Privacy and data handling

Change your cookie preferences settings

Modifica la scelta dei cookie

WEB AL CHILO SRL (WAC), with registered office at viale Lombardia 5/c, 25038 Rovato (BS), VAT number IT04060790989, as the Data Controller (hereinafter referred to as the “Controller“), informs you, in accordance with article 13 of Legislative Decree no. 196/2003 (hereinafter referred to as the “Privacy Code“) and article 13 of EU Regulation no. 2016/679 (hereinafter referred to as the “GDPR“), that your data will be processed as follows:

1. Subject of the processing

The Controller processes personal data, both identifying and non-sensitive (including, but not limited to, name, surname, address, telephone number, email, etc. – hereinafter referred to as “personal data” or simply “data“), provided by you during the registration on the website webalchilo.it (hereinafter referred to as the “Website“) or through the subscription form for the Controller’s newsletter, the ordering and/or purchasing of products online via the Website, the completion and submission of a contact form to the Controller, or any other request made by you through the Website.

Furthermore, the Controller may collect, in an anonymized manner, information regarding the browsing and interaction with the pages of the web platform using specific external tools, such as Google Analytics or the monitoring service provided by Facebook. This information will be used to monitor the service offered and the quality of the displayed content, and will not contain any information that allows the identification of specific individuals.

2. Purpose of the processing

Your personal data is processed as follows:

A. Without your express prior consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes: • fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you; • allow you to register on the Website; • process and manage received orders and/or online purchases; • process a contact request; • manage and maintain the Website; • fulfill obligations required by law, regulations, EU legislation, or an order from the Authorities; • prevent or detect fraudulent activities or abuses harmful to the Website; • exercise the rights of the Data Controller, such as the right to legal defense.

B. Only with your specific and separate consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes: • send you newsletters, commercial communications, and/or advertising material about products or services offered by the Data Controller via email.

Please note that if you are already our customer, we may send you commercial communications related to services and products similar to those you have already used, unless you object (art. 130, para. 4 Privacy Code).

  1. Processing Methods

The processing of your personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is subject to both paper-based (archives) and electronic and/or automated processing (management software, Cloud Storage services, Zoho/MailJet for external SMTP email services).

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes, and in any case, for no longer than 10 years after the termination of the relationship for Service Purposes and no longer than 2 years from the data collection for Marketing Purposes.

  1. Data Access

Your data may be made accessible for the purposes mentioned in point 2.A) and 2.B): • to employees and collaborators of the Data Controller, in their capacity as internal processors and/or system administrators; • to third-party companies or other entities (such as website providers, e-payment service providers, suppliers, hardware and software support technicians, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external processors.

  1. Data Communication

Without your express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes mentioned in point 2.A) to Supervisory Bodies, Judicial Authorities, or other entities as required by law. Your data will not be publicly disclosed.

  1. Data Transfer

The management and storage of personal data will take place on servers located within the European Union. The data will not be transferred outside the European Union. However, it is understood that the Data Controller, if necessary, may have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will comply with applicable legal provisions by entering into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission, if necessary

  1. Nature of data provision and consequences of refusal to respond

The provision of data for the purposes mentioned in Article 2.A) is mandatory. Without it, we will not be able to provide you with the services mentioned in Article 2.A). The provision of data for the purposes mentioned in Article 2.B) is optional. Therefore, you can decide not to provide any data or subsequently deny the possibility of processing data already provided. In this case, you will not receive newsletters, commercial communications, and advertising material related to the products or services offered by the Data Controller. However, you will still have the right to the services mentioned in Article 2.A).

  1. Rights of the data subject

As data subjects, you have the rights specified in Article 7 of the Privacy Code and Article 15 of the GDPR. Specifically, you have the right to:

  1. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
  2. obtain information about:
    a) the origin of personal data;
    b) the purposes and methods of processing;
    c) the logic applied in case of processing carried out with the aid of electronic tools;
    d) the identification details of the data controller, data processors, and the designated representative under Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
    e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as designated representatives within the State’s territory, data processors, or persons in charge;
  3. obtain:
    a) the updating, rectification, or, when interested, integration of data;
    b) the erasure, anonymization, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
    c) certification that the operations referred to in points a) and b) have been notified, including their content, to those to whom the data has been communicated or disclosed, except when this proves impossible or involves a disproportionate effort compared to the right being protected;
  4. object, in whole or in part:
    a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
    b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator, via email and/or traditional marketing methods, such as telephone and/or postal mail. Please note that the data subject’s right to object, as mentioned in the previous point b), to direct marketing purposes using automated means extends to traditional methods as well. Furthermore, the data subject retains the right to object only in part. Therefore, the data subject can choose to receive communications only through traditional methods, only through automated communications, or neither of the two communication types.

Where applicable, you also have the rights specified in Articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability of contractual and browsing raw data, right to object), as well as the right to lodge a complaint with the supervisory authority.

  1. Exercise of rights

You can exercise your rights at any time by:

  • sending a registered letter to the Data Controller’s address;
  • sending an email to [email protected];
  • calling the number +39 030 2010753.
  1. Data Controller, data processors, and persons in charge

The Data Controller is WEB AL CHILO SRL, with registered office at viale

Lombardia 5/c, 25038 Rovato (BS). The updated list of data processors and persons in charge of processing is kept at the Data Controller’s office.

  1. Cookie policy

A cookie is a small text file stored on a user’s computer when they visit a website. It saves information that the website can read when visited again. Some cookies are essential for the proper functioning of the site, while others are useful for saving user-entered data without having to re-enter it upon each access.

The Data Controller uses cookies to allow the user to navigate the site in a way that best suits their needs, provide content relevant to their interests, and track their preferences. Through the use of cookies, the Data Controller can also conduct research and analysis to improve the site’s content, products, services, and, importantly, enhance the site’s security to prevent fraudulent activities. Many cookies are automatically deleted from the user’s computer’s hard drive at the end of each browsing session, while others remain for a longer period for practical reasons. The user can choose to disable cookies, but this will result in the inability to add items to the quote, confirm orders, and use services offered by the site that require login. Most browsers provide an “help” function that explains how to block cookies, receive notifications when receiving a new cookie, or disable them altogether. It is also possible to disable or delete similar data used by browser add-ons, such as Flash cookies, by simply changing the settings of the respective component. The Data Controller also uses cookies to offer the user the best advertising offers based on their preferences, such as viewed products, selected products, and their interactions on the site. However, it is important to note that the user’s interaction with other sites is never associated with their identity on this platform.

Contact us