Privacy policy

PRIVACY AND PERSONAL DATA PROCESSING – COOKIE POLICY

The privacy policy is fully available and accessible on the website at https://www.dezotti.com/privacy-policy/ and has been drafted in compliance with applicable regulations, which establish obligations related to the protection, confidentiality, and security of customer data. De Zotti Design, a sole proprietorship owned by Diego De Zotti, hereby clarifies the purposes and means of processing in its capacity as Data Controller.

Data Controller

The processing of personal data, whether collected at the point of sale or through the website, will be carried out by De Zotti Design, a sole proprietorship owned by Diego De Zotti, tax code DZTDGI93L21H823H, VAT number 04178750271, with its registered office in Ceggia (VE), Via Adige n. 120, in its capacity as the Data Controller.

De Zotti can be contacted through the following details:

  • Telephone: +39 0421 32 9372
  • Email: info@dezotti.com
  • By registered mail: Ceggia (30022, VE), Via Adige n. 120

Categories of Processed Data

The following categories of personal data may be collected and processed:

  • Information related to user navigation on the website, including online identifiers and data concerning the devices used;
  • Personal identification and contact data freely entered by users on the website or communicated to the Controller through the order form, including those necessary for completing the purchase of goods and services (e.g., name, surname, email address, phone number);
  • Personal data required for managing shipping methods and systems, such as residence, domicile, or delivery addresses for purchased goods;
  • Personal data necessary for managing payment methods and systems, including credit card details and bank account information;
  • Personal data acquired from third parties or external sources in relation to specific initiatives or purposes promoted by the Controller;
  • Additional personal data specifically identified in the event of new functionalities or services being implemented.

Purposes, Legal Bases, and Retention Periods

The processing of collected data is carried out in compliance with applicable privacy and data protection regulations, ensuring adherence to principles of fairness, lawfulness, transparency, relevance, completeness, and proportionality. The following table outlines the specific purposes for processing personal data, along with the corresponding legal basis and maximum retention period, where feasible. If precise retention durations cannot be stated, a retention criterion is indicated, based on which technological measures have been set up.


Purpose

Legal Base

Retention period

The website offers browsing functionalities, enabling access to its pages and various content, such as product catalogs. These features are provided in compliance with pre-contractual requirements, ensuring that users can view and assess available products and services before engaging in any contractual agreement..

Fulfillment of requirements related to pre-contractual activities..

For the duration of the Client’s presence on the Website, up to a maximum of 24 months.

Response to contact requests or information inquiries submitted by the user.

Legitimate interest of the Data Controller aimed at maintaining relationships with the users of the Website.

For a maximum period of 10 years from the interaction with the data subject

Customer data registration for the purpose of the Order.

Fulfillment of requirements related to the contract and pre-contractual activities, also to enable, facilitate, or simplify the purchase process..

For the time necessary to achieve the indicated purposes, within a maximum limit of 10 years.

Compliance with legal, regulatory, or EU legislative obligations arising from and related to the Contract.

Fulfillment of requirements related to pre-contractual activities..

For a maximum period of 10 years from the interaction with the data subject.

Management of accounting and tax documentation related to purchases.

Fulfillment of requirements related to pre-contractual activities..

For a maximum period of 12 months from the conclusion of the selection process, unless further retention is required or the user provides consent..

Analysis of website usage statistics, online sales monitoring, and product statistics..

Pursuit of the Data Controller’s legitimate interest, aimed at improving its products and services

Only for the period necessary for the complete anonymization of the collected data

Recontacting the Customer via email following the purchase of the Data Controller’s Products, including for the purpose of proposing the sale of additional similar goods or services

Pursuit of the Data Controller’s legitimate interest in promoting the sale of its goods and services, in compliance with the limits set by Article 130, paragraph IV, of Legislative Decree 196/2003 (so-called "soft spam").

For a maximum of 24 months from the user's last purchase, unless the user exercises their right to object in any manner.

Management of commercial communications to the Customer following a purchase, including for the purpose of sending special offers, promotions, and updates, through both automated and non-automated systems (so-called marketing purposes).

Based on the Customer’s expressed consent.

Until the Customer withdraws consent, and in such case, no later than two months thereafter for the Data Controller’s technical and procedural purposes.

Analysis of the Customer’s tastes, preferences, and consumption habits, including for the purpose of offering personalized promotions and services (so-called profiling purposes)

Based on the Customer’s expressed consent.

Until the Customer withdraws consent, and in such case, no later than two months thereafter for the Data Controller’s technical and procedural purposes.



Further Information on the Processing of Collected Data

Should the customer wish to obtain further information regarding the balance between the legitimate interests pursued by the Data Controller and the fundamental rights and freedoms of the individual, they may contact the Controller using the details provided above. The customer has the right to receive a response as soon as possible and in any case within the timeframe required by law.

In the event of a dispute with the customer or third parties, or in case of regulatory inspections by competent authorities, data retention may be extended until the expiration of the last applicable statutory limitation period.

Data will not be disclosed in any way unless the customer has provided explicit and prior consent, within the limits established by law.

Consequences of Failure to Provide Data

Providing the personal data marked as mandatory is necessary to achieve the relevant purposes. Failure to provide such data will make it impossible to proceed with the corresponding processing.

Providing other personal data is optional. However, failure to provide such additional data may result in partial or total inability to access certain functions or features of the website.

Regarding marketing and profiling purposes, as well as the processing of non-purely technical "online identifiers," consent to the processing of personal data is optional. The customer is not legally or contractually required to provide such data or to consent to their processing for these purposes.

Automated Decision-Making Processes

The processing of personal data does not involve automated decision-making processes, as defined by applicable regulations, particularly Article 22, paragraphs 1 and 4, of the GDPR.

In any case, any automated processing will not result in legal effects concerning the customer or significantly impact them, except where specific informed consent has been obtained and always within the legal framework.

Categories of Entities Processing Personal Data

Within the scope of the obligations, duties, and purposes set out above, personal data may be processed, made available, and/or communicated to:

  • Employees and/or collaborators of the Data Controller;
  • Third parties designated as Processors (particularly suppliers of goods or services), including their employees and/or collaborators;
  • Judicial, administrative, or law enforcement authorities, in compliance with legal provisions.

The complete list of Processors and other third parties can be requested from the Data Controller at any time using the contact details provided above.

Transfer of Personal Data Outside the European Economic Area

Personal data may be transferred to countries outside the European Economic Area due to technical requirements, specifically to entities located in countries recognized as "adequate" by the European Commission, including participants in the "EU-US Data Privacy Framework." Data may also be transferred to entities that have entered into Standard Contractual Clauses in their current version as approved by the European Commission.

Data Subject Rights

The data subject may, at any time, exercise the rights granted under European Regulation No. 2016/679 (GDPR). Specifically, the customer has the right to:

  • Access their personal data;
  • Obtain the rectification or deletion of such data or request the restriction of its processing;
  • Object to the processing of personal data, where applicable;
  • Obtain data portability, where provided;
  • Withdraw consent: such withdrawal does not affect the lawfulness of processing carried out based on consent given prior to withdrawal;
  • Lodge a complaint with the supervisory authority—in Italy, this is the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.gpdp.it).

The exercise of the aforementioned rights may be carried out by sending a request to the Data Controller using the contact details provided above, specifically via the email address indicated in the “Data Controller” section.