Pursuant to art. 13 of Legislative Decree 20 June 2003 No. 196 – Privacy Code, and Art. No. 13 of European Regulation No. 679/2016, this Policy only applies to data collected through www.officinaparfum.it. Any subsequent updates to this Policy will be published on the website.
The Data Controller is Officina srl, with registered offices in Parma, Viale Pier Maria Rossi 22, VAT No. 02579810348.
Types of data collected and Processing of personal data
Any personal data supplied or collected will be processed according to the principles of fairness, lawfulness, transparency, and confidentiality under applicable laws.
The Data Controller will adopt all necessary security measures to avoid any unauthorised access, dissemination, change or deletion of personal data.
Data will be processed through IT or telecommunication tools, for the purposes indicated below, following organizational procedures and methodologies strictly related to the purposes indicated. In addition to the Controller, data may be accessed by other categories of employees involved in the management of our website (secretarial, sales, marketing, legal and site administration staff) and by third parties (such as third party service suppliers, hosting providers, IT companies, communications agencies), who may also be appointed Data Processors by the Data Controller. The updated list of any appointed Data Processor may be requested to the Data Controller at any time.
Personal data collected on this website, directly or through third parties, includes the following: Cookies, Usage data, E-mail and Name, VAT number, type of business, tax code, date of birth, contact form, registration / access to the reserved area, newsletter subscription, product and service purchases and associated “Cart”, similar activities.
Non-disclosure of some Personal Data may result in this website not being able to offer its services. Users are responsible for any Third Party personal data published or shared through this website, for which they claim the right to communicate or disseminate, thus freeing the Controller from any liability to third parties.
1) Data supplied by users
Sending e-mails, optionally, explicitly and voluntarily, through the contact form or addresses supplied on the website, results in the sender’s address, and any other personal information contained in the mail, being collected in order to reply to the message. Further summary information will be progressively reported or visualised on any website sections offering particular on-demand services.
2) Location of data processing
Data will be processed at the offices of the Data Controller. For further information please contact the Data Controller. Personal data may be transferred to a different country from the one where the user is located. Please note that additional information is provided in the “Further information on data processing” section.
3) Timing of data processing
As provided by Art. 5, para 1, letter e) of the GDPR, data is retained for the time strictly necessary for their processing relating to user requests or to the purposes described in this policy.
- Data collected for purposes related to the execution of a contract between Controller and User will be retained until the full contract completion.
- Data collected for purposes related to the lawful interest of the Controller will be retained until such interest is satisfied.
- Data collected on the basis of user consent could be retained until such consent is revoked.
- Indicatively, data may be retained for: tax/administration duties, legal obligations related to product guarantees, contractual obligations resulting from additional post-sales services.
Data may be retained by the Controller for longer periods under legal obligations or orders. Users may request to stop their data Processing or delete their data at any time.
4) Purposes of data processing
User data is collected to enable the website to supply services, and also for the following purposes: Contacting users, managing the address book , sending e-mail, registering /accessing the reserved area, newsletter subscription, interacting with outside platforms, commenting on contents, Statistics, marketing and remarketing. In particular:
- to satisfy any specific user request sent to the Controller through the website and its communication tools (contact form, information request forms and similar);
- to register for the newsletter and receive industry information;
- to communicate and inform on services supplied by the Controller, following requests for more information through e-mail, or contact form, or other means of communication;
- for any other accessory or connected communication within the activities carried out through the website.
The categories of Personal Data used for each of these purposes are indicated in specific sections of this document. The categories of Personal Data used for each of these purposes are indicated in specific sections of this document. Among other things, data will be processed for specific purposes, as shown in the examples below:
- for contract-related purposes: mostly to execute any contract agreed upon;
- for contacting users regarding the contract and its management;
- for queries regarding legal guarantees, product compliance, assistance, or requests to withdraw, manage or terminate the contract.
Further information on Personal Data processing
Data are collected for the following purposes and using the following services:
1) Mailing List o Newsletter
When users register for the mailing list of newsletter, their e-mail address is automatically entered in a list of contacts who can be sent e-mail messages with information and marketing messages related to this website. Users’ e-mail addresses may also be added to the list after registering, or following a purchase. Personal data collected: E-mail, Name and Surname.
2) Contact form
By entering their details on the contact form, users consent to their data being used to reply to information requests, or prepare quotes or any purpose indicated on the form title. Personal data collected: E-mail, Name and Surname.
