INFORMATION ON THE PROCESSING OF PERSONAL DATA OF THE USERS VISITING THE WWW.BTF.IT WEBSITE, PURSUANT TO ARTICLE 13 OF THE EU REGULATION 2016/679.
Dear Internet user, Btf S.r.l (“BTF”) is the owner of the website www.btf.it (“Sito”). BTF intends to inform you that the informations you will provide during your access to and interaction with the website will be treated as follows.
1. Data controller – Data procession and protection manager
The personal data controller is Btf s.r.l., with registered office at Via K. Mansfield, 1/c – 43100 PARMA (PR), C.F. 02401980962 e P.I. 02111330342, registered in the Companies Register of Parma nr. 02401980962 and R.E.A. 212378, Share Capital € 10.500 i.v., tel. +39 02 92958580, fax +39 02 21873383, e-mail firstname.lastname@example.org (the “manager”).
The contact e-mail address of the Data Protection Officer is email@example.com.
2. Purposes and processing methods – Data retention times
BTF processes its users’ personal data for the following purposes:
(a) For the registration to the website, for the purchase of BTF goods or services throught the website and, therefore, to perform any activity related, in particular, to the selection of goods or services, to the forwarding of orders and/or their acceptance, shipment, delivery and/or the possible exercise of withdrawal and the consequent collection of the goods or any other fulfilment provided for in the BTF general sale conditions;
(b) to allow the use of the services reserved to registered Users as per the conditions of use of the website where the provision of the services requested by the User is envisaged, such as sending messages to receive customer assistance, to book goods and services, to issue reviews and comments from users in dedicated online forms;
(c) for the execution of any administrative and accounting activities connected with the registration to the website, the making of a purchase through the website, and to fulfill legal obligations;
(d) for the sending of commercial communications on products and services of the webite and / or BTF and / or third parties, special offers, promotions and news, coupons, by means of automated systems, e-mails, or similar, and / or by means of the postal service (the so-called marketing purposes);
(e) for statistical and historical purposes (only with anonymous data).
Personal data are processed using manual and electronic tools and are stored in a dedicated electronic database. The personal data contained in the aforesaid automated information system, as well as those stored in the electronic archives of the Data Controller, are treated in compliance with current legislation and the GDPR regarding security measures, in order to minimize the risk of destruction, loss, modification, unauthorized disclosure or access, in an accidental or illegal manner, or of processing not in accordance with the purposes of the collection.
Furthermore, personal data is kept for the time necessary to achieve the aforementioned purposes, as well as to fulfill the legal obligations imposed for the same purposes.
3. Types of personal data processed
BTF processes personal data freely entered by the User on the website or entered by the User through a link to social platforms (such as, in particular, personal data, tax codes, contact details, telephone and/or fax numbers, e-mail addresses, data contained within comments or reviews, etc.), as well as data of an autonomously generated technical nature (in particular, IP addresses, log files relating to navigation on the webite, purchases made, etc.).
BTF will keep, within the terms established by law, the log files and IP addresses used when making an online purchase, in order to prevent and verify possible fraud in online transactions.
Credit card data details
To make a payment on the Site by credit card, the User must enter the confidential data of the credit card (card number, holder, expiry date, security codes). This data will be acquired by the payment service provider (NEXI) who will act as autonomous data controller, without transiting from the BTF server. The data will be acquired in encrypted format and according to the security requirements set by the PCI certification. BTF will keep track of only the last four digits of the credit card number and the expiry date of the same only and exclusively to prevent any fraud in online payments. The payment service provider uses the TLS (Transport Layer Security) protocol.
4. Provision of data and consent to its processing - Consequences in the event of failure to provide data.
The provision of data for the purposes referred to the points (a), (b) and (c) of art. 2 above is necessary and, therefore, failure to provide the personal data in question will make it impossible for the User to complete the procedures for the purchase, sale, delivery and/or return of the goods, to use the services reserved for registered users or from the latter requested from time to time as indicated in the conditions of use of the website, as well as the carrying out of administrative and accounting activities by BTF. The consent to the processing of personal data for the aforementioned purposes is not required, in particular, pursuant to art. 6, par. 1, lett. b), of the GDPR and of the current legislation.
