Loading...
Data Controller
Oliviero Patrile - Frazione Maddalena, 35 – 12020 Pontechianale (CN)
Email address of the Controller: rifugio.vallanta@gmail.com
Types of Data collected
Among the Personal Data collected by this website, either independently or through third parties, are: name, surname, email, ZIP code, city, Tax Code, User ID, Cookies, and Usage Data.
Complete details on each type of data collected are provided in dedicated sections of this privacy policy or through specific information texts displayed before data collection.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this website.
Unless otherwise specified, all data requested by this website are mandatory. If the User refuses to provide them, it may be impossible for this website to provide the Service. Where some data are indicated as optional, Users are free not to provide such Data without affecting the availability or functionality of the Service.
Users with doubts about which Data are mandatory are encouraged to contact the Controller.
Any use of Cookies—or other tracking tools—by this website or by third-party services used by this website, unless otherwise specified, is intended to provide the Service requested by the User, in addition to other purposes described in this document and in the Cookie Policy, if available.
Users assume responsibility for Personal Data of third parties obtained, published, or shared through this Application and guarantee that they have the right to disclose or share them, releasing the Controller from any liability towards third parties.
Processing methods
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Controller, in some cases, other persons involved in the organization of this website (administrative, commercial, marketing, legal, system administrators) or external parties (such as technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Controller. The updated list of Processors can always be requested from the Data Controller.
Legal basis of processing
The Controller processes Personal Data concerning the User when one of the following conditions applies:
- the User has given consent for one or more specific purposes; Note: in some jurisdictions the Controller may be authorized to process Personal Data without consent or other legal basis, until the User objects (“opt-out”). This does not apply where data processing is governed by EU law;
- processing is necessary for the execution of a contract with the User and/or pre-contractual measures;
- processing is necessary to comply with a legal obligation of the Controller;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Controller;
- processing is necessary for the pursuit of the legitimate interest of the Controller or third parties.
Users can request clarification about the legal basis of each processing and whether it is based on law, a contract, or necessary to conclude a contract.
Location
Data are processed at the Controller's operational offices and any other place where parties involved in processing are located. For more information about the processing location, Users can refer to the relevant section of this document. Personal Data may be transferred to a country other than the one in which the User is located. For more details about data transfers outside the EU or to an international organization, Users can consult this document or contact the Controller.
Retention period
Data are processed and retained for as long as necessary for the purposes they were collected.
Therefore:
Data collected for contractual purposes are retained until contract execution is complete.
Data collected for legitimate interests are retained until the interest is satisfied. Users can obtain further information about the legitimate interest pursued by the Controller.
When processing is based on consent, Data may be kept until consent is revoked. Legal obligations may require longer retention. After retention, rights of access, deletion, rectification, and data portability cannot be exercised.
Purposes of Data processing
User Data are collected to allow the Controller to provide its Services, as well as for the following purposes: Contact the User and Interaction with social networks and external platforms.
While visiting this website, the following are tracked:
- Viewed products, e.g., to show recently viewed products
- Location, IP address, and browser type: used for tax and shipping estimates
- Shipping address: requested for order calculation and delivery
Cookies are used to track cart contents while browsing.
During purchases, Users provide information like name, billing and shipping address, email, phone, credit card/payment details, and optional account info (username, password). This info is used to:
- Send account/order info
- Respond to requests, complaints, or refunds
- Process payments and prevent fraud
- Configure user account
- Comply with legal obligations
- Improve store offers
- Send marketing messages, if consented
Account creation stores name, address, email, and phone for future orders. Comments/reviews are also stored if provided.
Details on processing Personal Data
Personal Data are collected for:
- Contacting the User
- Interaction with social networks and external platforms
User Rights
Users can exercise rights related to their Data, including:
- Withdraw consent at any time
- Object to processing when not based on consent
- Access their Data
- Rectify or update Data
- Request restriction of processing
- Request deletion of Data
- Receive or transfer Data to another Controller
- File a complaint with authorities
Right to object
Users may object to processing for public interest, public powers, or legitimate interests, especially for direct marketing purposes.
How to exercise rights
Users can send requests to the Controller's contact details. Requests are free and answered promptly, within one month.
Legal defense
Personal Data may be used for legal defense or pre-litigation purposes. Users are aware that the Controller may be required to disclose Data by authorities.
Specific notices
On request, additional information regarding specific services or data collection may be provided.
System logs and maintenance
Logs may be collected for maintenance, including IP addresses.
Information not in this policy
Additional information can be requested from the Data Controller.
Response to “Do Not Track” requests
This website does not support “Do Not Track” requests. Users should check third-party privacy policies.
Changes to this privacy policy
The Controller reserves the right to modify this privacy policy at any time and informs Users on this page or via available contact methods. For consent-based processing, new consent may be requested if necessary.