WEBSITE PRIVACY POLICY
(pursuant to Legislative Decree 196/03 and Regulation (EU) 2016/679)

Data Controller, Data Processor and Appointees

The User's browsing of this website involves the acquisition of information of a personal data nature. For these purposes, the Data Controller for the processing of personal data provided by you is:
Odoo S.r.l. (Tax code/VAT number 02952200216), in the person of its legal representative pro tempore, with registered office in 39100 Bolzano, via Luigi Negrelli No. 15. The personal data collected is processed by employees of the Company, who act as “Appointees”, following the specific instructions and indications given to them.

Data processing location

The data related to the web services of the website www.doneggyy.com will be processed in Bolzano at the Data Controllers registered office and is carried out by the technical personnel of the office entrusted with the processing or by any individuals in charge of occasional maintenance operations. No data from the web service is disclosed or disseminated (Article 90 GDPR). Personal data provided by users who submit requests for the sending of advertising material is used only for the purpose of providing the requested service in question and is disclosed to third parties only if necessary for that purpose (Article 3 GDPR).

Privacy Policy for website visitors

The purpose of this Privacy Policy is to describe how this website is managed, with regard to the processing of personal data of users/visitors who consult it. It is information that is provided also pursuant to Article 13 of Legislative Decree 196/03 - Data Protection Code - to those who connect to the Odoo S.r.l. website and use its web services from the address [https://www. www.doneggyy.com]. The website [https://www.doneggyy.com] is owned and managed by Odoo S.r.l., which ensures compliance with the Personal Data Protection Law (Legislative Decree 196/03).

Definition of personal data and processing of personal data

Processing of personal data is any operation or set of operations, carried out with or without the help of electronic instruments, relating to the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, disclosure, dissemination, erasure and destruction of data, even if not registered in a database.

Type of data processed and processing purpose

1)- Browsing data
The computer systems and software procedures used for the operation of this website acquire, during normal operation, certain personal data that is then implicitly transmitted when using Internet communication protocols.

This data is not collected in order to be associated with identified data subjects, but by its very nature may allow users to be identified through processing and association with data held by third parties. All our activities are governed by strict ethical principles and we are committed to protecting the privacy of all visitors to our website. For this reason, the way we collect and store data is closely related to the way in which our website and related services are used.

2) Data provided voluntarily by users/visitors
When users/visitors connect to this website and send their personal data to access certain services, or to make requests by e-mail, Odoo S.r.l. will acquire the sender's address and/or any other personal data to be processed exclusively for responding to the request. The personal data provided by the users/visitors will be disclosed to third parties only if the disclosure is required for fulfilling the requests of the users/visitors.


3) Cookies
Various technologies may be used on our website to improve the website and make it more user-friendly, effective and secure. These technologies enable us, or third parties working for us, to collect data automatically. Cookies are an example of such technologies. 

Various technologies may be used on our website to improve it and make it more user-friendly, effective and secure. These technologies enable us, or third parties working for us, to collect data automatically. Examples of such technologies are cookies. 

Cookies are used for different purposes: performing computer authentication, session monitoring, storing information on specific configurations concerning users accessing the server. 

The data protection guarantor in the relevant provision of 8 May 2014 identified two macro-categories:  

Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or user to provide such service" (see Art. 122(1) of the Code). They are not used for any further purposes and are normally installed directly by the website owner or operator. They can be divided into: 

Navigation or session cookies, which ensure normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); 

  • Analytics cookies, assimilated to technical cookies where they are used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the website 
  • Functionality cookies, which allow the user to navigate according to a set of selected criteria (e.g. language, products selected for purchase) in order to improve the service rendered to the same. 

The installation of such cookies is subject to the obligation to provide information pursuant to Article 13 of the Code, while the prior consent of users is not required. 

Profiling cookies, on the other hand, are aimed at creating profiles of the user and are used to send advertising messages in line with the preferences expressed by the user when surfing the web. Due to the invasiveness that they may have in the private sphere of users, European and Italian regulations provide that users must be adequately informed about their use and thus express their valid consent (see Art. 122, Section I of the Code). 

Technical cookies: these are necessary for the operation of our site and allow us to: 

  • Add products to your basket and create an order.
  • Check the status of your order. 
  • Allow customer service operators to offer you assistance via chat. 
  • Record your consent to our use of cookies. 

