This page describes the management methods of the rushitaly.com web portal with reference to the processing and protection of the personal data of the users who consult it and interact with it. This is a disclosure issued and published pursuant to Art. 13 of the European Regulation 2016/679 and in accordance with the Legislative Decree 2003/196 "Code regarding the protection of personal data", as supplemented and amended by the Legislative Decree 2018/101, and intended for those who interact with web and e-commerce services of clothing, sports articles and accessories with the Rush Italy brand of Spazio Retail Limited liability company, whose services are electronically accessible from the address: rushitaly.com.
The Policy is provided only for the aforementioned site owned by Spazio Retail limited liability company and not for other websites that may be consulted by the user via links or embedded.
1. Data Controller
The Data Controller of personal data for the treatments carried out on rushitaly.com web portal. is Spazio Retail limited liability company, with registered office in Via Francesco Crispi, 26, 156, 80121, Naples (NA), and administrative offices in Via Trivio Quaranta, 1, 81025, Zona Industriale, Marcianise (CE), VAT number 03953040619.
2. Data Protection Officer
The Data Controller has not appointed a Data Protection Officer.
3. Browsing Data
The computer systems and software procedures used for the functioning of rushitaly.com e-commerce portal acquire - during their normal operation - some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code that indicates the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user's IT environment.
These data, these data, which are necessary for the use of web services, are also processed for the purpose of:
· obtaining statistical information on the use of the services,
· checking the correct functioning of the services offered,
and they are deleted after their processing.
These data could be used to ascertain any responsibility in case of hypothetical computer crimes against the site.
5. Personal data processed and acquisition procedure
Personal information, anagraphic data, tax and contact data will be processed by the Data Controller and will be collected and acquired directly from the Data Subject.
Spazio Retail limited liability company may acquire this information, on the occasion of:
· filling in the forms (fill in the form) on the web portal;
· the creation of a user profile for generating the reserved area;
· the release of their own data to proceed with the purchase as a visitor;
· the Data Subject sending messages and communications (see the next section "Data provided by the user").
6. Data provided by the user
The optional, explicit and voluntary sending of messages and communications by the users to the Data Controller through forms or contact addresses or on social media profiles/pages (where this possibility is foreseen), involve the acquisition of the sender's contact data, which are necessary to respond, as well as all personal data included in communications.
7. Legal Bases for Processing Personal Data
The legal bases that legitimize the processing of the Data Subject's personal data, pursuant to and for the purposes of Art. 6, paragraph 1, of the European Regulation 2016/679, are:
· consent of the Data Subject (letter a),
· the execution of a contract or pre-contractual measures (letter b),
· the fulfilment of obligations established by law (letter c),
· the legitimate interest of the Data Controller or third parties (letter f).
8. Purpose of data processing
The personal data requested through the rushitaly.com web portal, according to the aforementioned legal bases, are collected and processed for the following purposes:
a) the execution of a contract or pre-contractual measures
· to find user communications received through the fill-in forms and forms on the Rush Italy portal or the contact addresses published therein; or to respond to messages received through our pages on social media or marketplaces;
· to create a reserved area with the customer's or potential customer's user profile;
· to finalize purchase orders for products from customers logged in to their user profile or by completing the checkout form as a customer-visitor;
· for administrative purposes related to the fulfilment of contractual obligations;
· for the management of transport and delivery;
· for carrying out post-sale customer care activities;
b) the fulfilment of obligations established by the law
· for the fulfillment of regulatory obligations such as those of an accounting, tax or deriving from the consumer code or commercial law;
· to process requests from Public Bodies in the exercise of their functions or from supervisory authorities;
· for the activation and management of the right of withdrawal;
c) legitimate interest of the Data Controller or third parties
· to protect the positions and rights arising from the relationship between the user and Spazio Retail limited liability company;
· to carry out communication activities aimed at maintaining its users (see the following section “Subscription to the newsletter for legitimate interest of the Data Controller);
d) consent of the Data Subject
· for sending promotional messages and advertising material on Rush Italy products and on Spazio Retail limited liability company, by post, e-mail, by telephone via operator, sms or instant messaging applications;
· for carrying out market research and surveying the degree of user satisfaction.
