PRIVACY POLICY

With this Privacy Policy, provided in accordance with Article 13 of Regulation (EU) 2016/679 ("GDPR" or "Regulation"), we aim to inform the User about the methods by which their Personal Data (any information capable of identifying them directly or indirectly) will be processed when visiting and/or making purchases on the website www.elisastabiner.com (hereinafter, the "Site"). This information, together with the Cookie Policy, establishes the basis on which Users' personal data will be processed.

​

 DATA CONTROLLER 

The Data Controller for the personal data collected through the Website is: Elisa Stabiner, with registered office in Auronzo di Cadore (BL) Via Cella 27, ZIP code 32041, VAT number 01280070259 (hereinafter referred to as the 'Data Controller'), email address: elisastabinerart@gmail.com

​

MODE OF PROCESSING OF PERSONAL DATA

We hold the utmost regard for the right to privacy and the protection of personal data of our Users, which will be processed lawfully.

​

The Personal Data provided or acquired will be subject to processing guided by the principles of fairness, lawfulness, transparency, and the protection of confidentiality, in accordance with applicable regulations. This will be carried out through appropriate security measures aimed at preventing unauthorized access, disclosure, alteration, or destruction of Personal Data.

​

The processing is carried out using computer and/or telematic tools, with organizational methods and logic strictly related to the specified purposes.

​

PERSONAL DATA PROCESSED

When the User visits the Website, contacts us (via email, phone, mail, etc.), subscribes to the newsletter, or places an order, we process some of their Personal Data, either autonomously or through third parties.

​

We list the categories of personal data processed:.

​

1. Identification and Contact Information: Name, surname, email address, shipping address, phone number, and any other Personal Data voluntarily provided by the User.

2. Browsing Data: Information related to the connection, IP addresses, domain names, and other parameters related to the browser and operating system used.

3. Usage Data: Information generated by visiting the Website, including log data, registration data, interaction and transaction processes, performance indicators, data related to navigation flows, and the use of functionalities.

4. Billing and Payment Data: Any VAT number, bank account number or IBAN for bank transfers, tax code, address, and possibly the company name.

​

PURPOSES OF PROCESSING AND LEGAL BASIS

The Data Controller will process the Personal Data of Users, as listed above, for the conduct of its economic and commercial activities, for the specific purposes outlined below:

 

1. Purposes related to the Contract and Legal Obligations

​

1. Website navigation;

2. Activities necessary for the conclusion and execution of the contract for the purchase of products sold on the Website;

3. Order processing;

4. Customer support and assistance, including responding to requests, complaints, reports, and disputes from Users via email to the Data Controller's addresses or through other communication channels;

5. Handling User requests through remote communication tools, such as email, chat, phone, SMS, chatbots, banners, notification systems, and other remote communication tools present on the Website;

6. Fulfillment of obligations arising from current laws, regulations, or EU legislation (e.g., tax and accounting obligations) or management and response to requests from competent administrative, tax, and judicial authorities;

7. Administrative, accounting, and tax-related activities, such as those connected to the contract concluded through the Website, including, for example, the issuance of receipts and/or invoices, and keeping accounting records;

8. Responding to requests to exercise the rights recognized to Users by the contract concluded with the Data Controller, by law in relation to that contract, or by the GDPR, and related activities.

​

For these purposes, the legal basis is the necessity to fulfill pre-contractual and contractual obligations to which the User is a party (Art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Data Controller is subject (Art. 6.1.c) of the GDPR).

​

Therefore, their processing is necessary to respond to pre-contractual requests made by the User in relation to the Website. Failure to provide the data will result in the User's inability to conclude a contract through the Website and/or receive a response to the requests made.

 

Purposes of analysis and statistics and other purposes not based on consent

​

1. Conducting statistical analysis regarding the use of the Website and navigation to improve the site and the offer of products sold through it;

2. Ensuring compliance with the contractual rights of the Data Controller or demonstrating compliance with obligations arising from the contract with the data subject or imposed by law, to prevent and/or suppress fraudulent or harmful actions.

​

​The legal basis for this processing is the legitimate interest (Art. 6.1.f) of the Regulation). In some cases, the legal basis consists of legitimate interest (Art. 6, paragraph 1, letter f) combined with Recital 47 of the Regulation), for sending transactional email communications (e.g., abandoned cart).

