Privacy policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

 

DDN RETAIL SRL with registered office in 63012 Montegranaro (FM), Via Elpidiense sud, 289 / C, Italy, as data controller (hereinafter, "DDN" or "Data Controller") informs, pursuant to Article 13 of EU Regulation 2016/679 (hereinafter, "GDPR") and Legislative Decree 30.6.2003 n. 196, as amended by Legislative Decree 10.8.2018 n. 101  (hereinafter, "Privacy Code"), the interested parties (hereinafter, "Data Subject(s)"), regarding the processing of personal data provided to DDN.

1. Object of the treatment

Pursuant to this Information, "Data" means identification and contact data, accounting and payment data, data about the role or job position, accounting, administrative and tax documents, and correspondence, processed by the Data Controller for the conclusion and execution of the contractual relationship with the Data Subjects (or with the person, company or entity to whom the Data Subjects are linked by employment, collaboration or representation relationships).

2. Purposes and legal bases of the processing

2.1 The Data will be processed by the Data Controller for the following purposes:

      a)            Execution of the contract and of the obligations and requests connected with obligations arising from the same, including the pre-contractual phase and precisely, sending communications of various kinds and with different means of communication (telephone, mobile phone, sms, messaging app, email, paper mail); making requests or processing requests received; exchanging information aimed at the conclusion and execution of the contractual relationship, including the activities to fulfill the pre-contractual, contractual, tax and administrative obligations deriving from relations with Data Subjects;

      b)            fulfilling all operations imposed by the application of the Management Systems applied in the company (for example, according to UNI EN ISO 9001, etc.);

      c)            complying with the obligations provided for by law, by a regulation, by EU legislation or by an order of the Authority, in relation to accounting, tax and administrative obligations, processing of personal data, etc.;

      d)            sending of commercial and informative communications, also through newsletters or instant messaging platforms, subject to prior consent;

      e)            sending, to the email address provided, of proposals relating to services and products similar to those being sold, pursuant to Article 130, paragraph 4, Privacy Code, without prejudice to the right of the Data Subject to oppose at any time to this purpose, pursuant to Article 21 GDPR, also through the appropriate link at the bottom of each email message (unsubscribe).

       f)            the exercise and protection of the rights of the Data Controller in court and out of court.

There are no automated decision-making processes.

2.2 The legal basis of the processing is:

a)      the execution of contractual and pre-contractual measures, for the purposes referred to in point 2.1, letter a);

b)      the fulfillment of legal obligations related to the contractual relationship (Article 6, paragraph 1, letter c GDPR), for the purposes referred to in point 2.1, letter c);

c)      the consent that will be requested by the Data Controller for the purposes referred to in point 2.1, letter d);

d)      legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR) to the correct implementation and application of the Company Management Systems, for the purposes referred to in point 2.1, letter b);

e)      legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR) to send commercial information pursuant to Article 130, paragraph 4, Privacy Code, for the purposes referred to in point 2.1, letter e);

f)       legitimate interest of the Data Controller (Article 6, paragraph 1, letter f GDPR) to the judicial and extrajudicial protection of their rights, for the purposes referred to in point 2.1, letter f).

 

2.3 The provision of Data is mandatory for the fulfillment of the purposes listed above; therefore, their failure, partial or incorrect conferment could result in the objective impossibility for the Data Controller to establish or regularly conduct the contractual relationship.

3. Processing methods

The processing of Personal Data is carried out, with paper and / or electronic methods, by means of the following processing operations: collection, registration, updating, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of Data.

 

4. Data retention period

4.1 The Data collected for the purposes indicated in art. 3 shall be dealt with for the entire duration of the execution of the activities referred to in paragraph 2 and for a maximum of 10 years after the date of termination of the same.

Without prejudice to the above, the sending of communications pursuant to art. 2.1 letters d) and e) will continue for the entire period in which the Data Controller will keep the relative services active, until the revocation of consent or the exercise of the right of opposition by the Data Subject. The Data Subject will be reminded to be able to exercise these rights in any communication and, if they are sent less frequently, by means of a specific message sent once a year.

4.2 Once the retention periods indicated above have elapsed, the Data will be destroyed or made anonymous, compatibly with the technical procedures of cancellation and backup.