9. Subscription to the newsletter for the legitimate interest of the Data Controller
Pursuant to paragraph 4 of Art. 130 of Legislative Decree 2003/196, as amended by Legislative Decree no. 101 of 2018, according to the legitimate interest of the Data Controller in order to maintain its users - referred to in 'Article 6, paragraph 1, letter f of the European Regulation 2016/679 - Spazio Retail limited liability company, when the interested party becomes a customer, may send commercial communications to the latter, by e-mail, whose are related to the products of the Data Controller Treatment that are similar to those that the Data Subject has already used in the past.
Spazio Retail limited liability company will not proceed with this treatment when the Data Subject refuses such use, initially or on the occasion of subsequent communications: in this regard, the interested party can oppose this treatment at any time, easily and free of charge, using the quick unsubscribe button at the bottom of the communications received through the newsletter service or by contacting the Data Controller, or using the following panel to manage settings on the newsletter:
10. Nature of the provision
The provision of personal data compared to the purposes whose legal basis is (a) the execution of pre-contractual measures or a contract, (b) the fulfilment of obligations established by law and (c) the legitimate interest of the Data Controller or third parties: although not mandatory, it is necessary for the achievement of the purposes described above. Therefore, failure, partial or incorrect conferment could jeopardize the establishment or regular conduct of the purchase relationship with Spazio Retail limited liability company - Rush Italy, or will make it impossible to implement the contractual commitments deriving from and/or the execution of regulatory obligations.
On the other hand, with regard to the purpose whose legal basis is (d) the consent of the interested party, the provision of personal data is optional and the processing of the same is subject to the issue of express and unambiguous consent by the interested party. Any refusal to grant consent has no other effect than that of not being able to communicate commercial or promotional information to the interested party or to detect their satisfaction.
11. Methods of treatment and storage: security and protection measures
The Data Controller undertakes to comply with the EU (European Regulation 2016/679) and national (Legislative Decree no. 196 of 2003, as integrated and amended by Legislative Decree no. 101 of 2018) legislation on the protection of personal data and the guidelines as well, opinions and dispositions of the Italian Data Protection Authority, the European Data Protection Authority and the European Committee for the Protection of Personal Data.
We remind you that the word processing means any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Personal data are processed with computer and analog systems, according to the principles of correctness, loyalty and transparency established by the applicable legislation on the personal data protection and protecting the privacy of the Data Subject and his rights by adopting suitable technical and managing structures aiming to guarantee a level of safety appropriate to the risk.
The data will be processed using suitable security tools to ensure its confidentiality, integrity and availability. Specific security measures are used to prevent or reduce the risk of violation, loss, illicit use, dissemination or unauthorized access to the personal data processed. The Data Controller does not use fully automated decision-making processes that can produce legal effects for the Data Subject, or profiling activities of the Data Subject.
The security of the source - recipient data communication on the rushitaly.com web portal is ensured by the adoption of the "HyperText Transfer Protocol over Secure Socket Layer (HTTPS)" with encrypted connection, using asymmetric encryption, "Secure Sockets Layer (SSL) ". The SSL certificate used on rushitaly.com is issued by the R3 Certification Authority.
The personal data processing will take place on servers or archives located within the European Union of the Data Controller and / or third-party companies in charge. Currently the servers and archives in use by the Data Controller are located in Italy, while the rushitaly.com server hosting is located in Germany. Any transfer of personal data outside the European Union or the European Economic Area will be governed by specific contracts aimed at requiring the recipient to comply with the adequate guarantees provided for by the current community legislation on the protection of personal data, pursuant to and for the effects of article 44 and following of Regulation 679 of 2016. In this case - by requesting a copy from the Data Controller - the interested party will always have the right to consult the agreement stipulated with the recipient with regard to the guarantee and security measures that the latter will have to adopt.
