Data protection notice
We, the Garni Osannahöfl, hereby inform you in accordance with Article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) on the processing of person data concerning you (hereinafter referred to as “Your Data”) when you visit our webshop, which you reach at www.osannahoefl.it (hereinafter referred to as “Webshop”), or when you make a purchase in it.
The present notice does not concern other websites, including those to which we may refer by link. In fact, we have no influence on such third-party websites.
Data controller and contact details
We, the Garni Osannahöfl, are the data controller within the meaning of Article 4(7) GDPR as we determine the purposes and means of the processing of Your Data.
Our contact details are:
Garni Osannahöfl St. Josef am See 35 I-39052 Caldaro
Tel.: +39 0471960246 E-mail: email@example.com
Categories of data and purposes of the processing
The categories of data we process, and relevant purposes, depend on whether you (a) just visit our Webshop or (b) you also make a purchase.
Log data: If you visit our Webshop – as with any other website as well – your browser (e.g. Internet Explorer or Safari) automatically sends information to the server of our Webshop. Such information is temporarily stored in a server log file and therefore called log data. Log data may include, in particular, the IP address of your terminal equipment (e.g. computer, smartphone or tablet), the time stamp of access (date, time, time difference), the content of the request (specific page), the HTTP status code (e.g. “200” for a successful request), the amount of data sent (bytes) and information on the browser used and the operating system of your terminal equipment (e.g. Windows or iOS).
Log data may be processed for the following purposes: (i) for establishing a connection between your terminal equipment and our Webshop; (ii for evaluating system security and stability and for identifying errors; and (iii) for investigating abusive page accesses (e.g. DoS/DDoS attacks). Such processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) clearly resulting from the said purposes.
Data necessary for a purchase: If you wish to make a purchase in our Webshop, we process your first and last name, your e-mail address, your geographical address and delivery address as well as payment data. These data are necessary for the conclusion of a relevant contract and the processing of your order (e.g. for sending the confirmation of the order and delivering the goods) as well as for accounting and tax purposes. Such processing is necessary in order to take steps prior to entering into a contract or for the performance of a contract (Article 6(1)(b) GDPR). If you are an Italian customer and wish to receive an invoice, we are also legally obliged to process your fiscal code. Such processing is thus based on a legal obligation (Article 6(1)(c) GDPR in conjunction with Article 21 of the Italian Decree of the President of the Republic of 26 October 1972, no. 633).
The provision of these data – with the exception of your fiscal code – is thus a requirement necessary to enter into a contract. On the other hand, dhe provision of the fiscal code is, as described above, required by law if you are an Italian customer and wish to receive an invoice. If you do not provide us with your fiscal code, we can still conclude a contract with you, but we will not be able to issue an invoice.
We may also process Your Data if and to the extent that this is necessary for the establishment, exercise or defence of legal claims. Such processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) clearly resulting from the said purposes.
Recipients of your data
In the following we inform you to which categories of recipients Your Data can be disclosed if and to the extent this is necessary within the scope of the above-mentioned purposes:
Log data: Categories of recipients: (i) our employees who, under our direct authority, are authorised to process Your Data and subject to an obligation of confidentiality; (ii) our external IT service providers (e.g. hosting provider), acting as processors who are bound to us by a relevant processor agreement and subject to an obligation of confidentiality15; and (iii) our external advisers (e.g. IT advisers), who we have obliged to maintain confidentiality. Disclosures of Your Data to such recipients are also based on our overriding legitimate interests (Article 6(a)(f) GDPR) in efficient business management.
Data necessary for a purchase: Categories of recipients: (i) our employees who, under our direct authority, are authorised to process Your Data and subject to an obligation of confidentiality; (ii) our external IT service providers (e.g. hosting provider), acting as processors who are bound to us by a relevant processor agreement and subject to an obligation of confidentiality; (iii) our external advisers (e.g. IT- and tax advisers), who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and (iv) other external service providers (e.g. postal and shipping service providers), who are typically used in online trading. Disclosures of Your Data to such recipients are also based on our overriding legitimate interests (Article 6(a)(f) GDPR) in efficient business management. Moreover, if you are a foreign private customer or if, as described in point 3(b) above, you are an Italian private customer and wish to receive an invoice, we are legally obliged to send the invoice data to the Revenue Agency. This is thus based on a legal obligation (Article 6(1)(c) GDPR in conjunction with Article 1(3) or 1(3-bis) of the Italian Legislative Decree of 5 August 2015, no. 127).
If the processing of Your Data becomes necessary for the establishment, exercise or defence of legal claims, Your Data can typically also be disclosed, in particular, to lawyers, experts and judicial authorities.
No transfer to third countries or international organisations
We do not intend to transfer Your Data to a third country (e.g. USA or China) or international organisations.
No automated individual decision-making
You are not subject to a decision based solely on automated processing, including profiling, within the meaning of Article 22(1) GDPR.
