Privacy Policy

Privacy Policy

Last update:  11.10.2021

Dear User, Choco Zero is particularly attentive to aspects concerning the privacy of its users and, through this page, intends to describe the management methods of its website www.chocozero.it (hereinafter "Site") with reference to the processing and protection of the personal data of users who access it. This is general information provided in compliance with the European Regulation 2016/679 on the protection of personal data, as well as pursuant to Legislative Decree. 196/2003 (Privacy Code), as amended by Legislative Decree. 101/2018, for the Site only and not for other websites that may be consulted by the user via links on its pages for which the Owner is in no way responsible. According to the legislation indicated, this processing will be based on fundamental principles, such as, for example, correctness, lawfulness, transparency and protection of privacy and user rights.

1. Data Controller 

The data controller of the data provided by the user is 

Arianna Massimino Fit Selection Srls with registered office in via Nazionale n° 865 – Torre del Greco (NA) , hereinafter, for brevity, referred to as the “Owner”.

The Owner, in addition to the address indicated, can be contacted by email: info@chocozero.it . 

2. Type of data collected

A) navigation data: the systems and computer programs used to operate the Site collect some personal data whose transmission is implicit in the use of Internet communication protocols. This is information which, even if it is not collected to be associated with the identified interested parties, could, by its nature, through processing and association with data held by third parties, allow the identification of users. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.

B) data provided voluntarily by the user (art. 4.1 EU Reg.): to consult the site, the provision of any personal data by the user is not required. However, the voluntary registration of the user in the "Register" section of the Site or the insertion of personal data in the areas of the Site relating to shipping and payment information accessible from the cart and the user profile will result in the acquisition by the Owner or third parties who operate in collaboration with the owner for the provision of services of the data entered therein by the user which will be processed for the purposes indicated in the following point 3 of this information. The data collected by the Data Controller are only common personal data (such as, by way of example but not limited to: name, surname, e-mail address, shipping address, payment method).

b.1) payment management: payment management services allow the Site to process payments by credit card or other instruments through external payment service providers Apple Pay and PayPal. Users must provide payment details and personal information directly to such payment service providers. The data used for payment are acquired directly by the manager of the requested payment service, as specified in the privacy policies of each service, without being processed in any way by the Data Controller who will instead only receive a notification from the service provider in question about the payment.

C) cookies: for information regarding the use of cookies through this Site please read the cookie policy ( insert link)

3. Legal basis and purpose of processing

The legal basis for the processing of navigation data (point 2, letter A) is to pursue the legitimate interests of the Owner in relation to the management of the Site. Said data will be used by the Owner for the following purposes:

  • Make it possible to access and navigate the site;
  • Collect data and information in an exclusively aggregated and anonymous form to verify the correct functioning of the Site;
  • Collect data and information in order to protect the security of the Site (anti-spam filters, firewalls, virus detection) and users;
  • Obtain anonymous statistical information on the use of the Site.

In the event of computer crimes committed against the Site, the navigation data may also be used to ascertain responsibility.

The legal basis for the processing of data voluntarily provided by the user through registration in the "Register" section (point 2 letter b) is the legitimate interest of the Data Controller to follow up on the registration request in the "Register" section in order to:

  • Offer services reserved for registered users (e.g. saving their data and contact details, accessing all information relating to their orders and returns, providing assistance on services and products);

Furthermore, subject to the explicit consent of the User, the data provided by the latter through the "Register" section will be processed:

  • For the Owner to send newsletters and any other information and promotional material;
  • For carrying out marketing activities.

The personal data requested from the user by the Owner in the areas of the Site called “Information > Shipping > Payment” (accessible from the “Cart”) (point 2 letter b) as well as requests from the user to process and manage payments by third parties suppliers (point 2 letter b.1) are necessary for the conclusion and execution of the contract that the User intends to stipulate with the Owner for the purchase of the products present on the SITE and may be subject to processing for the following purposes:

  • Activities preliminary to the conclusion of the contract;
  • Activities related to the execution of the contract, such as processing, operational and management needs - within the limits established by laws or regulations - necessary for the operational and administrative activity of the Data Controller, or legal obligations connected to civil, fiscal and accounting regulations, management administration of the relationship, fulfillment of any contractual obligations, support and technical information regarding the products covered by the relationship;
  • Tax requirements, payment of the service/product provided and application of laws and regulations in general.

Furthermore, subject to the explicit consent of the User, the data provided by the latter through the areas of the Site called "Information > Shipping > Payment" will be processed:

  • For the Owner to send newsletters and any other informative and promotional material;
  • For carrying out marketing activities.

4. Consequences of failure to provide personal data

The navigation data collected as part of this processing (point 2, letter a) are mandatory as they are strictly functional to the IT management of the site.

The provision of personal data for the purposes referred to in point 3 letter. a) is mandatory to proceed with the requested registration, so that, in case of failure to provide them, the user will not be allowed to register in the "Register" section.

Failure to provide personal data for the purposes referred to in point 3 letter. b), c), d) will not prevent the user from registering in the "Register" section but will not allow the Owner to carry out the indicated purposes.

Failure to provide data for the purposes referred to in letters e), f), g), will make it impossible to conclude and execute the sales contract between the user and the Data Controller.

Failure to provide personal data for the purposes referred to in points h), i), j) will not prevent the user from concluding the sales contract with the Data Controller but will not allow the latter to carry out the indicated purposes.

