Privacy Policy

With this notice, drafted in accordance with Article 13 of the EU Regulation 2016/679, hereinafter also referred to as GDPR (General Data Protection Regulation), taking into account also the Italian Legislative Decree 196/2003 as amended by the Italian Legislative Decree 101/2018, we would like to inform you about the processing of data carried out by us (hereinafter, also referred to as "data subject") on the website https://www.evotech-rc.it/ (hereinafter also referred to as the "Site").

1. Data controller
   

   The data controller for processing activities is Seventyone Srl with registered office in Italy, Castel Ivano (TN) Via Colle Nr. 22, ph: +39 0461-780184, e-mail: info@evotech-rc.it, VAT Number IT02726580224, Italian REA Nr. TN-245520.

   The e-mail address of the internal representative for matters relating to the processing of personal data is info@evotech-rc.it.

2. Types of Data Processed
   The data we process are the following:
   1. Navigation Data: The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This type of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/ URL addresses (Uniform Resource Identifier/Locator) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. These data, necessary for the use of web services, are also processed for the following purposes:
      1. to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
      2. to check the correct functioning of the services offered.
      For more specific information, please refer to our Cookie Policy.
   2. Personal Data (Name, surname, residence or domicile);
   3. Contact details (E-mail and/or phone number);
   4. Tax details (Italian Tax Identification Number and VAT Number, billing address, and Italian PEC) and Payment data (credit cards, bank details);
   5. Contents of messages voluntarily sent via e-mail, WhatsApp, or via the contact form on the website;
   6. For the newsletter, the software that enables the mass mailing collects data on the e-mails viewed, the day and time of opening, as well as the number of clicks on links.
3. Purpose of Processing and Legal Basis
   Processing is conducted manually, by computer and telematic means exclusively for the following purposes:
   • In order to respond to requests for information from the data subject (received via e-mail, WhatsApp or via the contact form on the site).
     For this purpose, the following data are used: name, surname, e-mail address and/or phone number, as well as data relating to the formulation of the request.
     The legal basis for this processing is the execution of pre-contractual measures requested by the data subject according to Art. 6(b) GDPR.
   • In order to register in the reserved area
     For this purpose, personal data (name and surname, nationality) and contact information (e-mail or phone number), as well as tax details (Italian Tax Identification Number, VAT Number, Italian SDI Number) and date of birth (to verify the correctness of the Italian Tax Identification Number) of customers or users are used.
     The legal basis for this processing is the data subject's consent according to Art. 6(a) GDPR.
   • In order to
     For this purpose, the data shared by the chosen payment platform or credit institution is used.
     These data include customer's personal information (name, surname, address) and contact details (e-mail and phone number).
     The legal basis for this processing is the execution of a contract to which the data subject is a party according to Art. 6(b) GDPR.
   • In order to sell products online
     For this purpose, the following data are processed: name, surname or company name, residence (domicile) and/or shipping address, Italian Tax Identification Number, VAT Number, Italian PEC, e-mail address.
     The legal basis for this processing is the execution of a contract to which the data subject is a part according to Art. 6(b) GDPR.
   • In order to conclude contracts via WhatsApp chat
     For these purposes, the following data are processed: name, surname, residence and shipping address, Italian Tax Identification Number, phone number, e-mail.
     The legal basis for this processing is the execution of a contract to which the data subject is a part according to Art. 6(b) GDPR.
   • In order for the user to subscribe to our newsletter (which consists of sending periodic informative e-mails with information on new products, special initiatives, discounts and promotions).
     For this purpose, the following data are processed: name and e-mail address.
     The legal basis for this processing is the data subject's consent according to Art. 6(a) GDPR.
   • In order to receive payments
     The data processed for this purpose include e-mail address, name and surname of the data subject, as well as details related to the bank account or PayPal account.
     The legal basis for this processing is the execution of a contract to which the data subject is a part according to Art. 6(b) GDPR.
   • In order to issue fiscal documents relating to the sale of products.
     For this purpose, billing data is used, including personal information and tax details (billing address, Italian Tax Identification Number, VAT Number, Italian PEC).
     The legal basis for this processing is the compliance with a legal obligation to which the data controller is subject pursuant to Art. 6(c) GDPR.
   • In the event of an abandoned cart
     For this purpose, a reminder e-mail is sent to the registered user to notify him of an unsuccessful order.
     The processed data includes name, surname, and e-mail address.
     The legal basis for this processing is the execution of pre-contractual measures requested by the data subject according to Art. 6(b) GDPR.
   • In order to take an action or defend rights in court in the event of pre-litigation or litigation situations.
     The processed data depends on the specific situation.
     The legal basis is the need to pursue a legitimate interest of the data controller, according to Art. 6(f) GDPR.
   • In order to carry out profiling, analytics, and marketing actions.
     For this purpose, data relating to the user's navigation and data relating to the pages visited are used.
     The legal basis is the consent, according to Art. 6(a) GDPR.
     For more information about this processing, please refer to our Cookie Policy.
   • In order to send commercial communications to customers (Soft Spam art. 130, para. 4 Italian Privacy Code).
     For those who are already our customers, we may use the e-mail address provided at the time of purchase to send commercial or promotional communications regarding products similar to those already purchased.
     The legal basis for this processing is the legitimate interest of the data controller, according to Art. 6(f) GDPR. In this case, the data subject can object to such communications at any time by unsubscribing via the link in the message footer or by responding to the received e-mail requesting to stop the communications.
4. Data processing methods