 

Purposes of Direct Marketing and Profiling

​

1. With the User's consent, we will send commercial emails to show updates, news, offers, promotions, market research, also through automated processing tools such as email and newsletters.

2. With the User's consent, we will process their Personal Data to attribute particular characteristics and preferences to them, and send personalized and diversified commercial communications, also through automated processing tools such as "retargeting" or by placing them in clusters of subjects with common characteristics, based on their profile.

​

For these purposes, the processing, including the final decision on the promotional communication to be sent or displayed to the user based on the cluster(s) to which they belong, occurs in an automated manner, without human intervention, based on algorithms whose parameters have been previously set.

​

The legal basis is the User's explicit consent to the processing of personal data for these purposes (Art. 6.1.a) of the Regulation). Providing data for these purposes is optional. In case of lack of consent, revocation of it, or exercise of the right to object, the User's ability to make purchases on the Website will not be affected in any way.

​

4. Soft-spam

​

To send commercial communications to the email address provided by the User during the purchase of products through the Website, promoting the direct sale of similar products. This activity does not require obtaining the prior explicit consent of the data subject as it is based on the legal basis provided in Article 130, paragraph 4, of the Privacy Code (Legislative Decree no. 196/2003), which expressly allows it, provided that the user does not refuse such use, initially or on subsequent occasions.

​

CHANGE OF CHOICES AND WITHDRAWAL OF CONSENT

In the event of giving consent, the User may revoke the consent at any time and/or object to the processing of personal data for generic marketing purposes and profiling through the methods indicated in the 'Rights of Data Subjects' section later in this information.

​

In case of withdrawal of consent, the processing carried out on the basis of the consent given before its withdrawal will still be considered lawful. In case of withdrawal of consent and/or objection to the processing of the User's data for the purpose of generic marketing, the user's data will no longer be processed for that purpose and will be retained by the Data Controller only if there is another legal basis that legitimizes the processing (e.g., contractual performance; legal obligation; legitimate interest).

​

STORAGE PERIOD

The Data Controller will process the personal data of Users for the time necessary to achieve the purposes for which the data was collected, as defined in this policy. However, for each of the indicated purposes, the personal data collected will be stored for the specified period below:

​

1. For purposes related to the Contract: The Data Controller will process the User's data for the time strictly necessary for the performance of individual processing activities. After this period, the Data Controller may retain the data for the purposes and for the maximum retention periods specified in other sections of this policy, if relevant and/or in cases established by the GDPR and/or the law.

2. For tax, administrative, accounting, and legal purposes: Until the expiry of the legal deadlines provided for the completion of each obligation and/or for the retention periods prescribed by law.

3. For purposes based on the legitimate interest of the Data Controller: The Data Controller will process the User's data for the time strictly necessary to satisfy this interest, unless, in the event of disputes and/or claims, the Data Controller needs to retain personal data to carry out defense activities (i.e., for 10 years following the prescription period) or, in the case of litigation, the further retention is determined by the duration of the litigation or specific requests from the authority. Users can obtain more information about the legitimate interest pursued by contacting the Data Controller.

4. For purposes of direct marketing and profiling: As long as consent is not revoked and, in any case, for a period of 12 months from when the consent is given or renewed by the User, on the occasion of a new purchase, or from the date of the last contact with the User, including, for example, the opening of the newsletter.

​

After these retention periods, Personal Data will be deleted, and the User will no longer be able to exercise the rights of access, erasure, rectification, and data portability.

​

COMMUNICATION AND DISCLOSURE OF DATA

In addition to the Data Controller, in some cases, the data may be accessed by:

​

1. Subjects involved in the organization of the Website: For example, administrative, commercial, and marketing staff.

2. Third parties performing ancillary and instrumental tasks: These parties handle personal data on behalf of the Data Controller, such as payment services, legal services, accountants, system administrators, logistics companies, and newsletter services.

3. Public or private entities: These entities may access the data in compliance with the law, regulations, and measures issued by competent authorities.

4. Potential buyers of the company: This includes entities resulting from a merger or any other form of transformation.

​

Depending on the cases, these recipients may process the personal data of Users as data processors, data controllers, or autonomous data controllers. Users can request an updated list of Data Processors as per Article 28 of the GDPR.