12. Duration of the personal data processing
Personal data will be processed and stored, in paper and / or electronic format, for the time strictly necessary to pursue the purposes for which the data were collected and, in any case, no later than the terms established by current legislation, therefore:
· the personal data deemed for the creation of one's own reserved area as a user profile on the Rush Italy e-commerce platform will be processed and stored until deleted by the user or, in case of prolonged inactivity of the reserved area, they will be automatically deleted after 5 years from the last access;
· information connected to the sales relationship, also related to the possible management of transport and delivery or in the exercise of the right of return, will be processed during the finalization of the purchase and the sales activity and stored no later than 10 years from the execution of the same;
· • tax and accounting documents will be kept for no more than 10 years from the end of the fiscal year to which they refer;
· the personal and contact data provided for marketing purposes or for the detection of satisfaction will be processed for a maximum period of 24 months from the acquisition of the consent by the Data Subject. When this term expires, the data will be deleted or made anonymous and, in any case, the Data Subject may be asked to give new consent to the processing of his personal data for the same purposes;
· the personal and contact data used to send the newsletter in relation to the legitimate interest of the Data Controller for the maintenance of its customers will be used up to a maximum of 5 years from the year to which the last purchase refers. The data Subject may anyhow oppose the processing by following the indications in section no. 7 of this Policy.
These terms may be extended as long as there are civil and criminal liability of the Data Controller or coverage of insurance policies connected to the processing in question, indeed upon the occurrence of regulatory and / or tax conservation obligations; likewise, the conservation terms will be suspended in the event of disputes, mediations, investigations, judicial proceedings, control and/or inspection activities.
13. Minimum age
Protecting the safety and privacy of minors is very important to us. On the occasion of the acquisition of personal data for purposes requiring the consent of the Data Subject or when creating the user profile, the latter - in compliance with Recital no. 38 and pursuant to paragraph 1, of Art. 8, of the European Regulation 2016/679 - must confirm that they are at least 16 years of age.
14. Recipients of the processing of personal data
The personal data collected, to the extent of their specific competence, may be communicated and processed by:
· subjects who manage, monitor and maintain the web portal or applications connected to it;
· subjects specialized in the supply, management and maintenance of information systems, applications, software and / or electronic and telematic tools;
· subjects specialized in surveying consumer satisfaction and carrying out market research,
· subjects who provide assistance and consultancy in accounting, administrative, business, legal, tax and financial matters;
in their function of Data Processors.
· Employees, trainees, apprentices, interns and collaborators;
in their function as designated people authorized to process personal data.
The activities deriving from these communications will not exceed the purposes of the processing described here, and the personal data will not be transferred to other third parties not belonging to this list of recipient categories and so far they will not be subject to disclosure. The updated list containing the references of the appointed managers and processors is always available at the administration offices of Spazio Retail limited liability company.
The following subjects may also have access to personal data:
· public administrations, bodies, institutes or judicial and / or control authorities for the performance of institutional functions and compliance with the law;
· auditing bodies;
· banking and/or insurance institutions, or payment system operators;
· companies that carry out shipping and delivery activities;
· other subjects whose right to access your personal data is recognized by provisions of national law or secondary or community legislation;
these subjects will process the data in their role of independent Data Controllers.
15. Content Management System and e-commerce functions
The rushitaly.com web portal is created with the PrestaShop open source content management system, a CMS (content management system) that allows the portal to function as an e-commerce area, and, in addition, allows authors to publish content and users to access it easily both from computers and mobile devices.
PrestaShop systems process the personal data of the Data Subjects directly on the hosting server that is used by the Data Controller, and do not transfer data on platforms owned by third party suppliers.
16. Social plugins or third-party services
The rushitaly.com e-commerce portal uses Social plugins or third party services. Social plugins or third-party services are special tools that allow you to incorporate or integrate the functions of digital services, social networks, newsletter providers, directly within the website (for example, but not limited to these, the functions “Login with Facebook","Login with Google","Share on social networks" or "Subscribe to the newsletter").
The rushitaly.com web portal uses digital services interacting with the processing of personal data from the following third-party suppliers:
When you visit a page of our site and interact with a third-party plugin (for example by using the "subscribe to the newsletter" function) the corresponding information is transmitted from the browser directly to the service provider's platform and processed by it and/or preserved.
All integrations with social media on the site are, however, marked with the logo owned by the social network platform to which they refer.
For information on the purposes and methods of collection, treatment, processing, use and storage of personal data by social network platforms, providers or suppliers of digital services that interact with the processing of personal data on the rushitaly.com platform, as well as for the terms with which the Data Subject may exercise his rights with the latter, please consult directly the privacy policies of the respective third parties.
