INFORMATION PURSUANT TO ART. 13 OF THE REGULATION (EU) 679/2016
As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), we inform you that by using the website www.lucidilucca.com, your personal data collected through the website are subject to processing by Tuscan Enterprises of Siobhan Hughes (hereafter referred to as “Luci Di Lucca” or “the Company” or “the Data Controller”), through electronic and/or telematic tools, for the purposes indicated in this policy.
Object of the information
This information notice concerns the processing of personal data of users who visit the website www.lucidilucca.com or register there. The information is provided only for the website www.lucidilucca.com and not for other websites that may be consulted by the user through links on the aforementioned site over which the Data Controller has no control and assumes no responsibility. The Data Controller is not responsible for the processing of personal data carried out independently by these sites.
The data controller
The owner of the processing of personal data (the Data Controller) is the company “Tuscan Enterprises of Siobhan Hughes” with registered office in Via di Matraia 269 55100 Lucca (LU) PI IT02221610468. The Data Controller can be contacted by email info [@] lucidilucca.com
Purpose of data processing
The processing of personal data is aimed at commercial, pre-contractual and contractual activities, for the sale of products and services distributed by the Data Controller, for their marketing activities, as well as for activities compatible with them. These data are communicated by you at the time of your online registration on the website www.lucidilucca.com owned by Tuscan enterprises of Siobhan Hughes and / or with the purchase of the requested supply.
The data processed are: – personal data (name), address, telephone and email contact data, data relating to electronic means of payment (via Woo Commerce, Stripe and PayPal), shipment and exchange of purchased goods.
Your data will also be processed in order to:- fulfill current administrative, accounting and tax obligations.
In the event of your consent, the data may also be processed to send you commercial communications or e-newsletters about products and services provided by the Data Controller as well as on special offers or promotions.
Methods of processing personal data
Personal data may be processed by means of both paper and IT and/or telematic tools and only in a manner strictly necessary to meet the aforementioned purposes, adopting the appropriate security measures to prevent access, disclosure, unauthorized modification or destruction of personal data, its loss and its illicit and incorrect use.
The company has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. The security of your Personal Information is important to us, however, no method of transmission over the Internet or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Place of data processing
The treatment of data connected to the services of the site take place at the headquarters of the Data Controller or on servers located within the European Union owned by the Data Controller and/or by third-party companies appointed as External Data Processor for processing.
In relation to the different purposes for which data is collected, personal data will be kept for the time strictly necessary to achieve that purpose and in accordance with the current relevant regulations.
Legal basis of the processing
The legal basis of the processing of personal data is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of online sales contract concluded between the parties, and in the obligations of the same contract connected either directly and/or indirectly deriving from it.
Except for the treatments performed through cookies, the user is asked for personal data only if he / she voluntarily accesses the services offered by the site www.lucidilucca.com.
The processing of your personal data by the Data Controller is aimed at pursuing the following purposes:
- Online Shopping Activities: The personal data you provide will be used for the establishment, management, execution and/or conclusion of the online sales contract. The data you provide will be processed by the Data Controller for the purpose of managing the purchase order with reference to, for example, payment, shipment, management of returns, customer support, administrative and accounting purposes related to the management of the order and the fulfillment of obligations under the current legislation. In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiration date, security code) will be processed by SETEFI or, possibly, by companies in charge of the anti-fraud control using an encrypted protocol and without any third parties being able to access it in any way.
- Subscription to the E-Newsletter: In the case that you decide to subscribe to the “Luci di Lucca Newsletter”, only after your express and specific consent, your personal data will be processed by the Data Controller for sending of commercial or promotional communications, relative updates, for example, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter simply click on the unsubscribe link at the bottom of the emails received or by writing to info [@] lucidilucca.com
- We use a third party provider, Mailchimp, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see Mailchimps GDPR compliance articles.
- Registration on lucidilucca.com : Only after your express and specific consent to register on the site www.lucidilucca.com, your personal data will be processed by the Data Controller. In particular, in providing your name, last name, email address and the setting of an access password, these will be processed for the creation of your personal account, to speed up the purchase process, to allow you to view the status of orders and receive updates on purchases made, as well as change personal settings and update your account, view the history of returns and requests for the exchange of goods, save favourite items in your Wishlist.