​

PROCESSING LOCATION AND TRANSFER OF DATA ABROAD

The processing of data primarily takes place in Italy and in countries within the European Union. Some third-party tools may process the data of users of this website in countries outside the European Economic Area (EEA) ("Third Countries").

​

The transfer of data to Third Countries can also occur through the use of external tools that enable specific services (e.g., newsletters, remarketing, advertising, use of social buttons, video display).

​

At times, the use of such tools may involve the transfer of personal data of users visiting this website to a Third Country for which there is no decision of adequacy by the European Commission.

​

If there is a need to transfer data to Third Countries, the Data Controller undertakes to ensure that the country to which the data will be sent provides an adequate level of protection, as provided for in Article 45 of the GDPR. This transfer will be regulated based on the standard contractual clauses for the transfer of personal data outside the EEA approved by the European Commission under Article 46.2 of the GDPR.

​

COOKIE

This website uses cookies. Cookies are small text files that websites can install on users' devices to make the browsing experience more efficient, personalize content and ads, provide social media features, and analyze traffic. To learn more, please read the Cookie Policy.

​

TOOLS FOR PROCESSING PERSONAL DATA

​

CONTACT FORM

By filling out the contact form, the User consents to the processing of the personal data provided therein and their use to respond to information requests. The personal data subject to processing are those requested by the form (name, surname, company, email address, phone) and any other personal data entered by the user in the body of the message.

​

SOCIAL NETWORK BUTTONS

Users can use social buttons to visit the social pages of the website, through the following social tools that, however, collect personal data of users such as traffic data on the pages visited:

The website provides the following social buttons:

​

Instagram (Meta Platforms Ireland Limited): The Instagram button is a service for interacting with the Instagram social network, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies, Usage Data, and other data as specified in the related privacy policy. Location of processing: IRELAND – UNITED STATES - Privacy Policy

​

Pinterest (Cold Brew Labs, Inc): The Pinterest button and social widgets are services for interacting with the Facebook social network, provided by Facebook Ireland Ltd. Personal Data collected: Cookies and Usage Data. Location of processing: IRELAND – UNITED STATES - Privacy Policy

​

TikTok (TikTok Technology Limited): The TikTok button and social widgets are services for interacting with the TikTok social network, provided by TikTok Technology Limited. Personal Data collected: Cookies and Usage Data. Location of processing: UNITED STATES - MALAYSIA - SINGAPORE - Privacy Policy

​

Etsy (Etsy Ireland UC): The Etsy button and social widgets are services for interacting with the Etsy social network, provided by Etsy Ireland UC. Personal Data collected: Cookies and Usage Data. Location of processing: Europe - United States - Privacy Policy

 

STATISTICS

The statistical services allow the Data Controller to monitor and analyze traffic data, serving to track user behavior. This website uses the following third-party services:

​

Wix (Wix.com Ltd)

​

Wix includes a service that uses the Personal Data collected to track and examine the usage of this website, compile reports, and share them with other services developed by Wix. Wix may also transfer this information to third parties where required by law or where such third parties process the information on behalf of Wix. The IP address anonymization feature is active on this site. Personal Data collected: Cookies, IP address, Usage Data, and other personal data as defined in the privacy policy. Location of processing: EUROPE and UNITED STATES – Privacy Policy.

​

RIGHTS OF THE DATA SUBJECTS

The individuals have the right to exercise the faculties provided for in Articles 7, 15-22 of the Regulation.

​

In particular, Users have the right to obtain: access, update, rectification, or, when they have an interest, the integration of data; erasure, transformation into anonymous form, or blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; attestation that the operations mentioned above have been brought to the attention, including their content, of those to whom the data have been communicated or disclosed, except where compliance with this is impossible or involves the use of means manifestly disproportionate to the protected right.

​

Furthermore, Users have the right to revoke their consent at any time, where the processing is based on their consent, to request data portability, meaning to receive all personal data concerning them in a structured, commonly used, and machine-readable format), to request the limitation of the processing of personal data and/or erasure ("right to be forgotten"), as well as the right to object to the processing of personal data concerning them for the purposes of sending advertising material, direct sales, and conducting market research.

