Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

(GENERAL DATA PROTECTION REGULATION – GDPR)

As required by the General Regulation on the Protection of Personal Data of the European Union (GDPR 2016/679, art. 13), before proceeding with the processing, the interested party (user of the website https://lalupinella.com/) is informed that the Personal Data collected through the site are processed by the Company using IT and/or telematic tools, for the purposes indicated in this statement.

To this end, the information is submitted to the interested party Privacy prepared by La Lupinella Srl (hereinafter also “the Company” or “the Data Controller”), creator and promoter of the activities available on the site https://lalupinella.com/ (hereinafter also “the site”).

  1. Data Controller and Data Protection Officer

The Data Controller of Personal Data is La Lupinella srl, with registered office in via Pietramarina 53, 50053 Sovigliana, Vinci (FI) VAT number IT-01424930483.

The Company has appointed the Data Protection Officer (RPD or Data Protection Officer or DPO) pursuant to Article 37 of the GDPR, who can be contacted for clarifications and questions relating to the processing of personal data at the following addresses dpo@colorobbia.it.

For further information relating to the rights of the interested party, please consider the paragraph entitled "Rights of interested parties" of this information.

  1. Legal basis and purpose of processing

The personal data provided by the user when browsing the site https://lalupinella.com/ are processed by the Data Controller in accordance with current regulations regarding the protection of personal data.

The processing of your Personal Data by “La Lupinella” is aimed at pursuing the following purposes:

  1. Account Creation and Management: in the event that you decide to register, creating an account, on the website https://lalupinella.com/, your personal data will be processed by the Data Controller for the creation and management of your personal account and to allow you access to the the reserved area with its related functions.

In this context, if an employee of the Company registers, the processing is aimed at identifying the user as an employee of the Company to guarantee a discount on any purchases.

The legal basis of the processing for the indicated purpose is identified in the establishment and execution of the relationship established between the Data Controller and the interested party following the latter's request to create an account and access the Reserved Area of the site.

  1. Online shopping activity: if you proceed with the online purchase via the site, the Personal Data provided by you will be used for the purposes of establishing, managing, executing and/or concluding the online sales contract. The Data you provide will be processed by the Data Controller for the purposes of managing the purchase order with reference, by way of example, to payment, shipping, taking charge of any returns, customer assistance, execution of administrative/ accounting related to the management of the order, fulfillment of obligations established by current legislation. In this context, the legal basis of the processing is identified in the execution of the stipulated contract.
  2. Processing information requests: in the event that you decide to contact us using the appropriate e-mail address made available on the site in the "Contacts" section, the Data you provide may be processed by the Data Controller to process your request and provide you with the due information. In this context, the legal basis of the processing is identified in the Company's interest in processing the information requests made by the interested party.
  3. Nature of the treatment

In relation to the purposes letter. a) of the previous paragraph “Legal basis and purpose of processing”, the provision of your personal data is mandatory. Your refusal will make it impossible to allow you to create and manage your account with the related functions connected to it.

If you are an employee, any refusal will also make it impossible to guarantee you a discount when purchasing online.

With reference to the purpose letter. b) of the previous paragraph “Legal basis and purpose of processing” of this document”, the provision of your personal data is mandatory. Your possible refusal will make it impossible for La Lupinella to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore the impossibility of carrying out, for example, the activities related to payment, shipping , to take charge of any returns, to customer assistance, to the execution of administrative/accounting purposes related to the management of the order and to the fulfillment of obligations established by current legislation.

In relation to the purposes letter. c) of the previous paragraph “Legal basis and purpose of processing”, the provision of your personal data is mandatory. Your refusal will make it impossible to proceed with the acceptance and processing of any requests for information.

  1. Personal data processed

The Data processed by the Data Controller are those provided by the user when browsing the site Internet https://lalupinella.com/.

In particular, the Personal Data processed are:

  • In relation to the purpose lett. a) of paragraph 1 of this document “Legal basis and purpose of processing”, e-mail address (if the account is created) and employee code to be able to take advantage of the discounts (if the user is an employee);
  • With reference to the purpose letter. b) of paragraph 1 of this document “Legal basis and purpose of processing”, first name, last name, e-mail address, telephone number, city, zip code, state/province, country, company, bank details;
  • In relation to the purpose lett. c) of paragraph 1 of this document “Legal basis and purpose of processing", email address.
  1. Data Processing and Storage Methods

The processing of Personal Data is carried out by the Data Controller in compliance with the provisions of current legislation on the matter Privacy. The Data Controller processes Personal Data using IT and/or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this information, as well as adopting appropriate security measures in order to prevent access, disclosure, the unauthorized modification or destruction of Personal Data, their loss and their illicit and incorrect use. However, the Company cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or dispersion of the data by devices. pertaining to the user. For this reason, users of the site are advised to ensure that their computer is equipped with software adequate for the protection of data network transmission (for example antivirus updated) and that your own Internet Providers has adopted suitable measures for the security of data transmission over the network.

