DM Italia S.r.l. Unipersonale, VAT number: 02034410478, based in Monsummano Terme (Pistoia), Via Risorgimento No. 661/C (hereinafter referred to as “we”), the operator of the website with the virtual store www.dmitalia.coffee, declares that all personal data (hereinafter referred to as “data”) is considered strictly confidential and is processed in accordance with the applicable laws regarding personal data protection. The security of customer personal data is a priority for us; therefore, we pay careful attention to personal data and its protection. In this Privacy Policy (hereinafter referred to as the "Policy"), we provide information about the personal data of users that we collect, the legal basis for processing, the purposes for which we use the data, the retention period, and to whom we may transfer the data. We also outline the users' rights regarding the processing of their personal data.
INDEX:
- Which personal data is processed?
- For what purposes do we process personal data?
- On what legal grounds do we process personal data?
- To whom do we transmit personal data?
- How long do we process personal data and how are they protected?
- How do we use cookies?
- What rights does the user have and how can they exercise them?
- Contact us
1. Which personal data is processed?
We process various types of data related to users of our website services and online store.
-In case of purchases:
The data most frequently provided by users is collected through the order form for purchasing products on our website. This data is primarily required for the establishment and execution of the sales contract. Such data is necessary to process the order and can be divided into:
- Identifying data, such as name and surname, and in the case of legal entities, tax code and VAT number;
- Contact data, such as email address, postal address, billing address, phone number, bank details, and payment information;
- Contractual data, such as the products purchased.
–In case of registration:
If you want to benefit from the advantages of a customer account, you must first register on our website. The customer account is protected by a password chosen by the user, to which we do not have access, and in case of loss, we will not be able to send it upon request or generate a new password.
Within the account, the user has unlimited access to their personal data and can modify them. The account allows users to view the history of completed orders, purchased products, and incomplete orders. Through a customer account, users can also save payment card details, manage newsletter subscriptions, and use the wishlist, where favorite products can be saved.
If you prefer not to create a customer account to make a purchase, it is also possible to shop without sign in.
-If you subscribe to the newsletter:
We may send commercial communications to users regarding products similar to those purchased in our virtual store. You can always unsubscribe from the newsletter using the dedicated link at the bottom of each email containing such communications. If you have a customer account, you can also unsubscribe through your account. Unsubscribing from commercial communications is free of charge.
Registered customers can also receive commercial communications via SMS or notifications on Facebook or Messenger. This processing is governed by the privacy policy of the relevant social network. In this case, you can also refuse to receive communications through these channels.
The following data is processed for users who subscribe to the newsletter:
- Identifying data, i.e., the name;
- Contact data, which allows us to send the newsletter, i.e., email address;
- Demographic data, inferred from the user’s settings and behavior on the website, i.e., gender and preferred language.
-If you visit our website:
When you visit our website, we collect various information about the user during the visit, such as the IP address, browser settings, preferred language, visited web pages, and the time of visit. We also monitor movements on the website or links clicked, so we can tailor the displayed content and offer products and content that the user finds appealing.
During your visit to our website, we store and subsequently read cookies in the browser and device used by the user; cookies will be addressed in a separate section of this Policy.
In addition to cookies, we also process data related to the user's behavior on the website, the IP address, and data provided by the browser, such as screen resolution, device operating system, including version and language settings.
We are also able to link the user to social networks, including automatic access to a specific social network account. For this connection, we use so-called social plug-ins on our website, especially in relation to blog posts, i.e., share buttons, allowing users to share relevant content on their profiles. Once linked, personalized offers and targeted ads may appear on social networks and other websites, leading back to our website. Our website may contain links to other websites deemed useful and potentially containing helpful information. These sites may be owned and operated by other companies and organizations, which process data according to their own security and privacy policy. Our company has no control over such processing and is not responsible for any information, material, products, or services contained or accessible via these websites.
-Contacts:
If the user decides to contact our customer service by phone or email, we mainly process call recordings (which may be monitored) and communication logs via email.
If the user contacts us for inquiries through our website or via selected social network profiles, the processing of personal data is governed solely by the privacy policy of the company managing the relevant social network.