 

5. Categories of recipients

The Data may be communicated to subjects operating on behalf of the Data Controller, by external parties designated as Data Processors, to whom adequate operating instructions are given. These subjects are essentially included in the following categories:

a)      Suppliers;

b)      insurance companies;

c)      professionals;

d)      banks and credit institutions;

e)      persons or entities to whom the right to access the Data is recognized by legal provisions or regulatory or community regulations;

f)       persons, companies or entities to whom the communication of Data is necessary or is in any case functional to the management of the contractual relationship;

g)      suppliers of company management software, hosting services and / or who deal with the implementation, management and maintenance of the IT infrastructure of the Data Controller.

 

 

6. Data transfer

6.1 Subject to the consent of the Data Subject, personal data may be transferred to the other companies of the Group of which the Data Controller is part, so that these can in turn transmit commercial communications to Data Subjects regarding their products and initiatives.

This transfer may also take place to companies located outside the European Union, to countries of the European Union or to countries third with respect to those of the European Union or to an international organization, within the scope of the purposes referred to in point 1 in countries declared legally adequate on the basis of an adequacy decision of the EU Commission.

6.2 In the absence of an adequacy decision of the European Commission on the level of protection of Data Subjects guaranteed by these countries pursuant to Article 45 of the GDPR, the transfer takes place after signing the standard contractual clauses adopted approved by the European Commission pursuant to Article 46, 2, letters c) and d)" or by virtue of binding corporate Rules (BCR) in accordance with the provisions of the same EU Reg. n. 679/2016.

6.3 A copy of the BCR Standard Contractual Clauses can be obtained by email, by writing to your contact person at DDN's registered office or to the data indicated in paragraph 8 below.

 

7. Rights of Data Subjects

7.1 Data Subject have the right to withdraw at any time the consent to the processing of their personal data based on such legal basis, without prejudice to the legitimacy of the processing carried out until the withdrawal. Data Subjects may also ask the Data Controller for access to the Data concerning them, the correction of inaccurate Data or the integration of incomplete Data, the cancellation of Data, the limitation of processing in the cases provided for by art. 18 GDPR; to receive the Data in a structured format, commonly used and readable by automatic device, as well as, if technically feasible, to transmit them to another Data Controller without hindrance in the event that the conditions for exercising the right to portability referred to in art. 20 of the GDPR are met (processing based on consent pursuant to Article 6.1 letter a or art. 9.2, letter a or on the contract pursuant to art. 6.1, letter b of the GDPR and is carried out with automated tools).

7.2 Data Subjects have the right to object, for reasons related to their particular situation, to the processing for the pursuit of the purposes based on the legitimate interest of the Data Controller.

7.3 These rights can be exercised by writing to the Data Controller using the data indicated in article 8 below.

7.4 The Data Subjects also have the right to lodge a complaint with the competent Supervisory Authority pursuant to art. 77 of the GDPR (in particular, in the Member State where Data Subject habitually reside or work or in the place where the alleged infringement occurred).

 

8. Data Controller

The Data Controller is DDN RETAIL S.R.L. (Tax Code 02351200445), with registered office at Via Elpidiense Sud, 289 / C, 63812, Montegranaro (FM), email: privacyddnretail@ducadelnord.com, Tel: +39 0734891242, certified email (PEC): ddnretail@pec.it.

 

Document update date: 21.5.2024

 

Authorization for the processing of personal data pursuant to Regulation 679/2016

 

Having acknowledged the information provided by DDN RETAIL SRL as stated above, the undersigned:

 

 authorizes the sending of communications and/or commercial and informational messages, including newsletters or instant messaging platforms, by the Data Controller (purpose d);

 

 authorizes the transfer of data to companies belonging to the same Group as the Data Controller pursuant to Article 6 of the aforementioned privacy notice, for the purpose of these companies sending commercial communications regarding their own products and initiatives.

 

KLARNA

In order to be able to offer you Klarna’s payment methods, we may transmit your personal data to Klarna in the form of contact details and order details to Klarna so that Klarna can assess your suitability for its payment methods and customize those payment methods. The personal data of the user transferred are treated in line with Klarna’s privacy policy.