Dear User, this document is aimed to inform you about how we process your personal data collected and/or provided by you through the website www.busattimilano.it (hereinafter the “Site“).

This notice has been prepared in accordance with EU Regulation 2016/679 (the “GDPR“) and Legislative Decree 196/2003 et seq.

1. DATA CONTROLLER 

The Data Controller is Busatti Milano S.r.l., VAT No. 08452660965, REA Registration No. MI-2027466 with registered office in Via Paolo Andreani 4 – 20122 Milano (MI), VAT No. 08452660965, PEC: busattimilano@pec.it, fax 02 86452055, e-mail info@busattimilano.com, tel. T: +39 0249590640 (hereinafter “Busatti” or “Controller“).

2. TYPES OF DATA AND CONFERMENT

We indicate, below, the types of personal data (the “Data“) processed by the Data Controller.

2.1 Browsing data. While browsing the Site, its normal software procedures acquire certain personal data whose transmission is implicit in the very use of Internet communication protocols. This is information that is not intended to be associated with identified users but, when associated with other data held by third parties (e.g. your internet service provider), could allow the identification of users of the Site. Browsing data include IP addresses or domain names of the computers used by the user connecting to the Site, the addresses in URL (Uniform Resource Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system. The provision of users’ navigation data is automatic (therefore, mandatory) when accessing the Site.

2.2 Cookies. In addition to technical and functional cookies, and only with your express consent, personal data may be processed through the use of electronic tools known as cookies, in order to improve the range of services rendered by Busatti through the Site. 

For more details on cookies and their processing, please refer to the relevant policy. .

2.3 Data voluntarily provided by users . Through the Site, the user may voluntarily provide certain personal data, such as first name, last name, address, data relating to their credit card, e-mail address, tax code and/or VAT number, as necessary for the provision of various services provided by Busatti for the purchase of products on the Site. If, by connecting to the Site, you intend to send your personal data, through the appropriate sections, Busatti will process such data in order to respond to your request or to provide the requested service and, where necessary, subject to your express consent, to send commercial and promotional information, market research on products and services of Busatti by means of automated contact methods (e-mail). It should be noted that any voluntary sending of electronic mail by the user of the Site to the e-mail addresses indicated in the same involves the acquisition of the sender’s address as well as any other information contained in the message; such personal data will be used for the sole purpose of performing the service or provision requested.

3. METHODS AND PRINCIPLES OF PROCESSING

The data will be processed in accordance with the GDPR, Legislative Decree No. 196/03 and ss.mm., as well as the principles of lawfulness, correctness and transparency, minimization, relevance, proportionality, adequacy and limitation of storage, by paper and computer, by persons authorized by Busatti and with the adoption of appropriate protective measures, so as to ensure the security, integrity and confidentiality of data. 

4. PURPOSE AND LEGAL BASIS OF DATA PROCESSING

For convenience and ease of understanding, the following is a list of the purposes for which your Data are processed and the relevant legal bases that legitimize these forms of processing.

It is represented that the processing of personal data for the Purposes of Legitimate Interest is carried out in accordance with Article 6 (f) of the GDPR for the pursuit of the legitimate interest of the Data Controller which is fairly balanced with its interests, rights and freedoms in that the processing activity of the Data is limited to what is strictly necessary for the performance of the operations indicated in the table above. 

It should be noted that processing for the Purposes of Legitimate Interest is not obligatory and you may object to such processing in the manner set out in this notice, but should you decide to object to such processing, your Data may not be used for Purposes of Legitimate Interest, except where the Data Controller demonstrates the presence of compelling legitimate grounds prevailing or for the exercise or defense of a right under Article 21 of the GDPR.

The processing of your Personal Data for Marketing Purposes is optional and is subject to your prior consent, pursuant to Article 6(a) of the GDPR. Failure to provide consent does not prevent you from using the Site; however, if you deny your consent, you will not be able to receive marketing communications from the Data Controller. In any case, you may revoke any consent you may have given at any time in the manner set out below.

5. COMMUNICATION AND TRANSFER OF DATA 

The data will be processed by the employees or collaborators in charge of the processing of the Data Controller and the other subjects (IT service providers, marketing companies, lawyers) who are autonomous data controllers or appointed as data processors. The data will not be disclosed to third parties unless required by law or judicial authority and will not be disseminated in any way.

In particular, your data (first name, last name, address) may be transferred to companies outside of the Controller that will take care of the delivery of the Products that you will have purchased on the Site.

6. DATA RETENTION

The Controller retains your personal data for as long as it is necessary for the fulfillment of the purposes for which it was collected, as stated in Section 4 of this document. 

In general, the Controller retains personal data if required to do so by regulatory obligations and until the statute of limitations expires in order to be able to enforce any existing legal claims.

Browsing data will be retained for no more than seven days, except for any need for the investigation of crimes by the judicial authority.

The data voluntarily provided by users are kept for the period necessary for the execution of what users request, however, no longer than three months, and until cancellation request in the case of the newsletter .

In particular:

• for Contractual Purposes , Purposes of Law and Legitimate Interest, the Data collected will be retained for the period of 10 years following the date of collection of the same, except in cases where retention for a later period is required for possible litigation, requests of the competent authorities or pursuant to applicable legislation.
• for Marketing Purposes, the Data is retained for the period of 24 months following the date of its collection.

For example, we keep transaction history so that you can review the purchases you have made (and repeat orders if you wish) and to which addresses you have requested orders to be shipped, as well as to improve the suitability of the products and content we recommend. 

Storage of personal data in electronic form will take place on servers located within the European Union. 

7. RIGHTS OF THE DATA SUBJECT

In your capacity as a data subject, you may exercise your rights at any time within the limits of the applicable regulations by sending an e-mail to sales@busattimilano.com.

In particular, it will have the right to:

• Obtain confirmation of the existence or non-existence of Data concerning you and be informed about the content and source of the Data, verify its accuracy and request its supplementation, updating or modification; 
• Obtain the deletion, transformation into anonymous form or blocking of any Data processed in violation of the applicable law; 
• revoke, at any time, consent to the processing of Data (in relation to the processing for which such consent may be necessary, such as, for example, processing for marketing purposes), without in any way affecting the lawfulness of the processing based on the consent given prior to revocation;
• object at any time to the processing of Data for Purposes of Legitimate Interest, except where the Data Controller has overriding legitimate reasons or the need to assert or defend a right in any legal proceedings;
• Request restriction of the processing of one’s Data in the event that:

1. You challenge the accuracy of your Data, for the period necessary to verify the accuracy of that Data;
2. processing is unlawful and you object to the deletion of your Data by requesting that its use be restricted; 
3. although the Data Controller no longer needs it for processing purposes, the Data is necessary for the establishment, exercise, or defense of a legal claim; or
4. You have objected to the processing pursuant to Article 21(1) of the GDPR pending verification of whether the Owner’s compelling legitimate grounds for continuing the processing prevail;

• Request the deletion of Data concerning you without undue delay; 
• Obtain portability of your Data;
• Propose a complaint to the relevant Supervisory Authority.

8. SECURITY MEASURES 

Busatti uses “secure” and appropriate technologies to protect personal data so as to minimize the risks of destruction or loss of data, unauthorized access, or processing that is not permitted or not in accordance with the purposes of collection.

Last Update: 19/12/2023