The Controller is:
Zintek srl with sole shareholder, Tax Code and VAT Reg. No. 03644560272 no. REA VE-326006 with registered office in Via delle Industrie 22 – 30175 Porto Marghera (VE), pec firstname.lastname@example.org; email email@example.com, tel +39 041 290 18 66 – fax +39 041 290 18 34.
2. Type of data processed, purposes of the processing and legal basis
Zintek can gather some personal data of users solely for the purposes specified below.
Specifically, the following data may be processed:
2.1 Navigation data
The Website gathers technical information about the hardware and software used by visitors, autonomously through the use of tools that analyze the link files. This category of data includes, for example, IP (Internet Protocol) addresses, the domain names of the computers used by users that connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the type of browser used to access the Website, the time of the request to the server, the method used to submit the request to the server, the size of the reply file, the numerical code indicating the status of the data response from the server and other parameters regarding the operating system and the user’s computer environment.
This information does not include the users’ personal data and is not gathered for association with identified data subjects; they are technical/computer type data gathered and used in an aggregate and anonymous way for the following purposes:
- allow the controller to verify the correct functioning and monitor the security of the Website;
- improve the quality of the service and provide statistics concerning the use of the Website;
- ascertain responsibilities in the case of damage to the Website or any illegal activities (also constituting a crime).
These data can be processed based on a legitimate interest of Zintek (art. 6, paragraph 1 letter f Reg. (EU) 2016/679), consisting in verifying the correct functioning of the Website or ascertaining responsibilities in the case of crimes committed to the detriment of the Website.
2.2 Data provided voluntarily by the user
These are cases in which the user enters his/her personal data in the Website to access given services provided by the controller.
These data include:
- identification data such as name, surname, VAT Reg. No.;
- contact data (telephone number, email);
- shipping address, billing address;
- purchase orders;
- access data and use of the reserved area of the Website (log);
- other personal data provided voluntarily by the user during registration on the Website and creation of an account or in the case of a request for information sent to the Website through a telephone contact (e.g. telephone number), email or contact forms.
The data gathered in this way may be processed by Zintek for the following purposes:
- allow the user access to the Website;
- allow the user to register on the Website and create an account, and use any services reserved for registered users;
- maintain and manage the user’s account;
- store data and information in the user’s account;
- allow the user to finalize a purchase agreement with Zintek through the Website and correct fulfilment of the obligations arising from such agreement such as, by way of example, delivery, billing and payment of the products and/or services purchased;
- manage the after-sales support and assistance (e.g. requests for information, complaints);
- answer requests for information received by telephone, email or through the specific contact form;
In this case, the provision of data is obligatory, and their non-communication will result in the impossibility for the user to access and/or navigate the Website and/or to register on the Website and create an account and use the services reserved for registered users and/or to finalize a purchase agreement and/or to receive answers to requests made.
As regards the creation of an account and the finalization of a purchase agreement on the Website and the correct fulfilment of the obligations arising from this agreement, the legal basis of the processing is the performance of the agreement or of pre-contractual measures adopted on request of the data subject (art. 6, paragraph 1, letter b, GDPR);
- to send communications to offer similar products or services to those purchased (so-called soft spam)
Solely to the email address provided by the user/client within the context of the purchase of a product through the Website, the data provided can be used to allow Zintek to send a direct offer regarding similar products or services without the need for the express consent of the user, without prejudice to the user’s right to object at any moment and without formality to the processing, expressing this desire in a suitable and unequivocal way (art. 130, paragraph 4, Privacy Code);
- to send informational and promotional communications (including the newsletter)
The data provided by the user (specifically, name, surname and email) may also be used to send informational and promotional communications (including the newsletter). In this case, the granting of the data is optional, and the processing may be performed solely with the express consent provided by the user by ticking the specific box or entering their email address (art. 6. Paragraph 1, letter a, GDPR). The user may withdraw the consent provided and/or object to the processing of their data for this purpose at any time. This withdrawal/objection will not have any effect on the possibility for the user to register and/or use the Website or to make purchases on same;
- to fulfil specific obligations of law
In any case, the personal data provided by the data subject may be used to fulfil specific obligations of an administrative and/or accounting nature, linked to the purchase agreement finalised through the Website such as, for example, keeping of accounts (art. 2220 Civil Code) and the issue of the sales invoice. The legal basis of this processing it the fulfilment of obligations of law to which Zintek is subject (art. 6, paragraph 1 letter c, GDPR);
- to pursue its legitimate interests
The controller can process the users’ data to protect its rights, to prevent any frauds (e.g. in the case of the use of credit card to make purchases on the Website). The legal basis is the legitimate interests of Zintek (art. 6, paragraph 1, letter f, GDPR).
Cookies are text files that the Website sends to the browser of the device used by the user, to store information to re-use it during the same visit to the Website (session cookies) or later, also several days later (persistent cookies). There are different types of cookies. Refer to the Cookies Policy (shop.zintek.it/cookies-policy
) for detailed information about the type and purpose of the cookies used by this Website.