3) Managing addresses and sending e-mails
This service aids the central management of the tags or scripts on our website. User data moves through and is retained by this service.
1) Google Tag Manager (Google LLC)
Browsing and hosting data
The IT systems and software procedures that make our website work will acquire some personal information whose transmission is implicit in the use of Internet communications processes.
However, the Data Controller has no access to such data, not even for consultation purposes.
Data are held on the server of the web host, who can only supply them upon written request by the Public Prosecution, to ascertain potential liabilities in the event of cyber crimes against our website.
These data are not collected to be linked to identifiable users, but by their own nature they may enable user identification through processing and association with third party data. This category includes IP addresses or domain names of computers connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method of request to server, size of the response file, numeric code indicating the type of server response (success, error, etc.) and other parameters on users’ operating system and IT environment. Data is backed up on both OVH servers and
Google Drive ( Google LLC): Policy Privacy
This site is SSL certified and uses HTTPS protocols to enhance the security of personal data as it is entered. This protocol ensures that all transactions and data transmissions through the website are secure and content cannot be read or manipulated in any way.
The services detailed here enable the Data Controller to monitor and analyse traffic data and track user behaviour.
1)Google Analytics (Google LLC)
Security This site is SSL certified and uses HTTPS protocols to enhance the security of personal data as it is entered. This protocol ensures that all transactions and data transmissions through the website are secure and content cannot be read or manipulated in any way.
2) Facebook Ads (Facebook Inc)
Interaction with Social Networks
Registration and authentication
Registration and authentication enable the user to be identified by the relevant application and access the dedicated services. Registration and authentication services may require the assistance of third parties. In this case, the application may access data held by the third party used for registration and identification.
1) Direct Registration
Users register directly on our website, filling the form and supplying their personal data.
2) Facebook Connect (Facebook Inc.)
3) Instagram Connect (Facebook Inc.)
These services enable our website and its partner sites to communicate, optimize and supply ads based on the customer’s previous usage of the site. This activity is based on tracking data and cookies, whose data are sent to remarketing partners.
1) Facebook Remarketing (Facebook, Inc.)
Further information on Data Processing
1) Court proceedings
The Controller may use Customers’ Personal Data to prepare its own defence in the event of court proceedings or to assist in the preparation of such proceedings, or to defend against users abusing these or connected services. Users confirm they are aware that Public Authorities may require the Data Controller to disclose their personal data.
2) Specific Privacy information
3) System log and maintenance
Our website could collect system logs, which are logs that record interactions and may contain Personal Data, such as users’ IP address, to fulfil site functioning and maintenance requirements.
4) Further Privacy information
Further information on Personal Data processing may be requested to the Data Controller via contact forms at any time.
5) Nature of processed data and consequences of refusing consent
The collection of customers’ browsing data, for the purposes detailed above, depends on the level of privacy set by users on their browser. In some instances, disabling settings may prevent browsing on this website. Some modules of our website require browsing data and/or use technical cookies in order to work correctly. The use of some personal data is necessary for the very structure of our website and its procedures. For example:
- sending messages through web contact forms or registering for our newsletter requires some minimum level of data, such as USERNAME and/or name/surname and/or e-mail address and/or other user identification data;
- registering and accessing the reserved area on our website requires USERNAME and PASSWORD, and other data linked to e-commerce transactions such as name/surname/title, delivery address for the goods/services purchased, tax code/VAT number and similar, as explained in the specific purchasing forms. Transactions cannot be completed without these. Any request for optional data will be provided alongside a tick box for consent. All other data is optional and depends on the kind of data the user wants to enter on our website.
6) Exercise of the rights of the data subject
At any time, pursuant to Art. 7 of Legislative Decree 196/03 (Privacy Code) and Art. 15 to 22 of European Regulations No. 679/2016, the data subject has the right to obtain confirmation of any personal data, even if not yet recorded, and their communication in intelligible form, to know the content and origin of the data and to check its accuracy. The data subjects have the right to revoke consent at any time, and may ask the Data Controller to access their personal data, receive them and transmit them to another Data Controller (so-called Data Portability), to update data, limit their processing, rectify data and delete any data whose processing does not comply with applicable laws. The data subject has the right to oppose to the processing of personal data and to the processing for the purposes of marketing, direct sales and market research.
Pursuant to Art. 77 of the GDPR, users may always complain or file a claim to the relevant Data Protection authority.