Name and purpose of the technical cookies used 

  • pandectes_gdpr -- Pandetectes -- Consent management
  • tracking_consent -- Shopify -- Consent management
  • landing_page -- Shopify -- Statistics
  • shopify_pay_redirect -- Shopify -- Payment management
  • cart_currency -- Shopify -- Functional
  • secure_customer_sig -- Shopify -- Functional

These cookies are necessary for the operation of the site and cannot be deactivated in our systems. They are usually only set in response to actions you take that constitute a request for services, such as setting privacy preferences, logging in, or filling out forms. You can set your browser to block or have it warn you about these cookies, but as a result some parts of the site will not work.  These cookies do not store any personal information. 

Name and purpose of the profiling cookies used: 

  • _fbp -- Meta Pixel -- Analysis of traffic to the site on the Meta platform.

These cookies are not strictly necessary for the operation of the site and are only activated following explicit consent from the user.

Session cookies used on this website avoid the use of other IT techniques that could potentially damage the confidentiality of users' browsing and do not allow the acquisition of personal data identifying the user. (https://www.doneggyy.com/Website/Downloads/InformativaCookies.pdf).

Data provided by you

In addition to automatically collected data, we also process the data you provide. The following is a non-exhaustive list of examples: your contact details, including your company name and VAT number or for natural persons first name and surname and tax code, address (to be provided on the invoice and address for shipping the goods), e-mail address and, fax, website and date of birth, your telephone number or mobile phone number for natural persons, if we need to ask you questions or if we have any queries about your order; other information required to process your order: e.g. information about the products you have ordered, bank account information, bank account IBAN and SWIFT codes; if you have contacted customer service, related information and the history of these contacts. All these details are shared by you. This data will be used for the purposes described in this Privacy Policy. You have the right to rectify your personal data or prevent its processing at any time. (see Data Subject's Rights Section).

How the collected data is used

We will use your personal data for purposes related to your purchases: for example, to notify you of the progress of your purchases or deliveries. We may use your data to verify your creditworthiness using information from third parties. If you have provided us with your personal data, e.g. in connection with a promotion or event, we may send you e-mails or other messages relevant to the service you have requested. If you have contacted customer service, we will use your personal data (including your contact and call history) to facilitate the processing of your requests and provide you with the best possible service. If you have provided your personal data when selling a product, we will inform you about similar products and services. If necessary, we will contact you after the sale of a product or service to ask what you think about it. If a sale is interrupted, we will send you an e-mail to inform you of this. You may delete yourself from the list of recipients of these communications at any time, free of charge and with immediate effect: all you have to do is send an e-mail (see Data Subject's Rights Section). Subject to your express consent, we may contact you using the contact data provided by you (by regular mail, e-mail, SMS, telephone or other electronic means) for marketing, advertising, surveys on behalf of Odoo S.r.l. This will include, for example, information on products, e-commerce activities, special offers, promotional initiatives. So that we can communicate information of interest to you, data about your interaction with Odoo S.r.l. (your participation in loyalty programmes, your ratings and reviews of products, the history of your contacts with customer support, the information you clicked/opened from the newsletter, the types of newsletters you asked to receive, your participation in promotions or events) will be analysed and used in combination.

We may provide your contact data to third parties for marketing, advertising and opinion polling purposes. You can read about your rights, e.g. how to revoke your consent or how to correct your personal data, in the Data Subject's Rights section.

Your personal data will be processed for the following purposes:

