Processing of personal data
Hevik S.r.l. (hereinafter "Hevik") as Data Controller of Personal Data, informs you that access to the website and / or registration to its various sections and / or any requests for information or service require the provision of personal data, which will be processed in full compliance with the 2016/679 European Regulation (hereafter "GDPR") and the provisions of the Privacy Guarantor pursuant to Legislative Decree no. 196/2003 and/or subsequent additions. By reading this Privacy Statements all users will, as a prior consultation, get familiar with the processing methods necessary for the use of some areas of the Hevik websites (in relation to various brands) and/or to register for competitions and/or newsletters.
Pursuant to the aforesaid law, such treatment will be based on principles of correctness, lawfulness and transparency, protecting your privacy and your rights.
This information applies only to this web site and not to other web sites accessible through its links.
Changes to this information notice
The Data Controller and Data Processors
The data controller is Hevik with registered office in Brescia, via Don Arcangelo Tadini n.33 (BS)
The complete list of data processors is available upon written request sent to the Data Controller.
Purpose of the processing and legal basis.
The users will express their needs every time they access the website. According to those needs (and except for special rules and information for single transactions that involve the provision of specific personal data, regularly published) the following are the purposes of the processing of personal data, i.e. those conferred directly by users through the completion of online forms and/or using the APP or direct access, through links, to Hevik e-mails (or brands) relating to the requested service, or those acquired automatically through navigation (see the following section "Categories of Personal Data being processed") (hereinafter, "Personal Data"):
- Registration and access to the sections “my account”, "contacts” and those sections that will be activated in the future on the Hevik websites;
Legal basis of the treatment for the requests of contact and entering reviews:
Legal basis of the treatment for the registration to the e-commerce
- Having the user given consent and until its revocation, marketing activities will be carried out, such as, but not limited to: market research, information and promotional material, marketing and advertising regarding the products and services of the undersigned company, as well as other companies of the group, also using the e-mail address provided when registered;
Legal basis of processing: consent.
- Perform analysis on the purchase preference on our e-commerce and/or when completing questionnaires and / or entering product reviews or information provided while browsing Hevik websites
Legal basis of processing: consent.
- Reply to all requests received (customer service, "Contact" section, if available, on Hevik websites, or direct email), evaluate and authorize the publication of the reviews expressed by the registered user about the products on our e-commerce, feedback on user satisfaction on the quality of products, services rendered and activities performed by Hevik and / or other companies of the group, directly or through specialized companies through personal or telephone interviews, questionnaires, etc.; In some cases, in order to answer specific requests, your personal data may be communicated directly to the External Managers (by way of example but not exhaustive: technical requests of issues regarding the access to the reserved area and / or the functioning of our e-commerce).
Legal basis of processing: consent.
- Used anonymously for statistical and marketing purposes;
Legal basis of processing: consent.
- In case the function is visible, allow users to post news and / or communications (hereinafter "post") in general directly on the Hevik websites, or on Social Network independently managed by third parties which Hevik has had agreements with, such as, for instance, social networks such as Facebook, Twitter, Pinterest, etc. (hereinafter "Social Network"); the publication of the posts could also take place in association with a pseudonym chosen by the user during the registration on third parties websites, and possibly to a profile picture associated with the user by their nickname for which the user will be exclusively responsible for any choice that would prejudice the interests of third parties, the user is not required to use personal data that allow third parties other than Hevik to identify them, but through Hevik websites the user may also disclose their personal data if previously included in the nickname, as well as the photo associated with the profile.
Legal basis of processing: consent to the Data Controller of the external service
In this case the consent can be revoked at any time through the reserved area, except the publication on social media channels.
