Welcome to Wonderful Marche and our website at www.wonderfulmarche.com.
For your current and any further visits to our website, we would like to inform you about data collection, processing and use when visiting and using our service.
This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective we would like to explain you the following two concepts.
WHAT IS PERSONAL DATA?
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie or an IP Address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
WHAT IS PROCESSING?
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
WHAT LAW APPLIES?
In principle, we will only use your Personal Data in accordance with the applicable data protection laws, in particular Italy`s Legislative Decree no. 196 of 30 June 2003 the “Data Protection Code” (“DPC”), the EU`s General Data Protection Act (“GDPR”) and only as described in this Privacy Policy.
The Person responsible (“Data Controller”)
The person responsible for the processing of Personal Data is:
Wonderful Marche,
Nascente Srls,
Via Trave, 151,60129,Ancona,Italy
P.IVA 02756440422
If you have any questions about the processing of your Personal Data, please contact us using info@wonderfulmarche.com, use our Contact Form or write to us at the above address.
PURPOSE AND LEGAL BASIS OF PROCESSING
In accordance with the DPC and the GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:
- the provision of the website and its functions and contents,
- responding to contact requests and communicating with users,
- providing our services, and
- security measures.
Of course we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
- Consent: the individual has given clear consent to process Personal Data for a specific purpose. (Art. 6(1)(a) GDPR)
- Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract. (Art. 6(1)(b) GDPR)
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). (Art. 6(1)(c) GDPR)
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your Personal Data which overrides those legitimate interests. (Art. 6(1)(f) GDPR)
GENERAL PRINCIPLES
- Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us.
You can recognise an encrypted connection if the address line of your browser contains a "https://" instead of a "http://" and also has a lock symbol. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We have also implemented numerous security measures (“technical and organizational measures”) to ensure the most complete protection of Personal Data processed through this website.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion.
Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
a) Retention and Storage
We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, and in accordance with Italy`s Statutory Retention Periods and other applicable laws for up to 6 years.
b) Minors
Persons under the age of 16 should not transmit any Personal Data to us without the consent of their parents or legal guardians. We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
c) Automated decision-making
Automated decision-making including profiling does not take place.
d) Do Not Sell
We do not sell your Personal Data.
e) Special Category Data
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as data concerning health. In order to lawfully process special category data, it is necessary to consent to the processing. Unless specifically required and consent is obtained, for a particular service, we do not process Special Category Data.
f) Social Media
We are present on social media on the basis of our legitimate interest. If you contact us via social media platforms, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any.
g) Marketing
Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
h) International Transfer
In the course of our website operation, we process data. We usually do not transfer Personal Data to countries outside Italy and the EEA. However, if we do, we ensure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.
l) Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure for example if you send someone a personal message along with an order, c) or if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.
PROCESSING OF PERSONAL DATA BY US
a) Log files
Each time a user accesses our website and each time a file is retrieved, data about this process is temporarily processed in a log file. In detail, the following data is stored for each access/retrieval: a) Date and time of the retrieval (time stamp), as well as the IP address of the accessing device or server, b) request details and destination address (protocol version, HTTP method, referrer, User Agent string), c) name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes) and d) Message as to whether the retrieval was successful (HTTP status code).
On the basis of our legitimate interest in a secure website, we store this data to protect against attacks for up to 12 days beyond the time of your visit. This data is analyzed and required for legal and criminal prosecution in the event of attacks on communications technology. The data is deleted as soon as it is no longer required for the performance of tasks.
b) Cookies
We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further details on the Cookies we use, please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.
c) Hosting
To provide our website, we use the services of SiteGround Hosting Ltd of 7th Floor, 50 Broadway, SW1H 0DB, London, United Kingdom, who processes all data to be processed in connection with the operation of this website, including logfiles on our behalf. The legal basis is our legitimate interest.
d) Contacting us
Personal Data is processed depending on the contact method. In addition to your name and e-mail address, IP address or telephone number, we usually collect the context of your message which may also include certain Personal Data.
For the Chat, we use the Hubspot Life Chat of the company HubSpot, Inc. of 25 First Street, 2nd Floor, Cambridge, MA 02141 USA on our website. Hubspot Life Chat uses cookies to enable you to personalize your online experience. We have no knowledge of the storage period at HubSpot, Inc. and no possibility to influence it.
We also offer to contact us via the messaging services of WhatsApp. If you contact us via those on the occasion of a specific transaction, we store and use the mobile phone number you use on and - if provided - your first and last name in accordance with the provision of a contractual or pre-contractual measure to process and respond to your request
The Personal Data collected when contacting us is processed for the purpose of dealing with your request and the legal basis is your consent. The use of your IP address takes place exclusively in the context of law enforcement and security measures in compliance with our legal requirements.
e) Data processing in the context of providing our services
The protection of your Personal Data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures and in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving.
Further, if you want to buy our merchandise in our shop you are redirected to a subpage which uses the Shop services and functions provided by Springa trading name of Teespring, Inc, 2430 3rd Street San Francisco, CA 94107, USA. If you make a purchase your payment will be processed via Spring.
Payment data will solely be processed through Stripe, and we have no access to any Payment Data you may submit. In the case of order fulfillment and the delivery of goods you have ordered Spring may share your name, e-mail address, shipping, and billing address, the necessary logistics companies and the postal service provider specified when the order was placed. The legal basis is fulfilling our contractual obligations and the establishment and implementation of the user contract for the use of the service.
Third-party services and content
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services. This always requires that the third-party providers of this content are aware of your IP address, as without the IP address they would not be able to send the content to your browser. We use the following providers and would like to ask you to review their privacy policies, and which contain further information on the processing of Personal Data and so-called opt-out measures, if any.
- Fonts: Google Font API by Google
- Content Management System (CMS): WordPress by Automattic Inc
- Analytics and Tracking: Google Analytics by Google LLC, and HubSpot, Inc.
- Tag Management: Google Tag Manager and Google Site Tag by Google LLC,
- Remarketing: Facebook Remarketing by Meta Platforms Inc
- Cookie Consent Manager: Moove GDPR Cookie Compliance by Moove Agency Ltd,
- Maps: Google Maps by Google LLC
- Video: YouTube by Google LLC
YOUR RIGHTS AND PRIVILEGES
a) Privacy rights
Under the DPC and GDPR, you can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to data portability
- Right of objection
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to request the erasure or rectification of Personal Data we hold about you, or to exercise any of your other rights as a data subject, please contact us.
b) Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
c) Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
d) Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
e) Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The competent data protection authority in Italy is: Garante per la Protezione dei Dati Personali (the “Garante”) Piazza Venezia n. 11 - 00187 Rome (Italy), Tel: (+39) 06.696771, E-mail: protocollo@gpdp.it , Web: www.garanteprivacy.it
Changes and Questions
We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change our use of your Personal Data, we will revise the Privacy Policy accordingly and also change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data. This Privacy Policy was last updated on Saturday, 04 February 2023.
If you have any questions about the processing of your Personal Data, please contact us using info@wonderfulmarche.com, use our Contact Form or write to us at the above address.