A distinction has to be made between the different categories of data also with regard to the period for which Your Data will be stored:
Log data: These data are automatically deleted after 7 days, unless a security incident occurs (e.g. a DOS or DDoS attack). In this latter case the log data will be stored until we have resolved the incident. If legal claims are established, exercised or defended in this connection, the further retention is determined by relevant prescription periods.
Data necessary for a purchase: These data are, first of all, stored until the sales contract has been fully performed. Further storage will then be depend on the relevant accounting and tax retention periods and will thus be based on legal obligations (Article 6(1)(c) GDPR in conjunction with Article 2220 of the Italian Civil Code, Article 39(2) of the Italian Decree of the President of the Republic of 26 October 1972, no. 633 and the Italian Legislative Decree of 7 March 2005, no. 82 in conjunction with the Italian Ministerial Decree of 17 June 2014).20 Moreover, any further storage is subject to prescription periods if legal claims are to be, in this connection, established, exercised or defended. This processing is based on our overriding legitimate interests (article 6(1)(f) GDPR) resulting from the said purposes.
The transmission of information over the internet is, unfortunately, never completely secure. However, we protect our Webshop against data breaches through appropriate technical and organisational measures. In particular, data in our Webshop is transmitted in encrypted form. For such purposes, we use the cryptographic protocol SSL (Secure Sockets Layer) and TLS (Transport Layer Security).
Your legal rights
We are required to mention the following rights under the GDPR:
Access: Subject to the conditions of Article 15 GDPR, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where this is the case, you have the right to obtain the information listed in the said provision and a copy of Your Data.
Rectification: Subject to the conditions of Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate data and to have incomplete data completed.
Erasure: Subject to the conditions of Article 17 GDPR, you have the right to obtain from us the erasure of Your Data without undue delay. Such “right to be forgotten” shall not apply to the extent that processing is necessary, for example, for the establishment, exercise or defence of legal claims.
Restriction: Subject to the conditions of Article 18 GDPR, you have the right to obtain from us restriction of processing where one of the prerequisites set forth in the said provision are met. Such a prerequisite is met, for example, where you contest the accuracy of Your Data. In this case, restriction can be obtained for a period enabling us to verify the accuracy of the data.
Data portability: Subject to the conditions of Article 20 GDPR, you have the right to receive Your Data in a structured, commonly used and machinereadable format and to have the them transmitted directly to another controller, where technically feasible.
Objection: Where Your Data is processed based on our legitimate interests (Article 6(1)(f) GDPR) and subject to the conditions of Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of Your Data. Where the legal requirements are met, we will then no longer process Your Data.
You can exercise these rights by sending us a relevant e-mail to firstname.lastname@example.org. Please note, however, that further restrictions and possibly an exclusion of these rights may result from the GDPR itself.
Moreover, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Your Data infringes the GDPR (Article 77 GDPR).
The lead supervisory authority competent for us is:
Garante per la protezione dei dati personali Piazza Venezia n. 11 00187 Roma https://www.garanteprivacy.it/
Changes to this notice
We may change this notice at any time with effect for the future. This may occur, for example, as a result of the further development of data protection law (also in light of new court rulings) or a change in our processing activities.
What are Cookies?
Cookies are small text files that are stored in your terminal equipment (e.g. computer, smartphone or tablet). A cookie provides the party that has set the cookie with certain information, which can vary greatly depending on the cookie. Certain cookies, in fact, only enable certain functionality of a given website, while other cookies enable an analysis of the user’s surfing behaviour beyond that given website for marketing or even political purposes.
What cookies are being used?
On our website www.osannahoefl.com, we only use the technical cookies described in the following table, which do not require consent or a cookie banner:
The Site uses only “technical” cookies, such as navigation or browser cookies, functional cookies and analytical cookies.
Navigation or browser cookies
Navigation or browser cookies are set. These guarantee the normal navigation and use of the website, i.e. navigation within the site becomes more functional and optimized.
In addition, so-called functional cookies are placed. These are absolutely necessary in order to provide the services expressly requested by the user.
Finally, analytical cookies are envisaged, used exclusively by the website operator and are used to collect aggregate and anonymous information on the number of visitors and the pages they have visited.
Third party cookies
For the third-party cookies: from Google Analytics, the user can check the information letter and the request for consent at the following links: https://support.google.com/analytics/answer/6004245
Cookies for analysis of third party services
These cookies are used to collect information about the use of the website by anonymous users: pages called up, time spent on the site, origin of website visitors, geographical origin, age, gender and preferences for targeted marketing campaigns. These cookies are sent from third party domains outside the Site.
Cookies to supplement third-party products and software features
These cookies supplement features developed by third parties within the Site, such as icons and preferences provided on social networks to share a site’s content or use third-party software services (such as software to create custom maps or other software that provides additional services). These cookies are sent from third-party domains and from partner sites that offer their functions within the Site.
These are cookies that are sent by third parties through the Site and are used to create user profiles with a view to the subsequent delivery of user-specific advertising messages by the same third party.