​

In accordance with the Applicable Regulations, the Data Controllers inform Users that they have the right to obtain information about (i) the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in case of processing carried out with the aid of electronic tools; (iv) the identification details of the Data Controllers and processors; (v) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it in their capacity as Data Controllers or processors.

​

Interested parties may exercise their rights by sending a specific communication to the Data Controller or by using the form for exercising the rights of data subjects, available at this link, to be sent, duly completed and signed, to the Data Controller via email at: elisastabinerart@gmail.com

 

Interested parties, if they believe that the processing concerning them violates the Regulation, also have the right to lodge a complaint with the Privacy Guarantor as the supervisory authority for the protection of personal data (Privacy Guarantor, with headquarters at Piazza Venezia n. 11 - 00187 - Rome, Italy - http://www.garanteprivacy.it/).

​

CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to make changes to this Privacy Policy at any time, providing notice to Users on this page. Therefore, it is advisable to frequently check this page, referring to the date of the last modification indicated at the bottom.

 

In case of non-acceptance of the changes made to this Privacy Policy, the User is required to cease the use of this website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected up to that moment.

 

The Data Controller is not responsible for updating all the links displayed in this Privacy Policy, so whenever a link is not working and/or updated, Users acknowledge and accept that they should always refer to the document and/or section of the websites referred to by that link.

​

Privacy Policy updated on November 20, 2023.

 

 

 

COOKIE POLICY

​

INTRODUCTION

This Cookie Policy represents the Extended Cookie Information regarding the use of Cookies by the website www.elisastabiner.com (the "Site") owned by Elisa Stabiner, with legal headquarters in Auronzo di Cadore (BL) Via Cella 27, postal code 32041, VAT number 01280070259, email: elisastabinerart@gmail.com (hereinafter the "Data Controller").

​

This Cookie Policy is an integral part of the Privacy Policy of the Site.

​

Users can exercise the rights provided by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the relevant implementing regulations (hereinafter the "Regulation" or "Applicable Legislation"), by sending a specific communication to the Data Controller or using the form for exercising the rights of data subjects, available at this link, to be sent, duly completed and signed, to the Data Controller via email at: elisastabinerart@gmail.com.

​

To change cookie settings, the user can follow the instructions provided on this website.

Users can express their preferences and consent to the use of cookies by providing explicit acceptance on the Cookie Banner or Brief Cookie Notice. This will also provide information about the cookies used by this site.

​

WHAT ARE COOKIES

Cookies are small text files used by websites to make the user's browsing experience more efficient, and they are stored on their browser to be reused in subsequent visits.

​

Cookies serve various functions. Some cookies aim to improve the functionality and navigation of this website (technical cookies). Others are used to monitor users during navigation (statistical analysis cookies), recording information that reveals their interests (profiling cookies), analyzing their readings, hobbies, in order to personalize the advertising shown when opening emails, browsing social networks, or other web pages. Cookies are used to personalize content, provide social media functions, and analyze traffic.

​

Cookies are categorized as first-party or third-party cookies depending on whether they are installed by the visited site or third-party sites, respectively.

​

In their browser, users can set Privacy preferences to not store cookies, delete them after each visit or each time they close the browser, or even accept only the site's cookies and not those of third parties.

​

This site uses technical cookies, statistical analysis cookies, profiling cookies, both first-party and third-party cookies listed later in this policy.

​

COOKIES USED THROUGH THIS SITE

1. Technical Cookies

​

Technical cookies do not require the user's consent as they are installed to facilitate the user's navigation on the site and allow them to fully use its functionalities. These are first-party cookies as they are installed through the site and relate to navigation; therefore, they are cookies that usually remain installed for the duration of the session, after which they are deleted. They also serve to store some user preferences for subsequent visits and may remain installed persistently until they expire or until the user deletes them.

​

• Name: XSRF-TOKEN

  • Purpose: Used for security reasons

  • Duration: Session

• Name: hs

  • Purpose: Used for security reasons

  • Duration: Session

• Name: svSession

  • Purpose: Used in connection with user login

  • Duration: 12 months

• Name: bSession

  • Purpose: Used to measure system effectiveness

  • Duration: 30 minutes

​

​

2. Third-party Cookies

Third-party cookies are those installed through third-party tools or plugins other than the Site. Third-party cookies have various purposes, such as monitoring the User's use of the site, checking the User's geographic origin, expressed preferences, the browser used, for statistical, marketing, and profiling purposes.