With reference to the purpose referred to in point (d) of art. 2 above, consent to the processing is not necessary according to current legislation, however the User’s can exercise at any time the right to object to the sending of communications according to the methods indicated below.
With reference to the purpose of the processing referred to in points (e), the consent to the processing of personal data is purely optional provided that its missing provision will make it impossible for the User to receive information and/or commercial communications related to products and/or services of BTF or third parties, including those belonging to the merchandise section listed above, and to benefit from any promotions from these offers.
We inform the User that, according to law, BTF does not intend to provide third parties with the collected data, except for the judicial authorities, upon their request, and to all other subjects to whom it is necessary to communicate them, by law or by contract, allow the fulfillment of the purposes described above (such as credit institutions, professional offices, business partners).
5. Data communication scope
The personal data provided by the User for the purposes described in art. 2 above, can be brought to the attention of or communicated to the following recipients:
– Employees and/or collaborators under any BTF title for the execution of administration, accounting and IT and logistic support;
– public and/or private entities, natural and/or legal persons (legal, administrative and fiscal consultancy, forwarding agents and couriers, any IT companies and any other subjects that BTF uses in carrying out the activities referred to in the points (a), (b) and/or (c) of Article 2;
– to private individuals, natural or legal persons operating on the Italian territory and in any case within the European Union.
– to all those subjects (including Public Authorities) who have access to data under regulatory or administrative provisions.
All personal data submitted by Users in connection with the registration to the Site and/or the purchase through the website are not subject to disclosure.
6. Rights of the interested parties
Pursuant to articles 15 and ss. of the GDPR and the current legislation, the User has the right, as well as to propose a complaint to the Italian Data Protection Authority and to revoke at any time the consent given, of:
a) obtain confirmation of the existence or not of personal data concerning him and their communication in intelligible form, receiving them in a structured format, of common use and legible, with the possibility of transmitting them to another holder (“Right to portability”);
b) obtain indications: (I) on the origin of personal data, on the purposes and methods of processing, on the logic applied in case of treatment carried out with the aid of electronic tools; (II) on the identification data of the Data Controller, of the Data Processor(s) and of the Data Protection Officer; (III) on the subjects or the categories of subjects to whom the data may be communicated or who may become aware of them as representative appointed in the territory of the State, managers or designated;
c) obtain (I) the update, rectification or integration of data concerning him or, in case of dispute about the correctness of the data, the limitation of the processing of the same for the time necessary for the appropriate checks; (II) the transformation into anonymous form or the blocking of data processed in violation of the law, including those whose retention is necessary in relation to the purposes for which the data were collected or subsequently processed; (III) the confirmation of the fact that operations referred to in the preceding points have been brought to attention also in regard of their contents, of those to whom the data have been communicated or disclosed, except when such fulfillment is impossible or involves the use of clearly disproportionate means compared to the protected right;
d) object, in whole or in part (I) to the processing of data concerning him, even if pertinent to the purpose of collection; (II) to the processing of personal data concerning him, provided for the purposes of commercial information or sending material advertising or direct sales, or for carrying out market research or commercial communication;
e) obtain the cancellation without unjustified delay (“Right to be forgotten”) in the event that the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, they have been unlawfully processed or in the event that the User (I) requests it or (II) opposes all or part of the processing;
f) obtain the limitation of processing in the event that the data (I) are unlawfully processed but the User objects to the cancellation of the same, (II) are necessary for the User to ascertain, exercise or defend a right.
The above rights may be exercised with a request to the Owner, to the e-mail address firstname.lastname@example.org or, with reference to the rights sub d), also through a special link at the bottom of any e-mail with promotional content or information sent by BTF or by accessing the “My Account” section after logging in to the website.