The processing of personal data described above, as briefly indicated for each point, is authorised by the European Regulation 2016/679, on the basis of the following legal requirements:
- Consent: if you have allowed their use by having given your consent, which may be revoked at any time through the reserved area of the Website or by contacting the Data Controller at the contacts indicated below;
- Execution of pre-contractual measures or fulfilment of contractual obligations: if it is necessary to conclude or fulfil a contract with Hevik or to implement pre-contractual measures;
- Legal obligations: if Hevik considers appropriate to use your personal data to comply with your legal obligations;
- Legitimate interest: if Hevik uses your personal data to pursue a legitimate interest and the motivations are greater than any prejudice to your data protection rights;
- Legitimate interest: if and when it comes to Hevik to defend their rights, take legal action or make claims for the company or third parties.
Ways to process and security.
Data processing means any operation or complex of operations, performed with or without the aid of electronic or automated means, concerning the collection, registration, organisation, storage, processing, modification, extraction, comparison, use, communication, dissemination, interconnection, blocking, deletion, destruction and selection of the data.
Personal Data will be processed in a mainly automated way but also paper back, with logic strictly related to the aforementioned purposes, through the Data Base, the electronic platforms managed by Hevik or by third parties appointed as data controllers (for the updated list the user can contact the Controller at the address indicated) and / or integrated systems of an IT nature and / or websites owned or used by Hevik. The Data Controller has taken appropriate security measures to protect users against the risk of loss, misuse or alteration of the Data. Although it is not possible to guarantee that the transmission of data via the Internet or websites is perfectly safe from intrusion, Hevik and all suppliers undertake to maintain the physical, electronic and procedural security measures required to protect personal data, in compliance with the requirements imposed by the legislation. In particular, wherever possible, the measures referred to in art. 32 of the 2016/679 European Regulation and uses the protected data transmission protocols known as HTTPS. In addition, user data are stored on Servers located in the European territory or, in the case of electronic platforms such as Google, they could be transferred to the USA. Servers are subject to an advanced and daily backup and disaster recovery system, are protected by firewalls, a strict restriction of access to personal data, based on need and only for the purposes communicated; the transfer of collected data takes place through encrypted protocols and there is a system of permanent monitoring of access to IT systems to identify and stop the abuse of personal data.
The data will be kept for the time necessary for the purposes indicated and precisely:
1) For the registration on the website: up to 24 months after the last interaction.
2) For the registration to competitions: for the duration necessary to fulfil our legal and contractual obligations.
3) For the purposes of profiling: up to 24 months after the last interaction.
4) For requesting information and / or registration of warranties: in relation to the type of request for the duration necessary to fulfil our legal and contractual obligations.
For any further information, please contact the Data Controller.
Place of processing and Contact details of the Data Controller.
The Personal Data are processed mainly at the Data Controller's registered office via Don Arcangelo Tadini n.33 (BS) and / or in other offices and/or wherever the Data Processors are located. For further information, users can contact the Data Controller by writing to the Data Controller's address or by emailing firstname.lastname@example.org.
Nature and methods of communication of personal data.
The communication of personal data is optional, but for some personal data the provision is mandatory (i.e. necessary for those data whose fields are highlighted during insertion or otherwise marked as mandatory) so that Hevik can meet the needs of the users in the context of the Website features. Failure, partial or incorrect provision of Personal Data, as necessary for the execution of the requested service, does not make such execution possible; while failure, partial or incorrect provision of the optional Personal Data does not result in any consequence.
The provision of Personal Data can be carried out by filling in the appropriate fields in the various sections of the Website or by sending requests via email where provided.
Categories of personal data processed.
In addition to the Personal Data provided directly by users (such as name, surname, address, e-mail address, etc.), during the connection to the Website, the computer systems and software procedures used to operate the Website provide and/or automatically and indirectly acquire some information that could constitute personal data, the transmission of which is implicit in the use of Internet communication protocols (such as, but not limited to, the so-called "cookies" (as better specified below), "IP" addresses, domain names of computers used by users who connect to the Website, the addresses in "URL" notation of the requested resources, the time of the request to the server, the navigation on the Website and their geographical position.
Categories of persons who may become aware of users’ personal data.
