Privacy policy

 

PRIVACY NOTICE

 

We are committed to respecting your privacy.

LLOFF srl is aware of the importance of protecting the confidentiality of personal data and undertakes to comply with the directives and regulations in force on privacy that guarantee safe and confidential internet browsing.

 We invite you to carefully read this document, about rules that LLOFF srl observes in collecting and processing personal data and, in particular, the methods and purposes of the processing of personal data provided by browsing the website, the use of the registration and contact masks, as well as by making purchases of goods or supply of services made available and offered through the site itself.

 The information is provided according to the art. 13 of EU Regulation 2016/679 concerning the protection of personal data for those who interact with the website of LLOFF srl , the Data Controller, accessible from the address www.karmaofcharmeshop.com .

The information is provided for all sites and services under the domain www.karmaofcharmeshop.com and not for other websites that may be consulted via links.

The information is also based on national and European regulations, including Recommendation no. 2/2001 of the Article 29 Working Group relating to the minimum requirements for online data collection in the European Union, to identify the minimum requirements for online personal data collection, and the methods, timing and the nature of the information that the data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

 

DATA CONTROLLER

The Data Controller is LLOFF srl , Via Montegranarese, 2500 - 63811 Sant'Elpidio a Mare (FM).

 

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

The processing of personal data is based on the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality. In particular:

  • process the data exclusively for the purposes and in the manner illustrated in the information;         
  • process the data for purposes for which the prior consent of the interested party is required only in the presence of an express authorization to do so;         
  • respect for anonymity, allowing anonymous navigation of the site in areas that do not require authentication, except for the automatic acquisition of navigation data;         
  • make the data available to third parties only for purposes instrumental to the provision of the requested service or in other cases, except where permitted by law, only when the interested party has given his consent;         
  • respect the rights of the interested parties, responding to requests for cancellation, modification, integration of the data provided, opposition to the processing of data for the purpose of sending commercial and advertising information;         
  • ensure the correct and lawful management of personal data, safeguarding the data subject's right to privacy, as well as applying suitable security measures to protect the confidentiality, integrity and availability of the data processed;         
  • ensure maximum transparency, accompanying every data collection action with specific information;         

 

DATA PROCESSING

personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; "(Article 4 of EU Regulation 2016/679).

Therefore personal data are the name, contact information and addresses, as well as any other information of the user of the site that can be obtained, directly or indirectly, from the latter.

REGISTRATION AND DATA PROCESSING ON THE ONLINE SHOP

When registering on the site and creating your own account, as well as subsequently, by filling in the appropriate registration forms and masks, you will be asked to provide some personal data, such as name and surname, e-mail address, mail, billing information.

The information requested during registration will be used to allow access to online services and to ensure the correct performance of all activities connected or instrumental to the provision of such services.

Furthermore, since registration is a prerequisite for accessing and using our services, the personal data of users of the website, once the service has been chosen and subject to further information, will be processed for the purposes connected and / or functional to the chosen service.

 In particular, When an order is placed, the Company collects personal data. Holder to the collection of personal data is LLOFF s.r.l. in the person of its legal representative. Data collected by us are in order to conclude the order are compulsory for the processing and delivery of your order and invoices. This information is treated confidentially and is used for our customer relationship management in accordance with the provisions of EU regulation 679/2016 and Italian Legislative Decree 196 of 30 June 2003 in order to carry out the purchase contract and fulfil all legal obligations, including those related in terms of taxes and administration, as well as for other purposes connected to the same contract, as described in this policy.

The legal basis of the processing consists of the execution of a contract or pre-contractual measures connected to the sale of products (Article 6, par 1, letter b) of the GDPR) from the fulfillment of legal obligations in tax and fiscal matters to which the data controller is subject (Article 6, par 1, letter c) of the GDPR)

If the selected services are managed by third parties, the data, after providing information to the user, will be communicated to the individual managers. The latter operate as "owners" for the processing connected to the provision of the services within their competence.

LLOFF srl Uses the Shopify ecommerce platform to manage online sales. This means that Shopify may process your data when you interact with the site or make purchases, including: name, email, shipping and billing address, payment information, company name, telephone number, IP address, information on initiated orders. , on the shops visited and on the device and browser used). The processing of EU customer data takes place in Europe, at Shopify International Ltd.

