Privacy Policy

Privacy Notice pursuant to Art. 13 of EU Regulation 2016/679 – vesta-home.it

Data Controller
The Data Controller, pursuant to Art. 13 of the GDPR, is Vesta Srl – Via Jesina 56A, 60022 – Castelfidardo (AN) – VAT No. 02013710427, which respects its users’ right to be informed regarding the collection and other processing operations of their personal data, and provides the following information on the processing of personal data that you, as the data subject, have provided to us.

Methods of processing personal data and place of processing
The personal data you provide or that are acquired will be processed in accordance with the principles of fairness, lawfulness and transparency, and in order to protect your privacy in compliance with applicable legislation. The personal data we may collect include: personal email address, first and last name, postal address, gender, User ID, password. The Controller processes Users’ personal data by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of personal data. Your personal data are processed mainly in electronic form and, in certain cases, also in paper form, for example when processing your data is necessary to prevent fraud, by the Controller, the Processor and authorised persons, in compliance with all precautionary measures that ensure their security and confidentiality.

The place of processing is the operational headquarters of the Data Controller. Data may be processed by natural persons and/or legal entities acting on behalf of the Controller under contractual obligations and located in EU or non-EU countries. If data are transferred outside the EEA, the Controller will adopt all contractual measures suitable to ensure an adequate level of data protection.

For further information about our Privacy Policy you can contact the following email address: info@vestasrl.it.

Purposes of processing and legal basis
Your personal data are collected and will be processed exclusively for purposes strictly connected with the use of the website, its services and any online purchase of products. In particular, your personal data may be processed for the following purposes:

Within the registration processes on the website www.vesta-home.it, we collect your personal data through the relevant registration form in order to provide you with access services to reserved areas and/or to send newsletters, where requested. This processing is optional and based on your consent; however, failure to provide one or more data items will result in the impossibility of providing the services offered by the Controller;
To provide services for the purchase of products and/or services, we collect your personal data (such as email address, personal details, postal address, credit card and bank account details, telephone number) through the specific order form:
a) to provide assistance and customer care services;
b) to enter personal details into the Controller’s IT databases;
c) to keep accounting records;
d) to manage receipts and payments;
e) to comply with obligations established by civil and tax laws, regulations and EU legislation.
This processing is mandatory for the performance of the contract to which you may be a party, for the performance of pre-contractual measures, or to comply with a legal obligation to which the Controller is subject.

The processing of sensitive data will be carried out within the limits of the general authorisation of the Italian Data Protection Authority No. 5 of 2011.

Nature of data provision and consequences of failure to provide data
The provision of your personal data is mandatory for purposes strictly connected with the use of the website, its services and, where applicable, the online purchase of products, and in order to comply with legal obligations.
The communication of your personal data, and in particular identification data, is necessary for the conclusion of the contract for the purchase of products or for the provision of other services on the website at the customer’s request, or where the data are necessary to comply with obligations arising from laws or regulations.
Any refusal to provide certain data necessary for these purposes may result in the impossibility of executing the contract for the purchase of products and/or services and, where applicable, the impossibility of providing services through this website. In the event of purchasing products and/or services, failure to provide data may constitute, depending on the circumstances, a legitimate and justified reason for not performing the contract for the purchase of products and/or services.

Retention periods
Personal data will be stored in a form that allows identification for the time strictly necessary for the purposes for which the data were collected and subsequently processed, as expressly provided by Art. 5(1)(e) of the GDPR. In particular, they will be stored as follows:

data collected for purposes attributable to the legitimate interest of the Controller will be retained until that interest is satisfied;
data collected on the basis of the User’s consent may be retained until such consent is withdrawn;
data collected for tax/administrative obligations or contractual obligations will be retained for the time necessary to fulfil the above purposes and as required by law, for a period not exceeding that provided by civil law and in any case for a period not exceeding 10 (ten) years;
data collected for marketing and profiling purposes will be retained for a period not exceeding 24 (twenty-four) months from the acquisition of consent.
Data may be retained by the Controller for a longer period in compliance with legal obligations or by order of an authority. The User may always request the interruption of processing or the deletion of data.

