Who is the Data Controller?
Below is the main information on the processing of your personal data carried out by DINJA S.R.L. with headquarters at via Vitantonio Messa n. 5 - 70044 Polignano a Mare (BA) (Italia) C.F. e P.IVA n. 08020510726 (“DINJA”), as Data Controller. For any clarification, question or requirement related to your privacy and the processing of your personal data, you can contact us at any time by sending a request to firstname.lastname@example.org, by calling (0039)3938225384 or by writing to the address of DINJA. If you wish, you can also contact our Data Protection Officer (DPO) by writing to "Data Protection Officer" at the address above, or by e-mail to email@example.com.
What data do we process and why?
The personal data that DINJA processes is that which you provide to us when you conclude an order and purchase goods, and that which we collect as you browse or use the services offered on Mysecrex.com. DINJA can then collect data about you, for example, personal details such as name and surname, shipping address and billing address, browsing data and your purchase habits. Your personal data is processed for the following purposes: - conclude and execute the purchase contract for goods offered on Mysecrex.com; - provide you with the services of Mysecrex.com such as subscription to the newsletter; - allow registration to the site and use of services reserved for registered users; - manage your requests forwarded to our Customer Service. In the aforementioned cases, the processing of your personal data is legitimate as it is necessary to execute an agreement with you or to provide you with the service that you have specifically requested. We also conduct statistical surveys and analyses with data in aggregate form to understand how users interact and use the site, in order to improve our offer and our services. However, only with your express consent will we process your personal data to: - carry out commercial and promotional communication activities; - customise the site and the commercial offers based on your interests.
Who will process your data?
Your personal data is processed by personnel duly authorised by DINJA as Data Controller. For organisational and functional needs related to the provision of services on Mysecrex.com, your data could also be processed by our suppliers. The latter have been evaluated and chosen by DINJA for their proven reliability and competence. Some of these subjects may also be based in non-EU countries and, in these cases, the transfer of your personal data in these countries is carried out in compliance with the guarantees provided by law.
How long do we keep your data?
What are your rights?
At any time, depending on the specific processing, you may: revoke your consent to the processing, know which of your personal data we have in our possession, its origin and how it is used, request the update, correction or integration and in the cases provided for by the current provisions, the cancellation, the limitation of processing or oppose their processing. If you wish, you can request to receive your personal data in possession of DINJA in a format readable by electronic devices and, where technically possible, we can transfer your data directly to a third party indicated by you. If you believe that the processing of your personal data has been carried out illegally, you can file a complaint with one of the supervisory authorities responsible for compliance with the rules on personal data protection. In Italy, the complaint can be presented to the Italian Data Protection Authority (http://www.garanteprivacy.it/). This information may be subject to changes and additions over time, so we invite you to check the contents periodically. Where possible, we will try to immediately inform you of any changes made.
1. General information
Who is the Data Controller?
DINJA S.R.L. (“DINJA”) with headquarters at via Vitantonio Messa n. 5 - 70044 Polignano a Mare (BA) (Italia) C.F. e P.IVA n. 08020510726 (“DINJA”) is the Data Controller, that is, the subject which decides how and why to process your personal data. You can always contact DINJA by writing to the above address, calling (0039)3938225384 or writing to firstname.lastname@example.org.
Who is the Data Protection Officer?
DINJA has appointed a Data Protection Officer. If you wish, you can contact the Data Protection Officer (“DPO”) of DINJA for any request regarding the protection of your personal data and the exercise of your rights, by writing to "Data Protection Officer" at the address above, or by e-mail to email@example.com
2. What personal data do we collect?
The categories of personal data that DINJA collects and processes when you browse or purchase on Mysecrex.com are as follows: a) we collect the personal data necessary to conclude and execute your purchase on Mysecrex.com such as name and surname, e-mail address, shipping address, billing address, telephone and payment details; b) we collect your e-mail address when you sign up for our newsletter service; c) we process the personal data you provide us when you contact our Customer Service to provide the assistance requested; d) upon your consent, we collect and use your personal data for marketing purposes; e) for the registration of your MySecrex account, we collect your name and surname, your e-mail address, password and your date of birth. If you are a registered user, we collect information about your access to the reserved part of the site. With your express consent, by analysing your personal data we can process information regarding your interests and preferences with respect to our products and services in order to present proposals and offers in line with your tastes. In case of authentication to the MYSECREX account through external social networks, we collect the data necessary for registration/authentication through Facebook and Google. We also collect information about you from third parties and, in particular, from Facebook and Google+. This information includes the following data categories: e-mail address. f) we collect information about your browsing on Mysecrex.com, such as the pages you visit and how you interact with the single page and we save this information on our servers. g) in the event that you provide personal data of third parties to DINJA, for example in cases where you decide to purchase a product to be delivered to a friend, or to give a gift, DINJA will arrange for the third party to deliver the Privacy Notice at the time of the first communication. We remind you that the use of personal data of third parties is subject to the discipline regarding the protection of personal data. We inform you that DINJA does not process personal data relating to minors. If you access Mysecrex.com and use the services offered by DINJA, you declare that you are of legal age.