  1. the fulfilment of legal, regulatory, or EU obligations;
    2. execution of the contract or to fulfil, prior to the execution of the contract, your specific requests in relation to the marketing and import/export of the items;
    3. management of customers and any purchase orders and related administrative activities, with related processing, in accordance with the relevant invoicing and shipping regulations; 4. taking measures to protect against credit risk, including activities aimed at identifying the economic reliability/solvency of the Customer, before or during the contractual relationship. Odoo S.r.l. may verify that the bank/post office account data provided is correct;
    5. relating to the performance of activities aimed at drawing up studies and market research, carrying out direct sales activities, also by telephone, for sending commercial information, as well as for sending advertising/information material, carried out using "traditional" methods (by way of example, paper mail and/or call with operator) or through "automated" contact systems (by way of example, SMS and/or MMS, telephone calls by e-mail, fax) pursuant to Article 130, paragraphs 1 and 2, Privacy Code and Regulation (EU) 2016/679 . The data subject may object to the processing at any time by sending a request to the dedicated e- mail address: info@doneggyy.com
    6. relating to the carrying out, by third parties, business partners, to whom Odoo may disclose/transfer the acquired data, for the carrying out of activities designed to develop studies and market research, to carry out direct sales activities, including by telephone, or product placement for sending marketing information, including interactive information, as well as for sending advertising/information material, carried out using "traditional" methods (by way of example, paper mail and/or call with operator) or through "automated" contact systems (by way of example, SMS and/or MMS, telephone calls, e-mail, fax) pursuant to Article 130, paragraphs 1 and 2, Privacy Code and Regulation (EU) 2016/679;
    7. relating to the performance of activities aimed at drawing up studies and market research, carrying out direct sales activities, also by telephone, for sending commercial information, as well as for sending advertising/information material, carried out using "traditional" methods (by way of example, paper mail and/or calls with operator) or through "automated" contact systems (by way of example, SMS and/or MMS, telephone calls by e-mail, fax) pursuant to Article 130, paragraphs 1 and 2, of the Privacy Code and Regulation (EU) 2016/679 . The data subject may object to the processing at any time by sending a request to the dedicated e-mail address: info@doneggyy.com;
    8. relating to the performance of activities by third parties, business partners, to whom Odoo S.r.l. may disclose/transfer the data acquired, for the performance of activities aimed at developing studies and market research, to carry out direct sales activities, including telephone sales, or product placement, to send commercial information, including interactive information, as well as to send advertising/information material, carried out using "traditional" methods (e.g. paper mail and/or call with operator) or through "automated" contact systems (e.g. SMS and/or MMS, telephone calls, e-mail, fax) pursuant to Article. 130, paragraphs 1 and 2, Privacy Code and Regulation (EU) 2016/679;
    9.litigation management (contractual defaults, warnings, settlements, debt collection, arbitration, litigation).

Processing of personal data: mandatory and optional consent
As a rule, personal data may only be processed with the consent of the data subjects, which

must be free, informed, expressed in a specific form and documented in writing. The data subject is free to provide the personal data requested from time to time; failure to provide such data, or providing partial or incorrect data, may make it impossible to provide the services requested (Article 7 GDPR). The acquisition of consent to the processing of personal data is necessary for all the above-mentioned processing operations connected with and/or necessary to comply with legal obligations, EU regulations, to perform obligations arising from a contract to which the data subject is a party or to fulfil, prior to the conclusion of the contract, the data subject's specific requests (purposes: points 1-2-3-4-7).

Consent to the processing of personal data for the purposes referred to in points 5-6 is, on the other hand, optional and may be revoked at any time according to the procedures described in the “Data subject's rights” section of this privacy policy. Any refusal by the data subject to answer for points 5 and 6 will make it impossible for us to send advertising material and carry out promotional activities. You may, at any time, revoke your consent to receive marketing communications previously issued, both by Odoo S.r.l. and by third party companies, in the following ways: by sending a request by e-mail to info@doneggyy.com.

Processing and storage methods

Personal data is processed using paper, computer, telematic, automated tools including profiling (Article 22 GDPR); profiling can be done using individual or identification data (e.g. personal data), or aggregated data derived from individual personal data. All in compliance with the confidentiality guarantees and the security measures provided for by the regulations in force, with logics strictly related to the processing purposes. Specific security measures are in place to prevent data loss, unlawful or incorrect use and unauthorised access. The data retention period is related to the intended processing purpose. Odoo S.r.l. will not retain personal information longer than is necessary to fulfil the purposes for which the information was processed, including the safe processing in accordance with our regulatory and legal obligations (e.g. auditing, accounting and legal retention periods), the management of disputes and for the establishment, exercise or defence of legal claims in the countries where we do business.

Disclosure of information

One of our fundamental principles is our commitment to process your data carefully and with strict confidentiality. We will never sell your data to third parties. Your data may only be disclosed to third parties if this is required by law and provided it is permitted by applicable law. We may use service providers and data processors who work on behalf of Odoo S.r.l. These are service providers who provide hosting and maintenance services, analytics services, e-mail messaging services, delivery services, payment processing, solvency verification, address verification, etc. These third parties are allowed to access the personal data needed for the purpose of their specific services. Service providers and data processors have a contractual obligation to process this information with the strictest confidentiality. The contract prohibits them from using the data for purposes other than those specified in the contract.

