose transmission is implicit in the use of Internet communication protocols. This concerns information that are not collected with the purpose of associating them with specific individuals, but by their own very nature could, through the processing and association with any data held by third parties, allow users to be identified. This category of data includes, for example, IP addresses or the names of the computers used by users who connect to the websites, the URI (Uniform Resource Identifier) addresses of the resources requested, the characteristics of the browser used for browsing, the size of the window in which the browser runs on the device used, and other parameters relating to the user's operating system and computer environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the sites and to check that they are operating in a correct manner, and they are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the sites.
Legal basis of processing: the legitimate interest of the Data Controller (Art. 6(1)(f) of the GDPR).
The data requested for the stated purposes are required to enable the browsing on the site.

•    responding to requests for information or contact, downloading of information material about our products and other types of requests (e.g.,  "report your blog"), submitted by customers/users regarding the services offered by the Controller.
The voluntary sending of electronic mail to the e-mail addresses stated on the above-mentioned websites, also by means of the specific data collection forms, entails the subsequent collection of the sender's e-mail address, which is necessary to follow up on the requests, as well as any other personal data included in the message. This also applies to handling and responding to user complaints.
Legal basis of the processing: performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the request thereof (Art. 6 paragraph 1 letter b of the GDPR) and legitimate interest of the Controller (Art. 6 paragraph 1 letter f of the GDPR).
The data requested for the stated purposes are required in order to enable the follow up on the requests of the data subject. Failure to provide data will only make it impossible to send and/or receive and/or respond to the requests of the data subject.

•    direct marketing activities of the Controller
By expressing your consent to the processing of your personal data for "marketing" activities, you accept that the Data Controller may send you commercial offers, market researches or other sample researches and direct sales, information material for assessing the degree of satisfaction, promotional, commercial and advertising material or material concerning events and initiatives. In the latter case, the data may be sent by automated means such as e-mail, fax, MMS or SMS messages or other types of messages, as well as by telephone calls through an operator or by paper mail.
Legal basis of processing: the user's consent (Art. 6 paragraph 1 letter a of the GDPR).
The data requested for the stated purposes are required in order to enable the sending of commercial communications and promotional material to the data subject. Failure to provide such data will only result in the impossibility of sending commercial communications and promotional material.

•    purchase and delivery of products via the online shop
By voluntarily entering your data in the section and signing in the shop area, you allow the Controller to use your personal data to receive and process orders, provide products and services, process payments and communicate about order orders, products, delivery and other services related to online sales.
Legal basis of processing: the performance of pre-contractual or contractual obligations (Art. 6 paragraph 1 letter b of the GDPR).
The data needed for the stated purposes indicated are required in order to execute and perform the contract requested by the data subject. Failure to provide data will make it impossible to conclude the purchase.

Methods of data processing
The processing will be carried out by using manual, computerised and telematic tools in compliance with the regulations in force and the principles of correctness, lawfulness, transparency, pertinence, completeness and non-excessiveness, accuracy and with organisational and processing logics that are strictly related to the purposes pursued and in any case in such a way as to guarantee the security, integrity and confidentiality of the processed data, in compliance with the organisational, physical and logical measures established under the current legislation.

Data retention period
Under the provisions of Article 5(1)(e) of Reg. EU 2016/679 any personal data collected will be kept in a form which allows identification of data subjects for a period of time not exceeding the fulfilment of the purposes for which such personal data are processed. The retention period of any provided data of a personal nature depends on the purpose of the processing:
- browsing this website, see the cookies policy;
- for contact and information requests, maximum 1 year;
- receiving newsletters or promotional communications in general by e-mail, maximum 4 years;
- online sales, for a maximum period of 10 years of the performance of the contract.
Once these terms have expired, the data will be deleted or transformed into anonymous form, unless their further storage is required to comply with legal obligations or to fulfil orders issued by public authorities and/or supervisory bodies.

Nature of data provision
Users are free to provide their personal data. Failure to provide data may make it impossible to obtain what was requested or to use the web services of the Data Controller.

Recipients of the data or categories of recipients
For the pursuit of the described purposes, or in the event that this is indispensable or required under legal provisions or by authorities vested with the power to impose it, the Data Controller reserves the right to disclose the data to recipients belonging to the following categories:
•    entities providing IT maintenance or similar services;
•    entities that provide services for the management of the information system used by the Data Controller and the telecommunications networks, including e-mail, newsletters and website management;
•    Supervisory and control authorities and  bodies and, in general, public or private entities with a public role (e.g. the European Commission, the European Parliament and the Council): Prefecture, Police Headquarters, Judicial Authorities, in any case only within the limits of the conditions laid down by the applicable legislation);
•    other companies in the group to which the Controller belongs, or in any case parent companies, subsidiaries or associated companies, pursuant to Article 2359 of the Civil Code;
•    entities that collaborate with the Data Controller for direct marketing activities, or that perform data collection and processing services;
•    professional firms or companies in the context of assistance and consultancy relationships;
•    payment processors (e.g. banks);
•    suppliers who carry out certain activities on our behalf, such as mail forwarding, transport and delivery;
•    third party service providers for issuing, sharing and storing electronic invoices;
•    persons carrying out market research aimed at assessing the degree of customer satisfaction with the quality of services;
•    the data may also be known, in connection with the performance of the assigned tasks, by the Controller's staff, including interns, temporary workers, consultants, and employees of companies outside the Controller, all of whom are specifically authorised to process the data.

