INFORMATION IN ACCORDANCE WITH ART. 13 OF REG. (EU) NO. 2016/679 ("GPDR”)
This notice describes which of your personal data is collected by Carioca S.p.A. (hereinafter referred to as "us"), the purposes for this and how it is processed. You will also find the information necessary to exercise your rights under GDPR.
In general, we collect your data when you create an account on our online store https://carioca.com (hereinafter "Store"), when you buy products offered in the Store, when you send us email or you telephone us for having assistance or when you interact with us via our social pages on Facebook and Instagram (hereinafter "Social Pages"). You are hereby informed that the personal data collected during said procedures will be processed in order to respond to your requests, allow you to use the services offered by the Store through the private areas (for example, to process your orders and perform the tasks necessary to do this, including the transactions required for administrative and tax compliance and, at your request, to send newsletter and information) and to provide better services, marketing and support for you and other customers, as set out above.
1. Who processes your data: data controller
Carioca S.p.A., with registered offices at Settimo Torinese (10036 –TO) via Verga 40- ter, email@example.com C.F. 11133510013, is the data controller of your data processing (hereinafter, “Controller” or “Carioca”).
2. Which data we process - Type of data processed
Your contact and account data. We will retain the contact information you provide (for example, your first name, surname, address, email, country of residence, date of birth) when you create an account on the Store, purchase a product and/or take part in our competitions or promotions or when you contact us via our Social Pages, through public comments or private messages.
Your payment and invoicing data. We will retain the payment and invoicing data that you provide (for example, credit card number, postcode and address) when you purchase a product, for the purpose of managing your order and shipping the products. At your request, we can also retain the payment and invoicing data in order to make future purchases easier.
Website used data and activities on the Store. By using our website, you agree for us to process the data from your browser and the device you are using, as well as your IP address (this is the number that identifies a specific device on the internet and that is needed for your device to communicate with websites). We can analyze which site you have come from, what you have done and what you have not done on our website. To send you commercial information about our products and personalized proposals following your tastes, we can use your email address and your name, as well as your data about web surfing and about your behavior in the site to fully comprehend which products you are interested in as long as you have authorized previously those process.
3. Where we get your data - Data collection method
Directly from you. For example, if you register to make a purchase from the Store, create an account, take part in a competition, you also ask us a question via our Social Pages.
If you do not send us your data, you will not be able to register at the Store and will therefore be unable to purchase any products offered for sale.
Third party data provided directly by you. The possible indication (e.g., for the shipment of the product) of personal data and contact details of any third party other than you represents a processing of personal data with respect to which you are a data controller, thus assuming all the obligations and responsibilities provided for by current legislation on personal data. On this regard, you guarantee us that any data of third parties that will be indicated by you have been collected by you in full compliance with current legislation on personal data, and that there is an appropriate legal basis that allows the communication of such third party personal data to us, relieving them from any dispute, claim, request for compensation for damages from any third party resulting from the aforementioned communication that may be received by us.
4. Why and how long we process your data for - Purpose and legal basis for data processing; retention period
a) To supply products and services you have purchased and send you information about your order or your payment. For example, we will use your data to manage your order, confirm your purchase and manage any related services, such as shipping your purchased products. We cannot manage and process your order without your data.
The legal basis for this processing is the performance of the purchase agreement to which you are party from the moment you accept the Store's terms and conditions of sale.
The retention period for your data is equal to the period required to process the order.
Wherever you have created a Store account, the period will be necessary for your eventual order, the retention period will be as long as the activity of your account, which will be in any case dismissed after 24 months from the day of you last access or your last action on your account.
b)To allow you to create Store account. Carioca will use your personal data in order for you to create an account on the Store, whether you make a purchase on the Store or not.
The legal basis of such data processing is the performance of a contractual/pre-contractual request submitted by you.
The retention period of your data, in addition to what is necessary to process your order if any, shall be equal to the period of validity of your account, which shall be in any case deactivated after 24 months from your last access or from the last action taken by you in your account.
c) To provide you with the necessary after-sales support in accordance with the applicable product warranty laws. For example, we will use your data to provide you with support and to manage the return and/or repair of the products you have purchased from the Store, in accordance with the applicable laws and the Store’s terms and conditions of sale.
The legal basis for this processing is compliance with the legal requirements and the retention period is equal to the period required by law (in particular, by the Italian Consumer Code).
d) To correctly manage your billing status. We process your data for the accounting, administrative and tax purposes directly related to the Controller' business activities and required by the applicable laws.
The legal basis for this processing is compliance with the legal requirements and the retention period is equal to the period required by law (in particular, fiscal, money laundering, and banking and public security laws).
e) So that you can interact with our customers support staff. We may use your email address or phone number, as well as your name and/or postal address, to help you if you need support when using the products you purchased from the Store.
f) To update you on your shopping cart. We may process your personal data, in particular your email address, when you have created an account on the Store, to remind you that the shopping cart on the Store contains products.
The legal basis for such processing is the legitimate interest of Carioca to keep you updated about your shopping cart.
The retention period of your data for this purpose is for as long as it takes to send you the communication reminding you that your cart contains products, which will take place within 6 hours after you have left the cart without completing your purchase.
g) To update you on the availability of a product. Following your explicit request, Carioca will process your personal data in order to update you on the availability of the product you have requested in the Store.
The legal basis for this processing is the performance of a contractual/pre-contractual request by you.
