The following information describes the methods and purposes of the processing of personal data of users who access and use the website www.kristiinalassus.com (hereinafter only “Site”).

«Processing», according to the European Regulation n. 2016/679 (GDPR), is understood to mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, adjustment, cancellation or destruction.

1. Data Controller

The data controller is KRISTIINA LASSUS – Via Soperga, 18 – 20127 Milan (MI) – VAT. No. IT01906350036 –  e-mail contact@kristiinalassus.com – Phone 02 39800027

2. The purpose and legal basis of processing

a) Purposes related to user requests

The personal data you provide are processed by KRISTIINA LASSUS for purposes related to the sale of the products you requested (an example: request information, register on the site to receive benefits and offers, obtain quotes, make payments, purchase goods and receive them at a domicile indicated by you).

b) Marketing and promotional communications purposes

Furthermore, the data you provide may be processed, only with your explicit consent, in order to send you communications of a commercial nature via e-mail or text message relating to the services offered by the Data Controller.

For the purposes referred to in item a) above, the legal basis of the processing is compliance to a contract and pre-contractual negotiations (Article 6, item b) of the GDPR) and the fulfilment of legal obligations (Article 6, item c) of the GDPR).

The refusal to provide all or some of the requested data and / or the indication of partial and / or incorrect data by the interested parties prevents the Data Controller from fulfilling the contract correctly.

For the purposes referred to in item b) above, the legal basis is the consent freely given.

In an event in which the consent is not given, the interested parties will not be able to receive newsletters or updates of the activity of the Data Controller, nor commercial communications on products or services offered by the Data Controller.

In the event that the processing of personal data is based on consent, the interested party has the right to withdraw his consent at any time but the activities carried out before the revocation remain lawful.

3. Data processed and methods of processing

The Data Controller processes the contact data that users indicate by filling out the information request form relating to individual products: name, surname, e-mail address and other data that users voluntarily communicate in the request; login credentials (user ID and password) to access the Customer Area.

Furthermore, data relating to navigation on the site and aggregated data anonymously for statistical purposes are also processed, as specified in the detailed cookie policy.

The processing will take place electronically by the Data Controller and by the subjects who, within the European Union, contribute to the provision of the services offered through this site (such as software developers and webmasters, logistics companies).

Processing for marketing purposes by sending newsletters will also be carried out through the online platform called Mailchimp dedicated to the creation and management of email marketing campaigns.

These subjects, when carrying out a treatment on behalf of the Data Controller, are appointed as External Data Processors in the sense of art. 28 of the GDPR and the related list is available upon request.

Personal data is processed using appropriate tools to guarantee its security, protection and confidentiality by the use of adequate technical, physical and organizational security measures suitable to prevent unauthorized access, loss, dissemination and theft of personal data.

4. Communication of the data

The data may be communicated to external data processors, employees and / collaborators of the Data Controller in the performance of their normal work and / or collaborative activities.

5. Data retention

Users’ personal data will be kept for a necessary period of time for the pursuit of the purposes for which such data were collected, as indicated in this statement.

In particular, for the purposes referred to in item a) of point 2, the Personal Data of Users are kept for a period equal to the provision of the service and for 10 years following its term, termination or withdrawal, in compliance with the tax law, except in cases where storage for a subsequent period is required for any disputes, requests from relevant authorities or related to applicable legislation.

For the purposes referred to in item b) of point 2, the data will be kept until the User’s consent is revoked.

Personal data is stored on servers located within the European Union. It is however understood that the Data Controller, if necessary, will have the right to move the servers also outside the EU.

In this case, the data transfers to third countries will take place in the manner and with the precautions indicated in point 6 below.

6. Data transfers to third countries

In the processing carried out by the Data Controller, the transfer of data to third countries is not envisaged.

Should a transfer of data to third countries occur in relation to the movement of some servers, with reference to transfers to countries not considered appropriate by the European Commission, the Data Controller will ensure that appropriate or adequate safeguards are put in place to protect personal data. and that the transfer of such data complies with applicable data protection laws.

Any transfer of the data of the interested parties to countries located outside the European Union will take place in compliance with all the appropriate and relevant guarantees for the purposes of the transfer itself, in compliance with the applicable legislation and in particular of articles 45 and 46 of the Regulation.

Consequently, where required by applicable data protection laws, the Data Controller will ensure that the service providers subscribe to the Standard Contractual Clauses approved by the European Commission.

