Data protection regulations
In this section, in compliance with the new European legislation introduced by EU Regulation 679/2016 and Italian legislation (Legislative Decree no. 196/2003), information is provided on the processing of personal data of users who consult the pages of the website www.tavoom.com (hereinafter: ‘Website’) or use the purchase services made available on the same (hereinafter: ‘Users’ or ‘Interested Parties’).
This information relates exclusively to the Website and not to other websites that the User may consult via links on the Website.
Data controller responsible for data processing
The controller of the personal data of the users of the website www.tavoom.com is the sole proprietorship ‘EDS DIGITAL’ (hereinafter also the ‘Company’) with registered office in Arcore (MB).
Email to contact the Data Controller and request the cancellation of your data, if collected with your consent: help@tavoom.com
***
A - Type of data processed
Identifying data
In compliance with the new European legislation introduced by EU Regulation 679/2016 and with Italian legislation (Legislative Decree no. 196/2003), the consultation of the website and the possible purchase of products sold on the website may involve the processing of data that can directly or indirectly identify a natural person, such as: Name, surname, home address, e-mail address, telephone number, IP address.
The website does not require the interested party to provide so-called ‘special’ data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life or sexual orientation, in accordance with Art. 9 GDPR. If the requested service requires the processing of such data, the data subject will be informed accordingly in advance and asked for their express consent.
Bank details
When purchasing products on the website, bank data such as the number of the card or bank account indicated for payment, the cardholder and the bank account are also processed.
III. Navigation data
Navigation data is data that is automatically collected by the systems and programmes responsible for the operation of the website and is necessary for the use of the web services [e.g. IP addresses, browsers used, domain names of the systems used by users to connect to the web portal, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment].
This data is collected even if there is no login to the website or no request for information.
Browsing data is only used in aggregate form to compile anonymous statistics on the use of the website and to check its proper functioning; it does not allow the identification of the users concerned and is deleted in anonymous form immediately after processing.
However, they may be used to ascertain responsibility in the event of computer offences against the website.
Data provided voluntarily by the user
Personal data provided voluntarily by the user (e.g. first name, surname, e-mail address) to send messages to the website and/or to purchase the products offered will be used exclusively to meet the needs of the data subject and to fulfil legal obligations.
The legal basis for this processing is the fulfilment of the services associated with the requests and purchases and the fulfilment of legal obligations.
The information that the user of the website publishes via the services and tools made available on the website is provided knowingly and voluntarily by the user and releases the website from any liability for any legal offences.
It is the user's responsibility to check whether he/she is authorised to enter personal data of third parties or content protected by national and international regulations.
Data collected through analytical cookies
The website also collects data about the user through the use of cookies.
For more information about the data processed by cookies, the type of active cookies and how to disable them, please refer to the Cookie Policy.
These cookies are used to track the user's browsing preferences and collect statistical data. Users can disable these cookies by accessing their browser settings, as indicated in the website's cookie policy.
***
B - Purpose of the processing
B - Purpose of the processing
The personal data collected is used for:
To enable the shipment of products purchased by the user;
To derive anonymous statistical information on the use of the web portal;
To check the proper functioning of the web portal;
To send communications and newsletters, both in paper and electronic form, to the e-mail address provided by the user;
To ascertain liability in the event of hypothetical computer crimes against the website;
fulfilment of other legal obligations not covered by the aforementioned purposes.
The data may only be disclosed at the request of the judicial authority in accordance with the law.
***
C - Legal basis for the processing
Execution of a contract
The legal basis for the processing of personal data is the fulfilment of the services associated with the purchase of products, the signing of the General Terms and Conditions, the fulfilment of legal obligations and the legitimate interest of the website in carrying out the processing necessary for these purposes.
Consent of the data subject
The optional, explicit and voluntary sending of e-mails, messages or communications of any kind to the addresses indicated on this website entails the subsequent acquisition of the sender's address, telephone number or other personal data used to respond to requests. Such processing is based on the consent of the data subject.
It is ensured that this processing is based on the principles of lawfulness, fairness, transparency, adequacy, relevance and necessity in accordance with Article 5(1) of the General Data Protection Regulation. Specific summarised information will be progressively reported or displayed on the pages of the websites set up for specific on-demand services.
III Fulfilment of legal obligations
Personal data may be processed without the consent of the data subject if the controller has to fulfil a legal obligation.
