Bettarello Fabio (hereinafter, “Data Controller”), owner of the website https://scorpionshop.it (hereinafter, the “Site”), as the data controller of the personal data of users who browse and are registered on the Site (hereinafter, the “Users”) provides below the privacy information pursuant to art. 13 of the EU Regulation 2016/679 of April 27, 2016 (hereinafter, “Regulation” or “Applicable Law”).

This Site and the services possibly offered through the Site are reserved for individuals who have reached the age of eighteen. The Data Controller does not collect personal data relating to individuals under the age of 18. Upon request from Users, the Data Controller will promptly delete all personal data inadvertently collected and relating to individuals under the age of 18.

The Data Controller takes the right to privacy and the protection of personal data of its Users very seriously. For any information regarding this privacy notice, Users can contact the Data Controller at any time, using the methods described in point 4.

1. Purpose of processing

The personal data of Users will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulation for the following processing purposes: 

1. Browsing the site, in relation to the possibility of detecting User data necessary at a technical level, such as, for example, the IP address, during browsing the site.
2. Sending informative newsletters, upon specific request of the interested party.
3. Response to your requests for information, received by us through the appropriate contact form.
4. Registration to the reserved area of the site, through which to access online purchases, order history, order status.
5. Legal obligations, that is, to comply with obligations provided by law, by an authority, by a regulation or by European legislation.
6. Contractual obligations and provision of the service in case of online purchases, to execute the General Sales Conditions, which are accepted by the User during registration on the Site and to fulfill specific requests from the User. The User's data collected by the Data Controller for the purpose of possible registration on the Site include: Mandatory: Email, Password, First Name, Last Name, Shipping Address, Zip Code, City, Province, Country, Phone Number. The User's personal data will be used by the Data Controller solely for the purpose of verifying the identity of the User (also through validation of the email address), thus avoiding possible fraud or abuse, and contacting the User for service reasons only (e.g. sending notifications regarding the status of orders).
7. Administrative-accounting purposes, that is, to carry out activities of an organizational, administrative, financial, and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
8. Sending “soft spam” commercial communications, that is, the Data Controller will send commercial communications related to products related to those already purchased, to the email addresses used for such purchases (art. 130 paragraph 4, Legislative Decree 196/2003 and subsequent amendments).

The provision of personal data for the above-mentioned processing purposes is optional but necessary, as the failure to provide the same will result in the impossibility for the User to browse the site, register on the Site, and use the services offered by the Data Controller on the Site.

With reference to the purposes referred to in points 1/a, 1/b, 1/c, 1/d, 1/f, the legal basis for processing is indeed the execution of the services provided through the Site and requested by you (pursuant to article 6, paragraph 1, letter b of the Privacy Regulation 2016/679); with reference to the purposes referred to in point 1/e and 1/g of the previous paragraph, the legal basis for processing is to fulfill a legal obligation to which the data controller is subject (pursuant to article 6, paragraph 1, letter c of the Privacy Regulation 2016/679), with reference to the purpose referred to in point 1/h of the previous paragraph, the legal basis for processing is the legitimate interest of the Data Controller (pursuant to article 6, paragraph 1, letter f of the Privacy Regulation 2016/679).

1. Methods of processing and data retention times

The Data Controller will process the personal data of Users using manual and IT tools, with logics strictly related to the purposes themselves and, in any case, in a way that ensures the security and confidentiality of the data.

The personal data of Users of the Site will be kept for the time strictly necessary to fulfill the purposes illustrated in the previous paragraph 1, or in any case according to what is necessary for the protection in civil law of the interests of both Users and the Data Controller. In relation to the purpose referred to in point 1.b and 1.h, the data will be kept until you oppose the sending of the newsletter, through the appropriate link contained therein or through the methods of exercising the rights referred to in paragraph 4.

1.  Scope of communication and dissemination of data

The personal data of Users may be known to the employees and/or collaborators of the Data Controller responsible for managing the Site. These subjects, who are formally appointed by the Data Controller as “data processors”, will process the User's data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Law. Third parties who may process personal data on behalf of the Data Controller as “External Data Processors”, such as, by way of example, providers of IT and logistics services functional to the operation of the Site, providers of outsourcing or cloud computing, professionals and consultants may also become aware of the personal data of Users. The data may also be communicated to the Financial Administration and/or other public authorities where this is required by law or at their request. Users have the right to obtain a list of any data processors appointed by the Data Controller, by requesting it from the Data Controller using the methods indicated in the following paragraph 4.

1. Rights of the Interested Parties

Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Data Controller in the following ways:

• Sending a registered letter to the registered office of the Data Controller
• Sending an email to the address scorpionshopit@gmail.com; 

Pursuant to the Applicable Law, users may exercise the rights referred to in art. 15 and following of the Regulation, in the methods provided for by art. 12 of the same.

If you believe that the processing concerning you violates the Regulation, you have the right to file a complaint with a supervisory authority (in the Member State where you usually reside, in the one where you work or in the one where the alleged violation occurred). The Italian supervisory authority is the Guarantor for the protection of personal data - http://www.garanteprivacy.it/ - garante@gpdp.it