For more information read the Shopify privacy policy: https://it.shopify.com/legal/privacy

 SOCIAL LOGIN SERVICES

This type of service allows you to register and / authenticate to the site using social service accounts or other digital services already used by the user (eg social network, google etc.) directly from the pages of this site

The interactions and information acquired and transmitted by this site are limited to personal and contact data and do not concern authentication credentials or other data. The information transmitted is in any case subject to the user's privacy settings relating to the service used.

 For these services, LLOFF sr services uses the OXI Social Login plugin, a service provided by Oxiapps (http://www.oxiapps.com/) which displays a widget that allows registration and authentication via external digital platforms. The service collects personal data relating to cookies and usage data.

 Privacy policy: https://social-login.oxiapps.com/privacy

 DATA PROVIDED VOLUNTARILY BY THE USER

The voluntary and explicit sending of e-mail messages to the addresses indicated in the different access channels of the site www.karmaofcharmeshop.com and the completion of the specifically prepared forms entail the subsequent acquisition of the address and data of the sender / user, necessary for respond to the requests produced and / or provide the requested service.

 The sending of these data takes place on an optional, explicit and voluntary basis, and involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered.

 LLOFF srl will process these data assuming that they refer to the user or to third parties who have expressly authorized the user to provide them on the basis of an appropriate legal basis that legitimizes their processing. In this case the user is the independent data controller, and assumes all the obligations and responsibilities of the law, granting the widest indemnity with respect to any dispute, claim, request for compensation for damage from treatment, etc. that should reach www.karmaofcharmeshop.com from third parties whose personal data have been processed through the use of the site in violation of current legislation.

In any case, LLOFF srl invites the user not to send personal data unless strictly necessary: ​​some categories of personal data can be processed only with the explicit consent of the user and in compliance with current legislation. The Data Controller therefore underlines the importance of giving your explicit consent to the processing of special categories of Personal Data, should you decide to share such information. Specific summary information will be displayed on the pages of the site.

NAVIGATION DATA

The computer systems and software procedures used to operate the website www.karmaofcharmeshop.com acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested users, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.

 This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the browser and the operating system used and other parameters relating to the operating system and computer environment of the user.

 These data are used only to obtain statistical information not associated with any user identification data on the use of the site and to check its correct functioning and are deleted immediately after processing or at the latest within a week. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.

These data are stored in the systems of the Data Controller or in those of the Managers , in charge of managing the website.

Access to the Site, consultation of its contents and use of the services offered allows the web server to automatically record the so-called "system LOG", or the information that the user's browser sends while browsing the site. This information consists of the web pages requested by the user, the documents consulted, modified or created, the IP address, the browser type, the browser language, the date and time of the request.

STATISTICS

Statistical analysis services allow the Data Controller to monitor and analyze traffic data, aimed at measuring the functioning of the site for research purposes, usability and interest assessments. The data is in aggregate or anonymous form, therefore without the possibility of identifying the user. 

This site uses Google Analytics, a statistical analysis service of navigation activities provided by Google Inc. ("Google"). The data collected relates to cookies and site usage data.

Google Analytics uses the user's personal data, including the data provided to Google when registering for other services, in order to track and examine the use of this site, compile reports and share them with other services developed by Google.

Google may use the user's personal data to contextualize and personalize the advertisements of its own advertising network.

The data processing takes place in the United States, based on standard contractual clauses approved by the European Commission. Privacy policy Goolgle: https://goo.gl/k4J1Nb.

 Google makes available an add-on to disable the collection of Google Analytics data (https://goo.gl/BdFny5).

COMMERCIAL COMMUNICATIONS AND NEWSLETTER

Processing of personal data collected newsletter is carried out in order to promote and advertise our products and services, by sending commercial communications and information and advertising material.

This type of service allows the Data Controller to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the user.

These services may also allow the collection of data relating to the date and time the messages are displayed by the user, as well as to the user's interaction with them, such as information on clicks on links inserted in messages.