5. Methods of Treatment 

The processing, carried out only by personnel directly authorized by the Data Controller, is carried out according to principles of correctness, lawfulness, transparency and can be carried out with or without the aid of electronic or automated tools. This processing will include all the operations provided for by the art. 4, no. 2, EU Reg. (collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction of data) necessary for the processing in question, including communication to the subjects listed in the following paragraph "Data communication".

The data may be recorded and stored both in paper and computer archives, according to principles of correctness, lawfulness, transparency, with organizational systems related to the purposes of the processing. Furthermore, to protect the data from destruction or loss (even accidental) as well as to guarantee its integrity and confidentiality (also against unauthorized access or disclosure) and in general to ensure the rights of the interested party, the Data Controller has adopted security measures of a technical and organizational nature, in compliance with the provisions of the EU Regulation (with particular reference to articles 24, 32 and 35).

6. Duration of Treatment

The data provided by the Customers will be kept by the company Arianna Massimino Fit Selection Srls for the duration of the contract and, subsequently, for the time in which the Company is subject to conservation obligations for tax purposes or for other purposes of any nature deriving from national and community regulations. Specifically, storage will take place for a maximum period of ten years from the date of termination of the contract between the parties or, if later, in the event of the onset of events that justify the extension of storage (e.g. pending legal disputes). For data relating to communications regarding the status of orders, storage will take place as long as necessary to pursue the purposes indicated or interrupted at any time in the event of revocation of your consent.

For marketing and newsletter purposes, the data will be processed for twenty-four months, unless consent is withdrawn in advance or express consent is renewed.

7. Recipients of the Data

In addition to Arianna Massimino Fit Selection Srls as Data Controller, in some cases your data may be communicated to other subjects, who will process them as independent Data Controllers or Data Processors pursuant to art. 28 of Regulation (EU) 2016/679. The updated list of Managers can be requested from the Owner. 

The personal data provided by the user may be communicated:

  • in the corporate context, to subjects authorized to process data pursuant to art. 29 EU Reg., according to the respective competence profile and for the purposes of the processing itself (e.g. administrative, commercial, marketing, legal personnel, system administrators, etc.). These subjects include the employees and/or collaborators of the Data Controller regardless of the existing relationship (e.g. temporary workers, interns, etc.) who, in order to carry out the assigned work tasks, need to process personal data;
  • to subjects other than the Data Controller, appointed for this purpose as Data Processors pursuant to art. 28 EU Reg. which the Data Controller uses or could use in the management of the contractual relationship, the provision of the services offered and for organizational needs of its business, including third party service providers in order to make use possible , the functioning and/or receiving services through the Site (such as, for example, companies that deal with the management or maintenance of the IT infrastructure on which the Site is based (Shopify Inc.), the address management and message sending service email (Mailchimp), as provided in the privacy policies of each service. It is possible to obtain an updated list of data processors by contacting the Data Controller.
  • to subjects who need to access the data for purposes auxiliary to the relationship between the user and the Data Controller, within the limits strictly necessary to carry out auxiliary tasks (such as, for example, banks and credit institutions, suppliers of technical services, IT companies, communication agencies, postal couriers and shipping companies); 
  • to subjects who can access the data pursuant to the provisions of the Law or Regulations, within the limits established by these regulations.

We would like to specify that your personal data will not be disclosed.

8. Data Transfer

The personal data collected will be processed within the European Union and is not normally subject to transfer. With regards to the possible transfer of Data to Third Countries, for the pursuit of the purposes indicated, the Data Controller informs that the processing will take place according to one of the methods permitted by current law, such as for example the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. It is possible to obtain further information, upon request, by contacting the Data Controller at the addresses indicated above.

9. Complaints

As an interested party, you will have the right to lodge a complaint with a Supervisory Authority, identified as the Guarantor for the Protection of Personal Data (www.garanteprivacy.it). 

Wishing to quickly resolve any problems encountered by Users, it is also possible to lodge a complaint directly with the company by sending an email to info@chocozero.it . If you wish to send your complaint by post, please address it to:

 

 Arianna Massimino Fit Selection Srls with registered office in via Nazionale n° 865 – Torre del Greco (NA)

Your complaint will be handled as quickly as possible.

10.Rights of interested parties

In your capacity as interested parties, you have the rights referred to in the art. 7 Privacy Code and art.  from 15 to 22 of the GDPR and precisely the rights of:

· I) obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

· II) obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and representative designated pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents;

· III) obtain: a) updating, rectification or, when you are interested, integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves a manifestly disproportionate use of means compared to the protected right;

· IV) object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the interested party's right of opposition, set out in the previous point b), for direct marketing purposes using automated methods, extends to traditional ones and that in any case the possibility for the interested party to exercise the right of opposition also remains only partially. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications, or neither of the two types of communication.

Where applicable, you also have the rights referred to in the articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.

You may contact the Data Controller at any time, at the contact details indicated above, to exercise these rights. Your request will be handled as quickly as possible and within a maximum of one month, except in cases of particular complexity. Should this occur, it will be the Data Controller's responsibility to notify you promptly.

11. Changes to this Policy 

The Owner reserves the right to modify this Information. The date indicated at the beginning of the Policy indicates the date of the last update. If we make material changes, we will provide notice through the Website, or through other means, to give you an opportunity to review the changes before they become effective.