Pursuant to art. 13 of European Regulation No. 679 dated 2016 (the "Privacy Regulation"), as well as Recommendation No. 2 dated 2001 adopted pursuant to art. 29 of the 95/46/EC Directive, Costruct srl wishes to inform you and all users and/or visitors of the website www.costruct.net (respectively referred to as the “Users” and the “Site”) regarding the use of personal data, log files and cookies collected through the Site.
- Data Controller, Data Supervisors and Data Protection Officer
The Data Controller is:
Via Mascheroni, 5 20123 Milano – ITALY
T: +44 (0) 8000 834 815 (UK) // T: +39 071 907395 (IT)
The updated list of the appointed Data Supervisors may be provided upon request issued by the interested parties and/or Users.
- The personal data you provide us when using the Site are processed for the following purposes:
Your data are used by us to allow you, through the use of the Site, to:
- finalize the purchase order of products and/or services displayed through the e-commerce site, to allow us, after signing the agreement, to ship the purchased product by carrier, as well as to take care of the administrative and accounting aspects following the purchase;
- update, by e-mail, all our promotional and and marketing initiatives, including direct ones, as well as, by way of example, information regarding the latest services offered by our commercial department, events and advertising campaigns organized by the Data Controller,, (the “Newsletter”);
Your data will be processed for the following purposes:
(i) meet the obligations of the agreement;
(ii) fulfill the legal obligations, including administrative and accounting obligations;
(iii) carry out the technical management of the Site;
(iv) provide you with the newsletter service that includes the forwarding of promotions, special offers and exclusive discounts (with prior, optional, free and specific consent);
The processing of data for the aforementioned purposes will be carried out in compliance with the Privacy Code, Privacy Regulations and all specific regulations in force for the sector, including the provisions of the "Regulations established by the Authority in charge of loyalty programs" dated February 24, 2005 and the "Guidelines on the processing of personal data for online profiling" dated March 19, 2015.
In compliance with the "Guidelines on promotional activities and Spam fighting" dated July 4, 2013, we would like to point out that any consent provided by you for the forwarding of commercial, promotional and marketing communications using automated means will be also extended to traditional methods of contact.
The data provided by you will be processed primarily via digital means, but also in paper form, under the authority of the data controller, by specifically appointed parties, authorized and trained for the data processing pursuant to Article 30 of the Privacy Code and Articles 28 and 29 of the Privacy Regulation. Please note that appropriate security measures are also met pursuant to Articles 5 and 32 of the Privacy Regulation to prevent loss of data, unlawful or incorrect use and unauthorized access.
- Mandatory or optional nature of consent for the provision of data, the consequences of any refusal and the legal basis of the processing
Please note that for the purposes referred to in points (i), (ii) and (iii) of the previous art. 3, the provision of your personal data is mandatory because if you refuse to provide data, you will not be able to use the Services offered on the Site
Instead, the provision of your personal data is not mandatory, but optional for the purposes referred to in point (iiii) of Art. 3 above. Failure to provide your personal data for the aforementioned purposes will not allow us to provide you with the Newsletter. To this end, you can freely decide whether or not to provide your consent for such purposes without precluding the ability to access the Services offered by the Site.
Please note that, in any case and at any time, you may request to the Data Controller the erasure of your data by simple submitting a notification in this sense, without any special formalities, to the addresses referred to in art. 1 above.
With reference to the purposes referred to in points (i), (ii) and (iii) of Art. 3 above, the legal basis of the processing is, in fact, established by the legitimate interest to offer for sale the services and products marketed on the E-commerce site, or the performance of the services provided through the Site and requested by you (pursuant to Art. 6, paragraph 1, letter b of the Privacy Regulations and art. 24, paragraph 1, letter b of the Privacy Code); instead, with reference to the purposes referred to in point (iiii) of art. 3 above, the legal basis of the processing is your freely provided consent (pursuant to art. 6, paragraph 1, letter a of the Privacy Regulations and art. 23 of the Privacy Code).
- To which parties we may forward your data to the following parties and scope of the disclosure
Your data may be communicated, within the EU, in full compliance with the provisions of the Privacy Code and the Privacy Regulation, to the following parties:
(i) the tax authorities and/or other public authorities where required by law or on their request;
(ii) external contractors used by the Data Controller to fulfill administrative, tax and accounting obligations;
(iii) structures, subjects and external companies used by the Data Controller to fulfill activities connected with, instrumental or consequent to the performance of the Services offered on the Site- including cloud computing storage service - to provide you with the Newsletter;
- Your rights
Keep in mind that at any time you may exercise your rights as referred to in art. 7 of the Privacy Code and in Articles 15, 16, 17, 18, 20 and 21 of the Privacy Regulation, by sending a written communication to the addresses of the Data Controller as detailed in Article 1 above and, accordingly, obtain:
- confirmation of whether or not your personal data exist with specification of their origin, verification of their accuracy or request for their updating, correction and integration;
- access, correction, deletion or limitation of processing;
- the deletion, transformation into anonymous form or blocking of data processed in violation of the law.
You may also refuse the processing of your personal data.
With reference to the Newsletter, we point out that your right to request the end of the data processing carried out through automated communication means also extends to traditional communication methods. In addition, you have the ability of exercising this right only in part, that is by requesting the interruption, for example, of the forwarding of promotional communications through one or more of the contact methods for which you provided your consent.
- Duration of the processing
Without prejudice to the legal obligations, your personal data will be stored for a specific period, according to criteria based on the nature of the services provided. Please note that the data stored for marketing purposes (the latter related to the Newsletter service) will be stored and usable until the interested party requests their deletion (or exclusion from the service), exercising the rights allowed by the current legislation.
- Safety measures
Through the Site, your data have been processed in compliance with applicable law and using appropriate security measures in accordance with the legislation in force including pursuant to Articles 5 and 32 of the Privacy Regulation.
In this regard, we confirm, among other things, the adoption of appropriate security measures to prevent unauthorized access, theft, disclosure, modification or destruction of your data.
- The information provided, the protection of minors and the methods with which consent of parents and guardians over the minor is obtained.
Consent to the processing of personal data, collected through the www.costruct.net website, takes place after the request reported on the form to specify if you are over 16 years of age, by ticking an appropriate box, otherwise, the collection and processing are not carried out (as well as the agreement is not completed) if there is no consent of the person or persons who are parents or guardians of the minor.
Therefore, if the minor should provide - despite the clear instructions in the information requested regarding the age - false information to access the desired data, the Data Controller shall not be held responsible, as it does not have any means to verify in advance the truthfulness of the information.