3. How do we use the personal data we collect?
DINJA collects and processes your personal data for the following purposes: a) to conclude and execute the purchase agreement for the products offered on Mysecrex.com. When you complete your purchase, we ask you for the personal data necessary for the execution of the agreement, such as payment, anti-fraud checks if you choose to pay by credit or debit card, billing, shipping of the product and possible management of the return. b) registration on the site and use of the services offered to registered users. Registration on the site is possible through the inclusion of some personal information which is necessary to ensure your identification and the performance of services offered to registered users. c) provision of the services offered on Mysecrex.com. For this purpose, in relation to each service and its characteristics, DINJA needs to collect the personal data necessary for the performance of the service requested by you. d) management of requests to our Customer Service, which uses the personal data you provide to meet your requests for information and requests for assistance. e) sending of CVs. If you send us your CV to be considered for an application to an open position, we will use the information contained in your CV exclusively for this purpose. Your CV will be kept for a maximum period of six months, after which it will be deleted: if you wish, you can of course send us a new updated version. f) statistical analysis and surveys. We use some information about your use of the site to perform statistical analysis and surveys in order to improve our offer and our services; g) sending commercial and promotional communications following the purchase of one of our products, so-called soft spam. Following the purchase of one of our products on the site, we will send you communications containing our business proposals and related products and services to the e-mail address that you provided us. h) subject to your express consent, we may use the contact details you have provided for commercial communications on our products and services, in order to update you on news, new arrivals, exclusive products, our offers and promotions. In addition, always with your consent, we will be able to use your contacts as part of market research and surveys for the detection of satisfaction in order to improve our services and the relationship with our users. These communications will take place exclusively with the methods you have chosen (via e-mail, SMS, telephone, paper mail, Whatsapp). i) only with your consent, DINJA will be able to personalise your experience as a registered user on Mysecrex.com, proposing previews and offers in line with your tastes and sending you commercial communications tailored to your interests, these communications will only take place in the manner you selected (via e-mail, SMS, telephone, paper mail, Whatsapp). The personalisation will be done by analysing your previous purchases and other information described in the previous paragraph “What personal data do we collect?”. For more information on this data and on the activity that allows you to process it, please refer to the paragraph “Your MYSECREX profile”. Should you wish to authorise the activities referred to in points h) and i) and subsequently do not wish to receive further communications from DINJA or would like to limit the way in which to be contacted, you may interrupt these communications at any time by simply clicking on the appropriate unsubscribe link at the bottom of each communication, accessing your MYSECREX account, contacting DINJA by calling (0039)3938225384 or by sending an email at firstname.lastname@example.org or by writing to the above address. We inform you that you may receive further communications from us even after submitting your unsubscription request, as some submissions may have already been planned, our systems may take some time to process your request. In relation to all the activities mentioned above, we will process your personal data mainly through IT and electronic means; the means we use guarantee high safety standards, in full compliance with current legislation.
4. Your MySecrex profile
When creating your MYSECREX, we offer you the possibility to use the following services: • My orders: follow the shipment of your orders, change or return items that are not for you and see your order history. • Wish List: save the items you most want and keep an eye on their availability. • My data: manage your registration data. • My addresses: save or modify your addresses to always have them available and complete your purchases faster. With your express consent, DINJA will be able to customise your experience and the contents of commercial communications and offers that you will see when you browse on Mysecrex.com as a registered user, based on your interests. This activity allows you to facilitate the search for products and services that are of more interest to you and at the same time allows us to improve our offer for you. Personalisation is made possible by the analysis of your personal data in our possession, described in the previous paragraph “What personal data do we collect?”. In particular, the information on purchases you have made in the past and those relating to the sections of the site you visit most often or the services you use most often help us to understand which products and services you are most interested in. To ensure that the information in our possession is correct and allow us to perform the activities described above, we invite you to access the “My profile” section of your MYSECREX and, if you deem it necessary, to update them.