17. Payments management
The external services for the management of payments allow the e-commerce portal rushitaly.com to process payments by credit card, bank transfer or other tools. The information and data used for payment (for instance, the credit card number) are acquired directly by the payment service manager without being processed in any way by the Data Controller, without prejudice to the data that are subsequently shared by the manager of the banking or payment service (for example the customer's IBAN code) with Spazio Retail limited liability company.
Some of these services may also allow the scheduled sending of messages to the user, such as emails containing invoices or notifications regarding payment. Spazio Retail limited liability company uses the following online payment managers for the rushitaly.com web portal:
18. Rights of the Data Subject
According to the provisions of European Regulation 2016/679, where applicable, the Data Subject has the following rights towards the Data Controller:
· Right of access (article 15) - obtain confirmation that personal data concerning him are being processed or not and to obtain access to personal data;
· Right of rectification (article 16) - obtain the rectification of inaccurate personal data concerning him without undue delay;
· Right to cancellation or oblivion (Article 17) - obtain the cancellation of personal data concerning him without undue delay and the Data Controller is obliged to cancel personal data without undue delay, if certain conditions are met;
· Right to limitation of treatment (article 18) - obtain limitation of treatment in certain cases;
· Right to data portability (article 20) - receive the personal data concerning him provided in a structured format, commonly used and readable by an automatic device and have the right to transmit such data to another Data Controller, without impediments from part of the data controller to whom he provided them, in certain cases;
· Right to object (article 21) - oppose at any time, for reasons connected with his particular situation, to the processing of personal data concerning him;
· Right not to be subjected to automated decision-making, including profiling (article 22) The interested party has the right to object at any time, for reasons connected with his particular situation, to the processing of data concerning him pursuant to article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions;
· Right to receive, without undue delay, communication of the violation of personal data suffered by the Data Controller (article 34);
· Right to withdraw consent at any time. The withdrawal of consent not affect the lawfulness of processing based on consent before its withdrawal (article 7).
In addition, the Data Subject has the right to complain to the Italian Data Protection Authority, with headquarters in Piazza Venezia no. 11, 00187, Rome (RM), Italy, Certified e-mail Address: firstname.lastname@example.org (article 77), or to initiate appropriate legal actions (articles 77 and 78).
19. Modalities for the exercise of the rights of the data subject and Data Controller contacts
The Data Subject can always exercise their rights related to the processing of their personal data, through the telematic tools for managing settings made available by the Data Controller and its service providers:Manage cookie settings
Users that are registered on the Rush Italy e-commerce web portal will always be able to change their personal information; provide, renew, revoke or modify their consent for the treatments legitimized by this legal basis; and permanently delete your user profile within the reserved area, in the sections called::
When the exercise of their rights is not possible with the telematic tools for managing settings made available on the rushitaly.com web portal, the Data Subject who wishes to lodge a complaint, he can exercise their rights or speak with the Data Controller by writing to Spazio Retail limited liability company - Rush Italy, Via Trivio Quaranta, 1, 81025, Zona Industriale, Marcianise (CE), Italy, or to their certified e-mail address: email@example.com, to the e-mail address: firstname.lastname@example.org.
The Data Controller will examine each request and will work with the Data Subject to resolve any need, answering no later than 30 days from the receipt of the request.
20. Indicators and link to the Policy
The content of this information is highlighted to the Data Subject with specific in-depth references placed in the forms and fields for acquiring personal data on the rushitaly.com web portal.
21. Policy integrations
Specific information may be published on the rushitaly.com web portal pages when established by the Data Controller, Spazio Retail limited liability company, for the provision of specific services or for the identification and determination of specific functions.
22. Policy modifications
The possible entry into force of new sector regulations, as well as the constant examination and updating of user services, may result in the need to vary this information on the processing of personal data.
It is possible that our information may change over time, so we invite the visitor to periodically consult this page. We report, however, the progressive revision and the update date, while leaving the archive of the previous versions of the information on the processing of personal data available to the Data Subject.
Last revision: Version no. 1.2 of March, 20th 2022