Privacy Policy en

Privacy Policy Xcelle

• xcelle.it
  This Site collects some Personal Data from its Users.

Data Controller
The Data Controller is D.V. GROUP S.r.l., Via Piante di Cesareo, snc – 84025 Eboli (Salerno), contactable at email address info@delvecchiogroup.com or phone number 0828 030656.
D.V. GROUP S.r.l. guarantees compliance with the discipline regarding the protection of personal data pursuant to “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” (hereinafter “GDPR”).

This Privacy Policy:
– is intended for the website xcelle.it (hereinafter “Site”)
– constitutes an integral part of the Site and the services we offer;
– is provided pursuant to art. 13 of the Regulation to those who interact with the services/products of the Site.

D.P.O. Contact Details

The controller is not required to appoint a D.P.O.

Types of Data Collected

Among the Personal Data collected by this Site, independently or through third parties, there are:

• Data collected automatically. The IT systems and software applications dedicated to the operation of this website detect, during their normal operation, some data (whose transmission is implicit in the use of Internet communication protocols) potentially associated with identifiable users. Among the data collected are IP addresses and domain names of computers used by users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, time of request, method used to submit the request to the server, size of file obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters concerning the operating system, browser and IT environment used by the user. This data is processed, for the time strictly necessary, solely for the purpose of obtaining statistical information on site usage and to monitor its proper functioning. The provision of such data is mandatory as it is directly connected to the web browsing experience.
• Data voluntarily provided by the user. The voluntary and explicit sending of email to the addresses indicated in the different access channels of this site does not require consent and the possible completion of specifically prepared forms involves the subsequent acquisition of the address and data of the sender/user, necessary to respond to the requests made and/or provide the requested service. The voluntary sending of emails to our email addresses does not require additional information or consent requests. On the contrary, specific summary information will be reported or displayed on the site pages prepared for particular services on request (forms). The user must therefore explicitly consent to the use of the data reported in these forms in order to send the request.
• Cookies. The site uses cookies. Data collected through cookies can be used to access parts of the site or for statistical purposes or to make the browsing experience more pleasant and efficient in the future, trying to evaluate user behavior and modify the content offering based on their behavior and preferences for purposes strictly related to the provision of the requested service. For more information, a specific cookie policy is available.

The failure to provide some Personal Data by the User could prevent this Site from providing its services.
The User assumes responsibility for the Personal Data of third parties published or shared through this Site and guarantees having the right to communicate or disseminate them, releasing the Controller from any responsibility towards third parties.

Methods and Place of Processing of Collected Data
Processing Methods

The Controller processes Users’ Personal Data by adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Controller, in some cases, categories of persons in charge involved in the organization of the site (administrative, commercial, marketing, legal personnel, system administrators) or external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Controller. The updated list of Processors can always be requested from the Data Controller.

Location

Data is processed at the Controller’s operational headquarters and in any other place where the parties involved in processing are located. For further information, contact the Controller at the references indicated above.

Time

Data is processed for the time necessary to perform the service requested by the User, for the purposes described in this document (“storage limitation principle”, art.5 of GDPR), based on deadlines provided by law or by order of an authority to protect its interests.
In any case, the User can always request the interruption of Processing or deletion of Data from the Data Controller.
The Controller may retain Personal Data longer until such consent is revoked.

At the end of the retention period, Personal Data will be deleted.

Therefore, upon expiration of this term, the rights of access, deletion, rectification and the right to data portability can no longer be exercised.

Purposes of Processing of Collected Data

The processing of your data has your consent as its legal basis and allows the Controller to provide its services for the following purposes:

• Contacting the User;
• Managing addresses and sending email messages for direct marketing activities with informational and promotional material on products and services similar to those you requested;
• Managing payments and merchandise shipping as per the purchase contract finalized during the purchase on this e-commerce Site (provision of requested services);
• Managing support and contact requests, interaction with support and feedback platforms, to send responses to specific requests, including through live chat on the site;
• Heat mapping and session recording, to evaluate user behavior and modify the content offering based on their behavior, using profiling cookies and improving users’ web browsing experience;
• Interaction with social networks and external platforms;
• Infrastructure monitoring;
• SPAM protection;
• Registration and authentication;
• Remarketing and behavioral targeting;
• Statistical purposes and market research, without being able to trace back to your identity;
• User database management;
• Hosting and backend infrastructure;
• Compliance with any obligations provided by current laws, regulations or community legislation, or satisfy requests from authorities;