The retention period of your data is equal to the period necessary to process the request.
h) To prevent or investigate illegal behavior or to protect and assert rights. For example, we may use your data to prevent the breach of our intellectual property rights (for example, counterfeiting of our and/or our partners' trademarks) or theft (including credit card cloning and thefts that we believe to have occurred during a competition, activity or event) or other illegal activities, as permitted by the applicable law.
The legal basis for this processing is the legitimate interest of the Controller.
The data retention period is equal to the time that is reasonably necessary to assert our rights from the point at which we become aware of the illegal behavior or the potential to commit illegal behavior.
i) To respond to your requests collected through the Store and Social Pages. For example, we will use your data to respond to your requests received by email or received through our Social Pages, either as public comments or as private messages.
The legal basis for this processing is the performance of a contract to which the data subject is party or the performance of pre-contractual obligations and the retention period is equal to the time necessary to comply with the data subject's requests.
l) To send our newsletter. Upon your consent, we may send you by email our newsletter, also following your subscription to the newsletter by entering your email address.
The legal basis for such data processing is your explicit consent which, as far as only the subscription to the newsletter is concerned, consists of entering your email address.
The retention period of your data is 24 months since consent was given.
m) To send commercial proposals and offer products which reflects your preferences. With your consent, we analyze your personal and usage data, we process your data such as your personal details, your Store usage data, your purchasing and consumption preferences for our products, or your different type of user, by means of automated processing, including profiling, in order to be able to send you personalised commercial communications and to understand your tastes so that we can improve our offer and make your shopping experience more personalised.
The legal basis for this processing is your explicit consent.
The retention period for your data is equal to 12 months since consent was given.
5. Nature of the provision of personal data
For the purposes of subparagraphs from a) to i) above, the provision of data is necessary to allow you to create an account, make purchases on the Store and receive other services on the website.
For the purposes of subparagraphs from l) to m), the provision of data is optional, a refusal will not cause any prejudice for the purposes of subparagraphs from a) to i). Data subject may withdraw his/her consent at any time, but this shall not affect the lawfulness of processing carried out based on consent before its withdrawal.
6. Where your data is processed – data transfer
Data will be processed and stored at Carioca’ offices as well as at the suppliers working site in the European Union and, if the guarantees provided under articles 45-47 of the GDPR are satisfied, outside the European Union. Exclusively with regard to the data collected on our Social Pages, this data will be stored on the aforementioned platforms, i.e. Facebook and Instagram, in accordance with their privacy policies, which we invite you to read.
7. Who we share your data with – personal data recipients
On the understanding that, where required by law, we will obtain your prior consent and carry out any formalities required by the law, we will share your data with the following third parties (acting as data processors):
Our service providers. We may share your data with third parties so that they can provide us with services (for example, suppliers of IT services for the management of the Store, suppliers of profiling services and compliance automation services, couriers and logistics companies) but in this case, we will enter into an agreement in compliance with Art. 28 GDPR to protect your data. These parties will only have possession of the data required to perform their functions and may use this data only for the purpose of providing services on our behalf or complying with the law. You can find out details of such data processors pursuant to Art. 28 GDPR by emailing firstname.lastname@example.org. Whenever these providers would operate outside the European Union, before communicating their personal data, they should satisfy the conditions provided in art.45-47 of the GDPR.
Where we deem it necessary for complying with our legal obligations or to protect legally third parties or ourselves. Where permitted or required by the law, we may also share the data requested by a government body or by another authorized third party or organization for the purpose of protecting or exercising our rights or those of third parties, or for the purpose of limiting or preventing fraud (including credit card fraud or other fraud that we believe may have occurred during a lottery, promotion or event) and other illegal activities.
Our Store is not aimed at under-18s, but rather at an adult audience. If you are a parent or guardian and you think your child may have transmitted data, you can contact us.
9. Security measures
We adopt the security measures required by the law.
We adopt security measures to protect your data. The standard security measures that we use depend on the type of data that we process and meet the legal requirements and the standards of European government agencies.
10. Your rights
You can contact Carioca to request access to your personal data, modify it, delete it or limit its processing, to oppose its processing, and to request the portability of your data; you can also withdraw your consent at any time (this will not prejudice the lawfulness of the processing on the basis of the consent granted prior to the withdrawal).
When you exercise your right of access, you have the right to know whether your data is currently being processed, what the purpose of the processing is, what categories of data are being processed, who the recipients of your data or categories of recipients are (and, if they reside in a third country, what guarantees this transfer is based on), the retention period for your data (or the criteria for determining the retention period), whether automated processing is being carried out (for example through profiling), what the reason for the processing is, and the origin of the data (when not initially collected by us).
You have the right to submit a complaint to the competent supervisory authority and, at any time, to ask the Controller for information about the data processors and parties that are authorized by the data controllers to process your data.
You can exercise your rights by contacting Carioca (either at the address indicated above or by emailing email@example.com).
You can also exercise your rights, in relation to the processing of personal data carried out through our Social Pages, by contacting Facebook or Instagram in accordance with their respective privacy policies.
In any case, you can modify or withdraw your consent using the Store's settings.
You can withdraw your consent to receiving marketing communications, including newsletters. To stop receiving marketing communications, you can access your account and change your choice or follow the instructions in the promotional message you receive. Alternatively, you can withdraw your consent by emailing one of the addresses stated above.
You can change your preferences regarding marketing emails and data processing through profiling by using the privacy settings in your account or by writing to one of the email addresses given above.
11. What happens if we change this policy
Version updated to 19/05/2022