PRIVACY NOTICE IN ACCORDANCE WITH ARTS. 13 and 14 EU regulation 2016/679 - WEBSITE

Vi To Vi is a trademark of the company VIME srl, which is the Data Controller (hereafter: "VIME" or "Controller") under the terms of (EU) Regulation 2016/679 (so-called General Data Protection Regulation, hereinafter referred to as the "Regulation") and of Legislative Decree No. 196/2003 (so-called Data protection code, hereinafter the “Code”.

Vime has adopted proactive behaviour useful for the practical implementation of the measures for the protection of the rights laid down by Regulation 679/2016.

The Data Controller has configured the personal data processing activities, providing the essential guarantees at each stage to meet the legal requirements, taking account of the overall context where the processing is located and the risks for the rights and freedoms of the Data Subjects involved.

The principles applied to the processing of personal data are those set out in Art. 5 of GDPR: correctness, legality, transparency, purpose limitation and retention, minimisation and accuracy, integrity and confidentiality, as well as the principle of accountability.

This privacy policy:

• is understood as referring to the website…… (hereafter: "Website");
• is an integral part of the Website and services that we offer;
• costituisce parte integrante del Sito e dei servizi che offriamo;

• is provided pursuant to Articles 13 and 14 of the Regulation, for those who interact with the Website’s services, both by means of simple consultation and by using specific services made available via the website (for example, the purchase of products, filling in the form to request information or subscribe to the newsletter, etc.), as well as the other services provided (assistance via telephone operator or email).

This information does not relate to other sites, pages or online services accessible via links possibly published but related to external resources.

Please, therefore, read the following privacy policy carefully.

******

1) DATA CONTROLLER

The Data Controller is VIME srl, VAT No. 02864830423, whose registered office is in Via Giovanni Pascoli no. 2, Fabriano, Italy, in the person of its acting legal representative, tel.: 0723 1913299 e-mail: [email protected]

2) CATEGORIES OF DATA PROCESSED VIA THE WEBSITE

The personal data processed are those you provide or legitimately retrieved from the Controller. The types and methods for processing data relating to the website are described below.

a. Browsing data

In normal operation, the computer systems and software procedures involved in the operation of the Website acquire some personal data which are implicitly transmitted when using Internet communication protocols. This information, which is not collected to be associated with identified data subjects, but by its very nature could, by means of processing and associations with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by the users who login to the Website, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (completed, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the Website and to check its correct operation, to identify anomalies and/or abuse; in each case they are deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes to the detriment of the Website or third parties.

b. Data collected by tracking (cookies). Tracking occurs by means of code that runs inside the Websites both at server level (e.g. services, procedures) and at customer level (e.g. tags, pixels), also with the support of code that is installed on your browser (e.g. cookies). With regard to the purpose and management of consent concerning tracking, please refer to the specific “Cookies policy” section of the individual website.

d. Shared personal data voluntarily provided by the user: Data voluntarily entered in the various forms contained in the website, such as, for example: - the information request form in the “Contact Us” section, via which you will be prompted to enter your first name, last name and the contact information - email address and telephone number - as well as to formulate your specific request, which may optionally contain additional personal data; - the chat and instant messaging service via which you can communicate with an VIME operator who can assist you by answering your requests for information in real time.

With reference to these types of data, please only enter the personal data strictly necessary for the purposes of managing your request in the afore-mentioned forms, including the chat and instant messaging service, thus excluding irrelevant information and/or that could fall within the special categories of personal data referred to in Article 9 of the Regulation.

e. Shared personal data processed by the services provided online: Data voluntarily provided for the purposes of executing the services offered online, with particular reference to the following services:

- registration and access to your personal area, in the context of which your personal information, contact information, your shipping addresses and your product preferences may be processed (based on the data you have saved). Information on any credit cards that will be managed via an external service provider, in accordance with the current legislation;

- conclusion and implementation of purchase contracts (including order status checking service), in the context of which your personal information, contact information and related to the delivery address for the products purchased, as well as any information relating to your purchase experience, including payment confirmation, will be processed. In this regard, the company selected to manage payments, qualified as an autonomous controller of the processing, will notify VIME of the circumstance of proof of the payment and the necessary information to ship the order. No data relating to payment (apart from confirmation), will be processed directly by VIME;

- logistics and shipping with communication of the shipping information to the external Supervisor appointed responsible for logistics and shipments;

- management of guarantees through the Customer Care service;

