Privacy Policy
1. USERS: BROWSING USERS
In accordance with Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes the processing of personal data of users who consult this website.
This information does not concern other websites, pages, or online services accessible via hypertext links, possibly published on the site but referring to resources outside the domain of the Owner.
It is specified that the privacy policy may be changed from time to time based on the activation of new services or following legal updates, so it is advisable to periodically check for any updates by consulting this policy.
2. DATA CONTROLLER
The data controller of personal data is Barberino LLC, with registered office at 520 Madison Ave, New York, NY 10022, United States.
Email address: info@barberinosworld.com
3. DATA PROTECTION OFFICER (DPO)
The Data Protection Officer (DPO) is Attorney Francesco Angelo Lorusso, with an office at Viale Monte Nero, No. 66, Milan, 20135. Email address: lorusso@legalelorusso.it
4. LEGAL BASIS FOR PROCESSING
Consent of the data subject, fulfillment of a contract of which the data subject is a party / performance of pre-contractual measures activated at the request of the data subject, and the pursuit of a legitimate interest are the legal bases that, depending on the data processing carried out on the site, will be applicable.
5. LOCATION OF DATA PROCESSING
The processing related to the web services of this site takes place in Italy and is managed at the data controller's premises and by other external processors, during operations of updating and maintenance. No data derived from the web service is disclosed. Personal data voluntarily provided by users submitting contact requests are used solely for the purpose of providing the requested service or performance, possibly through external service providers, always within the Italian territory.
6. TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING
Navigation data
The computer systems and software procedures used for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes:
- IP addresses or domain names of the computers and terminals used by users,
- URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources,
- Time of the request;
- Method used in submitting the request to the server;
- Size of the file obtained in response;
- Numeric code indicating the status of the response given by the server;
- Other parameters related to the user's operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- ascertaining responsibility in case of hypothetical computer crimes to the detriment of the site, for statistical purposes,
- improving the navigation and content of the site.
Data voluntarily provided by the user
The optional, explicit, and voluntary sending of messages to the contact addresses of the Owner, as well as the completion and submission of forms on the site,
involve the acquisition of contact data, as well as all personal data included in communications/completions necessary for:
- responding to any requests;
- conducting direct marketing;
- managing the online reservation service;
- managing user registration on the site;
- allowing access to the store and browsing the store as a logged-in user;
- allowing user account management;
- storing in the personal account data and information, such as, for example, personal data, order history, preferred delivery and/or billing addresses;
- allowing the placement of products in the cart and concluding the purchase contract through the store.
Cookies and other tracking systems
Data possibly acquired through cookies, and the methods for their management, are fully described in the "cookie policy" document, which we recommend checking.
7. DATA RETENTION PERIOD
In accordance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of the GDPR, the retention period for personal data is set for a period not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the times for the correct provision of necessary services.
8. OPTIONAL NATURE OF DATA PROVISION
Apart from what is specified for navigation data, the user is free to provide the personal data reported in the request forms. If the data are acquired by consent, the user has the right to revoke it at any time without affecting the lawfulness of the processing based on the consent given before the revocation.
9. PROCESSING METHODS
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect uses, and unauthorized access.
10. DATA RECIPIENTS
The recipients of the data collected following the consultation of the site are:
- third-party technical subjects, whose knowledge of the data is necessary for the performance of their web platform development and maintenance duties, designated by the Controller as data processors under Article 28 of the Regulation;
- personnel of the data controller specifically authorized.
11. RIGHTS OF THE DATA SUBJECTS
For residents within the EU, individuals to whom the personal data refer, pursuant to Articles 15-22 of the GDPR, have the right to:
- request confirmation of the existence or not of their personal data;
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and when possible, the retention period;
- obtain the rectification and erasure of data;
- obtain the limitation of processing;
- obtain data portability, i.e., receive them from a data controller, in a structured, commonly used, and machine-readable format, and transmit them to another data controller without hindrance;
- object to processing at any time, including in the case of processing for direct marketing purposes;
- object to an automated decision-making process relating to individuals, including profiling.
The data subject is also granted the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR.
To exercise their rights, data subjects can send a request to the contact details of the Data Controller indicated in this policy. Requests are made free of charge and processed by the Controller as quickly as possible, in any case within 30 days.
