This information is given in accordance with the provisions of Legislative Decree No. 196 of 30 June 2003 (Data Protection Code) and in accordance with the applicable EC directives. It applies to anyone using the Website www.pinko.com (the “Buyers” and the “Website”), owned by Cris Conf SpA. ("Cris Conf"), and anyone browsing on the Website or using its services, regardless of whether or not they buy any products.
Data controller, data coordinator and authorised persons
The data controller is Cris Conf S.p.A., Strada Comunale per Fornio, 136, 43036 Fidenza (PR), tax code and VAT number 01516210349, email firstname.lastname@example.org; Cris Conf has autonomy to decide the purpose and method of data processing, and the security procedures to be used in order to guarantee the confidentiality, integrity and availability of the data.
Cris Conf may designate one or more persons as data coordinators, as defined in Article 29 of the Privacy Code.
The updated list of all data coordinators can be obtained from the head office of Cris Conf. For more information please send an email to email@example.com.
The data coordinators carry out their activities in accordance with the instructions given by Cris Conf, and under its control. Cris Conf will periodically check that the data coordinators have fulfilled their duties and that they continue to provide appropriate guarantees of full compliance with the laws on data protection.
Buyers’ data will be processed by persons authorised for that purpose, instructed by, and operating under the direct authority of Cris Conf or of the data coordinators.
Type of data processed; option to provide personal data
2.1. Browsing data
Browsing of the Website will result in Cris Conf obtaining “browsing data”, the transmission of which is implicit in the use of Internet communication protocols.
This technical/digital data is only collected and used in aggregate, anonymous form and may be used to verify responsibility for any computer crime against the Website. Therefore “browsing data” does not in itself identify the Buyer.
2.2. Data supplied voluntarily by the Buyer
The Website offers certain services for which the Buyer is required to provide additional details, known as personal data. For example, registration on the Website, access to reserved areas and the purchase of Cris Conf products and services are all activities that require the Buyer to provide personal data that will enable Cris Conf to unequivocally identify an individual, such as: name, surname, date of birth, residential address and/or domicile, telephone number, email address and credit card details.
The provision of this data is optional, but is obligatory to enable the Buyer to access certain services on the Website. Refusal to provide details will have no consequences for the Buyer, but without them, Cris Conf will be unable to provide the Buyout with certain services.
In order to promote and improve its products, services and content, Cris Conf may aggregate any personal and non-personal data. In such a case the non-personal data will be processed as personal details, for as long as it is aggregated with the latter.
Method and purpose of processing
Personal data is mainly processed using electronic and remote means, by Cris Conf or by any other person appropriately selected for their reliability and competence, who provides the operations necessary for the use of the Website, its services and the purchase of products on the Website.
In general, the processing of the Buyer’s data by Cris will enable:
A) registration on the Website or acceptance of the services offered by Cris Conf through the Website;
B) the execution of activities that are connected, instrumental or necessary for the supply of Cris Conf services, including the communication of data to third-party companies who may provide essential or related services, or for the management of payments on the Website:
C) customer satisfaction surveys and user preferences;
D) the management of payments, including antifraud checks for payments made by credit card;
E) the management of Buyers’ technical and commercial requests, regarding the progress of orders, and other queries;
F) the sending, with consent, of advertising, informative and commercial materials (for example newsletters) and the provision of processed data to third parties for sales, attempted sales, or for any commercial and/or statistical purpose that is permitted by law. Consent to the sending of commercial and promotional materials (Articles 130 (1) and (2) – “direct marketing”) implies consent to the receipt of those communications not only through automated means but also through traditional methods (ordinary post and non-automated phone calls). In these circumstances the Buyer may provide his or her consent to receiving these communications only by traditional contact methods;
G) the profiling of customers registering on the Website or carrying out purchases on the Website in order to allow Cris Conf, with consent, to process the decisions, habits and consumer preferences of the Buyer and therefore, to: (i) send the customers personalised texts relating to products and services offered by Cris Conf; (ii) cross-check data collected for different purposes, from among the services provided to the Buyer; (iii) use other forms of identification other than cookies (e.g. login credentials, fingerprints etc.) in order to monitor specific actions or behaviours in the use of the functions provided to the Buyer.
Cris Conf will observe the need-to-know principle, in the processing of any data that may directly or indirectly identify the Buyer. Therefore, the Buyer’s details will not be processed if the purpose pursued in each case can be achieved through the use of anonymous data (such as market research aimed at improving the service) or by other means that enable the identification of the Buyer only in the case of need, or at the request of the authorities or police (for example, data relating to traffic and the length of time spent on the Website or the IP address).