-User testing or other organized events:
If you participate in a user testing program offered by us, we may process the following data:
- Identifying data, i.e., name and surname;
- Contact data, i.e., email address and phone number;
- Video recordings, i.e., footage concerning the user.
We also organize many events for our customers during which we may process the following data:
- Identifying data, i.e., name and surname, possibly tax code and VAT number;
- Contact data, especially email address and phone number.
For each event, we inform the user about the specific personal data processed.
For what purposes do we process personal data?
Purchase of goods and services:
We process the user's personal data mainly in order to fulfill the sales contract, to correctly process the order placed via our website, mobile app, or customer service line, and to deliver the goods. The email address and phone number are used to send order confirmations, payment receipt confirmations, electronic invoices, to inform the user about the status of the order, and for any other individual communication related to the order.
-Customer account:
If the user is a registered customer, we process their personal data in order to fulfill the contract related to the management of the customer account.
-Marketing communications:
We send commercial communications related to products similar to those purchased in our virtual store. You can always unsubscribe from the newsletter using the dedicated link at the bottom of each email containing such communications. If the user is a registered customer, we also send commercial communications via SMS. You may receive push notifications containing commercial communications via Facebook or Messenger. This processing is governed by the privacy policy of the relevant social network. If the user unsubscribes from the newsletter, we will no longer use their electronic contact information for this purpose. Unsubscribing from commercial communications is free of charge.
-Personalized content:
We aim to personalize the content and recommend products the user is interested in. For this purpose, we use the personal data we collect to personalize the content and offers on our website. The displayed marketing offers may be selected based on additional information related to the user that we have obtained over time, based on contact and demographic data, favorites, and other data related to the user's use of our website. However, we do not perform fully automated processing that may have legal effects on the user.
We process data on the user's behavior on our website, which allows us to obtain information that helps us constantly improve our website and make it more pleasant to use. We may also process personal data to generate various statistics, such as monitoring traffic or measuring the effectiveness of advertisements, and to test new features of our website or mobile application. Data on user behavior on the website is also important for, among other things, preventing attacks on our website.
-Customer service:
We are continuously working to improve the services provided by our customer support, and in order to respond to the user's requests as quickly as possible, we need their personal data to process their requests or resolve potential issues in fulfilling the sales contract. If the user contacts us by phone, we record the call with notice, so we can continue improving our services.
We also use the collected personal data for communication with the user and to personalize it. For example, we may contact the user by phone, email, or other means to remind them of items in their cart, to help them complete the order, to inform them about the current status of their request, order, or complaint, or to obtain further information. We may also notify the user that actions are required to keep their customer account active.
-Stock Availability Alert:
If the user sets up an availability tracking function for out-of-stock items, we inform the user when the items are back in stock via a message sent to the provided email address.
-User testing and other organized events:
If the user participates at a user testing program offered by us, we process personal data to test new or existing features of our systems.
If the user participates at an event organized by us, we process personal data to plan, organize, and evaluate the event.
-Service improvement:
We use the user's personal data to continuously improve our services and systems, including adding new features. We also process personal data to make informed decisions using comprehensive analysis and business intelligence based on our legitimate interest in conducting business and the need to improve the services offered to succeed against the competition. However, to ensure sufficient protection of the user's rights and interests, we use anonymized personal data to the greatest extent possible.
-Protection, security, and dispute resolution:
We may also process the user's personal data to ensure the protection and security of our customers and systems, to assert our rights and legal claims, to detect and prevent fraud, to resolve disputes, or to enforce our agreements. We may also process the user's personal data for any checks carried out by public authorities.
3. On what legal grounds do we process personal data?
We process personal data to varying degrees and for different purposes, as outlined in detail in sections 1 and 2, specifically:
a) without the user's consent, based on the execution of a contract, compliance with a legal obligation, or our legitimate interests;
b) based on the user's consent.
The types of processing we can carry out without the user's consent depend on the intended purpose of the processing and the user's role in relation to us: as a simple visitor to our website, a buyer at our virtual store, or a registered user. However, personal data may also be processed if the user is the recipient of the ordered goods or services or communicates with us.
