Privacy Policy

of www.otticastrologo.com
(Privacy Policy Statement under art. 13 of EU Regulation 2016/679)



Data Controller

The Data Controller of your Personal Data is: 

Astrologo Ottica S.r.l. (hereinafter referred to as "Company") 

VAT identification number: 08808411006 

Address: Via della Fontanella di Borghese, 25/26 - 00186 Rome, Italy 

Website www.otticastrologo.com (hereinafter referred to as "Website") 

Email address: info@otticastrologo.com



This Privacy Policy Statement:

• relates to the website www.otticastrologo.com, as well as for any existing or eventual Astrologo Ottica application for Android and iOS mobile devices;

• is an integral part of the Website and the Services offered by the Company;

• is made pursuant to art. 13 of EU Regulation 679/2016 (hereinafter referred to as "Regulation") for the Users who interact with the Website Services.

Astrologo Ottica S.r.l. is a company that specializes in the sale of sunglasses, optical frames and ophthalmic lenses. Astrologo Ottica, as Data Controller in accordance with the Regulation, will process your Data on the basis of principles of correctness, lawfulness, transparency, limitation of purpose and retention, minimization and accuracy, integrity and confidentiality, as well as the principle of accountability pursuant to art. 5 of the Regulation. Your Personal Data will therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations set out therein.



Types of collected Data 

The Personal Data collected by the Website, by itself or through third parties, include: name, surname, gender, date of birth, telephone number, address, postal code, country, region, city, email, VAT number, Tax Code, User ID, cookies and Usage Data, and various types of Data.

Full information regarding each type of Data collected is provided in the dedicated sections of this Privacy Policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be provided by the User personally or, in the case of Usage Data, collected automatically during use of the Website. Unless otherwise specified, all the Data requested by the Website are mandatory. If the User refuses to communicate them, it may be impossible for the Website to provide the Service. In cases where the Website indicates some Data as optional, Users are free not to communicate these Data without consequences to the availability or the functioning of the Website. In case of doubts about which Data are mandatory, Users are welcome to contact the Owner of the Website. Any use of cookies - or of other tracking tools - by the Website or third-party service providers used by the Website, unless otherwise specified, is intended to provide the Service requested by the User, in addition to any other purposes described in present Privacy Policy Statement and in the cookies Policy.



Personal Data processing

Personal Data processing implies any operation or set of operations, performed with or without the implication of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, usage, communication by transmission, diffusion or any other form of providing availability, comparison or interconnection, limitation, cancellation or destruction. We inform you that the Personal Data subject to processing may consist of textual information, photographic or video images and any other information suitable to make the Data Subject identified or identifiable, depending on the type of Service requested.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared via the Website and guarantees to have the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.



a. Navigation Data

The computer systems and software procedures used to operate the Website collect, during their normal operation, the Personal Data, which is implicitly transmitted via the use of Internet communication protocols. 

This information is not collected in order to be associated with identified Data Users, but, by its very nature, and if processed and integrated with third-party Data, can make User’s identification possible. 

 This category of Data includes IP addresses or domain names of the computers used by Users that connect to the Website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the User's operating environment. These Data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The Data could be used to ascertain responsibility in case of hypothetical computer crimes against the Data Controller or third parties.



b. Personal Data provided voluntarily by the User

The User submits their Personal Data to the Data Controller by filling in Forms proposed online on the Website. The Forms require different types of mandatory Data depending on the provision of the requested Service and related legal obligations, especially in the tax area. This Privacy Policy is also intended for the processing of any additional Data voluntarily provided by the User. In this regard, the User is advised not to enter into the Form the information that may fall within the number of particular categories of Personal Data referred to in art. 9 of the Regulation, unless explicitly requested (see letter e –"special categories of Data"). 



c. Third-party Personal Data provided voluntarily by the User

When using particular Services of the Website, the User is allowed to communicate to the Data Controller the Personal Data that belong to third parties. In respect of such Data, The User is regarded as the independent Data controller, assuming all the legal obligations and responsibilities. In this sense, the User is intended to be held accountable for any consequences that may lead to dispute, claim, request for compensation of damage, etc. which may arise from the processing of these Personal Data, initiated by the third parties whose Personal Data have been processed through the use of the Website in violation of the applicable rules on Personal Data protection.