Personal Data may be brought to the attention of employees or collaborators of the Data Controller who, operating under the direct authority of the latter, process data and are appointed as data processors or persons in charge pursuant to art. 24-29 of the European Legislation 2016/679 or system administrators and who will receive appropriate operational instructions from the Owner in this regard; the same will happen - by Managers appointed by the Owner - towards the employees or collaborators of the Managers.
Personal Data may also be brought to the attention of the Data Managers, appointed by the Data Controller, as third party companies or other subjects (but not limited to those entrusted with assistance, communication, promotions and sale of products and / or services, organization and management of competitions, IT service providers, managers and / or developers of websites or applications contained therein, managers of electronic platforms, transport companies) that perform outsourcing activities on behalf of Hevik.
The complete and updated list of the companies in control and connection as a relationship pursuant to Art. 2359 of the Civil Code, with Hevik, of the third-party companies that carry out the collection operations on behalf of the writer, the third-party companies to whom the data may be communicated and the Data Processors, is available upon request to Hevik
Further information about Personal Data.
This website uses MAILUP for the newsletter system.
When the User subscribes to the various sections, allowing the data processing, their personal data are immediately communicated to MAILUP and stored in the distribution lists accessible only by the Data Controller for normal use.
Personal information collected: last name, email, name.
Place of processing: Europe
Communication or disclosure of personal information.
Personal Data will not be disclosed to third parties, except for the external services used to achieve the aforementioned purposes. Personal data shall not be subject to dissemination.
Transfer outside the EU of users' personal data.
Personal Data may be transferred to countries outside the EU, such as the USA, being it in compliance with the principles set out in the 2016/679 European Regulation.
The website does not contain information intended directly for minors. Minors must not provide information or personal data.
Users have the rights referred to in Articles 15-21 European Legislation 2016/679 (Right of rectification, right to be forgotten, right of limitation of treatment, right of data portability, right of opposition).
- The right of access: to obtain the confirmation or not of personal data concerning him / her and to obtain access to such data and to specific information (e.g. processing purposes, categories of the data, the recipients to whom the data will be communicated);
- The right of rectification: to obtain the correction of inaccurate data without undue delay. In this case the obligation of the data controller to communicate the correction to all recipients to whom the data has been transmitted arises, unless it involves a disproportionate effort;
- The right to cancellation: to obtain the deletion of data without undue delay and the data controller is obliged to cancel them without undue delay if certain reasons exist (e.g. personal data are no longer necessary to the purposes for which they had been collected, if the interested party revokes the consent, if they are to be cancelled for a legal obligation). In this case the obligation of the data controller is to communicate the cancellation to all recipients to whom the data has been transmitted, unless it involves a disproportionate effort;
- The right to limit the processing: the data controller may be ordered to restrict the processing of data, for example to storage only, with the exception of any other use, under certain circumstances (e.g. if the processing is illegal and the data subject opposes the deletion of data, if the party disputes the accuracy, within the period of accuracy verification...). In this case the obligation of the data controller is to communicate the correction to all recipients to whom the data has been transmitted, unless it involves a disproportionate effort;
- The right to data portability: to obtain the return of personal data provided and transmit them to others or to request transmission from one owner to another, if technically feasible;
- The right to object: to oppose the processing at any time for purposes of public interest or for legitimate interest; for marketing purposes; for scientific, historical or statistical research purposes.
Interested parties can make a claim to the Guarantor Authority if necessary, or simply contact them for information regarding the exercise of their rights recognized by the EU Law 2016/679.
Cookies are lines of text that act as computer markers sent by a server (in this case, that of this Site) to any user's device (usually to the Internet browser) when they access a given page of a website; cookies are automatically stored by the user's browser and re-transmitted to the server that generated them each time the user accesses the same Internet page. This way, for example, cookies allow and / or facilitate access to some Internet pages to improve the user's browsing experience, that is, they allow the memorisation of pages visited and other specific information, such as pages viewed more often, connection errors, etc. In order to guarantee complete and faultless use of this website, you should set your browser to accept cookies.