The Buyer’s data will be disclosed to third parties only with the express consent of the Buyer, except in cases in which it is required to be disclosed by law, or is necessary for purposes provided for by law, for which the Buyer’s consent is not required; in such cases the data may be provided to third parties who will process it autonomously and only for the above purposes (for example, if a request is made by the police, the courts or other authorities, or in order to fulfil obligations deriving from the contract with the Buyer, as in the case of payment communications).
Any use other than the specific use for which the Buyer provided the data will be mentioned in the information and will only be followed up by Cris Conf with the express consent of the Buyer.
For certain uses of data, consent is not required by law. For example, personal data may be used without consent of the Buyer if necessary in order to fulfil a legal obligation or to fulfil the contractual obligations towards the Buyer.
Under Article 130 (4) of the Privacy Code, Cris Conf may use the Buyer’s details without having to obtain express consent, for the direct selling of products similar to those already bought by the Buyer, and for opinion surveys provided that the Buyer has not refused this use of details for the email address communicated to Cris Conf.
The Buyer’s personal data will not be transferred to non-EC countries that do not provide adequate levels of protection. If the transfer of data is necessary for the provision of services or for the formation of a contract for sale, Cris Conf guarantees that the data transferred to the non-EC countries without adequate levels of protection will only be carried out after the appropriate safeguards provided for by the applicable laws have been put in place.
The data controller informs the Buyer that personal data will be kept for a period of 24 months. After that period the details will be deleted.
Redirecting to external sites
The Website may use social plug-ins. Social plug-ins are tools that incorporate the functions of social networks directly into the Website (for example the Like function on Facebook).
All social plug-ins on the Website are marked with the logo of the social network site.
When visiting the page on the Website and interacting with the plug-in (for example clicking on the Like button) or when leaving a comment, the corresponding information will be sent by the browser directly to the social network (Facebook in this case) and will be stored by that site.
Links to third-party sites
The Website contains links to other websites.
Cris Conf does not monitor those websites, or their content.
Use of the links does not imply any recommendation by Cris Conf for the access or browsing of those websites, nor does it provide any guarantee about their content, the services or goods they supply and sell to customers.
Cris Conf thus declines all liability regarding the content of those websites and their rules, including data protection regulations and the rules on processing of data when browsing those websites.
Rights of the data subject
Under Article 7 of the Data Protection Code, the data subject, meaning anyone to whom the personal data relates, may obtain confirmation of the existence of personal data regarding him or her even if not yet registered, and may obtain its communication in an intelligible form.
The data subject may obtain information about: A) the origin of the personal data; B) the purpose and use of the processing; C) the logic applied if data is processed with electronic tools; D) the identification details of the data controller, data coordinators and authorised person as defined in Article 5 (2) of the Data Protection Code; e) the persons or categories of person to whom the personal details may be communicated or who may receive the details as a national representative of the data coordinators or authorised persons. The data subject may also obtain: a) an update, rectification or, if interested, integration of the data; b) the deletion, conversion into an anonymous form or blocking of data processed in breach of the law, including any data that is not required to be kept in relation to the purpose for which it was gathered or subsequently processed; c) confirmation that the operations referred to in paragraphs a) and b) above have been brought to the attention, also in terms of their content, to those to whom the data was disclosed or transmitted, except in cases in which that obligation is impossible or requires a utilisation of resources that is manifestly disproportionate to the right being protected. The data subject may object entirely or partially: a) for legitimate reasons, to the processing of personal data even if relevant to the purpose for which it was collected; b) to the processing of personal data relating to him or her for the purposes of direct selling, publicity or for the carrying out of market research or business communications.
In this regard the Buyer, by accessing his or her account on the Website, may change, update or delete his or her personal information including name, surname, address, country of residence, and credit card details.
The deletion of personal data at the Buyer’s request may mean that it is impossible for Cris Conf to continue to provide its services to the Buyer.
In order to exercise the above rights, report problems or request clarification about the use of personal data, the data subject should send a request, specifying the nature, to the data coordinator Cris Conf SpA, Strada Comunale per fornio 136, 43036 Fidenza (PR), tax code and VAT number 01516210349, email firstname.lastname@example.org.
The data subject may at any time make a complaint to the relevant supervisory authority.
Therefore, Cris Conf cannot guarantee that the measures used for the security of the Website and for the transmission of data on the Website limit or exclude any risk of unauthorised access or loss of data from devices belonging to the Buyer; the Buyer is therefore advised to check that his or her computer has adequate data protection software to protect incoming and outgoing data (such as up-to-date antivirus systems) and to check that the Internet service provider has taken suitable measures to ensure network data transmission security (firewalls and antispam filters).
Terms and Conditions of use
Before using the Website please carefully read the Terms and Conditions.