- any returns or cancellations, in the context of which your personal information, contact information and related to the address to collected returned products and any information relating to your purchase and returns experience will be processed;

f. Shared personal data of third parties voluntarily provided by the user: When using the website’s services, the personal information of third parties may be processed that you have communicated to VIME (such as, for example, in the case of data provided to purchase products to be shipped to third parties; for billing purposes; even if you request information in the context of the "Contact Us" section of the website). With respect to these scenarios, you are acting as an autonomous data controller, assuming all legal obligations and responsibilities. In this regard, on the point you fully waive the Data Controller with respect to any dispute, claim, request for compensation for damage suffered from processing, etc. that the Data Controller may receive from third parties whose personal data have been processed by using the functions of the website’s services in breach of the applicable data protection rules. In any event, if you were to provide or in any other way process the personal data of third parties when using the website, you guarantee as of now - assuming any related liability - underpinning this particular processing scenario, where necessary, the prior acquisition by you of the consent of the third party to the processing of the information that concerns them. As a rule, VIME will not process Data Personal that relate to personal beliefs, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information relating to health, sex life or sexual orientation (hereinafter "Special Categories of Data"). If it is necessary to process Special Categories of Data, VIME undertakes to process these data in accordance with applicable regulations. The legal basis for this processing is, as a rule, the fulfilment of a legal obligation, it being understood that VIME will ask for your explicit consent where there is no real legal obligation to process such data.

3) PROCESSING METHODS:

The Controller will process the data electronically. The data relating to the promotional purposes and personal profiling and general purposes will be processed by automated decision-making processes.

 

4) PURPOSES WE USE YOUR DATA FOR - CONDITIONS THAT LEGITIMISE THE PROCESSING - HOW LONG WE KEEP YOUR DATA FOR

A) PURPOSES: provision of all services made available by the Data Controller (such as, by way of example and not limited to online sales, performing returns and the service relating to managing product guarantees, the "Contact Us" section - relating to your requests for customer care -, the order status check, the saving of the preferred delivery address for goods purchased etc.), including management of the website's security, as well as contractual relations and accounting administrative and after-sale services. It is also noted that the website offers the Customer additional support services including, in particular, the telephone support service and the service via WhatsApp, by means of which you can make specific requests and receive assistance from VIME’s costumer service.

 LEGAL BASIS: Art. 6, para. 1(b) of the Regulations ([…] the processing is necessary for the performance of a contract to which the Data Subject is party or in the implementation of pre-contractual measures adopted on their request) as the processing is necessary to provide the services. The conferral of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested.

RETENTION TIMES: the data will be kept for the time strictly necessary to achieve the same purposes, i.e. for the time necessary to perform the contract, provide the legal or agreed upon guarantees, in accordance with the mandatory legal retention times (see also, in particular, Art. 2946 of the Civil. Code and subsequent amendments and additions).

B) PURPOSE: registration in private areas and activation of your account.

LEGAL BASIS: Art. 6, para. 1(b) of the Regulations ([…] the processing is necessary for the performance of a contract to which the Data Subject is party or in the implementation of pre-contractual measures adopted on their request) as the processing is necessary to provide the services. The conferral of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested.

RETENTION TIME: until the request to cancel the account. With immediate destruction of the data as a result of the cancellation request.


C) PURPOSE: replying to specific requests addressed to the Data Controller, also in relation to after-sales, including requests for customer service and information (e.g. with regard to product guarantee management) submitted by filling in the related contact forms present on the website, as well as via the chat and instant messaging service.

LEGAL BASIS: Art. 6, para. 1(b) of the Regulations ([…] the processing is necessary for the performance of a contract to which the Data Subject is party or in the implementation of pre-contractual measures adopted on their request) as the processing is necessary to provide the services. The conferral of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested.

RETENTION TIMES: the data will be kept for the time strictly necessary to achieve the same purposes, i.e. for the time necessary to perform the contract, provide the legal or agreed upon guarantees, in accordance with the mandatory legal retention times (see also, in particular, Art. 2946 of the Civil. Code and subsequent amendments and additions).

D) PURPOSE: fulfill any obligations under applicable laws, regulations or community legislation, or satisfy requests from the authorities.

LEGAL BASIS: art. 6, par. 1, lett. c) of the Regulation ([…] the processing is necessary to fulfill a legal obligation to which the data controller is subject). In fact, once the personal data has been provided, the processing is indeed necessary to fulfill legal obligations to which the Data Controller is subject.

STORAGE TIME: The personal data processed for the purposes referred to in this section will be kept until the time required by the specific obligation or applicable law.

E) PURPOSE: direct sending via e-mail and paper mail of advertising material and commercial communications in relation to products or services similar to those you purchased, pursuant to art. 130, paragraph 4 of the Code as well as the Provision of the Authority for the protection of personal data of 19 June 2008, unless your express refusal to receive such communications, which you can express during registration on the Site or on subsequent occasions by contacting the customer care.

LEGAL BASIS: art. 6, par. 1, lett. c) of the Regulation ([…] the processing is necessary to fulfill a legal obligation to which the data controller is subject). With reference to this purpose, it is specified that if the Data Controller uses the e-mail or paper coordinates provided by the interested party in the context of the sale of a product or service, for the purpose of direct sales of its products or services, it may, pursuant to art. 130, paragraph 4 of the Code, do not request the consent of the interested party, as long as they are products or services similar to those being sold and the interested party, adequately informed, does not refuse such use, initially or on the occasion of subsequent communications.