 At any time, the user can stop sending commercial communications using the cancellation tools available in the communications themselves or update their preferences for sending communications, limiting or denying them altogether.

INTERACTIONS WITH SOCIAL NETWORK

This type of service allows interaction with social networks or other external platforms directly from the pages of this site.

The interactions and information acquired from this site are in any case subject to the user's privacy settings relating to each social network.

 For these services, the site uses a widget that allows interaction with social networks and external platforms and the sharing of content. The service collects personal data relating to cookies and usage data

Depending on the configuration, this service can show widgets belonging to third parties, for example the managers of social networks on which to share interactions. In this case, even the third parties that provide the widget will be aware of the interactions carried out and the data relating to the pages in which this service is installed.

 For more information on the following permissions and acquired data, it is possible to refer to the documentation of the individual Social Network platforms.

Facebook: https://www.facebook.com/policy.php

Twitter: https://twitter.com/en/privacy

Pinterest: https://policy.pinterest.com/en/privacy-policy

 

DATA RELATING TO MINORS

LLOFF srl does not accept registrations or orders placed by minors under age of 18 (eighteen) years nor will it intentionally collect or use their personal data. Minors are therefore advised not to register or not to purchase through the Site.

 PROFILING BY MEANS OF AUTOMATED PROCESSING OF PERSONAL DATA

Automated systems are active for user profiling aimed at analyzing or forecasting aspects concerning the choices, habits and preferences of purchase, boying choices of the user based on the type of purchases made. The systems are managed by third parties (e.g. Shopify, Google, Facebook) through the use of cookies, pixels and tracking technologies.

The use of these systems is allowed only with your consent which you can express through the cookie banner. For more information, see the cookie policy www.karmaofcharmeshop.com/pages/cookie

 COOKIES

This website uses cookies to offer its users the best possible experience on the site, as well as to optimize their visit.

Please refer to the specific information www.karmaofcharmeshop.com/pages/cookie

 

 PURPOSE AND LEGAL BASIS OF THE PROCESSING

Personal data are processed for different purposes, specified below, and for which your consent may be required:

 

Purpose of the processing

Legal basis and consent to treatment

1. MANAGEMENT OF REQUESTS AND DELIVERY OF SERVICES

a) for the creation of the user account and the purposes related to its management, in the event of any registration on the site;      

b) to verify your identity, even in case of support in restoring access      

c) to manage any type of request for technical, commercial or administrative assistance, and to provide additional services requested by the user      

The processing is carried out in the context of the execution of a contract of which the user is a party or the execution of pre-contractual measures adopted at the request of the user (Article 6, paragraph 1, letter b) of the Regulation).

Consent is not required.

d) to follow up any requests addressed to us, for example by spontaneously sending messages, e-mail or traditional mail to the addresses indicated on the site which involve the subsequent acquisition of the address, including e-mail, of the sender or relative telephone number necessary to respond to requests, as well as any other personal data included in the relative communications.      

The processing is carried out in the context of the execution of a contract of which the user is a party or the execution of pre-contractual measures adopted at the request of the user (Article 6, paragraph 1, letter b) of the Regulation).

Consent is not required.

e) for the execution of obligations established by laws, regulations and by national and / or community legislation, as well as by provisions issued by authorities legitimated by the law or by supervisory and control bodies;      

Processing is necessary to fulfill a legal obligation to which LLOFF srl is subject (Article 6, paragraph 1, letter a) of the Regulation).

Consent is not required.

 

f) prevent or identify any abuse in the use of the site, or any fraudulent activity and therefore allow LLOFF srl to protect itself in court       

2. MARKETING AND COMMERCIAL PROMOTION ACTIVITIES

g) for marketing purposes, by sending by paper mail, e-mail, SMS, social networks, application notifications, banners, fax and telephone and instant messaging services and communications newsletters, commercial offers, advertising material, promotional and informative, market research, surveys concerning the products and / or services offered by LLOFF srl      

Consent is necessary to carry out the processing.

 

Consent is in any case optional. Failure to consent, or its subsequent revocation, will have no consequence in the provision of services, except for the impossibility of receiving commercial communications and updates on products, services and promotions.