Voluntary provision of data
Apart from the data required for the fulfilment of the contract or legal obligations, in the case of cookies and navigation data, the user is free to provide their personal data or not. However, failure to provide data may mean that the service cannot be used to its full extent.
***
D - Nature and duration of processing
Personal data will be processed with the aid of IT tools and in compliance with EU Regulation no. 679/2016 and Legislative Decree no. 196/2003.
The data processed will be stored for the time necessary for the purposes described in this information and therefore for the minimum period required or until the express request of the data subject and, in any case, within the time limits prescribed by law.
The Data Controller undertakes to take all appropriate security measures to prevent the loss and alteration of personal data and their unlawful and unauthorised use.
The data will be processed exclusively by persons authorised to do so by the Data Controller, including data processors, agents and public bodies for the fulfilment of legal obligations, who carry out their respective processing activities as independent data controllers.
The persons authorised by the Controller to process data include, for example, employees of the commercial and legal departments as well as third-party technical service providers, hosting providers and IT companies (this list is not exhaustive). However, the processed data will not be passed on to unspecified recipients.
Finally, the data may also be processed by third-party companies for product dispatch.
The security of the information collected cannot be guaranteed against hacker attacks and, more generally, against breaches of the security standards established for data protection.
However, in the event of attacks or breaches, these will be communicated to the parties concerned and to the competent authorities in accordance with the legal provisions.
***
E - Place of processing
The processing related to the web portal services is carried out by identified and expressly designated personnel according to the specific purposes of the requested and subscribed services.
The Data Controller may use the assistance of external companies, consultants, consortia, software and service providers for the processing in question, acting through identified and designated personnel, within the limits of the purposes envisaged and in such a way as to guarantee maximum data security and confidentiality. In other cases, the personal data collected will not be disclosed to third parties unless the data subject has expressly consented to this, unless disclosure to third parties is necessary to fulfil obligations imposed by laws, regulations or measures taken by supervisory authorities, or is essential to protect the rights of other users or the website itself.
Personal data is processed and stored exclusively for the above-mentioned purposes and for its secure storage on remote servers operated by industry-leading providers that ensure compliance with high standards of protection in the processing of personal data.
This may result in data being transferred to countries outside the EU, where these servers may be located in whole or in part.
In particular, Personal Data may be transferred outside the European Union to the company ‘Shopify’ (https://it.shopify.com/ and https://it.shopify.com/legal/privacy), an e-commerce plug-in used by the website operated by the Owner.
The processing and storage of the data by the said provider takes place in a third country that is ‘adequate’ within the meaning of the decision of the European Commission, in particular the decision on the adequacy of the protection provided by the Canadian Personal Information Protection and Electronic Documents Act, or on the basis of a contractual relationship with standard contractual clauses (SCCs) between the owner of this website and the owner of the company to which the personal data is transferred in accordance with Art. 46 GDPR or on the basis of binding corporate rules established under the special procedure pursuant to Art. 47 GDPR.
For the transfer of data to non-EU countries, it is generally not necessary to wait for national authorisation from the data protection officer. However, the DPO's authorisation is still required if a controller wishes to use specific contractual clauses that have not been recognised as appropriate by a decision of the European Commission or by administrative agreements between public authorities.
Finally, as part of the management of emails and the sending of emails to users who have subscribed to the mailing list or purchased the products offered on the website, personal data may be transferred to countries outside the European Union.
F - Rights of the data subjects
The data subject may exercise the following rights at any time during the processing period
obtain confirmation of the existence or not of the same data and, if this is the case, to know their content and origin
to verify the accuracy of the data, to request the rectification of inaccurate data, the completion of incomplete data or the updating of outdated data
to obtain the restriction of processing if one of the cases provided for in Article 18 GDPR applies
to obtain the erasure of data processed in violation of the law or in the presence of one of the other conditions provided for in Article 17, paragraph 1, letters a), b), c), e) and f) GDPR
to object in any case, on legitimate grounds, to their processing or to object to their processing in the other cases provided for in Article 21(2) and (3) and Article 22 GDPR
to withdraw at any time their freely given consent to the processing of personal data for the purposes mentioned below
obtain the release of the processed personal data in a format compatible with standard computer applications in order to allow their transfer to other platforms of your choice, without impeding the direct transfer of the processed data to another controller, provided that such direct transfer is technically feasible (so-called right to data portability).
