Xacus Srl, (hereinafter referred to as “Xacus” o the “Data Controller”), in its capacity of data controller and in consideration of the importance it recognises to the protection and security of personal data, would like to inform you that pursuant to art. 13 of the Law Decree No. 196, dated 30.6.2003 (hereinafter referred to as the “Privacy Code”) and art. 13 of the EU Regulations No. 2016/679 (hereinafter referred to as the “GDPR”) that your data will processed according to the methods and for the purposes detailed below.
1. Identity and contact details of the Data Controller and Data Protection Officer
The Data Controller is Xacus Srl, with registered office in Via J.F. Kennedy24, San Vito di Leguzzano (VI), Italy (hereinafter, the "Data Controller").
The Data Protection Officer is Eurostep Srl, domiciled for the task at the registered office in Via Feltrina Sud, 192, 31044 Montebelluna (TV), VAT 03896260241, email firstname.lastname@example.org (hereinafter the "DPO").
2. Subject Matter of the Processing
The Data Controller processes the personal and identification data (for example: first name, surname, company name, address, telephone number, email address, banking details and payment information - hereinafter the “Data”) that you disclose upon signature of the contract and any other services that you may request to the Data Controller. Health and Judicial Data will not be processed except for those that you may voluntarily provide us, fully aware that provision of such data is not mandatory to carry out the services that you request from us.
3. Purposes of the processing
Your personal data are processed:
A) without your expressed consent (art. 24 letters a), b), and c) of the Privacy Code and art. 6 letter b), e) GDPR), for the following service purposes:
- provide the services you have requested to the Data Controller for the provision of: e-commerce, integrated marketing, world wide operations, and omni-channel customer experience services;
- meet the obligations established by the law (administrative, accounting, and fiscal obligations), by regulations, by EU directives or by an order of the Data Protection Authority;
- exercise the rights of the Data Controller, for example the right to defence in legal proceedings;
B) Only upon your specific and separate approval (art. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following Marketing purposes:
- contact you by e-mail, snail mail and/or sms and/or phone to submit newsletters, marketing communications and/or advertising material about services and special offers.
4. Method of processing
The Processing of your personal data is performed through the operations detailed in art. 4 of the Privacy Code and art. 4 No. 2) GDPR and more specifically: collecting, registering, organising, storing, consulting, processing, amending, selecting, extracting, comparing, using, interconnecting, blocking, communicating, erasing and destroying the data. Your personal data will be subjected to paper and digital processing. The data will be processed and stored in our IT systems. The Data Controller will process your personal data for the time necessary to achieve the purposes detailed above and, however, for no longer than 10 years from the termination of the relationship for administrative purposes and no longer than 1 year from the data collection for Marketing purposes.
5. Access to the data
Your data may be accessible for the purposes referred to in articles 2.A) and 2.B):
- to employees and contractors of the Data Controller in their capacity of persons in charge and/or in-house Data Protection Officers and/or system administrators;
- to third party companies or other subjects (only by way of example but not limited to: credit institutions, professional firms, insurance consultants etc.) that carry out outsourcing activities in the role of external persons in charge of the processing.
6. Data Communication
Without the need for expressed consent (pursuant to art. 24 letters a), b), and d) of the Privacy Code and art. 6 letter b) and c) GDPR), the Data Controller shall disclose your data for the purposes detailed in art. 2.A) to the Data Protection Authority if it specifically so requests as well as to those entities to which disclosure is mandatory by law for the carrying out of the aforementioned purposes. These parties will process the data in their capacity of independent data controllers. Your data will not be disseminated.
7. Data transfer
Your personal data are stored in our IT system and for the storing of data servers located both in Italy and other European countries will be used. In any case, it is understood that the Data Controller, if necessary, shall have the right to move servers also outside the EU. In this case, the Data Controller hereby guarantees that the transfer of the data outside the EU will take place in accordance with the applicable legal provisions, and after signing the standard contractual clauses required by the European Commission.
8. Nature of data provision and consequences of refusal to provide the data
The provision of data for the purposes referred to in article 2.A) is mandatory. In their absence, we cannot guarantee the Services as specified in article 2.A)
9. Rights of the interested party
In your capacity of interested party, you shall have the rights referred to in Article 7 of the Privacy Code and articles 15 of the GDPR and specifically the right to:
i. obtain confirmation of the existence or non-existence of your personal data, even if not yet recorded, and their communication in an intelligible form;
ii. obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing performed with the support of electronic tools; d) the identification data of the data controller, data protection officer and person in charge appointed pursuant to article 5, paragraph 2 of the Privacy Code and article 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects that may become aware of the personal data as appointed representatives in the state territory, as managers or persons in charge;
iii. obtain: a) the updating, rectification or, when interested, integration of the data; b) the erasure, transformation into anonymous form or blocking of data unlawfully processed, including data whose storage is unnecessary for the purposes for which the data were collected or subsequently processed; c) confirmation that the operations referred to in letters a) and b) were notified also concerning their content, to those parties to which the data were communicated, except in the case where such fulfilment is not feasible or involves the use of means manifestly disproportionate compared to the right protected;
iv. oppose, in full or in part: a) for legitimate reasons the processing of your personal data as long as it is related to the purpose of the collection; b) the processing of your personal data for the purpose of sending advertising material. It should be noted that the right to oppose the data processing specified in the previous point b), for purposes of direct marketing through automated means extends to the traditional ones and in any case without prejudice to the possibility of the interested party to exercise said right even just in part. Therefore, the interested party may elect to receive only communications through traditional means or only automated communications or none of the two.
