Information on the processing of personal data of users who purchase digital services from the DidierFLE Boutique
BSMART LABS Srl respects its users' right to be informed with regard to the collection and other processing operations of their personal data. The processing will be based on the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality (in accordance with the provisions of the applicable Italian and European legislation and the confidentiality obligations set forth therein). In the processing of data that may identify users, directly or indirectly, we try to respect a strict 'need-to-know' principle. For this reason, we have configured the website so that the use of personal data is kept to a minimum and in such a way as to exclude processing when the purposes pursued in individual cases can be achieved through the use of anonymous data or through other methods, which make it possible to identify the data subject only where necessary or on request from the authorities and police forces (such as, for example, data relating to traffic and time spent by the user on the website or their IP address) ).
2 - Who collects and processes your personal data
The Data Controller is bSmart Labs srl, with registered office in via Montorfano, 98 - 20831 Seregno (MB), tel. 0362 640018, e-mail firstname.lastname@example.org (hereinafter, “bSmart Labs” or the “Controller”).
The Data Protection Officer (DPO) is LiquidLaw Srl and can be contacted at the following address: email@example.com.
bSmart Labs decides on the purposes and methods of processing data for purchases made from the DidierFLE Boutique and on the tools to be used with regard to security aspects. For exclusively organisational and functional needs, we have appointed some Data Processors of users' personal data, for purposes strictly connected with and related to the provision of the services offered on the Site, including the sale of digital services. These Processors were chosen following careful assessment of their level of experience, ability and reliability and, moreover, are able to provide suitable guarantees of full compliance with the current provisions on processing, including data security aspects. The Processors process the personal data of users of the Site according to the instructions given by the Data Controller.
3 - Purposes of the processing
Your personal data are collected and processed for purposes strictly related to the use of the online Store, its services and the purchase of digital products and may also be used in other processing operations in terms compatible with these purposes. In particular, your personal data may be processed for the following purposes:
as part of the product purchase processes, we collect your personal data (e.g. personal data, e-mail address, billing address, telephone number, etc.) - the legal basis of the processing is the Company's obligation to perform the contract with the data subject;
as part of the request for technical assistance services, we collect your personal data to provide you with information about browsing problems, browser compatibility and viewing or loading web pages - the legal basis is the Company's legitimate interest to carry out this type of activity;
for the management of payments and administrative/accounting obligations regarding the activities we carry out, as well as for the fulfilment of a legal obligation to which bSmart Labs is subject - the legal basis of the processing is the requirement to fulfil legal obligations;
for purposes necessary to establish, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions - the legal basis is the Company's legitimate interest to defend itself or exercise its right in court.
For the direct sale of the services offered for sale through the Site, bSmart Labs may use the e-mail details you provide in the context of a purchase on the Site, even without your consent, provided that the service is similar to that sold previously ('soft spamming'). However, you can refuse this processing at any time by communicating your objection to the Company. The legal basis of the processing is the Company's legitimate interest in sending this type of communication. This legitimate interest can be considered equivalent to the data subject's interest in receiving 'soft-spam' communications.
4 - How we collect your data and how we process it
bSmart Labs collects personal data and other information directly from its users as part of the sending of order forms for the purchase of digital products on the website for the conclusion of e-commerce transactions. These data are processed, using automated and/or manual procedures, within the limits and purposes indicated above, including possible communication to third parties for purposes instrumental to the provision of the service requested by the user, as specified in the paragraph “To whom we communicate your personal data ”.
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in the submission of the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data, necessary for the use of web services, are also processed for the purpose of:
obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
checking the correct functioning of the services offered.
The browsing data are retained for a limited period and deleted immediately after their aggregation (except for any need to ascertain offences by the judicial authorities).
Payment card data
The payment management services allow this Site to process payments by credit card or other tools. The data used for the payment are acquired directly by the operator of the payment service requested without being processed in any way by bSmart Labs.
In fact, to make a payment through one of the payment cards offered on the Site, the user must enter the confidential data of the payment card directly on a page that will use a secure encryption protocol to communicate with the payment service provider (which will act in as independent data controller), without passing through the Company's server which, therefore, will not process such data in any way.
5 - What happens if you do not provide your personal data
The provision of your personal data to bSmart Labs, in particular personal details, e-mail address, billing address of the digital services purchased and any other data indicated as mandatory, is necessary with regard to the conclusion of the contract for the purchase of services on the Site or during the registration phase or to respond to your requests.
Conversely, some of these data could be indispensable for the provision of other services provided on the website at your request or to fulfil obligations deriving from legal or regulatory provisions.
Any refusal to provide some of your data necessary for these purposes could make it impossible to complete the registration phase or to execute the contract for the purchase of products on the Site or to provide the other services available on the same (for example responding to a user's requests or processing a request for contact or support through Customer Services).
The provision of additional data, other than those whose submission is mandatory, for the purpose of fulfilling legal or contractual obligations or for the provision of certain services on request is, on the other hand, optional and does not entail any consequences for the use of the website and its services or for the purchase of products on the Site.
