based in Via Decio Filipponi 14 – 00136 Roma (RM) Italy, REA RM-1532019, P.Iva/CF.14589001008 Registered Capital I.V. 10.000,00 euro
EU Regulation 2016/679 (GDPR)
Blipers Srl shall seek, as much as possible, to enter accurate information in this website, reserving the right to change them at any time, without notice.
Blipers Srl does not guarantee the accuracy and thoroughness of information in this website, Blipers Srl declines all responsibility in case of: any interruptions of the website, software problems, wrong information, direct or indirect harm regardless of the cause, nature, origin and consequences, loss of profit, loss of customers, loss of datas, as well as any other loss resulting from the access or not in the website by the user, that is from directly or indirectly entrusting information from the website.
The Data controller pursuant is Blipers Srl, based in Via Decio Filipponi 14 – 00136 Roma (RM), e-mail: firstname.lastname@example.org.
For further information about the rights of data subjects, please go to the paragraph “Rights of Data Subjects”.
Processing of data
The personal data subject to processing are directly collected by Blipers Srl or by third party expressly authorized, that is released from the Company to such third party in order to pursue the pursue above described.
Legal basis and purpose of the processing
The personal data given from the data subject during the browsing of blipers.it website are processed from the Data Controller in accordance with the current rules with regard to the Personal Data Protection.
The legal basis of the processing is identified in service provision from the Company, management and support of the website, as well as terms, execution and termination of the on-line contract resulting from it, and in the duties related to the contract and/or resulting from it directly or indirectly.
The personal data processing from Blipers Srl is aimed at:
1) SUBSCRIPTION TO BLIPERS.IT NEWSLETTER: if a data subject subscribes to “Blipers Newsletter”, personal data will be used only after a specific agreement to receive commercials or promotional communication, updates, for instance, about new arrivals, exclusive offers, special events and promotions. To unsubscribe click on the link located in the bottom of the e-mails or email at email@example.com.
2) REGISTRATION: if a data subject registers on blipers.it website, personal data will be processed from the Data Controller to register to blipers.it website only after a specific agreement. In particular, name, surname, e-mail address and access password will be used to create a personal account.
3) ONLINE SHOP: the personal data provided will be used for the management, execution and/or termination of the online sales contract. All the data provided will be used by the Data Controller to manage the purchasing order with reference, for instance, to the payment, shipping, return of goods, customer care, accounting activity related to the purchase, as well as for the fullfilment of contractual duties as required by the current norm. In case of credit card payment, the information fundamental for the transaction (such as credit card number, expiring date, security code) will be processed by Paypal or, possibly, by companies appointed for the anti-fraude control through encrypted language and to prevent access from any other subjects. Such information will not ever be displayed or stored by Blipers Srl.
Nature of processing
The provision of personal data and the consent to processing them is voluntary as seen in point 1) of the previous paragraph. If the data subject decides to proceed with registration to the newsletter, provision of personal data and consent to processing them is mandatory.
Failure to provide consent means impossibility for Blipers to send “Newsletter of Blipers”, commercial or promotions communication, updates, for instance, about new arrivals, exclusive offers, special events and promotions.
In relation to point 2) of the previous paragraph, the provision of personal data and the consent to processing them is mandatory. Failure to provide consent means impossibility for Blipers to register the data subject on blipers.it website. In relation to point 3) of the previous paragraph, the provision of personal data and the consent to processing them is mandatory. Failure to provide consent means impossibility for Blipers to establish, manage, execute and/or terminate the online sale contract, therefore the impossibility to manage, for instance, activities related to payment, shipping, return of goods, customer care, accounting activity related to the purchase, as well as for the fullfilment of contractual duties as required by the current norm.
Failure to provide consent led to impossibility for Blipers to supply the services offered.
Processed personal data
Personal data object of processing from the Data Controller are those supplied by the data subject during the browsing of blipers.it website, during eventual registration / compliance with services / programs provided to Blipers such as, for instance: name, surname and
e-mail address, as well as data necessary for provision of the services.
Method of Processing and Data Storage
The processing of personal data is performed by the Data Controller in compliance with the current legislation on Privacy. The Data Controller executes the processing of personal data through information and/or telematic instruments and through organizational methods strictly related to the pursuit of the purposes indicated in this policy, as well as adopting all the measures necessary to prevent non-authorized access, disclosure, modification or destruction of personal data, their loss and their illegal use. However, the Company cannot guarantee to data subjects that the adopted measures aimed to regulate the security of the website and the transmission of data and information on the website could be able to limit or avoid any risk of unallowed access or dispersion of data from devices used by the data subject. For this reason, it is suggested to the data subject to make sure that their computers are equipped with software adequate to the protection of data transmission (for example updated antivirus or anti-spyware software) and that the Internet Provider has taken appropriate measures for the security of online data transmission. The Company also commits to process the data according to the principles of fairness, legality and transparency, to collect them to the extent necessary for their processing and to consent the use only by staff authorized for this aim. Management and storage of acquired personal data will take place in archives or server located in the European Union and owned by the Company and/or by third-party companies appointed as External Responsible for the processing and, anyway, currently located in Italy.