Categories of personal data processed and consequences of failure to provide data
Your personal data will not be disclosed to third parties for purposes not permitted by law or without your express consent.
Your personal data may be communicated to third parties only when necessary to complete the contract, for example to online payment providers such as PayPal, for the execution of remote electronic payment services by credit/debit card, should the customer decide to purchase a product or service.
Furthermore, your data may be communicated to the police or judicial authorities, in compliance with the law and upon formal request by such entities. The provision of your personal data is mandatory for purposes strictly connected with the use of the website, its services and, where applicable, the online purchase of products, and in order to comply with legal obligations.
The communication of your personal data, and in particular identification data, is necessary for the conclusion of the contract for the purchase of products or for the provision of other services on the website at the customer’s request, or where the data are necessary to comply with obligations arising from laws or regulations.
Any refusal to provide certain data necessary for these purposes may result in the impossibility of executing the contract for the purchase of products and/or services and, where applicable, the impossibility of providing services through this website. In the event of purchasing products and/or services, failure to provide data may constitute, depending on the circumstances, a legitimate and justified reason for not performing the contract for the purchase of products and/or services.
The optional, explicit and voluntary sending of email via the “Contacts” form or through the addresses indicated on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the email. The User’s consent to provide data is necessary to be included in the Controller’s databases and for the establishment and proper performance of what is offered to Users, as well as to third parties for the fulfilment of the single requested activity. Failure to provide data therefore prevents registration in the Controller’s databases, the completion of any contracts, as well as their execution and any other related activity.

Communication and disclosure of data
For the performance of the contract and for the purposes indicated above, your personal data may be communicated:

to all natural and legal persons (legal, administrative and tax consultancy firms, auditing firms, couriers and carriers, data processing centres, etc.) where such communication is necessary for the purposes described above;
to banks for the management of receipts and payments;
to our collaborators and employees duly appointed and within the scope of their duties.
The data collected are not subject to dissemination.

Security measures adopted
We have adopted security measures in order to minimise the risks of destruction or loss, even accidental, of the data, unauthorised access, or processing that is not permitted or not in line with the stated purposes of collection in our Privacy Policy.
However, Vesta Srl – Via Jesina 56A, 60022 – Castelfidardo (AN) – VAT No. 02013710427 cannot guarantee its users that the measures adopted for website security and the transmission of data and information will limit or exclude any risk of unauthorised access or data dispersion. We recommend ensuring that your computer is equipped with adequate software devices to protect data transmission over the network, both incoming and outgoing (such as up-to-date antivirus systems), and that your Internet service provider has adopted suitable measures for the security of data transmission over the network (such as firewalls and anti-spam filters).

Data subject’s rights
You may exercise your rights at any time vis-à-vis the Data Controller pursuant to Art. 15 of the GDPR, Regulation (EU) 2016/679, which we reproduce below:
The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of the existence of appropriate safeguards pursuant to Art. 46 relating to the transfer.
The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

The data subject also has the right, pursuant to the GDPR, Regulation (EU) 2016/679, to obtain:

Art. 16: the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement;
Art. 17: the right to erasure (“right to be forgotten”);
Art. 18: the right to restriction of processing;
Art. 19: the obligation to notify in the event of rectification or erasure of personal data or restriction of processing;
Art. 20: the right to data portability;
Art. 21: the right to object;
Art. 22: automated individual decision-making, including profiling;
Art. 77: the right to lodge a complaint with a supervisory authority.
Requests addressed to the Controller or the Processor may also be sent by registered letter, fax or email.

Right to be forgotten
Pursuant to Art. 17 of the General European Regulation on the Protection of Personal Data 679/2016 (referred to as the “GDPR”), you may request the deletion of all your personal data from the Data Controller by completing the form available on the website of the Data Protection Authority, downloadable from this LINK, and sending it by email to info@vestasrl.it.

Contacts
If you wish to receive more information on how we process your personal data, please write an email to the following address: info@vestasrl.it.

Applicable law
This Privacy Policy is governed by European Regulation No. 679/2016 – GDPR, which governs the processing of personal data – including data held abroad – carried out by anyone who resides or is established in Italy, and applies exclusively to all data collected through this website. This Privacy Policy is subject to updates which will be promptly published on the website. This Privacy Policy, together with the Cookie Policy, sets out the bases on which the User’s personal data will be processed.
The Data Controller guarantees that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity and the right to the protection of personal data.