Top Gres srl deals with the management of sales made through e-commerce (for example: order management, sale and delivery of products through third subject couriers, management of return products, guarantees and other activities necessary for the sale of products through an e-commerce), but it DOES NOT take care of the transactions that will be carried out by the User/Data Subject himself through:
- their own bank (in case of bank transfer payment); or
- Paypal (in case of PayPal account or credit card payment); or
- Couriers (in case of payment on delivery ).
To buy products on this website isn’t required to be registered to the e-commerce, being possible use the "express checkout" service, which allows the User/Data Subject to purchase products without registration to the e-commerce.
Top Gres srl will process the personal data provided by the User/Data Subject, at the time of registration to the e-commerce’s personal area or to another services provided by this website or at the moment of the eventual conclusion of the online purchase contract, in compliance with the provisions of EU Regulation 679/2016 (GDPR) and the relative legislation.
1. Controller (DPO and Data Handler)
The Controller is Top Gres srl, based in Via Pastore n. 1, 31038 Postioma di Paese (TV), Italy, contactable at firstname.lastname@example.org or phone number 0422 484206.
The processing operations will be carried out by Data Handler appointed by the Controller, who will operate under his direct authority in accordance with the instructions received.
2. Type of Personal Data Collected and processed
The computer systems and software procedures used to operate this website and the e-commerce acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
The collected data includes information on accesses, such as IP addresses and domain names of the computers used by users connecting to the site, as well as other parameters concerning the IT environment used by users (such as: the Internet browser used , the operating system, the domain name of the website visited last before accessing our website, the number of visits, the time spent on our website and the accessed pages).
These data are used only for obtaining anonymous statistical information on the use of the site and to check its correct functioning.
This data, automatically collected, are not associated with any data from other sources consequently preventing the identification of the Data Subjects. However, we reserve the right to verify and associate these data retrospectively if specific information on illegal use is brought to our attention.
Data provided voluntarily by the User
However, if the User decides to send spontaneously and freely e-mail or mail to the addresses indicated on this web site, this will result in the subsequent acquisition of the sender's e-mail or mail address and any other personal data inserted in the message necessary to reply to the requests.
The personal data collected in this case are exclusively related to:
- Identification data (for example: name, surname, address, telephone, fax, e-mail, etc.).
- Tax information (if required by law - for example, tax code, VAT number, etc.).
Personal data sent to us of different nature or not related to those specified above (such as sensitive or judicial personal data) will be processed in compliance with Regulation EU 2016/679 and related legislation only with express consent of the Data Subject and only if necessary to achieve the required purposes, otherwise they will be ignored and not treated or destroyed, with the exception of those necessary for the fulfillment of contractual or legal obligations.
This website and e-commerce uses various cookies to improve and make easy the navigation.
The personal data provided during the use of this website and the e-commerce (by the registration to the e-commerce or by the "express checkout" service) will be processed for the following purposes:
- operation and improvement of navigation within this website and e-commerce;
- supply, improvement and support of our online services;
- receive and provide to requests in case of exercise of personal data protection rights and carry out all consequent activities;
- manage and possibly block fraudulent or illicit e-commerce uses;
- marketing only if and where provided and only with a new, separate, free and express consent of the User/Data Subject
- legitimate interest of the Controller;
- Law and Regulations obligations.
- allow registration to e-commerce and manage access to related services and functions (for example: choose the option "Remember" so that it is not necessary to provide the "log-in" details again every time you log-in but we do not recommend it if the computer is shared with other people);
- allow and facilitate the purchase of products online and the possible conclusion of the purchase contract through the e-commerce;
- maintain and manage the account created as a result of registration to the e-commerce;
- store data and information in the created account, (for example: personal data, the history of orders / purchases / returns, preferred delivery and billing addresses);
- allow to put the products in the cart and to conclude the purchase contract through e-commerce;
- allow and facilitate the purchase of products online and the possible conclusion of the purchase contract through e-commerce for those using the "express checkout" service not registering themselves to the e-commerce;
- execute the purchase contract and its related purposes and fulfill all the legal obligations connected to it;
- execution of administrative and / or accounting and / or fiscal obligations related to the provision of e-commerce services and / or the purchase contract concluded (for example: keeping the accounting records and invoices);
- delivery the sold products by courier;
- assistance and customer care activities (for exsample: providing feedback to users/data subjects about the information requested or answers to complaints and reports);
- provide feedback for the exercise of the withdrawal right and/or conformity legal guarantee and/or other rights arising from the concluded e-commerce purchase contract and/or provided by law in relation to this contract and/o service rendered, and after to carrying out the necessary activities resulting from the exercise of these rights and to proceed, where appropriate, to the relative reimbursements;
- marketing and/or profiling only if and where provided and only with a new, separate, free and express consent of the User/Data Subject;
- manage and possibly block fraudulent or illicit e-commerce uses;
- guarantee the respect of the contractual rights of the Controller and the relative legitimate interest (for example: to demonstrate that Controller have fulfilled the obligations arising from the contract with the Data Subject or imposed by law).
Data processing for purposes other than those specified here will not be made unless new and express consent of the Data Subject and delivery of the relevant information.
4. Obligation and Optionality to provide data
The data transmitted in the implicit use of internet communication protocols, as previously specified, are automatically conferred and necessary to start browsing the website and e-commerce.
About the e-commerce and other online services offered on the website, the conferment of data:
a) in the e-commerce personal area registration form; or
b) in the order form, delivery form or the billing form in the e-commerce personal area; or
c) in the order form when using the "express checkout" service; or
d) in the registration form of other services offered on the website and the e-commerce;
is optional excluding those ones in the form indicated as mandatory.