Requests to exercise the above rights should be sent by e-mail to the controller (help@tavoom.com).
If the controller does not respond or only partially responds to the above requests, the data subject has the right to lodge a complaint with the Data Protection Officer (www.garanteprivacy.it) within the time limits and in accordance with the procedures set out in Article 77 et seq. of Regulation (EU) No. 2016/679 (GDPR) or to take legal action. EU Regulation 2016/679 (GDPR).
G - Updates to the disclosure
Future regulatory updates may result in changes to the current disclosure, which was uploaded to the website on 19 August 2020.
In the event of a change, the owner will publish a notice on the website.
*******************
Cookie Policy
Cookies are small text files that are stored on the user's device when they browse certain websites with their favourite browser and are stored in the browser's file directory. They are used by server-side web applications to store and retrieve client-side information.
Cookies are divided into ‘technical’, ‘analytical’ and ‘profiling’ cookies. Cookies can in turn be divided into ‘first-party’ and ‘third-party’ cookies.
The use of cookies and related technologies by the website is carried out in compliance with national and European legislation and in accordance with the provision of 8 May 2014 entitled ‘Identification of the simplified procedures for the information and acquisition of consent for the use of cookies’ of the Italian Data Protection Authority.
The website is hosted by the Shopify, Inc. platform. Further information on the cookies used by this platform and how to disable them can be found at the following link https://it.shopify.com/legal/privacy.
The website uses the following cookies:
Technical cookies.
The main purpose of technical cookies is to facilitate navigation on the website. Almost all browsers are set to accept cookies. However, the user can change the configuration of their browser independently or use special add-ons and block them: In this case, the use of the web portal and certain services may be restricted.
In the case of technical cookies, a distinction is made between ‘session’ and ‘persistent’ cookies: Both are stored on the user's device, with the former being deleted when the browser is closed, while the latter remain stored until they expire.
The website uses technical ‘session’ cookies for the operation of navigation within the pages, such as for authentication in restricted areas or the storage of temporary user preferences; these cookies are deleted as soon as the browser is closed.
The use of session cookies (which are in no case stored permanently on the user's computer and are automatically deleted as soon as the browser is closed) is strictly limited to the purpose of transmitting data (consisting of random numbers generated by the server) that identify the specific session and are necessary for safe and efficient exploration.
In some cases, the website also uses ‘persistent’ technical cookies to save the user's choices, e.g. in terms of language or device type.
Persistent cookies are stored on users' devices between different browser sessions and allow the user's actions on a website to be remembered. Persistent cookies can be used for a variety of purposes, including remembering user preferences (e.g. website language) when using a website.
Analytical cookies
These cookies are used to track the user's browsing preferences and to collect anonymous statistical data.
The website only uses third-party analytical cookies that originate from other websites.
Users can disable these cookies via their browser settings.
Please refer to the links to the individual browsers:
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies ;
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirect=no;
Safari: https://www.apple.com/legal/privacy/it/;
Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en;
Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/
In addition, it is possible to disable cookies on websites by downloading specialised software (e.g. Ghostery http://www.ghostery.com) or by activating the ‘anonymous browsing’ mode: This is a function that allows you to browse without leaving a trace of your browsing data in the browser. This function simply allows you not to save your browsing data in the browser.
Analytical cookies used by the website
Please note that the website uses the following analytical services to obtain statistical data on the use of the website:
Analysis service of the company BugSnag Inc. https://docs.bugsnag.com/legal/privacy-policy/
‘Google Analytics’, provided by the company Google Inc. In this case, the personal data collected is stored by Google as the independent controller of the corresponding processing.
For more information, see https://support.google.com/analytics/topic/2919631?hl=it&ref_topic=1008008.
Plug-in cookies for social networks
The website may also use third-party social network plug-in cookies to allow you to share content on various social networks. They allow the user to interact via social networks (e.g. the share function on Facebook, Twitter, YouTube or LinkedIn). These cookies can be disabled via your browser options (see links above).
Social network cookies are not required for browsing. For more information on the cookie usage policies of social networks, please refer to the respective privacy and cookie policies:
Facebook: https://it-it.facebook.com/about/privacy/
Google: http://www.google.com/intl/it/policies/privacy/
Twitter: https://twitter.com/it/privacy
Instagram: https://help.instagram.com/1896641480634370?ref=ig
LinkedIn: https://www.linkedin.com/legal/cookie-policy
ShareThis: https://sharethis.com/privacy/#sthash.oNiQUPLd.dpbs
YouTube: https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=it
Only third-party profiling cookies.
