INFORMATION ON THE PROCESSING OF PERSONAL DATA THROUGH COOKIE UE CITIZENS
This information on personal data processing (hereinafter, “Information”) is given in accordance with Regulation (EU)/2016/679 (hereinafter, “GDPR”) and concerns the processing of personal data performed by Perris Group SAM, headquartered in 3, Avenue des Citronniers – MC 98000, Principauté de Monaco, email firstname.lastname@example.org, certified email email@example.com (hereinafter, the “Controller”).
The Controller may process personal data related to clients as defined by the current EU personal data protection legislation.
1. Identity and contact of the Controller
The Controller is Perris Group SAM. As the Controller is located outside the EU territory, Perris Store S.r.l., with registered office in Via Boccaccio n. 3 - 20832 DESIO (MB), Italy, VAT number 08196150968, email address firstname.lastname@example.org, registered email email@example.com, has been appointed as representative pursuant Article 27 GDPR (hereinafter, “Representative”).
2. Identity and contact of DPO
The Controller has not appointed a Data Protection Officer.
3. Purposes and legal basis of the processing, consent of the data subject and consequences of a lack of consent
Personal data will be processed for the following purposes:
a) for contractual purposes and, in particular, to allow the purchase of goods within the E-commerce. In this, case the obligation to fulfill the contractual purposes constitutes the legal basis. The communication of the data constitutes an obligation for the data subject; in the lack of such data, it will not be possible to make the website fully functional in accordance with the terms and conditions of use;
b) for direct marketing communications, newsletters, advertising material, market research, by means of traditional contact systems and automated computer systems, CRM, databases, including commercial or promotional communications by email, messaging systems, SMS, or telephone communications. In this case the express consent of the data subject constitutes legal basis. The communication of data, therefore, is entirely optional and does not constitute a contractual obligation for the data subject. In the absence of such data, it will not be possible to send commercial communications.
c) For determining the habits and preferences of the data subjects through profiling. In this case, the legal basis is the consent of the data subject, expressed in accordance with this information notice. In relation to the personal data processed, the communication of personal data is not an obligation of a contractual nature. The data subject has the right to provide personal data; however, if such data is not provided, it will not be possible to provide a customized service to the data subject.
d) For purposes related to relevant legal obligations where processing is carried out for the purposes referred to in point a). In this case, the legal basis is the legal obligation of the Controller to process such personal data in accordance with the applicable national legislation; in the absence of such data, it will not be possible to proceed with the conclusion of the contract.
4. Methods of consent expression
Consent to personal data processing through non-technical cookies may be expressed:
- Via a provided link in a specific flagbox presented within a banner.
5. Methods of processing
Cookies are small text strings that the Website visited by the user sends to the browser, which stores them and sends them back to the same Website upon a new visit by the same user. Cookies make it possible to collect information about the navigation done, they can be permanently stored on the user's computer and have a variable duration (so-called persistent cookies), as well as they can disappear with the closing of the browser or have a limited duration (so-called session cookies). Cookies may be installed by the site that the user is visiting or may be installed by other websites that provide various services to that site (so-called third-party cookies).
5.2 Technical cookies
Navigation, Functional and Session Cookie: necessary to allow the website to work correctly. The use of so-called session cookies (that are not stored permanently on the user's computer and are automatically deleted when the browser is closed) is strictly limited to transmission of every single session identifier. The session cookies consent the secure exploration and efficiency of the site and its applications.
|_hjAbsoluteSessionInProgress||.alyssaashley.com||Storing unique visits||Session Cookie|
|_gat||.alyssaashley.com||Statistics. Filtering requests from bots.||Session Cookie|
|_y||.alyssaashley.com||Statistics (Shopify)||Session Cookie|
|secure_customer_sig||.alyssaashley.com||Functional (Shopify)||Session Cookie|
|_gid||.alyssaashley.com||Statistics (anonymous). To count and track pageviews. (Google Analytics)||Session Cookie|
|_ga||.alyssaashley.com||Statistics (anonymous). To count and track pageviews. (Google Analytics)||Session Cookie|
|_hjid||.alyssaashley.com||Statistics. Storing a unique user ID. (Hotjar)||Session Cookie|
|_landing_page||.alyssaashley.com||Statistics. (Shopify)||Session Cookie|
|_orig_referrer||.alyssaashley.com||Statistics. (Shopify)||Session Cookie|
Perris Group SAM uses, for example:
Statistical Cookie or “analytics”: the Website uses the statistical cookie directly realized by the Data Controller or provided by third parties. In the latter case appropriate tools have been introduced in order to reduce the cookie’s identifying power, including through the masking of significant portions of the IP.