Data transfer abroad
The personal data of the person concerned will be processed both in EU countries and in non-EU countries (also indirectly via their suppliers). All necessary care and precautions will therefore be taken to ensure the most complete protection of your Personal Data basing such transfer on the following: (a) adequacy decisions of third country recipients expressed by the European Commission pursuant to Article 45 of the GDPR; (b) adequate safeguards expressed by the third country recipient pursuant to Article 46 of the GDPR; (c) the adoption of binding corporate rules or standard contractual data protection clauses; and in any case always provided that data subjects have enforceable rights and effective remedies.

Data dissemination
User data will not be disseminated.

Use of Social Networks
From the website, it is possible to connect to the company's pages on the social networks, via the respective icons (Facebook, Instagram, Linkedin, YouTube).
As it is well known, social networks regulate their own privacy for those who browse, submit posts and communicate through them, being in this case the main data controllers.

You are therefore invited to visit the following links for more information:
https://www.facebook.com/privacy/explanation
https://help.instagram.com/519522125107875
https://policies.google.com/privacy?hl=it&gl=it

However, when users are browsing the social pages operated by Felicia S.r.l. and submit, in various ways, their personal data (e.g. Through a private message or commenting on a post or leaving a review), or when social networks provide some statistics on the use of the pages in a non-anonymous way (and therefore related to the activity on the page by the specific person), Felicia S.r.l. shall act as Data Controller.
The processing of data provided is exclusively for the ordinary management of the pages (e.g., if you post a comment insulting other users, Felicia S.r.l. may decide to remove it from the page as it is illegal) and to respond to user queries (both public and private) about the features of the Felicia S.r.l. products.
In this case, the legal basis for the processing is the legitimate interest of Felicia S.r.l. in proposing to the user and presenting its products and their features, as well as the need to answer any possible questions from the user.
The processing of the user's personal data will take place by means of the tools made available by the Social Networks themselves.
During this phase of mere contact, Felicia S.r.l. will not transfer nor disclose your personal data to any other parties (with the exception of the companies of the business group to which it belongs).
The user is always free to decide when to remove a like, delete a comment, review, etc., by simply returning to the relevant Social Network page and deleting it directly.
Private messages are kept for a maximum of 6 months after the last contact, after which they are deleted.
Users are always free to provide their personal data. Failure to provide data may make it impossible to obtain what has been requested or to use the Controller's services.

Right to oppose to and withdraw consent in relation to processing for newsletter and/or marketing purposes
With reference to the processing of data for the purposes of newsletters and/or marketing, the data subject may revoke at any time any consent given or oppose to their processing, by means of a specific request made by e-mail to the above-mentioned addresses. Opposition to processing by these means also extends to the sending of commercial communications by postal service or telephone calls with an operator, without prejudice to the possibility of exercising this right in part, for example by opposing only to processing by automated communication systems.

Rights of the data subject
Articles 15, 16, 17, 18, 20, 21 of the GDPR grant to the data subject specific rights that may be exercised towards the Data Controller.
In particular, as a data subject, you may, under the conditions set out in the GDPR, exercise the following rights:
•    right of access: the right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access to your personal data, including a copy thereof;
•    right to rectification: right to obtain the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
•    right to erasure (right to be forgotten): the right to obtain the erasure of personal data concerning you, if they are no longer necessary for the purposes pursued by the Controller, if your consent is withdrawn (and there is no other legal basis for the processing) or if you oppose to the processing, in case of unlawful processing, or if there is a legal obligation to erase them. The right to erasure does not apply insofar as the processing is required for the performance of a legal obligation or for the performance of a task carried out in the public interest or for the assessment, exercise or defence of legal claims;
•    right to restriction of processing: the right to obtain the restriction of processing when: a) the data subject challenges the accuracy of the personal data; b) the processing is unlawful and the data subject opposes to the erasure of the personal data and requests instead that their use be restricted; c) the personal data are necessary for the assessment, exercise or defence of legal claims;
•    right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Controller and the right to transmit them to another controller without hindrance, where the processing is based on consent and is carried out by automated means;
•    right to oppose: the right to object, at any time, to processing where personal data are processed for purposes other than those for which you have granted your consent.

Data subjects who believe that their personal data is being processed in breach of the provisions of the Regulation are entitled to lodge a complaint with the Garante per la Protezione dei Dati Personali (Piazza Venezia 11, 00187 Rome) as provided for in Art. 77 of the Regulation itself, or to take appropriate legal action (Art. 79 of the Regulation).

For more information on your rights, you can contact the Data Controller or the DPO directly, or review the official pages of the Supervisory Authority https://www.garanteprivacy.it/home/diritti and https://www.garanteprivacy.it/web/guest/regolamentoue/diritti-degli-interessati

This Policy was updated in May 2021.
The Data Controller
Felicia S.r.l.