Consequences of failure to communicate personal data
With regard to personal data relating to the execution of the contract of which you are a party or relating to the fulfillment of a regulatory obligation, failure to communicate personal data prevents the contractual relationship from being perfected.
With regard to personal data relating to the purposes referenced in point 6 of the previous section, providing your personal data and consent to its processing is optional. Failure to provide consent will make it impossible for the Company to:
- Establish, manage, execute and/or conclude the online sales contract
- Subscribe you to the “Luci di Lucca Newsletter”, to send commercial or promotional communications, updates on, for example, new arrivals, exclusive offers, special events and promotions. If you decide to proceed with the newsletter subscription through the section of the website solely dedicated to this activity, the provision of your personal data and consent to their treatment is mandatory.
- Allow you to register with lucidlucca.com, create a personal account, speed up the purchase process, view the status of orders and receive updates on purchases, the possibility to update personal settings and account preferences, view the history of returns and exchange requests, save favorite items in the Wishlist.
Retention period of personal data
The personal data collected at the time of registration will be kept until the revocation or cancellation of the registration on the site, at the request of the interested party and / or on the initiative of the owner (for example, if the Data Controller decides to cease and / or modify the provision of the site services or to close the site) an d/ for for the time in which the Data Controller is subject to retention obligations for tax purposes or for other purposes, provided for, by law or regulation.
Recipients of Personal Data
For the purposes related to the execution of contractual obligations, your personal data may be disclosed to to the following categories of subjects:
- Public Security Authorities, Judicial or Administrative Authorities and other companies or public bodies for the fulfillment of contractual and legal obligations;
- Third Party Service Providers who need access to data for purposes related to the contractual relationship existing between the parties, within the limits strictly necessary for the performance of auxiliary tasks such as: to fulfill orders for products or services, deliver packages, review services, send paper mail and / or e-mails, analyse data, provide marketing assistance, process payments, transmit content and provide customer services support. For example, banks and lenders, mail carriers and shipping companies, technical service providers, IT companies, communication agencies etc); These third-party service providers have access only to personal data that are necessary for the performance of their activities.
- Persons appointed by the Company for tax and legal obligations;
- Banking and financial institutions that provide functional services for the management and receipt of payments;
- Subjects who process data in execution of specific legal obligations;
Your data will not be disclosed to third parties.
Profiling and dissemination of data
Your personal data will not be subject to disclosure or to any fully automated decision-making process, including profiling.
Transfer of data abroad
This site uses Google cookies (see Section 13 of this Notice). The information generated by Google cookies on the use of the site will then be acquired by Google in the United States of America. Google, including Google Inc. and its US subsidiaries, has certified its adherence to the relevant principles of the Privacy Shield. No other transfers of personal data abroad are carried out.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over those websites. Luci di Lucca has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party sites or services and they are consequently not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the websites in question.
Rights of the interested party
Under GDPR, the interested part has the right to:
- ask the Data Controller to access your personal data;
- correct inaccuracies in your personal data;
- cancel your personal data (upon the occurrence of one of the conditions indicated in art.17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article);
- limit the processing of your personal data (in the event of one of the hypotheses indicated in art.18, paragraph 1 of the GDPR);
- request and obtain from the Data Controller your personal data in a structured and readable format by automatic device, also for the purpose of communicating such data to another data controller (so-called right to the portability of personal data);
- object at any time to the processing of your personal data in the event of particular situations concerning you;
- if the processing is based on consent, to withdraw the consent at any time, without prejudice to the lawfulness of the processing based on consent until the withdrawal;
- lodge a complaint to a supervisory authority (Authority for the protection of personal data – www.garanteprivacy.it).
If you have previously agreed to us using your personal information, you may change your mind at any time by writing to or emailing us at info [@] lucidilucca.com.
If making a request for your data to be removed, you should do so by email, stating which piece(s) of data you wish to be removed.
If you believe that any information we are holding about you is incorrect or incomplete, please email us stating which piece(s) of data need to be corrected.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
By using this site, the interested party, declares to have received the above information.