Powered by Smartsupp
Menu
Your Cart

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the “GDPR”)

Dear Customers,
as of 25 May 2018, the GDPR indicated above has become fully applicable. This Regulation aims to ensure greater transparency regarding how companies use personal data belonging to natural persons (“data subjects”) in the course of providing the requested services.
In full compliance with the applicable EU and Italian legislation, our Company ensures the protection, confidentiality and integrity of your personal data. To this end, we have implemented specific organisational and security measures relating to the collection, use, storage and deletion of the personal information you provide to us as data subjects — that is, to you.
We invite you to read this short privacy notice, which contains useful information about how we process your personal data, why we request it, and how you can exercise the rights granted to you under the applicable legislation.

1. Data Controller

The Data Controller is Shop for Shop s.r.l.s., c.da Mendici, Strada provinciale Ragusa–Chiaramonte Gulfi km 4.660 – 97100 Ragusa, 01728940881. You may contact the Data Controller to exercise your GDPR rights at the following details: – E-mail: info@shopforshop.it, – Certified e-mail (PEC): .
The Company has developed an integrated remote-access search and consultation service (the “Service”), delivered via an online software platform enabling searches within a database and the display of results (the “Software Platform”), including multimedia thematic dictionaries. The Service is managed and provided through the website www.shopforshop.it (the “Website”).

2. Data Processors

For certain processing activities (such as the management of electronic payments, tax and invoicing requirements, and data storage on servers), we rely on external parties formally appointed as Data Processors. Each Data Processor guarantees — in accordance with the contract signed with the Data Controller — that data processing will be carried out in compliance with our instructions, ensuring the protection of the rights and personal data of all data subjects.

3. Which personal data do we collect and process?

The personal data processed by the Company are mainly ordinary data. Specifically, we collect and process the personal information strictly necessary to perform the contract for which the data are provided and/or to comply with legal obligations (including tax regulations), as well as to deliver the Service under the applicable terms and conditions.
Examples of the data we process include:

  1. name and surname, tax identification number, company name;
  2. contact details (address, telephone number, e-mail address);
  3. payment details (credit or debit card number, cardholder name, expiry date and CVV code);
  4. login credentials (“user ID” and “password”), strictly confidential and associated with the personal account created for use of the Service;
  5. data transmitted implicitly through the use of internet communication protocols (IP addresses, domain names of the devices used, URI/URL addresses), acquired by the IT systems and e-commerce platforms used to operate the Website and the Software Platform;
  6. account information enabling personalisation of the Service to improve usability;
  7. information relating to the use of the Service (number and duration of accesses, applications used, searches performed).
4. Why do we process personal data?

We collect and process your data solely to allow you to access and use the Service by registering and creating a user account on the Website.
Specifically, your personal data are processed for the following purposes:

  • pursuing the legitimate interests of the Company;
  • performing the contract for the requested Service;
  • processing electronic payments for the Service (1);
  • recording the service provided/payment received and fulfilling related tax obligations;
  • managing the customer database;
  • sending service communications;
  • performing statistical analysis consistent with the purposes pursued and respectful of users’ rights;
  • personalising and improving the Service for Users and Subscribers.

1. Please note: when payment is made by credit (or debit) card, the transaction is handled by an external service provider.

5. On which legal bases do we process your data?

The processing activities described above, depending on the type of data and the purpose concerned:

  1. are necessary to perform the contract entered into with the Company;
  2. are necessary to pursue the legitimate interests of the Company (as Data Controller);
  3. are required to comply with legal obligations, including tax obligations;
  4. are based on the freely given prior consent of the Customer.
6. Are you required to provide your personal data?

You are not obliged to provide your personal data; however, they are strictly necessary to perform the contract relating to the Service you request. Without them, the Company cannot fulfil the contract.
For the data indicated under letters f) and g), providing consent is optional; however, refusal may limit certain Website functionalities and may affect delivery of the Service.
Consent may be withdrawn at any time by contacting the Company.

7. How are your data processed?

Processing activities include collection, recording, organisation, consultation, processing, storage, communication and deletion.
Processing is carried out using both electronic and paper-based systems, including archiving in dedicated folders on the Company’s internal server and secure storage in non-public areas.
Data are also organised using specific records (e.g., spreadsheets) stored digitally, without enabling immediate identification of data subjects.
All personal data collected during registration and account creation are stored in electronic databases on cloud servers managed by Salvo Miciluzzo (Data Processor), whose data centres are located in Europe.
We do not collect your data for direct marketing. We conduct statistical analysis exclusively on the categories of data listed under paragraph 2, letters f) and g).
Only authorised personnel may access the data, including remotely, solely to manage the Service under secure internet connections.
With the exception of the categories listed above (e, f, g) processed through automated systems, all processing activities involve human intervention.

Cookie Law

A “cookie” is a small amount of data sent from a web server to the user’s browser and stored on the user’s device.
The Website uses “functional cookies” necessary for system operation and Service delivery. It also uses Google Analytics (2) for statistical purposes.
Cookies allow the Website and the Company to:

  • access account information to offer a more personalised service;
  • analyse access numbers, duration of visits and functions used.

No personal data such as name, surname, e-mail address or phone numbers are collected via cookies.
Cookies may be disabled (3), although doing so may limit certain functionalities and reduce Service performance.
2. Google Analytics is a web analytics service provided by Google Inc.
3. Guides for enabling/disabling cookies for major browsers are available: Chrome, Internet Explorer, Firefox, Safari, Android, iPhone, iPad.
View cookies

8. Who do we share your data with?

Data are processed exclusively by the Data Controller, appointed Data Processors and authorised Company personnel. Data are not transferred to third parties outside the European Union, except to Google Inc. (for Google Analytics), which ensures an adequate level of protection through its participation in the Privacy Shield programme.
Data may also be shared with Public Authorities when required by law.

9. How long are personal data stored?

The data listed under letters a), b) and c) of paragraph 2 are stored for the time required by law and for the proper performance of the contract, and in any case for no more than 10 years.
Data listed under letter d) are stored for the duration of the Service and for 12 months thereafter.
Data listed under letters e), f) and g) are stored for up to 26 months and then automatically deleted by Google Inc.

10. What are your rights?

Data subjects are granted the following rights under the GDPR:
Right of access (Art. 15)
You may request confirmation that your data are being processed and obtain access and a copy of such data.
Right to rectification (Art. 16)
You may request the correction or updating of inaccurate or incomplete personal data.
Right to restriction or erasure (Art. 18 and 17)
In certain circumstances, you may request the restriction or deletion of your personal data, subject to legal and contractual obligations.
Right to data portability (Art. 20)
You may request your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to lodge a complaint with the Supervisory Authority (Art. 77)
If you believe your data have been processed unlawfully, you may lodge a complaint with the Italian Data Protection Authority.

CONSENT TO THE PROCESSING OF PERSONAL DATA

Having read the Privacy Notice above, being aware of the type of data processed and the methods used, and in connection with the provision of the Service requested by me and the rights granted to me, I, the undersigned, give my consent solely for the categories of data listed in paragraph 2, letters f) and g):

  • I give my consent to the processing carried out through cookies to access and process account information for the purpose of offering a more personalised service;
  • I give my consent to the processing carried out through cookies to access information for analysis of site access numbers, visit duration and functions used.