I. Data Controller and Data Processors
Personal Data will be processed by Remeo Gelato Limited, with registered office at Unit 702, Salisbury House, London Wall, London, EC2M5QQ, tax code and VAT number 179750266, registered with the Register of Enterprises under No. 8811000(hereafter “We”, “Us”, “Our”, “Data Controller” or “REMEO”).
For certain activities, We may ask other entities to process data on our behalf. Said entities will act as Data Processors. The updated list of Data Processors is available upon request by sending an email at email@example.com.
II. Categories of Personal Data
When providing access to our website and when we offer other related services (e.g. online shop – collectively referred as “Services”), We process a number of Personal Data about you (all categories listed below are collectively referred as “Data”). In particular, We may process the following data about you:
The computer systems and software procedures used to provide the Services acquire some personal data transmitted using Internet communication protocols. This information is not collected to be associated with identified parties, but by their nature could, through processing and association with data held by third parties, allow users to be identified. This data is:
- the Internet site from which our page has been called;
- the IP address and domain names of the devices used by users to use the Services;
- the date and time of the request or access;
- the request itself from the browser or other client, in the form of addresses in URI (Uniform Resource Identifier)
- the technical code of the http response obtained from the server (error, success, etc.);
- the amount of data transmitted;
- the browser, its technical and functional characteristics and the operating system used;
- the cookies or similar technologies that provide additional functionality to the website and the services (e.g. they help us analyse the website usage more accurately). Please see the Section VII of this Notice for additional information.
The data of the type described above are necessary for the provision of services. Failure to provide such data will make it impossible to use the Services themselves.
When you access our online shop, We and our partners may process data which are necessary to perform the sale you are requesting. By way of example, this category might include:
- Name and surname;
- Address and/or delivery address;
- Payment data (such as credit card data);
- Contact details (e.g. email address);
The data of this type is necessary for the provision of Services related to sales. Failure to provide such data will make it impossible to perform the requested sale.
Certain personal data might be processed in the context of our marketing activities (e.g. newsletters).
This category includes:
- Name and surname;
- Email address;
The data of this type is not necessary for the provision of Services related to sales. Failure to provide such data will make it impossible to perform the requested marketing activities only.
III. Processing purposes and modalities
We process your Personal Data to the extent permitted or required under applicable law, for the following purposes:
- Administering and providing the website (hereinafter jointly “Service-related Purposes”);
- Administering and providing our products in relation to a sale (hereinafter jointly “Sale-relatedPurposes”). This includes all the due related financial activities (e.g. tax purposes, etc.);
- Marketing of our products and services which might be of your interest (hereinafter jointly “Marketing- related Purposes”).The processing is performed through automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time indicated in Section VI of this Notice.
IV. Legal justification for the Processing of your Personal Data
Generally, the processing of your Data is necessary for the performance of our Services. Furthermore, REMEO relies on the following legal justifications for the processing, of your Personal Data:
Categories of Data Involved: Internet data
Legal basis: The processing is necessary to provide you with the access to our website (Art. 6(1) lit. b) GDPR). We also have a legitimate Interest in providing access to our website (Art. 6(1) lit. f) GDPR).
Categories of Data Involved: Internet data; shop data
Legal basis: The processing is necessary to fulfil your request to purchase our products and services (Art. 6(1) lit. b) GDPR).
Categories of Data Involved: Internet data; shop data; marketing data
Legal basis: You provided your express consent to our marketing activities; or in certain cases, we have a legitimate interest to send you marketing emails (e.g. if you have already purchased our products and/or services).
V. Data transfers and recipients and legal justification for such transfers
Service providers: REMEO has concluded contracts with third party service providers as part of its normal business operations to carry out certain IT-related tasks and sale-related activities (e.g. the payment platform provided by banks and financial institutions). When this happens, REMEO may transfer some of your Personal Data to these entities which will act on our behalf.
Service providers include:
- Providers of servers capabilities;
- Banks, financial institutions and other e-commerce platform providers.
VI. Retention periods and deletion of your Personal Data
Personal Data processed for the purposes hereunder will be stored only to the extent necessary. If a judicial action is initiated, the Personal Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by applicable law.
In principle, we will retain your Personal Data as long as required or permitted by applicable law. In particular: data used for marketing purposes will be processed for 24 months. Afterwards, we will remove your Personal Data from our systems and records and/or take steps to properly anonymise it so that you can no longer be identified from it.
A “cookie” is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
There are different types of cookies:
- Technical cookies: these allow the user to navigate through the website or application and use the various options or services there. For example, with traffic control and data communication, to identify the session, access restricted Web parts, remember the elements of an order, make the request for registration or participation in an event, use the security features during navigation, and store content for broadcast video or sound.
- Cookies customisation: these allow users to access the service with some predefined general features in your terminal, or user defined settings. For example, the language, the type of browser through which you access the service, the design of selected content, geolocation terminal and place where you can access the service.
We use technical and third party cookie on our website.
This below is the list of the third party cookies we use on our website. If you would like more information about these cookies, together with information on how to reject or delete the cookies, please see their individual privacy policies using the links provided.
Description: Third party Google cookie analytics – permanent
Policy link: https://policies.google.com/privacy
Description: Third party social media cookie
Policy link: https://www.facebook.com/policies/cookies/
Description: Third party social media cookie
Policy link: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Most browsers allow you to refuse to accept cookies; for example:
- in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
- in Firefox (version 36) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
- in Chrome (version 41), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies might have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
You can delete cookies already stored on your computer; for example:
- in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
- in Firefox (version 36), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and
- in Chrome (version 41), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.
Deleting cookies might have a negative impact on the usability of many websites.
VIII. Your statutory rights
Under the conditions set out under applicable law (i.e., the GDPR), you have the following rights:
- Right of access: You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – inter alia – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): You have the right to ask us to erase your Personal Data.
- Right to restriction of processing: You have the right to request the restriction of processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
- Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs. Such a right to object may not exist, in particular, if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
Please note that the aforementioned rights might be limited under the applicable national data protection law. Please refer any of your questions to firstname.lastname@example.org.
In case of complaints you also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence or alleged infringement of the GDPR.