Profiling cookies are used to track the user's browsing behaviour and create a profile of the user based on their behaviour, which can then be used to send advertising messages to the user's device. Third-party profiling cookies are cookies from other websites or advertising circuits (Google AdSense, etc.) that may be sent to the user's device as a result of visiting the website.
Google Remarketing
The website uses Google Remarketing, a web advertising service provided by Google Inc (Google). This service enables users who have already visited the website to be shown interesting adverts again or to place targeted adverts on the Internet pages of websites in the network of Google partners. Google uses cookies for this purpose. These are small text files that consist of a special sequence of numbers (cookie ID) and are stored on your computer by Google. Google uses such cookies so that your browser can be recognised when you visit other websites and interesting advertising can be displayed to you. The information generated by the cookie may be transmitted to and stored by Google on servers in the United States. Google may also use the IP address of the browser to display relevant adverts.
Google Remarketing is a service provided by a third party (Google) that is independent of the website and whose data processing procedures cannot be controlled by the website. Further information on the data collected by Google and on data protection at Google can be found at http://www.google.com/intl/de/policies/privacy/ or in the respective language versions of these websites.
If you do not wish to receive interest-based advertising, you can prevent the storage of cookies by Google by making the appropriate settings in your browser.
You can refuse the use of cookies by Google at any time with effect for the future by deactivating the use of such cookies for this purpose, as indicated on the website at this address
http://www.google.com/settings/ads?hl=en&sig=ACi0TCg7zNY9-JeelXtC7iMNdc0zU7q-fPF5iLfVw8NnpoyDHVrMOmBgvJr2YNWacH5tQJHTghpRcFDGZVPDaHGzYbc4ghGT6Yk5qH7WOfPZPC-QwIWI1V90lbwpcyIuYxKf91rPj7RH5ngHaSq9uTx4rvFHcdNAA_buvnR1kGV4t1zyrfowqknrBkHcIM5MKo2ZhiS2JPEj
Facebook pixel
The Facebook pixel is a service of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94204, USA (‘Facebook’), which enables the tracking of user behaviour after clicking on a Facebook ad and redirection to the website of the respective operator. Conversion measurement makes it possible to measure, analyse and optimise the effectiveness of Facebook ads for statistical and market research purposes. The data collected on the website through the use of the conversion pixel does not allow the website to draw any conclusions about the identity of the user. The collected data (e.g. the IP address of the respective user) is transmitted by the conversion pixel and stored and processed by Facebook for the purpose of conversion measurement. The website receives anonymous reports from Facebook that do not contain any reference to the identity of the respective user. However, it cannot be ruled out that Facebook will link the user data transmitted via the website with other related individual user data (e.g. user information of a Facebook account) or that Facebook will use the information for its own purposes.
The visitor tracking pixel is a service of a third-party company (Facebook), and the website can neither control nor influence the data processing operations of a third-party company. You can view Facebook's privacy policy here: https://www.facebook.com/about/privacy.
Facebook and its partners enable the placement of online adverts both within and outside the Facebook web space. For this purpose, a cookie may also be stored on the user's personal computer.
To give your consent to the use of pixel conversion, you must be over 13 years of age. You hereby declare that you are of legal age to give such consent or that you have been asked by a parent or legal guardian who has decided to give their consent for the declaration of consent in advance.
You can withdraw your consent to the use of the conversion measure at any time. To do so, you can use the following link: https://www.facebook.com/ads/website_custom_audiences/.
Alternatively, you can object to the use of such cookies by deactivating the use of cookies by third-party providers by visiting the opt-out page of the Network Advertising Initiative:
http://www.networkadvertising.org/choices/
and making the appropriate settings via the measures offered there.
Finally, please note that users can consult the following pages of YourOnlineChoices (EU), Network Advertising Initiative (US) and Digital Advertising Alliance (US), DAAC (Canada) to understand and manage the tracking preferences of most adverts.
Use of data
We share your (the visitor's, the customer's) order tracking number, courier name and transaction number in connection with your orders. With a service provider called Proveway Uptrack. Proveway Uptrack synchronises and verifies the shipping details with the payment gateways. Proveway Uptrack does not use any personal information such as email and your name. You can learn more about Proveway's privacy policy here - https://www.proveway.com/blog/privacy-policy