-Fulfillment of the sales contract:
If the user makes a purchase or places an order, a draft sales contract is created, which is concluded upon our acceptance by dispatching the ordered goods. To correctly fulfill this sales contract or any other contract related to goods or services, we need much of the personal data entered via the order form. The specific data we process in this case is listed in section 1.
If the user registers on our website, we process the data in order to manage the customer account. The contract underlying our processing is formed with the creation of the customer account. If the account is deleted, we stop processing personal data for this purpose. The specific data we process in this case is listed in section 1.
-Legal Compliance
We must also comply with certain obligations set by applicable law. If we process the user's personal data to fulfill these obligations, we do not need the user's consent for such processing. On this legal basis, we specifically process identification and contact data, as well as order details. The specific data we process in this case is listed in section 1.
-Consent:
To send commercial communications via email, we may process personal data with the user's consent. Consent is necessary if we do not process the user's personal data based on a legitimate interest or to execute a contract. Consent can be revoked, and the newsletter subscription can be canceled at any time. The specific data we process in this case is listed in section 1.
-Legitimate interest:
We also process the user's personal data based on a legitimate interest to improve and tailor the services provided, verify whether the order was fulfilled satisfactorily, and promote the products and services offered more effectively. Specifically, these are the data referred to in section 1.
Based on a legitimate interest in direct marketing, we may also send commercial communications related to products similar to those the user has purchased from us, provided the user does not object to such processing. In any case, if the user is a registered customer, we send newsletters based on contract fulfillment. The specific data we process in this case is listed in section 1.
Our legitimate interests also include the protection of legal rights, internal records, and ensuring the proper provision of our services. In this case, we process all categories of personal data listed in section 1.
4. To whom do we transmit personal data?
In most cases, we process the user's personal data for our purposes as data controllers, which means we determine the purposes mentioned above for collecting personal data, the means of processing, and its proper execution.
We transmit the user's personal data to our partners only if necessary for the execution of the sales contract, such as to ensure payment or shipping, based on a legitimate interest.
We also transmit the user's personal data to our data processors, who, of course, respect the legal conditions for personal data protection. These processors process the personal data according to our instructions, and the user's rights are not compromised by this processing. With the user's consent, we may also transmit personal data to social networks or marketing tool operators, so the user can view targeted ads on other websites.
-Category of recipients:
We may transmit the user's personal data to the following entities:
- Companies and processors for the execution of the sales contract to perform internal procedures and processes;
- Companies managing payment services to process payments according to the user's order, i.e., to fulfill the sales contract;
- Transport companies for the delivery of products or services ordered by the user and for processing complaints, including cancellation of the sales contract;
- Goods suppliers or service centers in relation to a complaint about the goods or services ordered by the user;
- Partners handling the distribution of newsletters, who are bound by confidentiality and cannot use the user's personal data for other purposes;
- Marketing tool providers, who help us personalize offers and content;
- Social networks, if the user communicates with us or shares content with us through social plug-ins;
- Providers of communication tools between the user and customer support, or external call centers;
- Partners conducting customer satisfaction surveys;
- Providers of technologies and cloud services;
- Legal or financial representatives and courts, to process tax documents, recover debts, or for other reasons stemming from fulfilling our legal obligations;
- Public authorities to assert our rights (e.g., the police).
If third parties use the user's personal data within their legitimate interests, we are not responsible for such processing. Such processing is governed exclusively by the privacy policy of the companies and individuals concerned.
-Data transfer outside the EU:
In some cases, our data processors are established or reside in third countries that are not part of the European Union and therefore do not guarantee an adequate level of protection of the user's personal data. However, if we transmit personal data to such processors, they commit to respecting the standard contractual clauses established by the European Commission, which are available here.
5. How long do we process personal data and how are they protected?
-Duration of Processing:
We primarily process the user’s personal data for the duration of our contractual relationship, i.e., the sales contract. We are required to process personal data necessary to fulfill all our obligations, whether they arise solely from the contract between us or from generally binding legal provisions, for the period specified by law or in accordance with it. For example, as data controllers, we are obliged to retain user information for at least 10 years from the issuance of the relevant accounting documents.
