Privacy Notice

All personal data given directly by the subject to diotti.com srl through the different pages of the portal www.diotti.com from the moment of registration on, including the use of services supplied by diotti.com s.r.l. will be treated following art 196/2003 law decree in the matter of personal data protection (namely Privacy Code) as well as according to the new EU Law no. 679/2016 ("GDPR") complying to what stated in art.13 from the European Authorities.


diotti.com s.r.l. informs the subject of the following:

Personal data processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as the collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


We want to point out the following:

1. JOINT CONTROLLERS

The joint controllers of personal data according to art.26 are:

- diotti.com s.r.l. with legal head office in Lentate sul Seveso (MB), via Nazionale dei Giovi 274, Italy and registered at Milan Register of Company with VAT tax number 06217660965. Registered mail of the company: [email protected]

- Velve Solutions s.r.l. with legal head office in Lentate sul Seveso (MB), via Miglio 1, Italia and registered at Milan Register of Company with VAT tax number 10104140966. Registered mail of the company: [email protected]


2. AIMS OF DATA PROCESSING

Data can be freely given by the subject and/or acquired through diotti.com s.r.l. activity, will be treated lawfully, fairly and transparently on one of the following applies:

A - consent is not required (art. 24 - a, b, c Privacy Code and art. 6 - b, e GDPR): - data will be used exclusively for purposes directly related to the activation and operation of the services provided by diotti.com s.r.l for example to allow the registration of an Account, the managing of the Basket, Wishlist, Customer Care Service and also to comply with an obligation imposed by law, regulations and Community legislation as well as exercise his/her own rights in a court of law.

B - the data subject has freely given his/her consent which can be withdrawn at any time (art. 23 and 130 Privacy Code and art. 7 GDPR): - use of personal data such as e-mails and standard mail for the managing of the order, dispatch, invoicing and delivery of the supply as well as any commercial communications, including the portal newsletter and for market researches including customer satisfaction surveys.

The subject shall have the right to withdraw his of her consent to the treatment of these data at any time (art. 2 B) as following:
- through the link at the bottom of each promotional email sent by diotti.com s.r.l.;
- by writing an email at [email protected];
- by accessing the "Contact" section inside the website sending a specific request to cancel / modify the given preferences;
- by contacting our Customer Care at 0039.0362.682.683.

C - Soft Spam: The email address given by the subject when purchasing a product or a service can be used by the Controllers for future email communications related to the direct selling of products or services similar to the one previously purchased or activated, except when the subject expresses its right to withdraw through the modalities mentioned in point B.

D - Email to a Friend: The subject that wishes to use the service "Email to a Friend", by clicking on the "Friends" button inside each product card, declares to have obtained the consent from the receiver to pass on his/her e-mail address with the sole purpose of receiving the invite to register on the Website. Data related to the receiver e-email address will not be kept after the transmission of the e-mail.


3. ACCOUNT.

The subject can create his/her own account on the website www.diotti.com by adding its personal data (including name, surname, telephone number, email, address). The user can update its personal details at any moment and cancel the data through the personal area of his/her account.


4. PROCESSING METHODS

Data will be treated with confidentiality and lawfulness through the following methods: gathering of data, registered for explicit, legit purposes and used in additional operations compatible with those purposes, data are treated with the use of electronic and automatic instruments (telematic data collection).


5. LEGAL BASIS OF THE TREATMENT.

The legal basis of the treatment is composed of: the user consent, the fulfilment of a contractual obligation and law regulations.


6. LEGITIMATE INTEREST PURSUED BY THE JOINT CONTROLLERS.

The legitimate interests pursued by the joint controllers of data treatment respects and honours the contract obligations undersigned by the parties. According to art.6 processing shall be lawful only if the data subject has given the consent to the processing of his or her personal data, documented in written form.


7. NATURE OF THE DATA SUPPLYING.

Data supplying is mandatory in order to activate services and to comply the aforementioned aims (section 2A) as they are strictly functional to the execution of those services. The refuse to supply data will bring to the impossibility for diotti.com s.r.l. to complete the user's registration process and thus provide the offered services. Data transmission is optional for the aims mentioned in section 2B.


