1. Data types processed
Browse data
During normal operation, the information system and software steps used to operate this website will acquire some personal data, which will be transmitted implicitly through the Internet communication protocol.
It includes information that is not explicitly collected and is not associated with a particular individual, but in essence, it enables users to be identified by processing and associating data held by third parties.
Such data includes the IP address or domain name of the computer used by the user to connect to the website, the URI (Unified Resource Identifier) address of the requested resource, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code (success, error, etc.) given by the server indicating the request status, and the user operating system and virtual reality. Other environmental parameters.
This data is used to obtain anonymous statistics about the use of websites and check whether the functions of websites are correct. Assuming that a computer crime against this website occurs, the data can also be used to confirm its responsibility.
Data provided voluntarily by users
Data is provided freely, clearly and voluntarily by the user by sending an e-mail to the addresses listed on this website, thereby allowing subsequent access to the sender's e-mail address (which is necessary for answering any inquiries) and any other personal information contained in the message.
The use of this website may lead to the processing of third-party personal data provided to Doufit by users. In this case, the user assumes all legal obligations and responsibilities on behalf of the autonomous data control party. In this sense, the user provides the widest compensation for any disputes, claims, claims for damages caused by data processing and other damages arising from the violation of applicable personal data protection regulations for personal data received by Doufit from a third party by users who use this website. In any case, if the user provides or otherwise processes third-party personal data by using this website, the user shall guarantee - and assume all subsequent responsibilities - that such processing is based on the prior consent of the third party (if necessary) to process his or her information - that the user acquires it himself or herself.
At each stage of the requested service, any specific summary information will be provided or displayed on the website page in an appropriate manner when applicable.
2. Mandatory or optional nature of the purpose of processing and the provision of data
Doufit hereby informs the website users that the data collected will be used only for the purposes specified below, with special consent if necessary:
(a) To comply with legal, accounting and tax obligations;
Mandatory provision of user data for the purposes listed in (a) above; if not, Doufit will not be able to meet its obligations under laws, regulations or EU regulations.
Please note that under Section 24, paragraph 1 (a), of the Privacy Act, personal data processing for this purpose does not require user consent.
B) Providing agreed contracts (providing goods and services) for the purpose of fulfilling product sales contracts or services;
It is optional to provide data for the purposes listed in (b) above, but failure to provide data may render it impossible to perform the contract or provide the required services.
According to Section 24, Section 1 (b), of the Privacy Act, we do not need the user's consent to personal data processing for this purpose, as such data is necessary for the performance of contractual obligations to satisfy specific requests of the same form as a party to the contract and/or before the completion of the contract.
C) Used to send e-mail marketing messages about products or services similar to those about the subject of the purchase data.
According to Section 130, paragraph 4, of the Privacy Act, the data control party does not need prior user consent for the data processing referred to in Point (c), but the data subject may object to it at the time of registration or at the time of sending any communication material for that purpose. (so-called "soft two-way confirmation". )
D) Used to send marketing messages. According to the Personal Data Protection Department's "Guidelines on Marketing Activities and Combating Spam - July 4, 2013 [2542348]", Doufit will obtain the user's single consent for this purpose. If the user decides to accept information about marketing activities (including Doufit market research), such activities can be carried out through operator telephone contact ("traditional mode"), e-mail and possibly social network ("automatic mode") in accordance with existing laws.
Providing user data for the purposes listed in (d) above is optional and requires prior user approval.
(i) Personal profiling may also be performed because of the need to provide services (defined as "processing aimed at determining the profile or personality of the data subject or analysing the habits or consumption choices of the data subject". See Section 37, paragraph 1 (d), of the Privacy Act, and consent is not required.
(ii). Doufit also retains the power to conduct personal profiles that are not necessary for the provision of services, such as for marketing purposes, but require prior consent from the data subject.
Whether or not to grant (possibly) consent to data processing for personal profiles described in point e (ii) is up to the user. In order to obtain the above consent, there will be no impact on the user's use of the service.