6 - To whom we communicate your personal data
The personal data may be made available to third parties (as Data Processors) that perform specific services on behalf of bSmart Labs, or be communicated to recipients of the data collected by the Data Controller (whose names will be specified from time to time), which process personal data independently solely to execute the contract for the purchase of services on the Site (e.g. credit establishments as well as companies for the execution of remote electronic payment services by credit/debit card) and only when this purpose is not incompatible with the purposes for which your data were collected and subsequently processed and, in any case, in accordance with the law.
The data will not be disclosed, assigned or otherwise transferred to other third parties, without the users being informed in advance and subject to consent where required by law.
Your data will also be accessible to:
personnel within our organisation specifically authorised to process them;
companies, consultants or professionals who may be responsible for the installation, maintenance, updating and general management of the hardware and software of bSmart Labs or which it uses to provide its services;
public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, bodies for the out-of-court settlement of disputes, etc.), if the communication is necessary for or functional to the correct fulfilment of obligations deriving from the law.
In addition, your data may be disclosed to the police or judicial authorities, in accordance with the law and upon formal request by such parties, for example in the context of anti-fraud services.
7 - Transfers outside the EU
The management and storage of personal data take place within the European Union. Your personal data will not be transferred abroad to countries other than those belonging to the European Union, which do not ensure adequate levels of protection for individuals. If this is necessary to provide the requested services (for example for some processing activities that could be outsourced to suppliers outside the European Union, for needs related to the use of e-commerce services) or to conclude a contract for the purchase of products, we assure you that the transfer of personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection will be carried out only after the conclusion, between bSmart Labs and these subjects, of specific contracts containing safeguarding clauses and appropriate guarantees for the protection of personal data (e.g. standard contractual clauses approved by the European Commission) or only in the presence of other requirements compliant with applicable Italian and European legislation.
8 - Your right to access data and other rights
Users have the right at any time to obtain confirmation of the existence or otherwise of personal data concerning them and their communication in an intelligible form.
In particular, you have the right to obtain the following information:
the content and origin of personal data;
the purposes and methods of processing;
the logic applied to the processing carried out with the help of electronic instruments;
the identity of the data controller and processors;
the duration of storage in relation to the specific categories of data processed;
the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them, as processors or operators.
Data subjects also have the right to obtain:
the updating, rectification or, where applicable, integration of the data;
erasure, anonymisation or limitation of processing (e.g. if processed in violation of the law), including for data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
the portability of the data to another controller;
opposition to processing (e.g. for sending advertising or direct marketing material or for carrying out market research or commercial communication);
opposition to any automated decision-making process (including profiling);
the revocation of any consent given, where required (it should be noted that the revocation of consent does not affect the lawfulness of the processing based on the consent given before the revocation);
a declaration that the transactions referred to in the previous points have been brought to the attention, including as regards content, of those to whom the data have been communicated or disseminated, except in cases where this proves impossible or involves use of means manifestly disproportionate to the protected right.
To exercise the aforementioned rights, users can write to the person responsible for verifying users' rights by sending a communication to the following e-mail address: firstname.lastname@example.org or by contacting the Data Protection Officer of bSmart Labs at the addresses indicated above.
Lastly, please note that the data subject always has the right to lodge a complaint with the Data Protection Authority to exercise their rights or for any other matter relating to the processing of their personal data. To find out about their rights and keep up-to-date on the legislation on the protection of individuals with regard to the processing of personal data, we recommend that users visit the website of the Italian Data Protection Authority at https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524. Users can lodge a complaint or file a report with, or appeal to, the said Supervisory Authority for the protection of their rights.
9 - Duration of retention
We retain your personal data for a limited period of time, which varies depending on the type of activity that entails the processing of your personal data. After this period, your data will be permanently deleted or in any case made irreversibly anonymous.
The criteria used to determine the retention period are established by specific laws (which regulate the specific activity of the Data Controller) and by the tax regulations with regard to the processing of administrative/accounting data.
To ensure that personal data are always accurate and up-to-date, and in any case relevant and complete, we ask users to also update them within the reserved area.
The data collected by the Site will therefore be retained for the entire duration necessary to respond to the requests or the service and, even after termination, to manage all administrative/accounting and/or legal obligations connected with or deriving from them. Finally, personal data may also be retained up to the time allowed by Italian law for the exercising of our right of defence in court.
Specifically, your personal data shall be retained in compliance with the terms and criteria specified below:
data collected to conclude and perform contracts for the purchase of goods on the Site: up to the conclusion of the administrative/accounting formalities. Billing data will be kept for ten years from the invoice date;
payment data: up to the certification of the payment and the conclusion of the related administrative/accounting formalities resulting from the expiry of the right of withdrawal and the terms applied for disputing the payment;
data related to user requests to our customer service and support: the data needed to assist you will be retained until your request is satisfied;
data used for commercial communication activities towards users who purchase products on the Site (soft spam): this data is retained until the termination of the service or the user’s exercising of the right to object.
10 - Links to other websites
The Site may contain links to other websites that may not have any connection with the same or with bSmart Labs.
bSmart Labs provides links to these websites solely to facilitate the user in searching and browsing and to facilitate hyperlinks on the Internet to other websites.