Should you wish to object to the processing of your data for the marketing purposes carried out with the indicated means, you may do so at any time when sending emails or by contacting the Controller at the references indicated above, without prejudice to the lawfulness of processing based on consent given before revocation;

The types of Personal Data used for each purpose are indicated in the specific sections of this document.

Details on personal data processing

Contacting the User
Mailing List or Newsletter (this Site)
By registering for the mailing list or newsletter, the User’s email address is automatically inserted into a contact list to which email messages containing information, including commercial and promotional in nature, related to this Site may be transmitted.
Personal data collected: name, surname, email, gender, date of birth.

Contact Form

The User, by filling out the contact form with their Data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the form header.
Personal data collected: name, surname, email, gender, date of birth.

Address management and email message sending
These services allow managing a database of email contacts, telephone contacts or any other type of contacts, used to communicate with the User.
These services may also allow collecting data relating to the date and time of message viewing by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in messages.

Mailchimp (Mailchimp)

Mailchimp is an address management and email message sending service provided by Mailchimp Inc.
Personal data collected: Email.
Place of processing: USA – Privacy Policy

Support and feedback request management

The Controller may use personal data collected on this Site to respond to support and contact requests from the User received via email or other tools and websites of the Controller.

Heat mapping and session recording

This application is necessary to evaluate user behavior and modify the content offering based on their behavior, using profiling cookies and improving users’ web browsing experience

Google Analytics – Privacy Policy – Opt Out

Remarketing and behavioral targeting

This type of service allows this Site and its partners to communicate, optimize and serve advertisements based on the User’s past use of this Site.
This activity is performed through tracking Usage Data and using Cookies, information that is transferred to partners to which the remarketing and behavioral targeting activity is connected.
In addition to the opt-out possibilities offered by the services listed below, the User can opt out of receiving cookies related to a third-party service by visiting the Network Advertising Initiative opt-out page.

AdWords Remarketing (Google Inc.)
AdWords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of this site with the Adwords advertising network and the Doubleclick Cookie.
Personal data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out

Remarketing with Google Analytics for display advertising (Google Inc.)
Google Analytics for display advertising is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity performed by Google Analytics and its Cookies with the Adwords advertising network and the Doubleclick Cookie.
Personal data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out

User database management

The Controller may build user profiles starting from an email address, name or any other information that the User provides to this Site, as well as track the User’s activities through statistical functionalities. This personal data could also be cross-referenced with information about the User publicly available (such as social network profiles) and used to build private profiles that the Controller can view and use to improve this Site.
Personal data could also allow the scheduled sending of messages to the User, such as emails based on specific actions performed on this Site.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track User behavior.

Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the collected personal data to track and examine the use of this Site, compile reports and share them with other services developed by Google.
Google might use personal data to contextualize and personalize ads of its advertising network.
This integration of Google Analytics anonymizes your IP address. Anonymization works by shortening Users’ IP addresses within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google’s servers and shortened within the United States.
Personal data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out

Google AdWords conversion tracking (Google Inc.)
Google AdWords conversion tracking is a statistics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed within this site.
Personal data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out

Hosting

This type of service has the function of hosting data and files that allow this Site to function, enable its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this Site. Some of these services work through servers located geographically in different places, making it difficult to determine the exact location where personal data is stored.
FlameNetworks S.r.l.
Personal data collected: Cookies and Usage Data.

Rights of the data subject

The data subject always has the right to request from the Controller access to their Data, rectification or deletion of the same, limitation of processing or the possibility to object to processing, to request data portability, to revoke consent to processing by exercising these and other rights provided by the GDPR through simple communication to the Controller. The data subject may also file a complaint with a supervisory authority.