STORAGE TIMES: your personal data will be processed until you object to the processing.

F) PURPOSE: to send communications and commercial proposals, including newsletters, through automated tools. It should be noted that the Data Controller collects a single consent for the marketing purposes described here, pursuant to the General Provision of the Guarantor for the Protection of Personal Data "Guidelines on promotional activities and the fight against spam" of 4 July 2013; if, in any case, if you wish to object to the processing of your data for marketing purposes carried out with the automated means indicated here, you can do so at any time by contacting the Data Controller at the addresses indicated in the "Contact" section of this information, without prejudice to the lawfulness of the processing carried out before the opposition.

LEGAL BASIS: the explicit consent of the interested party pursuant to art. 6, par. 1, lett. a) ([...] the interested party has given consent to the processing of their personal data for one or more specific purposes) and art. 22, par. 2, lett. c) of the Regulations.

STORAGE TIME: immediate deletion of data following the communication of withdrawal of consent.

G) PURPOSE: to satisfy any defensive needs.

LEGAL BASIS: meet any defensive needs of the Data Controller pursuant to art. 6.1. lett. f) of the Regulations.

STORAGE TIMES: personal data are kept for the entire duration of the complaint and / or out-of-court and / or judicial proceedings until the deadlines for judicial protections and / or appeals are exhausted.

H) PURPOSE: evaluation and statistical monitoring purposes; this purpose implies an analysis of aggregate information not referable to identified or identifiable natural persons and which, therefore, do not configure personal data and do not in any way allow the Data Controller to trace your identity. This processing, not having as its object personal data, does not fall under the scope of the legislation on the protection of personal data and can therefore be freely carried out by the Data Controller. In general, the Data Controller reserves the right in any case to keep your data for the time necessary to fulfill any regulatory obligation to which it is subject or to meet any defensive needs. In fact, the possibility remains for the Data Controller to keep your personal data for the period of time envisaged and permitted by Italian law to protect their interests (Article 2947 of the Italian Civil Code).

5. RECIPIENTS OF PERSONAL DATA

Your personal data may be shared for the purposes mentioned in section 4 of this Privacy Policy, with:

- persons authorised by the Data Controller to process personal data pursuant to Articles 29 and 2-quaterdecies of the Code (e.g. sales, administration and accounting and after-sales service personnel, the CRM, information systems management, etc.);

- third parties who, in the provision of services (for example: technological services, support and advice services regarding accounting, administration, law, taxation and financial, technical maintenance, transport services, banking and insurance services), typically act in their capacity as Data Supervisors pursuant to Art. 28 of Regulation. The Data Controller keeps an updated list of the Data Supervisors appointed and ensures the Data Subject's acknowledgement on the website indicated above or upon request at the address indicated above;

- subjects, entities or authorities to which it is mandatory to communicate your personal data under the legal provisions or orders from authorities.

These subjects are, hereinafter collectively as "Recipients".

6. TRANSFER OF PERSONAL DATA

Your personal data are only shared with Recipients that are in the EU.

7. DATA SUBJECT'S RIGHTS

In your capacity as the Data Subject, you can exercise the rights referred to in Articles 15-22 of GDPR and withdraw the consents provided at any time without prejudice to the legality of the processing carried out before the withdrawal.

In particular, you can ask for access to your personal data pursuant to Art. 15 of GDPR, rectification pursuant to Art. GDPR 16, deletion of your data pursuant to Art. 17 of GDPR and restricted processing in the cases set out in Art. 18 of GDPR and obtain the portability of data that concerns you in the cases set out in Art. 20 of GDPR.

You can request to object to the processing of your data pursuant to Art. 21 and 22 of GDPR in which you provide evidence of the reasons justifying the objection. The Data Controller reserves the right to assess your request, which will not be accepted if there are legitimate mandatory reasons to proceed with the processing that may prevail over your interests, rights and freedoms.

Requests should be addressed in writing to the Data Controller at the addresses provided in the "Contacts" section of this privacy policy.

8. COMPLAINT TO THE AUTHORITY

If you consider that the processing of the Personal Data carried out by the Data Controller takes place in breach of GDPR requirements, you have the right to submit a complaint to the Data Protection Authority, as laid down in Art. 77 of the same GDPR, or to complain to the appropriate courts (Art. 79 of GDPR).

9. CHANGES

The Data Controller reserves the right to amend or simply update the contents, in part or completely, even due to changes to the applicable legislation. The Data Controller therefore asks that you visit this section regularly to acquaint yourself with the most recent and updated version of the Privacy Policy to ensure you are always up-to-date about the data collected and on the use VIME makes of such data.

10. CONTACTS

To exercise the rights referred to above or for any other request you can write to the Data Controller at the physical address indicated above, or via the dedicated contact, preferably by inserting the wording “request to exercise privacy rights” in the subject of the communication. [email protected] o telefonicamente al n. 0732 1913299.