5. Legal basis of the processing
We process your personal data only in the presence of one of the conditions provided for by the law in force, and specifically: a) for the conclusion and execution of a contract of which you are a part. When we process your data for the conclusion of the purchase agreement of which you are a part, we ensure that we only use the minimum information necessary for the execution of this. This basis legitimises the processing of personal data that takes place in the following activities: - conclusion and execution of a purchase agreement for the products offered on Mysecrex.com; - registration on the website and use of services reserved for registered users; - provision of services offered on Mysecrex.com; - management of your requests by our Customer Care. The contribution of your personal data for these activities is a contractual obligation. You are free to communicate your data or not, but in the absence of the requested data, it will not be possible to conclude or execute the agreement and your requests. This means that you will not be able to purchase the products and you will not be able to use the DINJA services and that DINJA will not be able to handle your requests; b) to comply with a legal obligation. In the event of conclusion of an agreement for the purchase of goods on Mysecrex.com, the processing of the user's data will take place in order to fulfill the legal obligations to which DINJA complies with in accordance with the tax provisions and other regulations to which DINJA is subject. You are free to decide whether to conclude an agreement and whether or not to disclose your data, but if you conclude it, your data will be necessary and will be processed to effect the aforementioned legal obligations to which DINJA is required. The processing of voluntarily sent CVs, carried out to evaluate candidates with respect to a possible job position at DINJA, is legitimate because it is expressly authorised by a law, which specifies that in this case the consent of the person to whom the personal data refers is not required. You are free to send us your CV or not, but without it we will not be able to evaluate your candidacy for a job position at DINJA; c) for our legitimate interest. If you purchase products on Mysecrex.com by credit or debit card, some of your personal data may be processed to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and pursue any fraudulent activity. d) based on your consent. We will carry out the following processing only if you have given us your express consent: • carrying out marketing activities and opinion polls and market research; • analysis of your browsing and consumption habits in the use of your MYSECREX profile, in order to personalise your experience on our site. Providing your personal data for these activities is absolutely optional. You are free to provide us with your data for these purposes, but without it, it will not be possible for DINJA to carry out marketing activities, opinion polls and market research, and to analyse your habits.
6. Who will process your data?
Your personal data will be processed by DINJA internal staff who are specifically trained and authorised to process. Your personal data will also be transmitted to third parties that we use to provide our services; these subjects have been adequately selected and offer a guarantee of compliance with the rules on the processing of personal data. These persons have been appointed as data controllers and carry out their activities according to the instructions given by DINJA and under its control. The third parties in question belong to the following categories: banking operators, internet providers, companies specialised in IT and telematic services; couriers; companies that carry out marketing activities; companies specialised in market research and data processing. Your data may be transmitted to police and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow DINJA to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
7. Web push notification
Depending on which device you use, you may receive, upon giving your consent, push notifications regarding our offers, new items, your wish list and your cart. To deactivate notifications, depending on the platform and/or browser used, follow the steps listed below: - Desktop: Right-click on notification > disable notifications from www.Mysecrex.com - Mobile: Access the notification center > Site parameters > Notifications > Block notifications from www.Mysecrex.com - Common browsers: • Chrome: Settings > Show Advanced Settings > Privacy – Content Settings > Notifications - Manage exceptions > Enter www.Mysecrex.com and select “Block” • Firefox: Options > Content > Notifications – Select > www.Mysecrex.com – “Block” • Safari: Preferences > Notifications > From here select "Deny"
8. Extra-EU data transfer
Some of the third parties listed in the previous paragraph “Who will process your data?” may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission (http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi#1). The transfer of your personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection will be performed only after conclusion between DINJA and said subjects of specific agreements, containing safeguard clauses and appropriate safeguards for the protection of your personal data which are so-called "standard model clauses", also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of an agreement between you and DINJA (for the purchase of goods offered on our site, for registration on the website or the use of services on the website) or for the management of your requests.