F) Communication through Doufit during marketing and Exhibition Events
Disseminate pictures of participants collected through photography or videography.
3. Data Processing Method
User's personal data are processed by Doufit or carefully selected third parties and formally designated data processors according to their reliability and ability. They are dedicated to achieving the same purpose, mainly using automated tools, or in written form, in strict and necessary time to achieve the purpose of data collection.
In order to prevent data loss, illegal or improper use and unauthorized access, specific security measures will be complied with in full accordance with Section 31 and the following of the Privacy Act and the Minimum Security Measures Technical Regulations (Appendix B to the Privacy Act).
4. Personal data may be disclosed to them, or as data processors or responsible for data processing, the scope of the above-mentioned data disclosure and data transmission that may take place outside the EU, so the subject or subject category of personal data information may be known.
Personal information provided by users will be disclosed to and used by Doufit employees and/or their overseas affiliates for the sole purpose of performing activities that constitute the reason for the initial collection of this information (e.g., fulfilling sales contracts or providing services or sending press releases). Data may be disclosed to the exclusive dealers of Doufit located in Italy, the EU or other countries outside the EU and/or to other parent companies controlled and/or associated with Doufit Group, who will become autonomous data controllers under the legal provisions for data transmission to third countries. In order to properly deliver related services to Doufit customers in overseas countries operated by Doufit, the above data-processing activities are recognized as necessary, subject to the permission of Article 24, paragraph 1 (b), and Article 43, paragraph 1 (b), of the corresponding Privacy Act.
Data may be processed by Doufit providers formally designated as data processors under Section 29 of the Privacy Act. If data processing involves the transmission of data to countries that do not accept the EC appropriateness decision, such data transmission will be based on relevant rules (in accordance with the EC decision of 5 February 2010, No. 2010/87/EU (published in the Official Public of the European Community on 12 February 2010). The standard contract terms in the appendix to L39/5 shall be implemented.
Data may also be exchanged to electronic communications service providers, banks, financial intermediaries, credit institutions, other financial institutions, central IT system management agencies (risk and fraud prevention centres, etc.), insurance companies, consultants and freelancers who help Doufit recover debt and resolve disputes, and specialists in packaging, transportation and delivery of purchases or in providing postal and marketing clothing. A company that is engaged in data processing is officially designated under Section 29 of the Privacy Act. Data may also be disclosed to regulators, research firms or non-profit associations; in such cases, information will only be exchanged anonymously. For the purposes specified at point 3 (f), data will not be disclosed without the prior explicit consent of the data subject.
5. The authority of the data subject. Personal details of data controllers and persons responsible for data processing (if appointed). Indicates the updated list of data handlers.
According to Article 7 of the Privacy Act,
(1) The data subject has the right to obtain the confirmation of the existence (or lack) of his personal data, even if the information has not been recorded, he has the right to receive the detailed information of the data in an understandable form.
(2) Data subjects have the right to obtain the following relevant information:
(A) The source of the personal data;
(B) The purpose and mode of data processing;
(C) The logic used in processing by means of electronic tools;
(D) The identity of the data control party, the person responsible for processing the data and the representative designated in accordance with paragraph 2 of Article 5;
(E) Subjects or categories of persons who may disclose personal data to them or who may acquire personal data information by virtue of their functions (e.g. designated representatives, data processing controllers or persons responsible for data processing within the territory of the Italian State).
(3) Data subjects have the right to:
(A) Update, amend or add (when relevant) collected data;
(B) Delete, anonymously or prevent illegally processed data, including information that is not necessary for collection or subsequent processing purposes;
(C) To confirm that the operations referred to in points a) and B above have been informed of the parties to whom data are to be communicated or disclosed, unless it can be proved that this cannot be done or that the protection of the power involves the use of apparently inappropriate methods. This also applies to the content.
(4) Data subjects have the right to object wholly or partially:
(A) Processing their personal data, even if the information is not beyond the scope of legal collection;
(B) Processing their personal data for sending advertising materials, selling directly or conducting market research or business exchanges.