Odoo S.r.l. has taken the necessary steps to ensure that the service providers and processors who work for us protect the confidentiality of your data.

Categories of persons who may become aware of the user's data

In addition to Odoo S.r.l.'s employees, some of your personal data may be processed by third parties, including companies that Odoo S.r.l. entrusts or may entrust with certain activities related to the consultation of the website. These subjects will operate as autonomous Data Controllers or as Data Processors. In the latter case, the Data Controller will provide the Processors with adequate operating instructions with particular reference to the adoption of minimum security measures to guarantee the confidentiality, integrity and security of the data.

The user's data may also be disclosed to the judicial, administrative or other public authorities authorised to request it, in the cases provided for by law. To pursue the purposes indicated above, Odoo S.r.l. may disclose and have your personal data processed, in Italy and abroad, including countries outside the European Union, to third parties with whom it has business relations: it will only provide these parties with the data necessary to carry out the services requested, taking all measures to protect your personal data (Article 44 GDPR). Personal data may also be disclosed to employees, self-employed workers, project workers, occasional workers, consultants, temporary workers, collaborators of Odoo S.r.l. who have been specifically appointed/designated as Data Processors or People entrusted with the processing. Accounting and invoicing officers; employees involved in the marketing of goods/services; agents and representatives. The above-mentioned data may be transferred and communicated to the following categories of subjects: companies operating in the transport sector, suppliers of our products, our affiliates, our Sponsors, the Italian Postal Service and other companies that deliver mail, banks and credit institutions, debt collection companies, law firms, insurance companies, professional firms and/or companies and/or associations of companies and entrepreneurs that provide us with certain accounting and/or tax services, social security institutions, etc.

Data Subjects’ Rights

Odoo S.r.l. reminds the data subject that, pursuant to Article 7 of the Privacy Code, Legislative Decree 196/03 and Regulation 2016/679, it is possible to obtain, at any time, confirmation of the existence or non-existence of your data and to be informed of its content and origin as well as the logic on which the processing is based, to verify its accuracy or to request its integration or update, or rectification. Pursuant to the same article, the data subject has the right to request the deletion, transformation into anonymous form or blocking of data processed in breach of the law, as well as to object to its processing in any case, for legitimate reasons. Regarding processing relating to direct marketing (in “traditional” and “automated” form), it will always be possible to withdraw consent and exercise the right to object. Unless otherwise specified, the objection will refer to both traditional and automated communications. To exercise the rights mentioned above, please send a request to the dedicated e-mail info@doneggyy.com.

Your rights

If you provide us with your personal data through our websites or other channels, this is completely voluntary. If you choose not to provide the requested data, you may forego several opportunities available to you. There are cases where only those who have sent us the necessary personal data can order products, use certain services and take advantage of activities and offers available on our website. Given the importance to us of transparency and fairness, we offer several options, appropriate to the circumstances, to help you maintain control of your data. These options may include viewing and editing your data online. There may also be the possibility of unsubscribing or receiving information on the data stored by us by writing to the e-mail address: info@doneggyy.com.

Right to ask for information

You have the right to receive information at any time about the retained personal data concerning you, its origin and recipients, and the purposes for which it was retained. Information on stored personal data can be obtained by contacting us at: info@doneggyy.com. The persons to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of such data and to be informed of their content and origin, to verify their accuracy or to request that they be supplemented or updated (Article 7 of Legislative Decree 196/03 and Regulation 2016/679).

Right of rectification

You have the right to rectify, supplement, update, delete your stored personal data or to have it blocked. We will inform you within four weeks after receipt of your request whether, and if so to what extent, we will comply with your request. If, for some reason, we are unable to comply with your request, we will inform you of the reasons (Article 7 of Legislative Decree 196/03 and Articles 12 and 16 GDPR).