Often browsers are set to automatically accept cookies. However, users can change the default configuration, in order to disable or delete cookies (from time to time or once and for all), with subsequent, however, preclusion of some areas of the website. You can also check the methods and types of cookies stored on your browser by changing the cookie settings of your browser.
Types and management of cookies on our website:
Our website uses the following categories of cookies:
- Technical cookies:
- Required cookies or "strictly necessary cookies": They are necessary for surfing on a Website and the use of all functionalities, such as to allow a correct display or access to reserved areas (if any). Therefore, disabling these cookies does not grant access to these activities.
- Performance cookies: They collect information on the efficiency of the responses of a Website to users' requests anonymously, for the sole purpose of improving the functionality of the Website; for example, which pages are most frequently visited by users, and whether there have been errors or delays in the delivery of web pages.
- Third-party cookies:
- a) used and configured to collect anonymous information on how to use the website, with the aim of improving the efficiency and / or for statistical purposes (Google Analytics with anonymised IP). With these settings, this type of cookie is equivalent to a technical cookie.
- b) cookies for links to social networks that allow the user's social account to interact with this website and are not operationally necessary. The most common use is for the purposes of the sharing of social network content. These plugins require cookies to be sent to and from all websites operated by third parties. The information collected by "third-parties" shall be governed by the relevant information so please refer to them if needed. In order to ensure greater transparency and convenience, the following are the web addresses of the different information and methods for managing cookies.
Google Analytics with anonymised IP (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and analyse the use of this Application, creating reports and sharing them with other services developed by Google.
Google may use Personal Data to contextualise and customise the ads on its own advertising network.
Hevik adopts the integration from Google Analytics which makes anonymous the users' IP address. Anonymisation works by shortening users' IP addresses within the borders of the EU Member States or other countries that are part of the European Economic agreement Area. Only in exceptional circumstances will the IP address be sent to Google's servers and abbreviated within the United States.
Personal data collected: Cookies and Usage data. Location of the data processing: USA
The user can receive information on the processing of personal data carried out by Google Analytics at the following address: https://support.google.com/analytics/answer/6004245 ;More information on the IP Anonymization feature of Google Analytics:https://support.google.com/analytics/answer/2763052?hl=it
Disabling (opt-out) for cookies:
By virtue of this distinction, the user may proceed with the disabling and / or cancellation of cookies ("opt-out") through the relevant settings of their browser and disabling and / or deletion of single non-technical cookies by accessing the following sites:
- https://tools.google.com/dlpage/gaoptout?hl=it to disable Google Analytics
- youronlinechoices.eu, a website managed by the European Interactive Digital Advertising Alliance (EDAA), to delete other cookies for users based in the European Union, http://www.aboutads.info/choises/, for the cancellation of other cookies for users residing in the United States of America. These websites are not managed by Hevik, which therefore assumes no responsibility in relation to their respective contents.
How to enable or disable cookies on your browsers:
Users can block the acceptance of cookies by appropriately configuring their web browser. However, this operation may make it less efficient or prevent access to certain features or pages of the website. Here are the links to the main browsers to block the acceptance of cookies: Internet Explorer:
Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11 Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
External content display platforms:
Through this website it is possible to view contents hosted on external platforms and interact with them. It is also made possible, although not often used, the collection of traffic data related to the pages in which cookies are present. The external contents are in any case subject to the privacy settings related to each service. This website grants the access to the following external contents:
YouTube Videos (Google Inc.)
YouTube is a video content service managed by Google Inc.
External Social Network Platforms
Through this website it is possible to view contents hosted on external platforms and interact with them. It is also made possible, although not often used, the collection of traffic data related to the pages in which cookies are present. The external contents are in any case subject to the privacy settings related to each service. This website grants the access to the following social network external contents:
Facebook (Facebook Inc.)
Links to Third Party Websites.