List of data subject rights with reference to the norm ex arts. 15-18 of the GDPR:

Art. 15 Right of access by the data subject

1. The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
   a) the purposes of the processing;
   b) the categories of personal data concerned;
   c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
   d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
   e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
   f) the right to lodge a complaint with a supervisory authority;
   g) where the personal data are not collected from the data subject, any available information as to their source;
   h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Art. 16 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 Right to erasure (‘right to be forgotten’)

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
   a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
   c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
   d) the personal data have been unlawfully processed;
   e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by the controller of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
   a) for exercising the right of freedom of expression and information;
   b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
   c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
   d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
   e) for the establishment, exercise or defence of legal claims.

Art. 18 Right to restriction of processing

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
   a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
   b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
   c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
   d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.

Recipients of personal data

Your data will not in any way be subject to dissemination except for legal obligations or to fulfill your specific requests.

Mandatory nature of data provision

The provision of consent for your data for direct marketing and statistical purposes is optional and will not compromise the provision of the service in any way. For all other purposes and activities described, the provision of your Data is mandatory because it is linked to the correct provision of the service. Any failure to provide would result in the impossibility of activating the requested services or responding to your requests.
You can object to the processing of your Personal Data for the optional purposes described above both when requesting products and services available on the Site and on the occasion of subsequent communications from the Controller by contacting him at the references indicated above.

Additional information on processing

Defense in court

The User’s Personal Data may be used for defense by the Controller in court or in the preliminary phases of its possible establishment, from abuse in the use of the same or of connected services by the User.
The User declares to be aware that the Controller may be required to disclose Data upon request by public authorities.

Specific information

Upon request by the User, in addition to the information contained in this privacy policy, this Site may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.

System logs and maintenance

For operational and maintenance needs, this Site and any third-party services it uses may collect System logs, i.e., files that record interactions and may also contain Personal Data, such as the User’s IP address.

Information not contained in this policy

Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact information.

Exercise of rights by Users

The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or otherwise of the same from the Data Controller, to know their content and origin, to verify their accuracy or request their integration, deletion, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to object in any case, for legitimate reasons, to their processing. Requests should be addressed to the Data Controller.
This Site does not support “Do Not Track” requests. To know whether any third-party services used support them, consult their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Site and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that point.

Information about this privacy policy

The Data Controller is responsible for this privacy policy.

Definitions and legal references
Personal Data (or Data)

Any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number, constitutes personal data.

Usage Data

Personal data collected automatically by the site (or by third-party applications it uses), including: IP addresses or domain names of computers used by the User connecting to the site, addresses in URI (Uniform Resource Identifier) notation, time of request, method used to submit the request to the server, size of file obtained in response, numerical code indicating the response status from the server (success, error, etc.), country of origin, characteristics of the browser and operating system used by the visitor, various temporal connotations of the visit (for example, time spent on each page) and details regarding the itinerary followed within the site, with particular reference to the sequence of pages consulted, parameters relating to the operating system and IT environment of the User.

User

The individual who uses this site, who must coincide with the Data Subject or be authorized by them and whose Personal Data is the subject of processing.

Data Subject

The natural or legal person to whom the Personal Data refers.

Data Processor (or Processor)

The natural person, legal entity, public administration and any other entity, association or organization appointed by the Controller to process Personal Data, according to what is established by this privacy policy.

Data Controller (or Controller)

The natural person, legal entity, public administration and any other entity, association or organization that is responsible, including jointly with another controller, for decisions regarding the purposes, methods of processing personal data and the tools used, including the security profile, in relation to the operation and use of this site. The Data Controller, unless otherwise specified, is the owner of this Site.

This Site

The hardware or software tool through which Users’ Personal Data is collected.

Cookie

Small portion of data stored within the User’s device.

This site uses Cookies. To learn more and for detailed information, you can consult the Cookie Policy

Legal references

This privacy policy is drafted based on arts. 13 and following of the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” (GDPR).

The Cookie information is drafted in compliance with the obligations provided by Art. 10 of Directive no. 95/46/EC, as well as what is provided by Directive 2002/58/EC, as updated by Directive 2009/136/EC.

Where not otherwise specified, this privacy policy and cookie policy concerns exclusively this Site.