7. Rights of interested parties (Articles 15 and following of the GDPR)

Art. 15 Right of access, including the right to obtain an indication of the retention period of personal data provided, or if it is not possible, are the criteria used to determine this period. Right to obtain information on the origin of the data collected, as well as the purposes and methods of processing. Right to lodge a complaint with the Supervisory Authority at any time (Privacy Guarantor: Piazza Venezia nr. 11, 00187 ROME, Tel. +39 06 696771 – PEC: protocol@pec.gpdp.it); Art. 16 Right of the interested party to obtain the updating, rectification or integration of personal data; Art. 17 Right to cancellation and right to be forgotten; Art. 18 Right to limitation of processing, when envisaged; Art. 19 Obligation of the Data Controller to notify the rectification, cancellation and / or limitation; Art. 20 Right to data portability, if the relevant technology permits; Art. 21 Right to object, at any time for reasons connected to your particular situation, in the event that the processing is carried out in the exercise of public authority or in the performance of a task of public interest or if it is carried out on the basis of legitimate interest of the Data Controller; Art. 22 Right to obtain information on the existence of an automated decision-making process, including profiling.

8. Instances of interested parties: how the rights can be exercised

The requests referred to in Article 7 above may be submitted by the Data Subjects to the Data Controller by means of a written request addressed to the Data Controller at the addresses, headquarters or e-mail addresses indicated in Article 1 of this information.

Art. 9. Updates to this information

This information may be subject to changes and additions, also as a consequence of any regulatory changes and / or additions.

The interested party can obtain the text of the information constantly updated by contacting the Data Controller at the addresses indicated in the previous Art. 1.

EXTENDED INFORMATION ON COOKIES

This site uses cookies, including from third parties, to improve the browsing experience and allow those who surf to take advantage of our online services and view advertising in line with their preferences. The cookies used on this site fall into the categories described below.

What are Cookies

Cookies are small text files that are automatically placed on the user’s PC within the browser. They contain basic information on Internet browsing and thanks to the browser they are recognized every time the user visits the site.

Details on the cookies installed by this site and instructions on how to manage preferences regarding them are provided below.

Which cookies we use

1 – Technical cookies

The technical cookies described below do not require consent and are therefore installed automatically following access to the site.

– Cookies necessary for operation: cookies that allow the site to function properly while also allowing the user to have a functional browsing experience. For example, they keep the user logged in while browsing, preventing the site from requesting to log in several times to access subsequent pages.

– Cookies for saving preferences: cookies that allow to remember the preferences selected by the user while browsing, for example, in selecting a language.

– Statistical and audience measurement cookies: cookies that help to understand, through data collected in anonymous and aggregate form, how users interact with the website by providing information relating to the sections visited, the time spent on the site, any malfunctions.

2 – Third party cookies

Through this site cookies managed by third parties are also installed.

For information relating to these third-party cookies and the management of consent, the appropriate links in the tables below are available.

Statistical and third-party audience measurement cookies

These cookies provide anonymous / aggregate information on how visitors navigate the site. Below are the links to the respective cookie policy pages to manage consent.

• Google
• Google Analytics: statistics system
• Analytical cookies
• privacy policy

Social media sharing cookies

These third-party cookies – if there are links on the site – are used to integrate some common features of the main social media and provide them within the site.

In particular, they allow registration and authentication on the site via Facebook, Instagram and Pinterest, sharing and comments of pages of the site on social networks.

Below are the links to the respective cookie policy pages to manage consent.

• Facebook
• social media
• privacy policy

• Instagram
• social media
• privacy policy

• Pinterest
• social media
• privacy policy

3 – Management of cookie preferences through the browser

If you are using Internet Explorer

In Internet Explorer, click on “Tools” and select “Internet Options”. In the Privacy tab, move the cursor up to block all cookies or down to allow all cookies, and then click OK.

If you are using the Firefox browser

Choose the “Tools” menu of the browser and select the “Options” menu. Click on the “Privacy” tab. In the “Retention rules” drop-down list, select the desired level. Check the box “Accept cookies” to enable cookies or remove the check to disable them. Choose how long cookies can be kept.

If you are using the Safari browser

Open “Preferences” and select “Privacy”. Check the “Block cookies” box.

If you are using the Google Chrome browser

Click on the Chrome menu in the browser toolbar. Select “Settings”. Click on “Show advanced settings”. In the “Privacy” section, click on “Content settings”. In the “Cookies” section, select “Block all sites from saving data” and then click OK.