We process the user’s personal data mainly for the duration of the contractual relationship, i.e., the sales contract. In addition, we process personal data for the period strictly necessary to properly fulfill all our obligations arising from the contract and generally binding legal provisions. For example, we are obliged to retain the user’s information for at least 10 years from the issuance of the relevant accounting documents.
In the context of fulfilling user requests and providing quality customer support, we process personal data from the time of contract conclusion, including 1 year after the expiration of the warranty period for purchased goods, in order to resolve potential disputes.
If the user communicates with us via customer support, we retain the personal data of the communication for a period of 2 years, including call recordings, which are monitored.
If the user consents to the sending of commercial communications, such consent is valid for a period of 4 years or until revocation. Additionally, if the user consents to notifications regarding the availability of monitored products, such consent is valid until the information on availability is sent, but no longer than 1 year, or until revocation. Consent provided for product reviews is valid for 6 years or until revocation. If the user decides to participate in user tests or other events organized by us, and provides consent, we process their personal data for a period of 1 year or until revocation, including any video or audiovisual recordings.
If the user participates in a competition organized by us, we process personal data for a period of 1 year. In other cases, the duration of personal data processing is determined by the purpose of processing or by binding legal provisions in the field of personal data protection. The user’s personal data is automatically deleted once the processing deadlines are reached.
-Protection:
The personal data of the user that we collect and process is already encrypted through the SSL (Secure Socket Layer) encryption system. This system ensures that the user’s personal data is secure when the browser communicates with our server. We protect our website and other systems we use with appropriate technical and organizational measures against the loss and destruction of personal data, as well as unauthorized access, modification, or dissemination of personal data.
We continually improve this protection and require our processors to demonstrate compliance with the GDPR of the systems they use.
When the user registers, access to their customer account is only possible after entering the password they have chosen. We do not have access to the password as we store it in an encrypted form that cannot be decrypted, even by us.
Among other things, we require the user not to disclose their login credentials to third parties. We recommend logging out of the customer account at the end of the session, especially if the device is shared with others. We are not responsible for any improper use of the user’s password unless we are directly responsible.
6. How do we use cookies?
We use cookies to ensure that our website functions correctly and to make our offering relevant, interesting, and pleasant for the user. To use cookies, we rely on the browser used by the user. Our website also works without cookies, but with limited functionality, and some basic features may not be available.
Cookies are a standard tool for storing information about website usage.
Cookies are small text files that are automatically created when you visit a website and stored on your computer, smartphone, or another device in relation to the browser being used. Through some cookies, we can track the user’s activity on our website until the browser is closed. These cookies are automatically deleted when the browser window is closed.
However, other cookies remain saved in the browser or on the device for a specific period and are reactivated every time the user visits our website. In addition to cookies, we also use tracking pixels, which are small images invisible to the average user that work similarly to cookies. The retention time of cookies in the browser or on the device depends on the cookie settings and the browser. We store the data collected from cookies for a maximum of 1 year.
What types of cookies do we use?
The cookies we use on our website can be divided into two basic types:
- Short-term cookies ("session cookies"), which are deleted immediately after the website visit.
- Long-term cookies ("persistent cookies"), which remain in the browser or on the device for a specific period or until manually deleted.
Cookies can also be categorized by their functionality:
- Essential cookies (technical and functional cookies), which are crucial for the basic operation of the website. Without these cookies, it would not be possible to add items to the shopping cart, submit an order, or access the customer account.
- Analytical cookies, which help us improve the user experience on our website by allowing us to understand how users interact with it. They also enable us to analyze the performance of different sales channels.
- Profiling cookies, which we use to personalize the sending of advertising material and commercial recommendations.
- Remarketing cookies, which we use to personalize ad content and target it correctly.
In practice, we use the above cookies for:
- Ensuring the proper functioning of the shopping cart so that orders can be completed as simply and quickly as possible.