In any case, if you provide or in any other way process Personal Data of third parties using the Website, you henceforth guarantee, assuming all related responsibilities, that this specific processing is grounded on an appropriate legal basis and on the prior acquisition - on your part - of the consent of the third party to the processing of the Personal Data concerning them.



d. Data processed in interaction with social networks

Your registration on the Website can also be carried out through the transmission of the related Data by another Data controller (e.g. Facebook, Google, etc.). For example, by simply clicking on the "Sign in with Facebook" button, the latter will automatically send some of your Data, specified in the "pop-up" window, and you will not need to fill in other Forms on your part.



e. Special categories of Personal Data

The Data Controller may process special categories of Data, if such processing is necessary for the provision of the Service and has been previously and expressly authorized by the Personal Data Subject.



f. Geolocation

Among the Services offered, there is the possibility for the User to view their geographical position (transmitted, by prior consent, from the User's device to the Website) on a map on which the geographically closest points of sale are displayed. This location Data are not transmitted or made accessible outside the User's device. The Company therefore does not perform any processing of these Data. Otherwise, the Company, with your explicit authorization, may process the Data relating to your location in order to provide the Services. The User can deny the access of the Website to their location Data at any time in the settings of their device.



g. Cookies

The information on cookies used by the Website is available at the following link: https://www.otticastrologo.com/it/Cookies-8



Method and location of collected Data processing

Methods of processing

The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The Data Processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. Apart from the Data Controller, in some cases, other parties involved in the organization of the Website (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal carriers, hosting providers, IT companies, communication agencies) may have access to the Data and process the Data on behalf of the Data Controller acting in the quality of Data Processors. The updated list of the Data Processors can be requested from the Data Controller at any time.



Legal basis of processing

The Data Controller processes the Personal Data relating to the User if one of the following applies:



  •  the User has given consent for one or more specific purposes; Note: in some legislations the Data Controller may be allowed to process Personal Data without the User's consent or pursuant to any of the legal bases specified below, as long as the User does not object ("opt-out") to this processing. This, however, does not apply, whenever the processing of Personal Data is subject to European Data protection law;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is however always possible to ask the Data Controller to clarify the concrete legal basis of each processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.



Location of processing

The Data are processed at the operating offices of the Data Controller and in any other place where the parties involved in the processing are located. The User's Personal Data may be transferred to a country other than that in which the User is located. For further information on the processing location, the User can refer to the section containing the details of Personal Data processing or contact the Data Controller.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or consisting of two or more countries, such as the UN, as well as the right to obtain information about the security measures taken by the Data Controller to protect the Data. If any such transfer takes place, Users can find out more referring to the section of this Privacy Policy Statement concerning the processing of Personal Data or requesting information from the Data Controller by contacting the latter using the contact information provided in the contact section.



Personal Data transfers

Some of your Personal Data may be shared with recipients outside the European Economic Area. The Data Controller ensures that the processing of your Personal Data by these recipients takes place in compliance with the Regulation. In legal terms, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission pursuant to the provisions of Articles 45 and 46 of the Regulation.



Personal Data Retention period

The Data are processed and stored for as long as required by the purposes for which they were collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the legitimate interests of the Data Controller shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this Privacy Policy Statement or by contacting the Data Controller.

When the processing is based on the consent of the User, the Data Controller may retain the Personal Data for a longer time until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or an order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to Data portability cannot be enforced after expiration of the retention period.



The purposes of collected Data processing 

The Data concerning the User is collected to allow the Data Controller to provide the Services, as well as for the following purposes:



1. Contacting the User

By filling out the contact form with their Data, the User authorizes this Website to use these Data o reply to requests for information, provide estimate of costs or any other kind of request as indicated by the form’s header.

Personal Data collected: name, surname, gender, date of birth, telephone number, address, postal code, country, province, city, email, VAT number, Tax Code, User ID, and various types of Data.



2. Interaction with social networks and external platforms

This type of service allows interaction with social networks, or other external platforms directly from the pages of the Website. The interactions and the information are in any case subject to the User's privacy settings for each social network. The social network interaction service might still collect web traffic Data for the pages where the service is installed, even when Users do not use it.



a) Like button and Facebook social widgets (Facebook, Inc.)

The "Like" button and Facebook social widgets are services allowing interaction with the Facebook social network, provided by Facebook, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Facebook, Inc Privacy Policy). Privacy Shield participant.



b) Tweet button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are services allowing interaction with the Twitter social network, provided by Twitter, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Twitter, Inc Privacy Policy). Privacy Shield participant.



c) Like button and VK social widgets (VKontakte Ltd)

The "Like" button and VK social widgets are services allowing interaction with the VK social network, provided by VKontakte Ltd.

Personal Data collected: Cookies and Usage Data.