8. SUBJECTS TO WHOM DATA CAN BE TRANSMITTED.

The subject's personal data can be transmitted to determined subjects, appointed by the Service supplier or necessary for the executions of the obligation directly connected with the registration on the website www.diotti.com and the online purchase, in the limits and in conformity with the given instructions. More in specific data can be transmitted to:
1. people, companies or professional studios which provide assistance, advice or collaborate with the owner on accounting, administrative, legal, tax and financial matters;
2. subjects appointed by diotti.com to perform activities related to the provision of the services or part of them connected with the sales process among which the Customer Care Service, even if outsourced; the logistics department appointment for the packaging of the products purchased by the subject; the carriers that handle the delivery of the purchased products; the subjects that carry out on behalf of diotti.com the post-sales assistance and any other external partner that needs the data for the correct compliance of diotti.com obligations related to the contract of the supplied services;
3. Public Administrations for the conduct of their institutional functions, according to what is established by law or by regulations. The Joint Controllers entrusted some supervisory authorities for the treatment of the subjects' personal data according to their function. The updated list of all the Supervisors of the treatment is available at diotti.com headquarters and it can be asked at the following email address:[email protected]. This list might be updated through time, if needed.


9. METHOD OF TREATMENT.

Data are collected through telematic instruments and treated with the operations of registration, consultation, communication, conservation, cancellation mainly made through electronic instruments by ensuring the correct measures for the treatment of data while guaranteeing their privacy.
The subjects' data, memorized on an electronic device, are kept on a server owned by diotti.com set in Italy. In particular, the Joint controllers declare that all data registered on the server are protected against the risk of intrusion and non-authorized access, at the same time they have adopted adequate safety measures to guarantee the availability of the data and at the same time the protection and accessibility of the areas and places where they are held.
Personal data are treated by partners and / or employees of the Joint Controllers as person in charge of the aforementioned treatment, following their function and the instructions given by the Joint Controllers.
The co-holders guarantee the highest level of security while managing user's data. Credit cards information are encrypted and memorised according to the safety requirements compliant PCI certification. The Joint Controllers have no access to credit cards related confidential data, which will be treated by the intermediaries and credit cards issuers following the Privacy Code.

10. RIGHTS OF THE INTERESTED PARTY

The subject (or interested party) has the following rights, according to art. 7 of Privacy Code and art. 15 GDPR:

- to obtain confirmation of the existence or not of his/her personal data, even if not registered, and their communication in an intelligible form;

- to obtain information about: a) the source of personal data; b) the purposes and methods of the data processing; c) the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification of the data controller, data processors and the representative designated as per art. 5(2) of the Privacy Code and art. 3(1), GDPR; e) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processors) or person(s) in charge of the processing;

- obtain: a) updating, rectification or where interested therein, integration of the data; b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;

- object in whole or in part: a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys; through the use of automatic calling services without an operator, through email and/or through traditional marketing means such as telephone and/or standard mail. The subject can object partially, he/she can decide to receive only traditional communications or only automatic ones or again none of the above;

- ask to the Joint controllers to access personal data (art 15 GDPR), rectify them (art 16 GDPR) or erase them (art. 17 GDPR), restrict or oppose to the processing (art. 18 GDPR);

- transmit the data to another controller, where feasible, if the process is carried out by automated means;

- revoke the consent at any moment without prejudice according to the lawfulness of the treatment based on the consent before the revocation;

- submit a claim to the Competition Authority for the protection of personal data.

In order to exercise the mentioned rights and to receive information concerning the subjects currently holding your data or to whom the data have been transmitted or again those subjects in charge of the mentioned data, it is possible to address to the Joint controllers by sending a request to the following email: [email protected].

 

11. DURATION OF THE TREATMENT AND PERIOD OF DATA STORAGE

The treatment of personal data related to the aims pointed out in section 2.A will last as long as the execution of the requested services, there will also be an additional time - provided for by law - to comply all civil, fiscal and taxes obligations.

 

12. TRANSFER OF PERSONAL DATA BY THE JOINT CONTROLLERS.

Personal data are handled and kept on diotti.com servers set in the European Union. At the moment the servers are in Italy. Data will not be transferred outside the European Union.

 

13. PRIVACY NOTICE UPDATES.

This Privacy Notice can be updated and revised occasionally. diotti.com will promptly inform the subject of any changes that might occur to the treatment, directly on the pages of its website. When required by law, the subject will be able to give his / her consent to the new treatments. In case the subject opposes, his/her data will not be treated according to the changes contemplated in the privacy notice.