   The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, for the above-mentioned purposes, both on paper and on computer/telematic media, by means of electronic and/or automated tools, in compliance with the regulations in force and in accordance with the principles of correctness, lawfulness, transparency, and protection of the rights of the data subject. This is done by aiming to protect them by design and by default, through the adoption of technical and organisational security measures that guarantee a level of security appropriate to the risk. The processing is conducted directly by the organisation of the data controller, by its data processors pursuant to Article 28 GDPR and by designated internal subjects.
5. Mandatory or optional nature of data provision and consequences of refusal
   The requested data must be mandatory provided for the conclusion and execution of the contractual relationship or for the exercise of the legitimate interest of the data controller. Therefore, any refusal, even partial, to provide such data would make it impossible for the data controller to establish and manage the relationship.
   In all other cases, providing information is optional.
6. Data recipients
   Personal data may be communicated, to the extent strictly pertinent to the above-mentioned obligations, for the duties and purposes set out above and in compliance with the relevant legislation, to the following categories of subjects:
   • subjects to whom such communication must be made in order to fulfil or require the fulfilment of specific contractual obligations, or obligations provided for by laws, regulations and/or EU legislation.
   • external individuals and/or legal entities that provide services instrumental to the data controller's activities for the above purposes (e.g. business partners, suppliers, consultants, companies, entities, and professional offices). These parties will function as data controllers pursuant to Article 28 GDPR or as autonomous data controllers.
   • in-house individuals who are employed by the data controller. These individuals operate on the specific instructions of the data controller and are specifically appointed as data processors.
   Personal data will not be disclosed in any way unless explicit consent is given or unless the data subject requests it in writing. At any time and using the e-mail address already indicated, the data subject may request a list of the individuals appointed as data processors.
7. Personal data retention period
   Personal data will be stored for as long as necessary to perform the contract concluded with the data controller, at the end of which the data will be retained for the purpose of fulfilling legal obligations and for the storage of administrative documents in accordance with the applicable law.
   As for the newsletter subscription, the mailings will continue until the interested party revokes consent. In the event of withdrawal, the data will be moved to a special list, dedicated to revoked consents, and will be deleted within a maximum of six months, unless their retention is necessary for other purposes and/or for different and additional legal grounds. In the event that a user does not read any e-mails for a consecutive period of six months, the data controller may delete their data from the list, at its sole discretion, or after sending an e-mail asking whether or not interest in receiving the e-mails persists. In the event of a negative response or no response, the data will be deleted within the period indicated in the e-mail.
   As for sending commercial e-mails to customers, these will continue until the person concerned revokes their consent.
   As for e-mail or WhatsApp enquiries, they will be deleted within six months after the end of the exchange, unless a further retention period is required based on other purposes and/or legal grounds (e.g. if the exchange is followed by a purchase).
   In the event of registration in the reserved area, the data will be retained until the data subject revokes it and will in any case be deleted independently by the data controller after ten years from the last order placed, unless a longer retention period is required for further purposes and/or legal grounds.
   In the event of litigation, personal data will be retained until the litigation is resolved, in whatever state and at whatever level.
8. Data transfer
   All personal data are stored on servers located within the European Union. It is in any case understood that the data controller may transfer some data outside the EU if necessary. In such case, the data controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal regulations, in countries with an Adequacy Decision by the EU Commission or in the presence of the Safeguards required by Art. 44 et seq. of the GDPR.
9. Rights of the data subject
   According to the European Regulation, the data subject may request at any time the following from the data controller:
   • request access to their personal data (i.e. to know whether and what personal data we hold about you);
   • request the correction of inaccurate data or the integration of incomplete data (if any of the data of the interested party has changed);
   • request the deletion of personal data (in case of the occurrence of one of the conditions set out in Article 17(1) of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same Article);
   • request the limitation of the processing of your personal data, if one of the cases indicated in Article 18(1) of the GDPR occurs;
   • object to the processing (e.g. for mailing commercial communications to customers);
   • request and obtain personal data in a structured, machine-readable format, also in order to communicate such data to a different data controller (right to portability);
   • withdraw your consent at any time, limited to cases where the processing is based on consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or place of residence). Processing based on consent and conducted prior to the withdrawal of consent retains, however, its lawfulness;
   • The above-mentioned rights with regard to personal data relating to deceased individuals may be exercised by any person who has an interest of his own, or is acting on behalf of the data subject, in his capacity as his representative, or for family reasons worthy of protection, unless the data subject has expressly forbidden this in a written declaration submitted to or communicated to the data controller.
   • File a complaint to the control authority (Italian Data Protection Authority – www.garanteprivacy.it).
   To enforce the above rights, the interested party may write an e-mail to info@evotech-rc.it.
10. Data security guarantees
    No computer system can be considered to be 100% secure. However, the data controller takes all the appropriate measures to ensure data security and avert the risk of data breaches (i.e. a breach of security, whether accidental or intentional, involving the destruction, loss, alteration, unauthorised disclosure as well as access to personal data transmitted, stored or otherwise processed). The data controller does this by scrupulously observing strict technical and organisational measures to minimise risk. These measures are reviewed and updated periodically.
    • I have read the privacy policy and consent to the processing of my personal data in order to receive periodic promotional newsletters.
    • I have read the privacy policy and consent to the processing of my personal data in order to create the user reserved area.