3. Processing method
Zintek guarantees that the data will be processed in full compliance with the principles of confidentiality, integrity, necessity, pertinence, legality and transparency set forth in the General Data Protection Regulation and in the applicable standards.
The personal data will be processed by authorized personnel on hardcopy and/or using electronic means, adopting specific security measures aimed at preventing the loss of such data, illegal or improper uses of same and unauthorized access.
It is the user’s responsibility to check that the personal data transmitted are correct and, if necessary, request their rectification, update or, in any case, modification of the data during the processing.
4. Data storage
Reg. (EU) 2016/679 sets forth that personal data processed must be stored for a period of time that is not longer than that required to achieve the purposes of their collection.
- the personal data collected for purposes linked to a legitimate interest of the controller will be stored until this interest is satisfied, unless the data subject objects;
- the data gathered for the registration and creation of an account will be stored until the user closes the account;
- the personal data processed to finalize the purchase agreement through the Website will be stored for the period of time necessary for the performance of the agreement and the related activities, without prejudice to the fact that, after this time lapses, the data may be stored for 10 (ten) years following the finalization of the agreement for the purpose of the fulfilment of administrative and/or tax obligations;
- personal data may be stored for longer periods if this is required by legal obligations or ordered by an Authority;
- when the processing is based on the user’s consent, the data will be stored until withdrawal of consent and, in any case, for a period of not more than 5 (five) years following their collection;
- in the case where the user requests information through the Website, by email or using other channels, the data will be stored for the period required to provide the service or,in any case, until the user’s request is fulfilled. After the service requested has been provided, the data will be stored for a further period of not more than 24 (twenty-four) months.
At the end of the storage period, the personal data will be deleted or anonymized. Therefore, after this deadline has lapsed, the right to access, erase, rectify and the right of portability of the data can no longer be exercised.
5. Scope of communication and dissemination
Processing linked to the services provided through this Website takes place at the controller’s head offices and at the premises of suppliers, and the data gathered through the Website will be processed by persons authorized for the processing in the ways and for the purposes indicated in the sections above. The data can be transferred also to suppliers with head office outside the European Union that offer adequate protection guarantees.
The data may be communicated to third parties including:
- IT services providers (e.g. the website hosting service provider, the newsletter service provider);
- providers of marketing and/or re-marketing and/or advertising services;
- managers of social network and external platforms (e.g. Facebook Inc., Twitter International Companies);
- communication agencies;
- companies that deal with goods warehouse and/or shipment services;
- administrative and judicial entities and authorities;
- consultants and/or free-lancers;
- companies belonging to the same group as the controller, for the performance of administration, accounting and IT and logistics support activities;
- banks or companies that offer financial services (e.g. PayPal Holdings Inc.) to manage payments to which the credit card data may be sent;
- insurance companies;
- debt collection companies.
In some cases, the subjects listed above operate in a fully autonomous way as separate Controllers. In the case where the third parties act as processors, Zintek will arrange for the specific written authorization to be prepared as of art. 28 Reg. (EU) 2016/679, ensuring that these subjects process the data provided in accordance with the instructions given and that they adopt appropriate measures to guarantee the security and confidentiality of the data. The list of the processors is available at Zintek’s head office.
The data collected will not be disclosed.
6. Protection of Minors
Zintek does not gather or intentionally process the personal data of subjects under 14 years of age in relation to the functionality of the Website In accordance with applicable laws (art. 8, GDPR, art. 2-quinquies Privacy Code), it is important that the parent holding parental responsibility (or a guardian) provides consent for the processing of the personal data of the minor who has not turned 14 years of age. We therefore request that the minor’s registration on the Website be authorized by the parent holding parental responsibility (or guardian) and made under the supervision of same; for this reason, the email address provided must be that of the parent (or guardian). The parent holding parental responsibility (or guardian) has the right to view and request erasure of the minor’s personal data.
Finally, remember that only people over the age of 18 can purchase the products and/or services offered on the Website.
7. Data subject’s rights
The data subject may exercise – without the need for formalities – the rights contemplated by the General Data Protection Regulation at any time.
The user has available a series of options to manage the personal data provided. Specifically, the data subject has the right to:
- obtain the erasure of personal data [Art. 17 GDPR];
- withdraw consent at any moment [Art. 7 GDPR];
- request modification, rectification or update of personal data [Art. 16 GDPR];
- object to the processing of the personal data by the controller [Art. 18 GDPR];
- restrict the use of the personal data [Art. 21 GDPR];
- access the personal data processed by the controller [Art. 15 GDPR];
- receive and/or have the personal data transferred in a legible form [Art. 20 GDPR].
These rights can be exercised at any moment by sending an email to firstname.lastname@example.org.
The controller provides the data subject with information regarding the request to exercise the above-stated rights without undue delay and, in any case, within one month following receipt of the request. This deadline can be extended to two months, if necessary, bearing in mind the complexity and number of requests. The controller informs the data subject of this extension and the reasons for the delay, within one month following receipt of the request.
If the data subject considers that the processing of personal data relating to him or her infringes the applicable Regulation, he/she can lodge a complaint with the supervisory authority [Art. 77 GDPR].
The version published on the Website is the one currently applicable.