Place of processing: Russia (see: VKontakte Ltd Privacy Policy).



d) Foursquare button and Foursquare social widgets (Foursquare Labs, Inc.)

The Foursquare button and Foursquare social widgets are services allowing interaction with the Foursquare social network, provided by Foursquare Labs, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Foursquare Labs, Inc Privacy Policy). Privacy Shield participant.



e) Google + button and Google + social widgets (Google Inc.)

The Google + button and Google + social widgets are services allowing interaction with the Google + social network, provided by Google Inc

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Google Inc Privacy Policy). Privacy Shield participant.



f) Pinterest button and Pinterest social widgets (Cold Brew Labs, Inc.)

The Pinterest button and Pinterest social widgets are services allowing interaction with the Pinterest social network, provided by Cold Brew Labs, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Cold Brew Labs, Inc Privacy Policy). Privacy Shield participant.



g) Yelp button and Yelp social widgets (Yelp, Inc.)

The Yelp button and Yelp social widgets are services allowing interaction with the Yelp social network, provided by Yelp, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Yelp, Inc Privacy Policy). Privacy Shield participant.



h) Instagram button and Instagram social widgets (Instagram, Inc.)

The Instagram button and Instagram social widgets are services allowing interaction with the Instagram social network, provided by Instagram, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States (see: Instagram, Inc Privacy Policy).



Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this Privacy Policy Statement.


The rights of the Users

Users may exercise certain rights regarding their Data processed by the Data Controller.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw the previously given consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than that of the consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Data Controller, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for the Data to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
  • Receive their Data and have them transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data are processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent Data protection authority.



Details on the right to object to processing

When Personal Data is processed for a public interest, in the exercise of an official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Data Controller is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this Privacy Policy Statement.



How to exercise these rights

Any requests to exercise Users’ rights can be directed to the Data Controller through the contact details provided in this Privacy Policy Statement. These requests can be exercised free of charge and will be addressed by the Data Controller as early as possible and always within one month.



Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Data Controller in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.



Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.



System logs and maintenance

For operation and maintenance purposes, this Website and its third-party services may collect files that record interaction with this Website (System logs) that may contain Personal Data (such as the User’s IP Address).



Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document or in the Contacts section.



How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests.

To determine whether any of the third-party services supports “Do Not Track” requests, the User is invited to consult their privacy policies.



Changes to this privacy policy statement

The Data Controller reserves the right to make changes to this Privacy Policy Statement or update it, in part or completely, also due to changes in the applicable legislation. The Data Controller will inform the User of such changes as soon as they are introduced, and they will become effective as soon as they are posted on the Website. The Data Controller invites the User to visit this section regularly to make sure that they are aware of the most recent and updated version of the Privacy Policy Statement in order to be always informed about the updates in the Data collection and how the Data are used by the Company.

Should the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.



Contacts

To exercise the rights referred to in this Privacy Policy Statement, the User may contact the Data Controller (Owner) : Astrologo Ottica Srl, Via della Fontanella di Borghese, 25/26 - 00186 Rome (RM), Italy. For any information concerning the processing of your Personal Data and the exercise of your rights you can contact the Data Protection Officer (DPO) at the following e-mail address: privacy@otticastrologo.com



Definitions and legal references

Personal Data (or Data)

Personal Data refers to any information that, directly or indirectly, or in connection with any other information, including a personal identification number, allows for the identification or identifiability of a natural person.



Usage Data

Usage Data is the information collected automatically through the Website (or third-party services employed in this Website), which can include: IP addresses or domain names of the computers used by the User that connects to the Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response from the server (success, error, etc.), the country of origin, the features of the browser and the operating system used by the User, the various time details of the visit (e.g. the time spent on each page within the Website) and the details of the route followed within the Website, with special reference to the sequence of the pages visited, and other parameters related to the operating system and the IT environment of the User.



User

The individual using the Website who, unless otherwise specified, coincides with the Data User.



Data User (or Data Subject)

Data User is an identifiable natural person to whom the Personal Data refers. Data User is one who can be identified, directly or indirectly, in particular by reference to an identifier.



Data Processor (or Data Supervisor)

The natural person, legal person, public authority or any other entity that processes Personal Data on behalf of the Data Controller, as set out in this privacy policy.



Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.



Website

The hardware or software tool by means of which the Personal Data of Users are collected and processed.



Service

The service provided by this Website as described in the relative terms (if any) on this Website.



European Union (or EU)

Unless otherwise specified, any reference to the European Union made within this Privacy Policy Statement shall be extended to all current member states of the European Union and the European Economic Area.



Cookies

Small sets of Data stored in the User's device.



Legal references

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).