The Company also undertakes to process the Data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for the processing and to allow their use only by personnel for the authorized purpose. The management and storage of the Personal Data acquired will take place in archives or on server located within the European Union, owned by the Data Controller and/or third-party companies appointed as External Data Processors and, in any case, currently located in Italy.

In relation to the different purposes for which they are collected, the Personal Data will be kept for the time strictly necessary to achieve the same and, in any case, in compliance with the relevant regulatory provisions in force.

In any case, the Company will take care to avoid the use of the Data for an indefinite period by proceeding, on a periodic basis, to appropriately verify the actual continuation of the interest of the subject to whom they refer.

  1. Recipients and Data Processors

The Data collected will not be disclosed in any way, but will be processed within the limits and for the purposes described by the Company's employees on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc.). Some Data processing may also be carried out by third parties, appointed External Data Processors, of whom the Data Controller uses or could use in the context of the management of the contractual relationship, the provision of the services offered and for organizational needs of its business. In particular, the Data may be communicated to:

  1. subjects, public and private, who can access the Data pursuant to legal provisions, regulations or community legislation, within the limits established by such rules;
  2. subjects who need to access the Data for purposes related to the contractual relationship existing between the parties, within the limits strictly necessary for carrying out auxiliary tasks (such as, for example, banks and credit institutions, suppliers of technical services, hostingprovider, IT companies, communication agencies, postal couriers and shipping companies);
  3. consultants, within the limits necessary to carry out their professional duties.

The updated list of External Managers and subjects authorized for processing is kept at the headquarters of the Data Controller and is available to the interested party, upon request to be made via e-mail at the address privacy@lalupinella.com

 Transfer of Data abroad

The Data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the server in countries extra-EU. In this case, the Data Controller hereby ensures that the transfer of the Data extra-EU will take place in accordance with the articles. 44 ff. of the GDPR and the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.

  1. Rights of interested parties

As an interested party in the processing of data, we inform you that you have the possibility to exercise the rights provided for by the GDPR, namely:

  1. the right, pursuant to art. 15, to obtain confirmation as to whether or not data concerning you is being processed and, in this case, to obtain access to the Data and the following information: i) the purposes of the processing ii) the categories of Data in question; iii) the recipients or categories of recipients to whom the Data have been or will be communicated, in particular if third countries or international organizations; iv) when possible, the expected Data retention period or, if this is not possible, the criteria used to determine this period; v) the existence of the interested party's right to ask the Data Controller to rectify or delete the Data or limit the processing or to oppose their processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to articles. 77 ff. of the GDPR; vii) if the Data is not collected from the interested party, all available information on their origin; viii) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party; ix) the right to be informed of the existence of adequate guarantees pursuant to Article 46 of the GDPR relating to the transfer, if the Data is transferred to a third country or to an international organisation;
  2. the interested party will also have (where applicable) the possibility to exercise the rights referred to in the articles. 16-21 of the GDPR (right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object).

The interested party may at any time exercise the above-mentioned rights and request the updated list of data controllers by sending a request to the following email address privacy@lalupinella.com

La Lupinella Srl undertakes to respond to the interested party's requests within one month from receipt of the request, except in cases of particular complexity for which it could take a maximum of three months. In any case, the Data Controller will provide the interested party with evidence of the reason for the wait within one month of the request. The outcome of the request will be provided in writing or in electronic format. In the event of a request for rectification, cancellation or limitation of processing, the Data Controller undertakes to communicate the results of the requests received from the interested party to each of the recipients of your data, unless this proves impossible or involves a disproportionate effort.

The Company specifies that the interested party may be asked for a possible contribution if the questions are manifestly unfounded, excessive or repetitive.

The Company has appointed the DPO - Data Protection Officer (DPO) pursuant to Article 37 of the Regulation who may be contacted for questions relating to the processing of your Data, at the following address: dpo@colorobbia.it.

  1. Changes to this information

The Data Controller reserves the right to make changes to this document Privacy policy at any time by advertising it to users on the site https://lalupinella.com/. Please therefore consult this page often, taking as reference the date of last modification indicated at the end of the document. In case of non-acceptance of the changes made to this document Privacy Policy, the interested party may request the data controller to delete their personal data. Unless otherwise specified, the previous Privacy policy will continue to apply to Personal Data collected up to that point.



La Lupinella SrL
info@lalupinella.com – VAT number IT-01424930483
Privacy policy / Cookie policy / General conditions of Sale / Legal area / Environmental labelling