Information pursuant to and for the purposes of Article 13, EU Reg 2016/679
(European Regulation on the protection of personal data)
Earth Sea Sky Yoga
we wish to inform you that our Site respects the right to privacy of online visitors and recognises the importance of protecting the information collected about them. For this purpose we have put in place procedures to ensure that your personal information is handled responsibly. This policy provides information about the type of data we collect and how we collect it, why we collect it and how we use it, your rights and options regarding our use of your data, how we process your data and with whom we may share it, how long we keep your information, etc. Please read it carefully. Please read it carefully.
This information is provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("GDPR") and the measures of the Italian supervisory authority ( http://www.garanteprivacy.it ) .
1. Identification of the Data Controller
Monika Schluderbacher born in Bolzano on 21/05/1959 is the representative of the data controller. Therefore informs that Earth Sea Sky Yoga with headquarters in Weggensteinstrasse 23, Bolzano, 39100 (BZ), Italy is the Data Controller of the data subject to privacy.
2. Purpose of the treatment
The processing of personal data provided by you is aimed solely at fulfilling contractual and regulatory obligations, in particular
- provision of the services requested by the Customer with the registration on the Website and the creation of the account or profile, including the collection, storage and processing of data for the purposes of the establishment and subsequent operational, technical and administrative management of the relationship (and of the account created by the Customer) connected with the provision of services and the execution of communications relating to the performance of such services
- offers of promotions, discounts and other personalised services and to send newsletters, other marketing and commercial communications on products, services, surveys, research, market analysis, promotions and other initiatives for users or registered Customers. Traditional means of contact (postal mail and telephone) and/or digital and automated means of contact (e-mail, SMS, MMS, telephone and other digital channels, such as social media) may also be used.
- Subject to the user's explicit consent, the newsletter and marketing communications may be tailored to the user's "profile", based on the personal information that the Site collects or receives about the user concerned (PROFILING);
- data may be transmitted to companies for address validation, to communication agencies to send order confirmation and to warehouses and suppliers-distributors for order delivery;
- management of relations with authorities and third-party public bodies for purposes connected with particular requests, the fulfilment of legal obligations or particular procedures;
- collection, storage and processing of data for statistical analysis in an anonymous and aggregate form, aimed at verifying the purposes of the services offered.
3. Scope of communication and dissemination of data
Your data may be communicated to
- all subjects whose right to access such data is recognised by virtue of regulatory provisions;
- to our collaborators, employees, within the scope of their duties;
- to all those natural and/or legal, public and/or private persons when the communication is necessary or functional to the performance of our activity and in the manner and for the purposes described above;
The Data Controller requires its suppliers and their data processors to comply with security measures equal to those adopted in respect of the data subject.
The Data Controller does not transfer data subject to privacy in countries where the GDPR is not applied (non-EU countries) unless specifically indicated otherwise, for which the data subject will be informed in advance and, if necessary, consent will be requested.
4. Processing methods
The processing is carried out with the help of telematic, paper and computer tools; this processing is based on the principles of correctness, lawfulness and transparency and the protection of your rights and your confidentiality. The data are processed in such a way as to minimise the risks of destruction, loss, unauthorised access or processing that is not permitted or does not comply with the purposes of collection. The Data Controller will promptly inform Data Subjects if there is a particular risk of a data breach being managed without prejudice to the obligations arising from the provisions of Article 33 of the GDPR relating to personal data breach notifications.
5. Duration of personal data retention
Your data will only be kept for the period necessary to perform the contractual tasks, or for the period of time required to be kept in accordance with the law in order to perform the fiscal operations.
- we retain personal data relating to marketing (where applicable) until you withdraw your consent;
6. Rights of the data subject
You have the right to:
- request access to your personal data (art. 15), their rectification (art.16), the cancellation "right to be forgotten" (art. 17), the limitation (art. 18) and the opposition to the processing (art.21), as well as the right to receive in a readable format your data without impediments to portability (art. 20);
- revoke consent, where it has been given, at any time without prejudice to the lawfulness of the consent given before its revocation;
- to lodge a complaint with a supervisory authority, such as the Garante per il trattamento dei dati personali Piazza di Monte Citorio n. 121 00186 ROMA Fax: 06.69677.3785 Telephone switchboard: 06/696771 E-mail: email@example.com PEC: firstname.lastname@example.org
7. Withdrawal of consent to processing
You have the right to revoke your consent to the processing of your personal data by sending an email to the following address: email@example.com , accompanied by a photo of your identity card, with the following text: <<revoke consent to the processing of all my personal data>>. Once this operation has been completed, your personal data will be removed from the archives as soon as possible.
If you would like more information on the processing of your personal data, you can send a registered letter with acknowledgement of receipt to the following address: firstname.lastname@example.org . Before we can provide you with, or change any information, we may need to verify your identity and answer some questions. A reply will be provided as soon as possible.
8. Fraud prevention
The personal data of the data subject, with the exception of special data (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a check in an automated manner and prior to the negotiation of services/products. Personal data collected for anti-fraud purposes only will be immediately deleted at the end of the control phases (Recital 47 and Art 22 GDPR).
9. Legitimate interests pursued by the data controller or a third party
If the processing is based on legitimate interests, the data subject's consent is not required, provided, however, that the interests or the fundamental rights and freedoms of the data subject do not prevail taking into account the data subject's reasonable expectations based on the relationship with the data controller (Recital 47 of the European General Regulation).
10. Nature of personal data
The processing of your personal, special and judicial data is inherent to the provision of the service you have requested. During the provision of the service, it may be necessary to acquire and process your personal, special and judicial data. The purpose of this notice is to inform you of the processing methods adopted and to ask for your consent.
11. Compulsory or optional nature of providing data
The collection and processing of personal data is compulsory in order to provide the services requested as well as the provision of the service and/or the supply of the Product requested. If the interested party does not provide the personal data expressly foreseen as necessary in the various forms, the Owner will not be able to carry out the processing linked to the management of the services requested and/or the contract and the services/products connected to it, nor the fulfilments that depend on them.
12. Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users connecting to the site, the URI ("Uniform Resource Identifier") addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
13. General information, deactivation and management of cookies
See the specific page dedicated to "Cookie information".