Skip to content
Home » Privacy Policy

Privacy Policy

This privacy policy aims to provide all information regarding the processing of personal data carried out by Seobat S.r.l. when the user browses the website and purchases products through the site (as further detailed below).

  1. INTRODUCTION – WHO ARE WE?

Seobat S.r.l., with registered office in Via Antonio Pranzelores 87, 38121 – Trento (TN) – Italy, tax code and VAT number 02446620227 (hereinafter “Seobat” or the “Company”), owner of the website www.aurazenshop.com (hereinafter, the “Site”), as the data controller of the personal data of users who browse and purchase products from the Site (hereinafter, “Users”), provides this privacy notice pursuant to Art. 13 of EU Regulation 2016/679 of April 27, 2016 (hereinafter, “Regulation”, or “Applicable Regulation”).

  1. HOW TO CONTACT US?

The Data Controller highly values the right to privacy and the protection of personal data of its Users.

Users can contact the Data Controller at any time, using the following methods:

  • Sending a registered letter with acknowledgment of receipt to the registered office of the Data Controller at: Via Antonio Pranzelores 87, 38121 Trento (TN) – Italy
  • Sending an email to the address: [email protected]

Users can also contact the Data Protection Officer (DPO) of the Controller, whose contact details are provided below: the company Shibumi S.r.l. in the person of the designated Attorney Giulia Sala – email: [email protected]

  1. WHAT DO WE DO? – PURPOSE OF PROCESSING

By browsing the Site, the User can purchase products offered through an e-commerce platform present on the Site (hereinafter, “Service”).

In relation to the activities that can be carried out through the Site, the Data Controller collects personal data related to the Users.

This Site and the services possibly offered through the Site are reserved for individuals who have reached the age of eighteen. The Controller therefore does not collect personal data relating to persons under the age of 18. Upon Users’ request, the Controller will promptly delete all personal data unintentionally collected and related to persons under the age of 18.

The personal data of Users will be processed lawfully by the Controller for the following processing purposes:

  1. Contractual obligations and provision of the Service, to implement the Terms and Conditions that regulate the Service offered on the Site, which are accepted by the User at the time of purchase on the Site; comply with specific User requests. The user data collected by the Controller for this purpose include: name, surname, e-mail address, telephone number, full address, as well as all the User’s personal information possibly and voluntarily communicated by him. The User’s personal data will be used by the Controller solely to ascertain the User’s identity (also through validation of the email address), thus avoiding possible scams or abuses, allowing the execution of the Service (i.e., allowing the User to proceed with the purchase of the product/s through the platform), and contacting the User for service reasons only (e.g., sending communications related to the order status). Notwithstanding what is provided elsewhere in this privacy notice, under no circumstances will the Controller make the Users’ personal data accessible to other Users and/or third parties;

  2. administrative-accounting purposes, i.e., to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and activities necessary to fulfill contractual and pre-contractual obligations;

  3. legal obligations, i.e., to fulfill obligations required by law, by an authority, by a regulation or by the regulation, and to establish liability in the event of hypothetical computer crimes against the Site.

The provision of personal data for the processing purposes above is optional but necessary, as the failure to provide them will make it impossible for the User to use the Service.

  1. FURTHER PROCESSING PURPOSES

4.1. Newsletter

Some personal data of the User (i.e., name, surname, address, e-mail address) may also be processed by the Data Controller for the purpose of sending newsletters. Therefore, the User will receive a periodic newsletter from the Controller containing information related to promotions and news about products.

In case of lack of consent, the possibility to use the Service will not be in any way affected.

In case of consent, the User may at any time revoke it, making a request to the Data Controller in the manner indicated in the following paragraph 8.

The User can also easily object to further sending by clicking on the appropriate link to revoke consent, which is present in each e-mail containing the newsletter.

  1. LEGAL BASIS

Contractual obligations and service provision (as described by the previous paragraph 3, letter a): the legal basis consists of art. 6 paragraph 1 letter b) of the Regulation, namely the processing is necessary for the performance of a contract of which the User is a party or for the execution of pre-contractual measures adopted at the request of the same.