Furthermore, the use of such third-party cookies is subordinated to contractual obligations; the third party is obliged to use them exclusively for providing the service, to store them separately and to not practice data enrichment and “cross-reference” them with any other information at their disposal. The Website uses cookie of Hotjar, Shopify, Google Analytics.
Navigation Data and environmental variables: the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data, including the environmental variables. This category of data includes, by way of example:
• IP addresses or domain names of computers used by users connecting to the site;
• Time of the request;
• Webpages viewed;
• Date and time of access;
• URL (Uniform Resource Locator) visited with the browser before viewing our page;
• Navigation Browser type;
• Operating System used.
5.3 Non-technical cookies
|XSRF-TOKEN||shy.elfsight.com||For authentication purposes||
Session cookie/ permanent cookie
5.4. Deleting and disabling cookie
|Delete/disable cookie with Firefox:||
|Delete/disable cookie with Chrome:||
It should be noted, in any case, that the data processing will take place in the Principality of Monaco, where the Controller is headquartered. The Principality of Monaco, to date, is not subject to an adequacy decision of the European Commission and does not present the adequate guarantees required by the GDPR. In the Principality, in any case, there is a specific legislation for the protection of personal data, which is available for data subjects at the following link: [https://www.legimonaco.mc/305/legismclois.nsf/db3b0488a44ebcf9c12574c7002a8e84/28a1a1d90812e249c125773f003beebb!OpenDocument]. Besides, in the Principality there is a Data Protection Authority for the protection of personal data, whose official website is available by clicking on the following link: [https://www.ccin.mc/fr/].
6. Data provided directly by data subjects
The explicit and voluntary sending of electronic mail to the addresses specified on this Website involves the subsequent acquisition of the sender’s address, necessary to respond to requests, and of any other personal data included in the message. The data will be processed for the indicated purposes on a case-by-case basis. The collected data will be stored and processed for correspondences storage purposes only and will not be used for other purposes.
7. Automated decision-making processing and profiling
Whether data subject consents to the processing of personal data for profiling purposes, said personal data may be subject to an automated decision-making process, by means of a specific algorithm that will decide which communications are best suited to his/her profile or which may be of greater interest to him/her.
The data processed carried out in this way has, as expected consequences, by way of example, the sending of highly profiled commercial communications, sending discounts, sending invitations to events considered of interest, etc. The data subject has, in any case, the right to obtain human intervention in the decision-making process by the Controller, to express its opinion, to obtain an explanation of the decision reached and to challenge the decision itself, in accordance with Article 22 GDPR.
8. Source from which personal data originate
Only personal data provided in compliance with the present information notice will be processed, either collected through the website, either by email. In relation to the processing of personal data for the purposes of providing highly targeted services through profiling, such data may be correlated for deriving further profiled information. Data collected from public sources will be not processed.
9. Recipients or categories of recipients of the data subject’s personal data
The following may be recipients of the personal data:
- Communication companies that provide commercial communication activities on behalf of the Controller, which are responsible for the processing, if consent has been given for marketing purposes;
- Companies belonging to the information society, such as those providing web hosting services;
- Companies performing statistic and market inquiries, if consent has been given for marketing purposes;
- Companies that perform account services;
- Partner companies of the Controller;
- Companies offering shipping services of the products acquired by means of the Controller’s E-commerce;
- All persons to whom the right of access to such data is recognized under regulatory measures.
10. Categories of personal data
The Controller will process only personal data from the data subject. There will be no handling of special categories of personal data under Article 9 of the GDPR.
11. Transfer of personal data
The Controller may intend to transfer personal data to a third country or an international organization, such as:
- Communication agencies conducting activities on behalf of the Controller;
- Companies offering information society services, including, in particular, those offering hosting services;
- Service providers of the communication company.
The transfer of personal data to the aforesaid subjects is subject to an adequacy decision made by the European Commission after deciding that the third country or one or more specified sectors within that third country, or the international organization in question, ensures an adequate level of protection of personal data and data subjects’ rights. However, if the Controller deems it appropriate to proceed with the transfer of personal data despite the lack of any adequacy decisions, he reserves the right to conclude separate agreements with those subjects, requiring them to adopt adequate technical and organizational security measures to safeguard the transferred personal data, with particular regard to the protection of rights and freedoms of the concerned subjects. Personal data of the data subject may be transferred to the United States of America; Principality of Monaco.