 

The user, when sending any communication, will have the right to express his opposition to the processing of data, in accordance with the rights recognized to him.

3. PROFILING BY MEANS OF AUTOMATED PROCESSING OF PERSONAL DATA

a) to analyze or predict aspects concerning purchasing choices, habits and preferences, also relating to the geographical area of ​​reference, as well as for the creation of profiles (individual and / or aggregated) in order to conduct market research, carry out activities promotional and propose personalized offers.      

b) for carrying out analysis and study of the user's consumption habits and choices (so-called "profiling"), based on the type of purchases made, in order to conduct market research and personalized promotional activities.      

Consent is necessary to carry out the processing and can be provided through the appropriate functions present on the site (eg banner cookies)

 

Consent is in any case optional. Failure to consent, or its subsequent revocation, will have no consequence in the provision of services, except for the impossibility of receiving commercial communications in line with the user's preferences and optimizing the services offered by LLOFF srl .

 

One or more consents may be revoked at any time by contacting LLOFF srl   in the ways indicated for the exercise of rights, at the bottom of this privacy policy

 PURPOSE OF THE TREATMENT OF NAVIGATION DATA AND SYSTEM LOG

The personal data whose transmission is implicit in the use of Internet communication protocols and the system LOGs are processed only to obtain anonymous statistical information on the use of the site, to check its correct functioning and protect the computer systems that allow it to be used. operation.

The data do not allow the identification of the interested parties and are not associated with other data sources that can allow assimilations such as to identify users.

Such data, such as the user's IP address, could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

 OBLIGATION OR RIGHT TO PROVIDE DATA

Apart from what is specified above for navigation data, the user is free to provide personal data contained in the registration forms or procedures. Failure to provide them may make it impossible to obtain what is requested or to carry out some services, as specified below with reference to the aforementioned purposes:

 1. MANAGEMENT OF REQUESTS AND DELIVERY OF SERVICES

the provision of data (possibly marked as necessary in the forms) is necessary for the pursuit of the purposes referred to in point 1 and any refusal to provide it will make it impossible for LLOFF srl to fulfill orders or satisfy user requests and for the latter to use the services available through the website.

Furthermore, the processing of data for these purposes is necessary in order to fulfill any legal obligations: personal data must be processed in accordance with the applicable legislation, including their conservation and communication to the Authorities for accounting, tax or other obligations.

 2. MARKETING AND COMMERCIAL PROMOTION ACTIVITIES

the provision of data, based on the user's consent, is optional for the pursuit of the purposes referred to in point 2 and their failure to indicate, or the withdrawal of consent, will not allow the sending of commercial and promotional communications. Failure to provide it will not entail any consequences in the provision of services.

 3. PROFILING BY MEANS OF AUTOMATED PROCESSING OF PERSONAL DATA

the provision of data, based on the user's consent, is optional for the pursuit of the purposes referred to in point 3 and their failure to indicate, or the withdrawal of consent, will not allow profiling activities, or the sending of commercial communications and promotional in line with the interests expressed or showing the user personalized advertising messages. Failure to provide it will not entail any consequences in the provision of services.

 

METHOD OF TREATMENT

Personal data are processed with automated tools, methods and procedures for the time strictly necessary to achieve the purposes for which they were collected and for the pursuit of the purposes referred to in this information.

In particular, the processing is carried out by specifically appointed personnel, mainly with the aid of electronic, computerized or automated means, through the use of electronic mail or other remote communication techniques.

 

STORAGE OF DATA

The data are archieved for the time strictly necessary to provide the requested service or for the time established by the regulations in force.

In general, the personal data provided by users no longer necessary for the pursuit of the purposes for which they were collected are immediately deleted or made anonymous, except for the conservation obligations prescribed by law or otherwise indicated by the third party.

 LLOFF srl , to protect its interests, will also process personal data up to the time permitted by law, in particular as may be necessary in order to protect the interests of the Data Controller from possible claims relating to the services provided.

 For the purposes of marketing, commercial promotion and profiling, data retention will take place within the terms established by the regulations in force and in any case until the consent is revoked, after which LLOFF srl will no longer use the user's personal data for these purposes, reserving the right to keep them as long as it may be necessary in order to protect their interests from possible complaints based on such treatments.

