Specific information to enter into the contract

INFORMATION
UNDER ARTICLE 13 OF REGULATION (EU) No. 2016/679

 

This statement is to inform you about the methods used to process your personal data obtained following the procedure to purchase goods offered on the website www.charlesphilip.it

***

  1. Who processes my data?

 

  • The Data Controller (the "Controller") is:

Charles Philip S.r.l.
Registered office:
Via Guelfa No. 5
40138 Bologna, Italy
Tax Code and VAT No. 03789851205
Registration No. BO-546539 at the Companies' Register of Bologna 

 

email: privacy@charlesphilip.it

  • The Controller processes your personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation or “GDPR”), the provisions of the Italian Data Protection Authority and the European Data Protection Board (EDPB). You can consult the text of the Regulation and the provisions of the Italian Data Protection Authority on the website https://www.garanteprivacy.it/home_en

 

 

  1. What data do you process?

 

2.1       Commonly used personal data will be processed:

  • Contact information (personal details, first and last name, shipping and billing addresses, telephone number and email)

 

  • We do not collect any data belonging to the special categories referred to in Article 9, para. 1, of the GDPR or Article 10, para. 1, of the GDPR.

 

 

  1. Why are my data processed?

 

3.1       Your personal data will only be used for certain purposes, and in any case, always when there is a legal basis for us to do so.

 

3.2       Your personal data are collected when you send the registration form and subsequently when you purchase products online.

 

3.3       We process your personal data for the following:

 

PURPOSES

LEGAL BASIS

a)            Creation of a personal account to access the reserved area and use the services offered to registered users.

a)             Performance of a contract to which the Data Subject is a party.

b)            Fulfilling legal obligations.

b)             Compliance with a legal obligation to which the Controller is subject.

c)            Sending business communications for marketing purposes (e.g., sms, email) to promote our services.

c)            Your consent.

d)           Establishment, exercise (also preventive) or defence of legal claims in court (including alternative dispute resolution forums) for the purposes of asserting or defending a right of the Controller.

d)            Legitimate interest to manage relations with you, based on lawfulness, fairness and transparency.

 

 

  1. How are my data processed?

 

4.1       The processing of your personal data will be based on the principles indicated in the GDPR and the rights of the Data Subject.

 

4.2       The Controller has taken appropriate security measures (technical and organisational) to ensure and be able to demonstrate that the processing is carried out in compliance with the GDPR. The Controller shall review and update the abovementioned measures as necessary.

 

4.3       The processing is carried out using both electronic and analogue means, in the manner and within the limits necessary to pursue the above purposes in full compliance with the law, according to principles of lawfulness and fairness and in such a way as to protect your personal data.

 

  1. Am I required to give my data?

 

5.1       The fields marked with an asterisk (*) indicate that the provision of data is a necessary requirement to enter into the contract. Failure to provide correct information will make it impossible to create an account and use the services once registered.

 

  1. Who has access to my data?

 

6.1       Only expressly authorised persons within the Controller’s organisational structure will process your data, within the limits and according to the methods set out in the respective authorisation / designation documents.

 

  1. To whom are my data communicated?

 

7.1       Personal data may be made available to entities not belonging to the organisational structure of the Controller.

 

7.2       In some cases, the recipients of the data will carry out processing operations in their capacity as Data Processors, exclusively on the basis of a specific contract under Article 28 of the GDPR, within the limits and according to the procedures indicated therein.

The updated list of Data Processors is available at the registered office of the Controller.

 

7.3       In other situations, personal data may be made available, through communication, to the following categories of entities:

  1. companies associated with CHARLES PHILIP and franchisees that operate CHARLES PHILIP points of sale;
  2. partners and service providers related to logistics and transport;
  3. companies, consultants and professional firms that provide assistance and/or consultancy services, or that carry out, on behalf of CHARLES PHILIP, services related and instrumental to the purposes of data processing.

 

7.4       The recipients not included in the Data Processors’ list will process personal data as independent Data Controllers or Joint Data Controllers, and will be subject to the relevant obligations.

 

7.5       Your personal data will not be disclosed.

 

7.6       Personal data will be transferred to Third Countries or International Organisations in accordance with the conditions and appropriate safeguards set out in Chapter V of the GDPR.

 

  1. For how long will you process my data?

 

8.1       Data will be processed for the time strictly necessary to pursue the purposes for which they were collected, or to perform the contract.

 

8.2       In any case, once the purpose has been achieved, the data may continue to be processed for the period provided for by legislation or up to the limitation period for asserting a right connected with the same.

Specifically, your data will be stored for 10 years:

  • on the basis of provisions of law, in order to fulfil civil, accounting and fiscal storage obligations,
  • on the basis of the legitimate interest of the Controller: to assert or defend our rights in court.

 

  1. Your rights as Data Subject

 

9.1       We inform you that, at any time and where conditions are met, you have the right to:

 

  1. a) obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and information, in accordance with the provisions of Article 15 of the GDPR,
  2. b) obtain the rectification of inaccurate personal data concerning you including the right to have incomplete personal data completed, also by means of providing a supplementary statement, in accordance with the provisions of Article 16 of the GDPR,
  3. c) obtain the erasure of your personal data, in accordance with the provisions of Article 17 of the GDPR,
  4. d) obtain the restriction of processing, in accordance with the provisions of Article 18 of the GDPR,
  5. e) obtain the portability of your personal data, in accordance with the provisions of Article 20 of the GDPR,
  6. f) object to the processing, in accordance with the provisions of Article 21 of the GDPR.

 

9.2       You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent given or made on other legal bases before its withdrawal.

 

9.3       Requests should be addressed to the Controller: 

Charles Philip S.r.l.
Registered office:
Via Guelfa No. 5
40138 Bologna, Italy

email: privacy@charlesphilip.it

Please also indicate in the subject line: "Request under Regulation (EU) 2016/679" specifying the right you intend to assert, as specified above.

 

  1. Who can I contact?

 

10.1     In the event that you consider that the processing of your data is in breach of the GDPR, you have the right to lodge a complaint before a Supervisory Authority. The abovementioned Supervisory Authority may be that of the Member State in which the Data Subject normally resides, or that of the place in which the alleged breach occurred.

 

10.2     You also have the right to apply to the court if you believe that your rights under the GDPR have been violated as a result of processing. Proceedings against the Data Controller or the Data Processor shall be brought before the courts of the Member State in which the Data Controller or the Data Processor has an establishment. Alternatively, such actions may be brought before the courts of the Member State in which the Data Subject is habitually resident.

 

This document, published at

www.charlesphilip.it/

constitutes the "Specific information to enter into the contract" of this website, which may be updated.

Previous versions are kept at the Data Controller's registered office.

Version published on 04/02/2021

Last updated on 04/02/2021