Privacy
PRIVACY POLICY www.sun68.com
This privacy policy of website www.sun68.com (hereinafter, the "Website") is provided pursuant to Article 13 EU Reg. 2016/679 (General Data Protection Regulation or, simply, "GDPR") and Legislative Decree no. 196/2003 ("Privacy Code") as amended by Legislative Decree no. 101/2018. The Data Controller undertakes to keep this notice updated.
-
data controller
The Data Controller is Numero 8 S.r.l., with registered office in Via Copernico 14, Noventa di Piave (VE), P. IVA 03591110279, Tel. + 39 0421/220249, registered e-mail amministrazione@numero8-pec.it (hereinafter, also “Data Controller”).
-
type of personal data collected and purpose of processing
The personal data (hereinafter also “Data”) provided shall be processed for the following purposes:
-
User’s account creation: when users sign up to the Website, Data such as name, surname, date of birth, gender, e-mail, and password will be collected. Such Data shall be used to create the persoanl user’s account and to allow the registered users to benefit of the services offered. As far as the registered users are concerned, the Data Controller shall also collect information regarding the access to the personal area of the Website.
-
Execution of the purchases on the Website: Data such as name, surname, e-mail address, delivery address, billing address, telephone number, and payment details shall be processed by the Data Controller to execute the purchase orders. Some personal data shall be processed in order to enable the Data Controller to comply with obligations provided for by laws, regulations or Community legislation, in particular related to civil, tax and accounting regulations.
-
Contact form and other user contact requests: in the event that the Website user contacts the Data Controller to request support or information, the Data provided by the user shall be processed only to satisfy the user’s request.
-
Shopping cart: the Data Controller shall be entitled to process the user’s e-mail address, even if not registered on the Website, to send a reminder in the event that the user, after having placed one or more products in the shopping chart, does not complete the purchase.
-
Newsletter and other marketing communications: the user’s e-mail address provided with the subscription to the Data Controller’s newsletter service shall be process to send sale and/or marketing communications regarding Data Controller’s clothing products bearing the trademark SUN68, CYCLEJEANS and SOCKSBURGERANDFRIES or any other trademarks belonging with the Data Controller, even on the basis of a licence, as long as they are employed to distinguish clothing products and similar items, as well as to conduct market surveys, also by relying on third parties to send such materials. These third parties shall be appointed Data Protection Officer for this purpose (“Direct Marketing”).
-
Automatically collected information: the computer systems and software procedures used to operate the Website acquire, during their ordinary operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users’ identification. This category of data includes, for example, the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information concerning the use of the Website, due to security reasons, and to check its proper functioning, and is deleted immediately after processing.
-
Processing legal basis and Consequences in the event data are not provided
The Data Controller processes Data only in the event that the requirements provided by the applicable law are met, and in particular, the Data are processed:
-
to execute a contract in which the user is involved as party or give execution to precontractual activities requested by the Website user pursuant to art. 6, par. 1, lett. b), GDPR.
This legal basis allows the Data processing conducted during the following activities:
a. subscription to the Website and use of services reserved for registered users.
b. execution of a contract for the purchase of the products offered on the Website.
c. dealing with user’s information requests and/or requests for support.
Providing this Data for such activities is a contractual obligation. The user is free to communicate his data or not, but without the required data it shall not be possible to conclude or give execution to contracts and to the user's requests. This means that the user will not be able to purchase products and use the services of the Data Controller and that the Data Controller will not be able to deal with user's requests;
-
to carry out a legal obligation pursuant to art. 6, par. 1, lett. c), GDPR.
In the event of a contract execution for the purchase of goods on the Website, your data will be processed in order to fulfil the legal obligations to which the Data Controller is subject in accordance with the tax and other regulations to which the Controller is subject. The user is free to execute a contract and communicate his/her data or not, but if the contract is executed, data provided shall be processed in order to fulfil the legal obligations to which the Data Controller shall comply;
-
to pursue a legitimate interest of the Data Controller in accordance with art. 6, par. 1, lett. f), GDPR.
The Data Controller has a legitimate interest in sending the user of the Website a reminder e-mail in the event that the user, after placing a product in the shopping cart and having already communicated to the Data Controller his/her e-mail address, has not completed the purchase in order to promote the execution of the purchase.
The Data may also be processed to prevent and pursue any fraudulent activities, counterfeiting or abusive conducts (committed also by third parties) in contrast with the applicable laws, the contractual provisions applicable to the Website and to the relevant services, the rules of fairness and good faith.
In this event, the processing of the Data responds to a legitimate interest of the Controller.
-
if the user consent to the Data processing pursuant to art. 6, par. 1, lett. a), GDPR.
