PERSONAL DATA PROCESSING POLICY
Pursuant to Article 13 of the European Privacy Regulation 2016/679
These guidelines refer to how personal data is used by the Data Controller, as well as by appointed Data Processors for this purpose, through the website https://www.atag-europe.com/
In accordance with Article 13 of the European Privacy Regulation 2016/679 (hereinafter, also simply “GDPR”), we shall therefore provide you, as “data subjects” with the information required regarding the purposes and methods of the processing of your personal data, as well as the scope of disclosure and circulation of this data.
By visiting this website, using its services or interacting with the Data Controller, Users confirm that they have understood this privacy policy and accept data processing by the Data Controller. If Users do not accept the information in this privacy policy, they should not: make online purchases, create an account through the “Log In/Register” section, or fill in the form under the “Contacts” section.
The Data Controller is Atag S.p.A., Tax Code 00844980151, with its registered head office in Milan (20128 – MI), Viale Monza, 274.
The website https://www.atag-europe.com/ is for the general public, however, its services are intended for individuals aged 18 or over. The Data Controller asks that individuals under the age of 18 do not register or provide personal data through the website.
If the Data Controller finds out that it has collected a minor’s data, it shall delete this data.
La maggior parte delle sezioni del sito non richiede alcuna forma di registrazione, permettendo l’accesso e la Most of the sections on the website do not require any form of registration, allowing users to access and browse around the website.
On the other hand, certain areas of the website, for example: “Contacts” and “Log In/Register” might require Users to send personal information in order to use specific features. If Users provide the Data Controller with third-party data (eg. family members, friends, etc), they must make sure that these third parties are aware and have authorised the provision of this data based on appropriate legal grounds that legitimise the data processing in question. In these cases, Users are autonomous data controllers and assume all legal obligations and liabilities. Consequently, if Users provide third-party data, they fully indemnify the Data Controller against any potential dispute, claim or request for compensation for damages made against the Data Controller by them.
The Data Controller shall process the following personal data:
Purpose | Legal grounds | Types of data | Retention Period |
Sales of products through the e-commerce website and any activities relating to sales and subsequent issues, as well as the handling of the right of withdrawal, return and legal warranties of the products, customer support, and requests for information | Performance of a contract (or fulfilling pre-contractual measures adopted at your request) pursuant to Article 6(1)(b) of the GDPR. Legal obligations for the Data Controller pursuant to Article 6(1)(c) of the GDPR | identified data (eg. name and surname) and contact details (eg. e-mail and telephone number), personal details, information on orders and purchases, and payment, shipping and billing details | Up to 10 years from the last purchase. In the case of litigation, for its entire duration, up until the expiry of the terms for lodging appeals |
The creation of a user profile by registering under the “Log In/Register” section | Performance of a contract (or fulfilling pre-contractual measures adopted at your request) pursuant to Article 6(1)(b) of the GDPR. Legal obligations for the Data Controller pursuant to Article 6(1)(c) of the GDPR. If you do not provide data, it shall not be possible to purchase products online or proceed with any sales-related activities (withdrawals, returns, warranties or customer support) | identified data (eg. name and surname) and contact details (eg. e-mail and telephone number), personal details, information on orders and purchases, and payment, shipping and billing details | For the entire duration of the contract and up to 10 years from the last purchase. In the case of litigation, for its entire duration, up until the expiry of the terms for lodging appeals |
The purchase of products through the “Basket” (without creating an account) | Performance of a contract (or fulfilling pre-contractual measures adopted at your request). Article 6(1)(b) of the GDPR. | Contact information, personal details, debit/credit card details, billing details and/or details required to issue a tax receipt, and order and shipping details | For 10 years from the issue of the tax receipt. In the case of litigation, for its entire duration, up until the expiry of the terms for lodging appeals. |
Answering requests sent to the “Contacts” Section | Performance of a contract (or fulfilling pre-contractual measures adopted at your request). Article 6(1)(b) of the GDPR | Contact information and personal details, information on orders and purchases, financial information, information on products and/or any other request you send us | For the time strictly required to handle the requests and, in any case, for a maximum of 24 months |
Sending you advertising material and offers on our products and services, including with automated systems (direct marketing) | Consent. Article 6(1)(a) of the GDPR. The provision of data for this purpose is optional, but if you do not provide it, it shall not be possible for the Data Controller to send you direct marketing messages | Identified data and contact details | Until consent is withdrawn and/or up to 24 months from the last purchase made |
Browsing the website: information collected through cookies. For more information on cookies, please see the specific cookie policy[EL1] on the website | For all non-aggregated analytics and non-technical cookies: consent. Article 6(1)(a) of the GDPRPer tutti i cookie non tecnici e analitycs non aggregati: consenso. Art. 6 n. 1 lett. a) GDPR | User browsing | For the entire duration of browsing the website and/or up until the cookie expires. For more information, please read the specific cookie policy[EL2] on the website. |
Please note that data may be processed for direct marketing purposes by the Data Controller through post, e-mail, SMS and/or WhatsApp. In any case, data subjects may withdraw their granted consent at any time and/or withdraw their consent also just for one of the ways of receiving information (post, e-mail, SMS and/or WhatsApp).
Personal data shall be processed in writing and/or on magnetic or electronic media by external employees and Data Processors appointed for this purpose.
Pursuant to Article 5 of the GDPR, personal data shall be processed lawfully and fairly in writing and/or on magnetic or electronic media. Processed data shall be stored for the aforementioned purposes up until the time indicated above, after which it shall be deleted or anonymised, as provided for by existing legislation and shall not be excessive in relation to the purposes indicated in this policy.
If granted consent is withdrawn, the data shall be deleted within 3 months from the request, subject to specific legal obligations on the storage of legal, fiscal, accounting and administrative documentation.
Processing is done through operations or a series of operations as indicated under Article 4(2) of the GDPR and more specifically: the collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, disclosure, circulation, deletion and destruction of data, even if not recorded in a database.
These operations can be done with or without the use of electronic or automated tools and using methods that fully comply with the purposes pursued.
These operations can be done with or without the use of electronic or automated tools and using methods that fully comply with the purposes pursued.
The data collected on this website shall be disclosed by the Data Controller to legal and tax advisers.
Personal data may also be disclosed to external individuals appointed as Data Processors operating on behalf of the Data Controller. Employees and Data Processors appointed for this purpose shall only process data if necessary to carry out their assigned tasks, for example, to fulfil orders and ship goods, to process payments, etc, all of which while guaranteeing to protect Data Subject rights. The full list of the Data Processors is available, upon request, from the Data Controller.
Moreover, personal data may be disclosed to third-party companies in the event of a merger and/or demerger, acquisition, sale of a company branch and/or other special corporate operations.
Personal data may be disclosed to legitimate recipients pursuant to law or regulations, for example, in the event of requests from relevant public authorities and judicial authorities.
3. Transfer of data abroad
Personal data may be transferred to countries in the European Union.
4. Data subject rights
Pursuant to Articles 15 to 22 of the Regulation, data subjects have the right to:
5. Data Controller contact details
The Data Controller is Atag S.p.A., Tax Code 00844980151, with its registered head office in Milan (20128 – MI), Viale Monza, 274, e-mail: web@atag-europe.com
6. Amendments to this policy
The Data Controller reserves the right to update and/or amend this policy at any time, especially when it is necessary to comply with new regulations.
The Data Controller shall notify of any updates to the privacy policy by publishing it on its website. Users are therefore advised to regularly check the ATAG privacy policy.
Date of last update: 1 August 2021