- Remembering login credentials so they do not need to be entered each time.
- Better personalization of our website based on user needs by monitoring traffic, site navigation, and functions used.
- Understanding which ads are displayed, so that irrelevant ads are not shown in the future.
- Some cookies, including their content, may collect information that can later be used by third parties to directly support our advertising activities (the so-called “third-party cookies”). For example, information about products purchased on our website may be used by an advertising agency to personalize banner ads on other websites. However, these cookies are anonymized for third parties, and the user cannot be identified based on them.
- Cookie preferences can be managed by the user through the relevant panel, which allows visitors to select their cookie preferences at any time.
- How can cookies be limited?
- The cookie settings are part of the browser used; most browsers automatically accept cookies by default. Cookies can be completely rejected through the browser or limited to selected types. However, this will also limit the functioning of our website, and some features, including access to the customer account, may not be fully utilized.
- Alternatively, users can use incognito browsing mode, which does not completely block the use of cookies but makes them anonymous and does not store the history of visited websites.
Information on setting cookie preferences is available in the following links or other browser documentation:
- Chrome
- Firefox
- Internet Explorer
- Android
- iPhone and iPad
An effective tool for managing cookies is also available at https://www.youronlinechoices.com/it/.
7. What rights does the user have and how can they exercise them?
Just as we have our rights and duties in the processing of personal data, the user also enjoys certain rights which they can exercise. These rights include:
-Right of Access:
The user has the right to request free information about the processing of their personal data, including what data we process, for what purpose, for how long, where the data is collected, and to whom it is transmitted. Under the right of access, the user can also ask us to send a structured, machine-readable format of the processed data.
-Right to Rectification:
If the user believes that the personal data being processed is incorrect or incomplete, they have the right to request its rectification.
-Right to erasure:
In certain cases, the user may exercise the right to have their personal data cancelled. Personal data will be deleted without undue delay, except when we need it to fulfill our legal obligations or if its retention is required by law (e.g., to fulfill an order already placed) or to protect our legitimate interests. Personal data will also be destroyed if it is no longer necessary for the specific purpose or if its retention is unlawful for other reasons.
-Right of Restriction
In some cases, the user may also exercise the right to restrict the processing of their personal data. They can request that the personal data indicated by them not be subject to further processing for a limited period.
-Right to Data Portability:
The user has the right to receive from us all the personal data they have provided that we process based on their consent. We provide personal data in a structured, machine-readable format.
-Right to Object:
The user has the right to object to the processing of personal data based on our legitimate interest. Regarding processing for marketing purposes, we will stop processing the personal data without undue delay. However, in other cases, we will do so based on a reassessment of our legitimate interests and the rights and reasons of the user.
-Right to Lodge a Complaint:
The exercise of the above rights does not limit the user's right to lodge a complaint with the competent supervisory authority. This right can be exercised, in particular, if the user believes that we are processing personal data in an unauthorized manner or in violation of generally binding laws. The authority competent for handling customer complaints is the Italian Data Protection Authority, located at Piazza di Monte Citorio, 121 00186 Rome, Italy. To exercise your rights, please send an email to: amministrazione@dmitalia.info
8. Contacts
If you have any questions, comments, or requests regarding this Privacy Policy, you can contact the Privacy Officer at any time by email at amministrazione@dmitalia.info. Your request will be processed without undue delay, but no later than 30 days. In exceptional cases, especially if the request is particularly complex, we may extend this period by an additional two months. However, we will inform you of any possible extension and the reasons for it. Alternatively, you can contact us at the address or customer service number listed at the end of this Policy.
-Contacts:
DM Italia s.r.l. Unipersonale Via Risorgimento n. 661/C 51015 Monsummano Terme (Pistoia)
tel.: 0572 091278
E-mail: amministrazione@dmitalia.info
–Effectiveness:
This Privacy Policy is valid and effective from February 4, 2022.
DM Italia S.r.l. reserves the right to modify or update the content of this Privacy Policy, including in response to changes in legislation. Therefore, we encourage you to visit this page regularly to stay informed about how your personal data is processed.