​

​

1. Social Network Buttons

​

Instagram (Meta Platforms Ireland Limited) For more information: Instagram Cookie Policy

​

Pinterest (Cold Brew Labs, Inc) For more information: Pinterest Cookie Policy

​

TikTok (TikTok Technology Limited) For more information: TikTok Cookie Policy

​

Etsy (Etsy Ireland UC) For more information: Etsy Cookie Policy

 

​

2. STATISTICS

​

Wix (Wix.com Ltd)

​

Wix also provides an analytics service. Wix uses the Personal Data collected to track and examine the usage of this Website and to prepare reports on User behavior. Users can oppose the analysis carried out by Wix by refusing consent through the cookie banner. Personal Data collected: Cookies and Usage Data. Location of processing: Ireland and, in some cases, the United States - Cookie Policy.

 

DELETION AND DISABLEMENT OF COOKIES FROM BROWSERS

Each user can manage browser settings to control cookie preferences by following the links below

 

• Android: https://support.google.com/chrome/answer/2392971?hl=it-IT

• Mozilla Firefox: http://support.mozilla.com/it/kb/Eliminare%20i%20cookie

• Edge: https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge

• Chrome: http://support.google.com/chrome/bin/answer.py?hl=it&answer=95647

• Safari: http://support.apple.com/kb/PH5042

• Opera: http://www.opera.com/browser/tutorials/security/privacy/

• iOS: https://support.apple.com/it-it/HT201265

 

 

RIGHTS OF DATA SUBJECTS

Data subjects have the right to exercise the powers provided for in Articles 7, 15-22 of the Regulation.

In particular, users have the right to obtain: access, update, rectification, or, when there is an interest, integration of data; deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those for which storage is not necessary in relation to the purposes for which the data was collected or subsequently processed; certification that the operations mentioned above have been made known, including their content, to those to whom the data has been communicated or disclosed, except in cases where compliance is impossible or involves a use of means manifestly disproportionate to the protected right.

​

Furthermore, users have the right to revoke their consent at any time, where the processing is based on their consent, to request data portability, i.e., to receive all personal data concerning them in a structured, commonly used, and machine-readable format, to request the limitation of the processing of personal data and/or deletion ("right to be forgotten"), as well as the right to object to the processing of personal data concerning them and to the processing for the purposes of sending advertising material, direct sales, and the completion of market research.

​

Under the Applicable Regulations, the Data Controllers inform users that they have the right to obtain (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic tools; (iv) the identification details of the Data Controllers and processors; (v) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it in their capacity as Data Controllers or processors.

​

Interested parties may exercise their rights by sending a specific communication or using the form for the exercise of the rights of the data subjects, available at this link. The form should be completed and signed, then sent with any attachments to the Data Controller via email at elisastabinerart@gmail.com.

​

If individuals believe that the processing concerning them violates the Regulation, they also have the right to file a complaint with the Privacy Guarantor as the supervisory authority for the protection of personal data. The Privacy Guarantor's contact information is as follows:

​

Garante per la protezione dei dati personali Address: Piazza Venezia n. 11 - 00187 – Roma Website: http://www.garanteprivacy.it/

​

 

ADDITIONAL INFORMATIONS

 

The Data Controller, with reference to cookies installed directly by the Website, specifies the following:

​

Data is collected only for the purposes and duration indicated in the tables above and is processed using computerized methods.

 

The use of technical cookies does not require the prior consent of the user since these are cookies necessary to enable navigation within the Website and its correct functioning. In case of removal of technical cookies through browser settings, navigation within the Website may not be, in whole or in part, possible.

 

Data collected by first-party cookies may be communicated to subjects acting on behalf of the Data Controller as data processors or persons in charge of processing, for purposes related to those described above. Regarding such data, we remind you that you can exercise the rights under Article 13 of the GDPR, as better described in the Privacy Policy.

 

Cookie Policy updated on November 20, 2023.