Right to object and to unsubscribe

Pursuant to the same article, you have the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose its processing in any case, for legitimate reasons (Article 21 GDPR). E-mails sent by Odoo S.r.l. that contain, for example, a newsletter or marketing messages, offer the possibility to stop receiving such e-mails (info@doneggyy.com). If you no longer wish to receive our e- mails, simply send an e-mail to “info@doneggyy.com” and we will immediately stop sending you e-mails. If you no longer wish to receive promotional information and sales offers in general, including by ordinary mail, e-mail, SMS, telephone or other electronic means, or if you wish to revoke your consent, you may also do so, at any time, by sending a registered letter with acknowledgement of receipt to Odoo S.r.l. via Luigi Negrelli No. 15 No. 40 - 39100 Bolzano indicating as reference: “data protection”, or by sending a certified e-mail to odoo@pec.yakaii.com, or an e-mail to info@doneggyy.com If there is any doubt about your identity, you may be asked to provide identification (e.g. a photocopy of your ID) (Article 17 GDPR).

Information security and data integrity

We have taken appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, and unauthorised use, disclosure or access, especially where the processing involves the transfer of data over a network and against any other form of unlawful processing and improper use.

Protection of minors' personal data

Protecting the personal data of minors is of the utmost importance. Odoo S.r.l. is aware of its obligation to protect the privacy of minors, and refuses to collect data from children under the age of 16. We encourage parents and other guardians to use the Internet and send e-mails together with their children and to use the Internet responsibly. If a child under the age of 16 attempts to provide information about his or her data from the outset, he or she must ask for the parent's consent.

Data sent by the minor, or otherwise pertaining to him/her, collected during his/her browsing of the website (e.g. via cookies) may be used as described above. If a child under the age of 16 attempts to submit data to us through a form, this will be rejected, with the message that we do not accept requests from children under the age of 16. For this reason, we ask that parents and other guardians check and monitor the use of the Internet by minors, for their own safety (Article 8 GDPR).

How to contact us

The data controller is: Odoo S.r.l. with registered office at Via Lugi Negrelli No. 15– tel 0471058883 - e-mail:info@doneggyy.com. You can obtain an updated version of this document and the updated list of data processors by contacting the data controller directly.

Changes to this privacy policy

Odoo S.r.l. is committed to the fundamental principles of data protection and regards the protection of personal data as a natural duty. Therefore, we frequently review our data protection policies to ensure that they are error-free, clearly visible on our website and include all necessary information, and to verify that they are strictly adhered to, and in accordance with the principles of the legislation on this matter. This privacy policy may be subject to changes over time in order to keep it in step with the evolution and new opportunities of the Internet and to ensure its compliance with current legislation. Without your explicit consent, we will never enforce any provisions restricting the rights granted to you in this policy. Relevant changes to this privacy policy will be announced on our website together with the publication of the updated version of the Privacy Policy.

 

Cookies management 

Pursuant to Section 122(2) of the Privacy Code, we set out how you can express your options regarding the use of cookies by the website also through your browser settings and also indicate the procedure to be followed to configure these settings. 

Google Chrome 

  1. In the top right-hand corner, click "More" and then "Settings".
  2. Click Privacy and Security and then Cookies and Other Site Data.
  3. Set your preferences

Mozilla Firefox 

  1. Click on "Tools" at the top of the browser window and select "Options" 2. Then select the Privacy icon 
  2. Click Cookies, then select 'allow sites to use cookies' Safari 
  3. Click on the Cog icon at the top of the browser window and select the 'Preferences' option 
  4. Click on 'Security', select the option that says 'Block third-party and advertising cookies' 
  5. Click 'Save' 

 

How to manage cookies on a Mac 

If you wish to allow cookies from our site, please follow the steps below: 

Microsoft Internet Explorer 5.0 on OSX 

  1. Click on 'Explore' at the top of the browser window and select the 'Preferences' option 
  2. Scroll down until you see 'Cookies' in the Receive Files section 3. Select the 'Don't ask' option 

Safari on OSX 

  1. Click on 'Safari' at the top of the browser window and select the 'Preferences' option 
  2. Click on 'Security' and then 'Accept Cookies' 
  3. Select 'Site Only' 

Mozilla and Netscape on OSX

  1. Click on 'Mozilla' or 'Netscape' at the top of the browser window and select the 'Preferences' option 
  2. Scroll down until cookies are displayed under 'Privacy and Security' 3. Select 'Enable cookies only for the originating site'. 

Opera 

  1. Click on 'Menu' at the top of the browser window and select 'Settings'. 
  2. Then select 'Preferences', select the 'Advanced' tab 
  3. Then select the 'Accept cookies' option