In accordance with Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes the processing of personal data of users who consult this website.
This information does not concern other websites, pages, or online services accessible via hypertext links, possibly published on the site but referring to resources outside the domain of the Owner.
It is specified that the privacy policy may be changed from time to time based on the activation of new services or following legal updates, so it is advisable to periodically check for any updates by consulting this policy.
2. DATA CONTROLLER
The data controller of personal data is Barberino LLC, with registered office at 520 Madison Ave, New York, NY 10022, United States.
Email address: info@barberinosworld.com
3. DATA PROTECTION OFFICER (DPO)
The Data Protection Officer (DPO) is Attorney Francesco Angelo Lorusso, with an office at Viale Monte Nero, No. 66, Milan, 20135. Email address: lorusso@legalelorusso.it
4. LEGAL BASIS FOR PROCESSING
Consent of the data subject, fulfillment of a contract of which the data subject is a party / performance of pre-contractual measures activated at the request of the data subject, and the pursuit of a legitimate interest are the legal bases that, depending on the data processing carried out on the site, will be applicable.
5. LOCATION OF DATA PROCESSING
The processing related to the web services of this site takes place in Italy and is managed at the data controller's premises and by other external processors, during operations of updating and maintenance. No data derived from the web service is disclosed. Personal data voluntarily provided by users submitting contact requests are used solely for the purpose of providing the requested service or performance, possibly through external service providers, always within the Italian territory.
6. TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING
Navigation data
The computer systems and software procedures used for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes:
- IP addresses or domain names of the computers and terminals used by users,
- URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources,
- Time of the request;
- Method used in submitting the request to the server;
- Size of the file obtained in response;
- Numeric code indicating the status of the response given by the server;
- Other parameters related to the user's operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtaining statistical information on the use of services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
- ascertaining responsibility in case of hypothetical computer crimes to the detriment of the site, for statistical purposes,
- improving the navigation and content of the site.
Data voluntarily provided by the user
The optional, explicit, and voluntary sending of messages to the contact addresses of the Owner, as well as the completion and submission of forms on the site,
involve the acquisition of contact data, as well as all personal data included in communications/completions necessary for:
- responding to any requests;
- conducting direct marketing;
- managing the online reservation service;
- managing user registration on the site;
- allowing access to the store and browsing the store as a logged-in user;
- allowing user account management;
- storing in the personal account data and information, such as, for example, personal data, order history, preferred delivery and/or billing addresses;
- allowing the placement of products in the cart and concluding the purchase contract through the store.
Cookies and other tracking systems
Data possibly acquired through cookies, and the methods for their management, are fully described in the "cookie policy" document, which we recommend checking.
7. DATA RETENTION PERIOD
In accordance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of the GDPR, the retention period for personal data is set for a period not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the times for the correct provision of necessary services.
8. OPTIONAL NATURE OF DATA PROVISION
Apart from what is specified for navigation data, the user is free to provide the personal data reported in the request forms. If the data are acquired by consent, the user has the right to revoke it at any time without affecting the lawfulness of the processing based on the consent given before the revocation.
9. PROCESSING METHODS
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect uses, and unauthorized access.
10. DATA RECIPIENTS
The recipients of the data collected following the consultation of the site are:
- third-party technical subjects, whose knowledge of the data is necessary for the performance of their web platform development and maintenance duties, designated by the Controller as data processors under Article 28 of the Regulation;
- personnel of the data controller specifically authorized.
11. RIGHTS OF THE DATA SUBJECTS
For residents within the EU, individuals to whom the personal data refer, pursuant to Articles 15-22 of the GDPR, have the right to:
- request confirmation of the existence or not of their personal data;
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and when possible, the retention period;
- obtain the rectification and erasure of data;
- obtain the limitation of processing;
- obtain data portability, i.e., receive them from a data controller, in a structured, commonly used, and machine-readable format, and transmit them to another data controller without hindrance;
- object to processing at any time, including in the case of processing for direct marketing purposes;
- object to an automated decision-making process relating to individuals, including profiling.
The data subject is also granted the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR.
To exercise their rights, data subjects can send a request to the contact details of the Data Controller indicated in this policy. Requests are made free of charge and processed by the Controller as quickly as possible, in any case within 30 days.