Where applicable, you shall also have the rights established in articles 16-21 of the GDPR (right to the correction of the data, the right to be forgotten, the right to limit the processing, the right to the portability of the data, the right to object), as well as the right to lodge a complaint with the Data Protection Authority. Please, also note that you shall promptly notify any updates to your data by email and/or registered letter with notification of receipt.
10. Methods for exercising the rights
You may at any time exercise your rights by sending:
- a registered letter with notification of receipt to: Eurostep Srl, Via Feltrina Sud, 192 - 31044 Montebelluna (TV)
- an e-mail to: email@example.com
Please, note that for the protection of your personal data, Eurostep Srl has appointed as Data Protection Officer Ms. Monica Del Toro who may be contacted at 348.9294312 or to the email address privacyeurostep.it
What are cookies?
Browser cookies are essential for enabling you to move in the website and use all its functions. Without them, the services requested cannot be provided, such as, for example, the shopping cart needed to purchase online and for e-billing. In this sense, browser cookies are necessary in that they are used to memorise a unequivocal identifier for the management and identification of a user, which is unique compared with those of the other users using the website at the same time. Examples of “events” for which the use of the browser cookies is needed: Remembering previous actions, in case the user browses backwards through the same pages during the same session. Management and sending of security tokens to the various services provided within the same site to identify, for example, the visitor’s status (registered, not registered) Browsing of the reserved area of the website. Guiding customers towards specific versions/uses of a service.
These cookies can be managed directly by eshop.xacus.com or by third party partners. Performance cookies can be session or persistent cookies and their use is limited to the performance and improvement of the website. These cookies collect information about how a visitor uses the website (e.g. pages visited). Under no circumstances do these cookies collect information for the purpose of identifying the user. All the information collected by these cookies is aggregated in anonymous form and used for the purpose of improving the functions of the website, including Web Analytics, affiliation systems, error management, A/B tests or multitests.
These cookies can be the property of eshop.xacus.com or of any of its partners. These cookies concern actions performed by the users on the website. They can be used, for example, to avoid again offering a user a service that they have already been offered and refused in the past. The functional cookies enable the users of a website to remember the user’s choices, including the username, language, country of origin etc. The information collected by these cookies is anonymous and cannot track the user’s conduct on other websites. Functional cookies are essential for enabling the website to remember the settings that a user has applied to a website, for example, the layout, font size, favourites, colour, etc.; remembering a choice so that the user is not again asked to fill in a questionnaire, identifying whether a service has already been offered, etc.
Third party marketing/re-targeting cookies
These cookies are used by the partners of eshop.xacus.com to present banners advertising eshop.xacus.com in other websites. While you are browsing on eshop.xacus.com, these same cookies are also used to show you products that might interest you or that are similar to those that you have looked at in the past, based on your browsing chronology. The use of these cookies can enable the website to connect to your computer or other devices and trace the saved data: these cookies connect to the browser installed on your computer or on other devices used when browsing on our website.
How can I disable cookies?
Most browsers automatically accept cookies but users can also choose not to accept them. This could prevent them from moving around freely from one page to another and from using all the unique features of the website. If you don’t want your computer to receive and memorise cookies, you can change the safety settings of your browser (Internet Explorer, Google Chrome, Safari etc.). In any case, parts of our Website only be fully used if your browser accepts cookies (for example the functions for adding items to the shopping cart and purchasing them). Some brief instructions on how to perform this operation in the four most popular browsers are provided below: Microsoft Internet Explorer Click on the ‘Tools’ icon in the top right-hand corner and select ‘Internet Options’. In the pop-up window select ‘Privacy’. Here you can adjust your cookie settings. Google Chrome Click on the spanner icon in the top right-hand corner and select ‘Settings’. At this point select ‘Show advanced settings’ and change the ‘Privacy’ settings. Mozilla Firefox From the drop-down menu in the top left-hand corner, select ‘Options’. In the pop-up window select ‘Privacy’. Here you can adjust your cookie settings. Safari From the drop-down settings menu in the top right-hand corner, select ‘Preferences’. Select ‘Security’ and here you can adjust your cookie settings. To find out more about cookies and how to manage or disable third party or marketing/re-targeting cookies, please visit www.youronlinechoices.com. To disable analytical cookies and prevent Google Analytics from collecting data about your browsing experience, you can download the browser Add-On for disabling Google Analytics. https://tools.google.com/dlpage/gaoptout.