Our company uses the information deriving from the interactions with the user and other customers, as well as with some third parties, to provide high quality products and services, in compliance with the relevant legislation, i.e. D.Lgs [Italian Legislative Decree] no. 196/2003 (hereinafter “Privacy Code”) and EU Regulation no. 2016/679 (hereafter “GDPR 2016/679”), laying down provisions for the protection of individuals and other subjects regarding the treatment of personal data. The provision of data is optional; however, failure to provide it may prevent our company from offering adequate products and/or services that are requested.
The definition of “personal data” refers to any information relating to an identified or identifiable physical person. An identifiable person is a physical person who can be identified, directly or indirectly, specifically with reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his/her physical, physiological, genetic, psychological, economic, cultural or social identity.
The term “treatment” means any operation or sets of operations performed on personal data or on sets of personal data, including automated tools, such as collection, recording, organization, arrangement, preservation, adaptation, or the modification, recovery, consultation, use, disclosure by transmission, dissemination or otherwise made available, alignment or combination, limitation, elimination or destruction.
Specific categories of personal data
Pursuant to Articles 26 and 27 of Legislative Decree no. 196/2003 and Articles 9 and 10 of EU Regulation no. 2016/679, data may be provided that qualifies as “specific categories of data”, i.e. that data that may reveal “the racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic or biometric data intended to uniquely identify a physical person, and data relating to the health, sex life, or sexual orientation of the person”. These categories of data may be treated only after one provides his/her free and explicit consent, expressed in writing at the time of purchase or when a service is requested.
When you purchase an item on our site, create an account or sign an agreement with us, we will treat your common personal information according to those specific purposes. The same will also happen in case of pre-contractual or similar requests from the user. The legal basis that allows us to treat your personal data is contained in Article 6, Paragraph 1, Letter b) of the European Data Protection Regulation (EU) no. 2016/679 (GDPR), since the treatment of the user’s data is necessary for the execution of our contract with the user or the ability to manage pre-contractual and similar requests.
We may also treat your usual personal data on the basis of the rules contained in Article 6, Paragraph 1, Letter f), of the GDPR, unless your fundamental rights and freedoms prevail over our interests.
Our company has a legitimate interest in the treatment of the user’s personal data (name and email address), for both marketing and data analysis purposes. Our legitimate interest is based on your preferences, with the aim of personalizing our offer. Furthermore, we have a legitimate interest in the treatment of your personal data for the purposes of data analysis.
The Data Controller is DREAM BOULE MILANO S.r.l., in the person of the legal representative pro tempore Mr. Beniamino Crocco. In terms of the resulting legal responsibilities, the Data Controller is legally responsible for the storage and use of personal information on computers and/or manual files.
Data Protection Officer (DPO)
The Data Protection Officer (DPO) is DREAM BOULE MILANO S.r.l. The Officer in charge of the data treatment is Mr. Beniamino Crocco.
Purpose of the treatment
Our company uses information derived from interactions with the user and other customers, as well as specific third parties, to help provide high quality products and services, as well as for analytical purposes.
The treatment of data will be carried out in an automated and/or manual form, as specified below, in compliance with the provisions of Article 32 of the GDPR no. 2016/679 and Annex B of the Legislative Decree no. 196/2003 (Articles 33-36 of the Code), with respect to security measures taken by people specifically appointed by, and in compliance with the provisions of Article 29 of GDPR no. 2016/679.
Specifically, your personal data may be processed in the following ways:
Conservation of data
Pursuant to Article 5 of GDPR no. 2016/679, your personal data will be kept for the time necessary to achieve the purposes for which they are collected and processed.
Currently, we do not store user data. Starting from October, we will keep the data of registered users for billing and customer archives.
Existence of an automated decision-making process, including profiling
To provide adequate service to our users, we adopt automated decision-making processes, including profiling, according to Article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016. Specially, in our website, different technologies may be used, in order to improve and simplify navigation, and make the site more efficient and safe. Such technologies may entail the automatic collection of personal data by us or by third parties on our behalf. Examples of such technologies include cookies, flash cookies, and web analytics. Our website may, from time to time, contain links from and to the websites of our networks and associated partners. In case one of these links is followed, please take into consideration that these websites have their own privacy policies, for which we do not take any responsibility. Before sending any personal data to those websites, please check their policies.
Click-stream data: When a user visits our website, some data is sent from the user’s browser to our server, enabling us to optimize our services. The data is automatically collected and stored by us or by third parties on our behalf. Information about the user’s computer may be collected for system administration purposes, as well as for reporting aggregated information for internal marketing analysis purposes. This is data relating to the actions and navigation patterns of our users and may include the visitor’s IP address, data and time of visit, URL of reference (the site from which the visitor was referred from), pages visited and the user’s navigation on our website, and information on the browser used (type, version, operating system, etc.)
Currently, these do not exist. From October onward, they will be present, and this section will be fundamental in its explanation of our policies.
Retargeting technologies: our website uses retargeting technologies that allow us to direct advertising in a direct and personalized way to visitors who have already expressed interest in our products and/or made purchases through our partner websites. Retargeting technologies analyze user cookies and show advertisements based on their previous browsing behavior.
Currently, there are no retargeting technologies, and none are forecasted for the future.
Data provided by the user
In addition to data collected using automated methods, we also treat the data you have provided. These may include, by way of example:
Scope of communication and diffusion
Moreover, we inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for the necessary communications that may involve the transfer of data to public bodies, consultants, or other subjects to fulfill legal obligations.
Transfer of personal data
Your data will not be transferred to either the Member States of the European Union or to third Countries outside the European Union. [NO.]
Rights of the interested party
Pursuant to Article 7 of Legislative Decree no. 196/2003 and Articles 15 to 22 of EU Regulation no. 2016/679, you can, at any time, exercise the right to:
You can exercise your rights with a written request to DREAM BOULE MILANO S.r.l., Piazza Velasca 8, 20122 Milano, or to the email address: firstname.lastname@example.org.
Information security and data integrity
We take the appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access, particularly where the treatment involves the transmission of data over a network, and against all other forms of unlawful treatment and improper use.
Consequences of the failure to disclose personal data
You may not be able to create an account or make a purchase on our website if you are unable to provide certain information that is requested.
Changes to this policy
Last updated: July 2018