To obtain a copy of the transferred personal data or to be informed on where personal data have been transferred to, the data subject shall send the Controller a written request to the addresses indicated in the epigraph.
12. Personal data retention period
- Personal data processed and stored for the purposes under point a) number 3 are processed for no longer than 12 months starting from the termination of the contractual effects, unless otherwise required by law;
- Personal data processed and stored for the purposes under point b) number 3 (marketing purposes) are processed and stored until when the data subject requests the erasure and/or revokes consent;
- Personal data processed for the purposes under point c) number 3 (determining preferences) are processed and stored for a period no longer than 12 months following the collection;
- Personal data processed and stored for the purposes under point d) number 3 (fulfilment of legal obligations) are processed and stored for a period no longer than 12 months following the termination of the contractual effects.
The Controller reserves the right, in any case, to request the data subject to renew his/her consent to the processing and/or to verify the consents already expressed.
13. Data subjects’ rights
13.1 Right to object
- The data subject has the right to object at any time on grounds relating to the data subject’s particular situation, to the processing of personal data concerning the data subject pursuant to Article 6, sub-section 1, letter (e) or (f) of the GDPR, including profiling on the basis of these provisions. The Controller shall refrain from any further processing of the personal data unless it proves that there are compelling legitimate grounds for the processing which take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a right in court.
- If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data carried out for such purposes, including profiling to the extent that it is related to such direct marketing.
- If you object on the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. It is specified that the right of the data subject to object on the processing of his/her personal data for the aforesaid purposes may be exercised even partially, i.e. by opposing, for example, only on sending promotional communications by automated and/or digital means, or on sending paper communications and/or receiving telephone communications.
- Where personal data are processed for scientific or historical research or statistical purposes in accordance with Article 89, paragraph 1 of the GDPR, the data subject has the right to object on the processing of his/her personal data for reasons related to his/her particular situation, unless such processing is necessary for the performance of a task in the public interest.
13.2 Other rights
The Controller also wishes to inform data subjects of the existence of the following rights:
- Right to access: the data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning the data subject are being processed and, if so, to obtain access to the personal data and specific information, in accordance with article 15 of the GDPR;
- Right to rectification: the data subject has the right to obtain from the Controller the rectification of inaccurate personal data concerning the data subject without undue delay. Taking into account the processing purposes, the data subject has the right to obtain supplementing of incomplete personal data, including by providing a supplementary statement, in accordance with art. 16 of the GDPR;
- Right to erasure of data, including the right to revoke consent: the data subject has the right to obtain from the Controller the erasure of the personal data concerning the data subject without undue delay and the Controller has the obligation to erase the personal data without undue delay, or to revoke consent, if the reasons set out in art. 17 of the GDPR exists. With regard to the right to revocation, the data subject also has the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to revocation;
- Right to restriction of processing: the data subject has the right to obtain from the Controller the restriction of processing when the conditions set out in art. 18 of the GDPR exist;
- Right to data portability: the data subject has the right to receive in a structured format, commonly used and readable by automatic devices, the personal data concerning the data subject provided to the Controller and has the right to send such data to another controller without any impediment by the Controller in the cases and at the conditions specified in art.20 of the GDPR;
- Contractor's right to object on commercial communications: the contractor has the right to object at any time, free of charge, on the receipt of commercial communications.
The applications to exercise the rights indicated in this privacy notice must be addressed directly to the Controller at the e-mail address: firstname.lastname@example.org. Alternatively, such rights can be exercised by sending a registered letter with recorded delivery to 3, Avenue des Citronniers – MC 98000, Principauté de Monaco.
14. Accessibility of privacy notice
The privacy notice is accessible on our website https://www.alyssaashley.com/pages/privacy-policy, and c/o the Controller. If so expressly requested, the information can also be provided orally, as long as the identity of the applicant is proven, by means of a phone call request to the addresses of the Controller.
The Controller may modify the Information on processing of personal data through cookie, also to implement the legislative reforms at a national and/or at a EU level, to comply with technological innovations or for other reasons. Any new versions of this Information will be available on the website. Hence, data subject is invited to periodically check the Information. Any changes will be communicated to users by means of pop-ups on the website or by other computer methods/tools. In the event that substantial changes are made to this Information, with variations in the purposes of processing and/or the categories of data processed, the Controller will inform the data subject, by requesting the necessary consents.