Administrative-accounting purposes (as described by the previous paragraph 3, letter b): the legal basis consists of art. 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures adopted at the request of the User.

Legal obligations (as described by the previous paragraph 3, letter c): the legal basis consists of art. 6, paragraph 1, letter c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Additional processing purposes: for the processing related to the activity of sending the newsletter, (as described by the previous paragraph 4.1), the legal basis consists of art. 6, paragraph 1, letter a) of the Regulation, or the provision by the interested party of consent to the processing of their personal data for one or more specific purposes. For this reason, the Data Controller asks the User for the provision of specific, free, and optional consent, to pursue this processing purpose.

  1. DATA PROCESSING METHODS AND RETENTION PERIOD

The Data Controller will process the Users’ personal data using manual and computer tools, with logics strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data itself.

With regard to the purposes outlined in the previous paragraph 3, the personal data of the Users will be kept for the strictly necessary times to carry out the primary purposes described, or in any case as necessary for the protection in civil matters of the interests of the Data Controller and the Users.

In the case referred to in paragraph 4.1, the personal data of the Users will be kept for the strictly necessary times to carry out the purposes outlined in the same and, in any case, as long as the User does not revoke his consent.

  1. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA

The User’s personal data may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Legislation and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate guarantees) of the Regulation.

The employees and/or collaborators of the Data Controller in charge of managing the Site may become aware of the Users’ personal data. These subjects, who have been instructed in this sense by the Data Controller pursuant to art. 29 of the Regulation, will process the Users’ data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Legislation.

Third parties may also become aware of the Users’ personal data, who may process personal data on behalf of the Data Controller as Data Processors pursuant to art. 28 of the Regulation, such as, for example, providers of IT and logistic services functional to the operation of the Owner’s Site, outsourcing or cloud computing service providers, professionals, and consultants.

The User has the right to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in the following paragraph 7.

  1. RIGHTS OF THE DATA SUBJECT

The User can exercise the rights guaranteed by the Applicable Legislation at any time, by contacting the Data Controller in the following ways:

  • Sending a registered letter with return receipt to the Data Controller’s legal address at: Via Antonio Pranzelores 87, 38121 Trento (TN) – Italy
  • Sending an email to the address: [email protected]

Users can also contact the Data Protection Officer (DPO) of the Data Controller, whose contact details are listed below: the company Shibumi S.r.l. in the person designated of Avv. Giulia Sala – e-mail: [email protected]

Under the Applicable Legislation, the User has the right to obtain the indication (i) of the origin of personal data; (ii) of the purposes and methods of processing; (iii) of the logic applied in case of processing carried out with the aid of electronic tools; (iv) of the identification details of the owner and the managers; (v) of the subjects or categories of subjects to whom the personal data can be communicated or who can learn about them as managers or agents.

In addition, the User has the right to obtain:

  • access, updating, rectification or, when interested, integration of data;
  • the cancellation, transformation into anonymous form or limitation of data processed in violation of the law, including those for which conservation is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  • the certification that the operations referred to in letters a) and b) have been made known, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

Moreover:

  • the right to revoke consent at any time, if the processing is based on his consent; (if applicable) the right to data portability (right to receive all personal data concerning him in a structured, commonly used and machine-readable format);
  • the right to object: i) in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection; ii) in whole or in part, to the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication; iii) if personal data are processed for direct marketing purposes, at any time, to the processing of data carried out for this purpose, including profiling to the extent that it is connected to such direct marketing.
  • if the User believes that the processing that concerns him violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where he usually resides, in the one where he works or in the one where the alleged violation occurred). The Italian Supervisory Authority is the Guarantor for the protection of personal data, based in Piazza Venezia, n. 11, 00187 – Rome (RM) (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all the links that can be viewed in this Notice, therefore whenever a link is not working and/or updated, the User acknowledges and accepts that he must always refer to the document and/or section of the websites referred to by such link.

 

en_USEN