 DATA SECURITY

The Data Controller adopts specific security measures, suitable and preventive, in order to safeguard the confidentiality, integrity, completeness, availability of the personal data of the data subject, as well as to prevent the loss of data, illicit or unlawful use. correct and unauthorized access.

 In particular, to protect the personal data of the interested party, the Site uses an encryption system with SSL (Secure Sockets Layer) technology, which guarantees protection by encrypting the information both on the login page and in the other sections where it is possible to release , view or modify your personal data.

 In any case, the Data Controller is not responsible for untruthful or incomplete information sent directly by the user (example: correctness of the e-mail address or credit card or postal address details), as well as information concerning him and that have been provided by a third party, even fraudulently.

RECIPIENTS OF PERSONAL DATA

Personal data may be disclosed to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules.

 For the provision and management of the services requested by the user, the personal data of the user may be disclosed to other subjects, as managers and / or autonomous owners of the processing of personal data (such as for example credit cards, couriers, providers of web services, e-mails or technical services that provide services that are instrumental to providing the site's services, subjects that provide assistance and consultancy in accounting, administrative, legal, tax matters, financial and credit recovery relating to the provision of services, internal personnel authorized to process data and bound by confidentiality obligations) within the limits necessary to carry out their duties at our organization, and who act as data processors or who are committed to confidentiality, even with an adequate legal obligation.

The data may also be disclosed to subjects, entities or authorities by law, protection from abuse or fraud, or by order of the authorities.

 The complete list of the aforementioned subjects can be requested directly from LLOFF srl . The personal data collected are not disclosed.

 

PLACE OF DATA PROCESSING

The treatments connected to the web services of this site take place at the aforementioned headquarters of the Data Controller, which makes use of external providers for the website hosting service, and are only handled by technical personnel authorized to process the processing and, occasionally, by persons in charge of maintenance operations.

In case of need, the data can be processed by the staff of the company that takes care of the maintenance of the technological part of the site, appointed responsible for the treatment at the headquarters of the company itself.

 Personal data will be stored on the server / database of its suppliers of the Data Controller, located within the territory of the European Union.

TRANSFER TO THIRD COUNTRIES

Some of the user's personal data may be transferred to recipients located outside the European Union, as indicated in the different purposes of the processing.  LLOFF srl ensures that the electronic and paper processing of personal data by these recipients takes place in compliance with the requirements of current legislation, or basing the transfer on an adequacy decision or, alternatively, on the standard contractual clauses approved by the European Commission.

More information on the transfer and on the agreements that legitimize it are available from us, by contacting the contact details in this privacy policy.

 RIGHTS OF THE INTERESTED PARTIES

Users of the site to which the personal data refer, as data subjects and within the limits of current legislation, are granted the rights referred to in articles 15 to 22 of EU Regulation 2016/679, or, in summary, the right to ask LLOFF srl , at any time:

  • access to personal data, as well as further information on their processing         
  • the correction or updating of data         
  • deletion of data         

The user can also:

  • oppose the processing,         
  • request the limitation of the processing         
  • obtain the data concerning the user in a structured format, commonly used and readable by an automatic device         
  • withdraw consent for the processing purposes that require it         

 

Pursuant to and within the limits of current legislation, the user has the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) if he considers that the processing of personal data is carried out in violation of the law or of your rights.

 The rights listed above may be exercised by the interested party, at any time, by contacting LLOFF srl , Via Montegranarese, 2500 - 63811 Sant'Elpidio a Mare (FM), Italy, +39  0733 1776014 , email info@karmaofcharmeshop.com .

 To exercise the rights relating to data processed by third parties, please refer to the specific privacy policies.

 We also inform you that the user registered on the site will be able to view and modify his personal data at any time, by accessing the data modification mask in his personal account, as well as to grant or revoke the consent previously provided for the '' sending commercial communications.

 CHANGES AND UPDATES

This privacy policy is effective from 24 May 2018. LLOFF srl reserves the right to modify or update its content also in relation to changes in the applicable legislation. All changes and updates will be binding as soon as they are published on the site.