This ones, in fact, are necessary to ensure:
i. the fulfillment of contractual and legal obligations;
ii. the correct and lawful use of e-commerce and other services;
iii. the protection of any intellectual rights and works;
iv. achieving the purposes listed above;
so, the refusal of the Data Subject to provide them will determine the impossibility, depending on the case, to use the services offered through the website and/or to proceed with the purchase and to conclude the contract through the e-commerce.
Moreover, after the purchase of products through e-commerce, are collected data concerning: purchase, shipping and related tracking, complaint, return, cancellation and other activities carried out by the Data subject in the e-commerce that concerns his orders, so he can have an archive and information about his purchase activities and status.
5. Methods and Place of Processing
The data will be processed with computer, paper and other useful tools to achieve the purposes of this policy and/or contract, in compliance with the security measures required by current legislation.
The processing connected to the web services of this website and e-commerce takes place at the aforementioned headquarters of the Controller and is only handled by authorized data handler, or by data handler in charge of occasional maintenance operations.
The transfer, storage and processing of the Data Subject’s data collected through this website and e-commerce are ensured by appropriate technical and security measures.
The collected data are stored on a secure server, protected by firewalls and physically located in a web farm with controlled access located in Italy or the EU, while the data downloaded and processed in paper form are stored in special databases ensuring compliance with appropriate safety regulations.
The Data Subject’s data contained in personal areas (for example: the personal area of e-commerce) are protected by access keys chosen by himself, the passwords are not recorded in clear text but protected with MD5 technology.
In addition, the website and the e-commerce are both delivered with HTTPS encrypted connection.
In any case, for the purposes of this paragraph, the Controller ensure the observance of specific security measures to prevent the loss of data, illicit or incorrect use and unauthorized access, in compliance with the laws and regulations.
About the purchase of products through e-commerce, the processing of data is necessary for the fulfillment of the related contract and the other legal obligations.
7. Data transmission to third parties
Data Subject’s data are communicated to third parties in the minimum extent necessary for the fulfillment of contractual and legal obligations and/or only by explicit request of the Data subject himself.
The subjects, to whom the data are communicated, act as external data processors designated by the Controller through a specific contract ("Processors") or persons authorized to process data under the direct authority of the Controller ("Data Handler"), except in cases where the recipient acts as an independent data Controller (for example: in the case of the couriers or external systems used for payments)
The data will be also provided to the competent Authorities in the case of legal obligations.
The Data Subject’s data can be communicated by the Controller to the following categories of recipients:
- Companies, consultants or professionals who may be in charge of installation, maintenance, updating and management of the Controller's hardware and software, including the suppliers of "cloud computing" services.
- Companies that provide logistical support and/or warehouse and/or packaging and/or shipping and delivery of products purchased on e-commerce.
- All those subjects, including public authorities, who have access to data by regulatory or administrative provisions.
- All those public and/or private subjects, natural and/or legal persons (legal, technical, commercial, administrative and fiscal advisors, etc.), if the communication is necessary or functional to the correct fulfillment of the contractual obligations assumed in relation to e-commerce services and the purchase contract, to the obligations arising from the law or to the exercise or defense of a right (for example: detect and prevent security threats, fraud or other malicious activities, protect and/or enforce the rights and intellectual property of third parties, protect the rights and personal security of our employees and third parties, etc.).
8. Abroad data transmission
The personal data of the Data Subjects are not transferred to third countries outside the EU.
9. Data Retention Period
The provided data will be kept for the time strictly necessary for the performance of the individual processing activities (for example: registration data will be processed until the closure of the account, taking in mind the necessary technical times, the data required to conclude the contract until the delivery of the product or, in case of non-delivery, until the termination of the contract, etc.).
Expired that term, in any case, the data will be retained for 1 year, and stored for longer periods only in the cases provided by current legislation or only in the case of the legitimate interest of the Controller.
Beyond these terms the data will be deleted, retaining only those data related to the fulfillment of legal and tax obligations, withheld for the maximum periods established by the relevant laws and regulations (for example: for tax obligations the relevant data will be withheld for 10 years).
10. Absence of an Automated Decision Making Process
There is no automated decision-making process on this website and no profiling system.
11. Data Subject Rights
Data subject has the right to:
a) Obtain confirmation of the existence of personal data concerning him, even if not yet registered, and their communication without delay in an intelligible form.
b) Require information on your personal data stored by us (ex: origin, purposes, methods, categories, applied logic, retention period, rights, identification data of the Data Controller, subjects or categories to which data can be communicated) by writing us.
c) Withdraw consent to the processing of data.
d) Demand erasing of data.
e) Require the transformation and / or the limitation or the block of processed data in violation of the law.
f) Require updating, rectification or integration of data.
g) Obtain his personal data, provided to the Controller, in order to transmit it to another Controller.
h) Ask for confirmation that the aforementioned operations have been brought to the attention of which data have been communicated, except in the case where this fulfillment is impossible or involves disproportionate duty respect to the protected right;
i) Oppose, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection.
j) Propose a complaint to the Privacy Authority (in Italy: www.garanteprivacy.it ).
For further information regarding laws and privacy rights, the Data Subject can visit the website of the respective competent Privacy Authority.
Privacy Authority in Italy: www.garanteprivacy.it .
The Data Subject who wants to exercise his right must use the contacts of the Controller.