Login with Google
PRIVACY POLICY
INFORMATION NOTICE PURSUANT SECTION 13, D.LGS. 196/2003
Data controller
ata Controller and Data Protection Officer
This policy applies to the www.pupa.it website and is intended to provide information, pursuant to art. 13 of the European General Data Protection Regulation (“GDPR”), to users browsing the website and, in certain cases, interacting with the services offered.
The Data Controller is MICYS COMPANY S.p.A., (hereinafter also referred to as “PUPA”), with registered offices in Italy, in Monza, Via Appiani 25, and main offices in Casatenovo (LC), Via de Gasperi 22, VAT no. IT02089840967, Tax Code 0208984096, registered at the Monza and Brianza Business Registry under no.02089840967.
The Data Protection Officer (“DPO”) can be contacted at the address: dpo@pupa.it
The purposes of processing
As explained in more detail in the sections that enable users to subscribe - releasing their personal data - to the services reserved for users of our website, the data of data subjects are processed in order to be able to respond to their express requests. In particular, all data collection and subsequent processing activities are carried out for the following purposes:
a) registration with the website
b) subscription to email newsletters
c) purchase of Pupa branded products
d) sharing of content present on the website
e) customer relationship management (CRM)
f) sending curricula vitae
g) general requests for information
h) registration with the MyPUPA Community
i) participation in promotional initiatives - such as loyalty cards and bonuses/coupons offered to customers
j) statistical analysis/research of aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at monitoring the operation of the website.
You are not obliged to provide your data, but failure to provide them may hinder the operation of the requested functions. We do not require consent for the processing of personal data for the aforementioned purposes as this form of processing “is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” (art. 6, paragraph 1, letter b of the GDPR).
In the event of purchase of products or services from PUPA’s e-shop, Micys, the data controller, may send promotional emails regarding products or services similar to those purchased by the data subject, who may however, from the outset, object to said communications by writing to the address privacyIT@pupa.it.
Pupa will not use the data provided for purposes other than those related to the service, as listed above, to which the data subject has subscribed, or exclusively within the limits indicated on a case-by-case basis in any further specific information accompanying any other particular service requested by the user. The processing of aggregated or anonymous data, as referred to in d), does not require the application of the Privacy Code and the GDPR.
Who processes the data for us
For purposes related to the provision of the service to which the user has subscribed, the data will be made available to third parties, who will act as autonomous data controllers by providing services instrumental to fulfilling the request of the data subject (for example, companies that provide services for the delivery of purchased products) or to whom communication of the data is necessary to comply with laws or regulations. An updated list of the data processors is available by simple request sent to the address of the Controller. The personal data will be made available to persons expressly authorised by the data controller - and appointed for said purpose - who will carry out processing activities that are essential for the pursuit of the purposes indicated above; the categories of figures appointed are figures charged with administration, communication, accounting, legal consultancy, the technical maintenance of information systems and marketing, in accordance with the specific request made by the user concerned via this website. The data may also be transferred to countries within the European Union or to other countries that, as declared by the European Commission, guarantee an adequate level of protection or with the mechanisms provided for in arts. 45 et seq. of the GDPR.
How we process data
All processing taking place within the framework of this website will be carried out by electronic or telecommunication tools, but may also be carried out with physical/manual tools. Specific technical and organisational measures are taken to prevent the loss and illegal or improper use of or unauthorised access to the data in full compliance with the provisions of art. 32 of the GDPR. The data will be processed with logic related to the purposes for which the data has been collected and in compliance with current security legislation, for the purposes indicated above or specified on a case-by-case basis in any further information presented to the user.
Types of data processed
Data provided voluntarily by the user
The forms to be filled out on this website include both data that are strictly necessary to adhere to items of interest and without which the relative request cannot be processed, and voluntary data that are not strictly necessary for processing the request.
The personal data generally required for the use of the services on this website are general information, contact data and data relating to payment methods and details. In particular, general and contact information (email address and/or telephone number) may be used both to respond to requests from data subjects and to manage the shipment and delivery of purchased products, as well as to facilitate the management of the same (e.g. in-store recognition of the customer to whom a fidelity card has been assigned).
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website or the filling in of electronic contact forms entails the subsequent acquisition of the sender’s address, which is necessary in order to respond to requests, as well as any other personal data included in the communication. Specific summary information will be subsequently made available or displayed on the website pages provided for particular services to be requested.
Navigation data
The computer systems and software procedures put in place to make this Website function will acquire, during normal operation, some personal data for which transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated to identified data subjects, but that by their nature could enable users to be identified, by means of processing and association with data held by third parties. This category of data includes: IP addresses or the domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses for the requested resources, the time of the request, the method used to make the request to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computing environment. These data are used solely to gather anonymous statistical information regarding the use of the website and in order to monitor its correct functioning, and are cancelled immediately after being processed. The data may be used to ascertain responsibility in the case of any information technology offences committed against the website. However, save for this case, web contact data are held for the period of time strictly necessary.
Social login
Access to the website and services may take place using credentials provided by a third party, such as Google or a similar service (“social login”). In this case, the user is required to check the settings of said service and carefully read the policies issued by the third-party provider, as these may authorise the third-party provider to share their personal information and authorise Micys to collect information such as their contacts, friends and other user data. We will retain the identification code associated with the user account operated by the third party’s service when it is used to login to Pupa or share content hosted on the website; retention will be for as long as necessary to provide the requested services. If the user creates a Pupa account or uses services on the website by logging in through social login, we may use the information in the account of origin to complete their profile on the website. The user may update or change their profile and contact information at any moment through social login. We may also gather information regarding the user and their fruition of our services through cookies and other similar technologies implemented on the website, in accordance with the terms and conditions explained in the following paragraph. The Company may process your contact information to enable you to access your Personal Area of the website and make use of the services available through said area. If you choose this option, you will be able to access the Personal Area simply by using your Google data. The company emphasises that in this case the only data that will be communicated by Google will be first name, surname and email address. No other data relating to your social profile will be transmitted to the Company, which has implemented this system solely for the purpose of simplifying the registration process.
Cookies
For more information on how Pupa uses cookies and other technologies, please check the information notice available at: https://www.pupamilano.com/cookies.html
Data subjects’ rights
You have the right to access your Personal Data at any time in accordance with Articles 15-22 of the GDPR. In particular, you may request the rectification, erasure or restriction of the processing of such data in the cases provided for by Article 18 of the GDPR, you may obtain the portability of Personal Data relating to you in the cases set forth by Article 20 of the GDPR, as well as to lodge a complaint with the competent supervisory authority under Article 77 of the GDPR (Data Protection Authority). You may object to the processing of your Personal Data pursuant to Article 21 of the GDPR in which you give evidence of the reasons for your objection: the Controller reserves the right to evaluate your request, which will not be accepted if there are legitimate grounds for the processing which override your interests, rights and freedoms.
Requests shall be made in writing and sent to the Controller at the following address: privacyIT@pupa.it