In relation to different purposes, personal data will be stored for the necessary time to achieve those purposes and, anyway, in accordance with the current legislation.
Anyway, the Company will take care of avoiding the use of data indefinitely by properly verify on a regular basis the effective permanence of the interest of the data subject.
Recipients of the data
Data collected will not be spread in any way, but processed in the limits and for the purposes above described by the staff of the Company on adequate operative instructions (for example, administrative staff, sales staff, marketing staff, legal staff, System administrator, etc.). Some processing could also be made by third parts, appointed External Responsibles, used by the Company or that could be used by the Company in the management of the contract, provision of services and for organizational needs. In particular, data could be disclosed to:
a) subjects, public and private, that could access data in accordance with provisions of law, regulation or Community legislation, in accordance with the limits set by such regulations;
b) subjects needing to access the data for purposes connected to the ongoing contractual relations, to the extent strictly necessary to perform auxiliary tasks (such as, for example, banks and financial institutes, technical service providers, hosting provider, IT companies, advertising agencies, courier and shipping companies);
c) advisors, to the extent necessary to perform their professional duties.
The up-to-date list of External Responsibles and subjects authorized to the processing is secured and kept by the Data Controller and is available for the data subject, upon request to be made by e-mail at the address firstname.lastname@example.org
Data transfer abroad
Management and storage of personal data will occur on the server of the Data Controller and/or owned by third-party companies duly appointed as External Responsibles for the processing and located inside the European Union. The personal data may be transferred abroad, in accordance with the current law, also in non-EU Countries. The transfer in non-EU Countries, in addition to the cases guaranteed by Adequacy Decision, takes place as to provide necessary and appropriate guarantees under articles 46 or 47 or 49.
Rights of data subjects
As an interested party, the data subject may exercise at any moment the rights under articles 15, 16, 17, 18, 20 and 21 of the European regulation related to privacy 2016/679 (GDPR) conferring the right:
a) Under article 15: to obtain confirmation from the Data Controller whether or not his/her personal data are processed, in such a case, to obtain access to data and information such as: (I) purpose of the processing; (II) categories of personal data; (III) recipients or categories of recipients that had or will receive data, in particular if recipients are located in Third Countries or are International Organizations; (IV) whenever possible, the retention period of personal data, or rather when is not possible, the criteria used to determine that period;
b) Under article 16: to obtain from the Data Controller the rectification of wrong personal data concerning him/her without undue delay; taking into account the purposes of processing, the data subject has the right to obtain completion of personal data where incomplete, also providing a supplementary statement;
c) Under article 17: to obtain from Data Controller the delation of personal data without undue delay. Data Controller has the duty to erase, without undue delay, all the personal data if there is one of the reason referred to Article 17 – paragraph 1;
d) Under article 18: to obtain from Data Controller a limitation of data processing when there is one of the cases regulated by Article 18 – paragraph 1;
e) Under Article 20: to obtain from Data Controller the data portability which means receive the personal data provided to the Data Controller in a common, structured and machine readable format. The interested party has also the right to transmit such data to another Data Controller unimpeded from the first Data Controller, in the occurrence of conditions laid out in the Article 20 – paraghaph 1. Finally, the data subject has the right to obtain a direct transmission of personal data from a Data Controller to the other, if technically feasible;
f) Under Article 21: to object to the processing of personal data. For the exercise of his/her rights the data subject may transmit his/her demands at [email@example.com].
It is also noted that the data subject has the right to withdraw consent at any time without undermining the legality of the consensus-based processing provided before the revocation, notwithstanding the consequences above mentioned about an eventual rejection to provide such personal data. The data subject has also the right to file a complaint to a Supervisory Authority.
He/She may send a request in relation to the exercise of such rights by contacting the Data Controller a firstname.lastname@example.org.
Blipers Srl is committed to reply to requests received by data subjects within a month, except in those complex cases for which it may take up to 3 months. In any case, the Data Controller will communicate to the data subject the reason for the delay within a month starting from the request, replying on paper or on electronic document. In case of request of rectification, deletion or restriction of processing, the Data Controller commits to reply to each of the recipients, unless it proves impossible or involves a disproportionate effort.
The Company states that any contribution may be required to the data subject if the requests are manifestly unfounded, excessive or repetitive; in this regards the Data Controller must set up a system for recording all the requests.