9. How long do we keep the data?
We keep your personal data for a limited period of time, which is different depending on the type of activity that involves the processing of your personal data. After this period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way. Your personal data is stored in compliance with the following terms and criteria: a) data collected to conclude and execute agreements for the purchase of goods on Mysecrex.com: until the administrative and accounting formalities have been completed. The billing data will be kept for ten years from the billing date; b) data of the registered user: the data will be stored until you request cancellation of your MYSECREX profile; c) data relating to the payment: up to the certification of the payment and the conclusion of the related administrative and accounting formalities resulting from the expiration of the right of withdrawal and the terms applied for the contestation of the payment; d) data collected in the context of the use of services offered on Mysecrex.com to the user: these data are retained until the termination of service or cancellation of the subscription to the service by the user; e) data related to user requests to our Customer Care: the data useful to assist you will be kept until your request is met; f) CV: for six months from receipt; g) data used for commercial communication activities towards users who purchase products on Mysecrex.com (soft spam): this data is kept until the termination of service or the exercise of the opposition by unsubscription by the user; h) data provided for commercial communications activities, opinion polls and market research: up to the request by the user to interrupt the activity and in any case within 2 years from the last interaction of any kind of user with DINJA; i) data used to personalise the site and to show customised commercial offers: as long as the user does not request the termination of the activity and in any case within two years from the last interaction of any kind of user with DINJA; j) data used for carrying out market research and surveys for the detection of satisfaction: as long as the user does not request the termination of the activity. In any case, for technical reasons, the termination of the processing and the subsequent cancellation or irreversible anonymisation of the related personal data will be final within thirty days of the terms indicated above.
10. Your rights
You can exercise your rights at any time with reference to the specific processing of your personal data by DINJA. Below is their general description and how to practice them. a) Access your data and modify it: you have the right to access your personal data and to request that it be correct, modified or integrated with other information. If you wish, we will provide you with a copy of your data in our possession. b) Revoke your consent: you can revoke a consent you have given for the processing of your personal data in relation to any activity for marketing purposes at any time. In this regard, we remind you that marketing activities are considered the sending of commercial and promotional communications, the conduct of market research and surveys for the detection of satisfaction for the customisation of the website and commercial offers according to your interests. Once we receive your request, it will be our duty to promptly cease to process your personal data based on this consent, while different processing or that which is based on other assumptions will continue to be carried out in full compliance with the provisions in force. c) Opposition to the processing of your data: you have the right to object at any time to the processing of your personal data made on the basis of our legitimate interest, explaining the reasons that justify your request; before accepting it, DINJA will have to evaluate the reasons for your request. d) Delete your data: you may request the cancellation of your personal data in the cases provided for by current legislation. Once your request has been received and examined and if it is legitimate, it will be our duty to timely cease to process your personal data and to delete it. e) Request of restriction of the processing: in this case, DINJA will continue to keep your personal data but will not process it, unless it is subject to your different request and the exceptions established by law. Processing of your personal data can be limited when you dispute the accuracy of your personal data, when the processing is illegal but you oppose the cancellation of your data, when we no longer need your personal data but you need to exercise your right in court and when you oppose your processing, in the period in which we evaluate the reasons for your request. f) Request of data transfer to other party than DINJA ("right to data portability"). You can ask to receive your data that we process based on your consent or on the basis of an agreement with you in a standard format. If you wish, where technically possible and at your request, we may transfer your data directly to a third party that you indicate. In order to exercise some of your rights described above you can access your MYSECREX or alternatively you can contact us by calling (0039)3938225384 or writing to our Customer Care and selecting “privacy”, or by writing to the address of the Data Controller above. In order to ensure that our users' data is not infringed or illegitimate by third parties, we will ask you for some information to be sure of your identity before accepting your request to exercise one of the rights indicated.
11. Security measures
We protect your personal data with specific technical and organisational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures that guarantee: the pseudonymisation or the encryption of your data; the confidentiality, integrity, availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. Furthermore, DINJA agrees to test, verify and regularly evaluate the effectiveness of technical and organisational measures in order to guarantee continuous improvement in the security of processing.
If you believe that the processing of your personal data has been carried out illegally, you can file a complaint with one of the supervisory authorities responsible for compliance with the rules on personal data protection. In Italy, the complaint can be presented to the Italian Data Protection Authority. More information on the presentation methods are available on the website of the Italian Data Protection Authority, at http://www.garanteprivacy.it.
13. Changes to this information
14. Legislative references and useful links
The processing of your personal data is carried out by DINJA in full compliance with the regulations on the matter pursuant to the General Data Protection Regulation (EU) 2016/679, the rules on the processing of Italian personal data and the provisions of the Italian Data Protection Authority (http://www.garanteprivacy.it).
Last updated 24/05/2018