Prior user’s explicit consent, the Data Controller shall process the data as follows:
-
To send by e-mail the Data Controller newsletter (communications regarding new products and commercial initiatives);
-
To conduct marketing polls and surveys;
Providing such data to the Data Controller is not mandatory and it shall not negatively affect the users’ power to purchase products and/or have access to the services offered on the Website.
The users are free to provide or not their Data for these purposes, but if they do not, the Data Controller will not be able to carry out marketing activities and surveys.
-
Categories personal data and Data processors
All Data collected may be communicated to internal staff memebers authorised to process such Data by virtue of their respective duties, as well as to external third parties to whom providing the Data may be necessary. These persons, should they process Data on behalf of the Controller (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), will be designated as Data processors with a specific contract or other legal act. The data of third parties will be communicated by the Controller upon request.
The Data will not be disclosed under no circumstances.
-
Safety measures
The Website processes users’ Data in a lawful and appropriate manner, adopting adequate safety measures to prevent unauthorised access, disclosure, modification or destruction of data. The Data processing is carried out by means of computer and/or telematic tools, using appropriate organisational, technical and administrative measures to protect personal data within our company, and with the only aim to fulfil the abovementioned purposes. However, no data transmission and no storage system can be guaranteed to be 100% secure. If users have reasons to believe that their interaction with the Website is no longer safe, we strongly encourage them to report the problem immediately.
-
transfer of personal data abroad
Data management and storage take place on servers located within the European Union, owned by and/or available to the Data Controller and/or third party companies duly appointed as Data processors. The Data may also be transferred for the purposes set out in art. 2 to entities based in countries outside the European Union, provided that they guarantee an adequate level of protection pursuant to art. 44 et seq. of the GDPR.
-
data storage
The Data will be stored for limited period which may vary on the basis of the type of activity this Data were collected for.
Once this time period has expired, the Data will be delated completely or anonymised in an irreversible way, without prejudice to circumstances in which the data must be stored for a longer period of time due to possible disputes and competent authorities’ requests and pursuant to the applicable law.
In particular, the Data are stored in accordance with the terms and criteria set out below:
-
data collected for the purpose of entering into and executing contracts for the purchase of goods on the Website, including payment details: until the conclusion of the administrative-accounting formalities. Billing data will be kept for ten years from the date of the invoice issuance.
-
registered user's data: the data will be kept until the user requests the deletion of his/her personal account or after 2 (two) consecutive years without the user logging into his/her account.
-
data related to requests for information and/or requests for support: data useful for processing the user's request will be stored until the request is satisfied.
-
data used for commercial communication activities with users who have voluntarily subscribed to the Data Controller's newsletter, opinion polls, market research and satisfaction surveys: these data are stored until the conclusion of the activity or the request to stop the activity (objection to the receipt and/or withdrawal of consent) and in any case within 2 (two) years from the user's last interaction, of any kind, with the Website and/or the Data Controller. It is understood that the user may, at any time, independently unsubscribe by simply clicking on the relevant link at the bottom of each e-mail.
-
Data collected through cookies will be retained for the period of time determined for each single cookie. For any further information, please refer to the cookie policy .
-
Rights of the Data Subject
Users are entitled to exercise the following rights at any time with reference to the specific Data processing activities conducted by the Data Controller:
-
right to access, which is the right to obtain from the Data Controller a confirmation as to whether or not the Data are being processed and, if such is the case, to obtain access to them;
-
right to rectification and eresure, which is the right to obtain the rectification of inaccurate Data and/or the integration of incomplete Data or the deletion of Data for legitimate reasons;
-
right to restrict processing, which is the right to ask to limit or to suspend the processing activities if legitimate reasons are present;
-
right to data portability, which is the right to receive in a structured, commonly used and readable format the Data, as well as the right to transmit the Data to another data;
-
right to object to the processing, which is the right to object to the processing of the Data if there are legitimate reasons, including the processing of Data for marketing and profiling purposes;
-
right to withdraw the consent at any time without prejudice to the legitimacy of the processing activities carried out on the basis of the consent given before its withdrawal;
-
right to file a claim to the competent authority in the event of an illicit processing of the Data or to take legal action in the appropriate courts.
In order to exercise the aforesaid rights, users can send their request by e-mail to privacy@sun68.com, or by registered mail to the following address: Numero 8 S.r.l., via Via Copernico 14 - 30020 Noventa di Piave (VE).
-
Updates
This privacy policy may be subject to changes and amendments in due course, which may also be necessary with reference to new legislation on the protection of personal data; therefore, we strongly recommend to check its contents periodically.
The updated version of this privacy policy, however, will be published on this web page, specifying the date of its last update.
This privacy policy was last updated on 01/07/2022.