This Website collects some Personal Data of its Users in order to carry out sales orders and items delivery.
This Website does not collect data for Users’ utilisation and web surfing, as specifically stated by F.lli Lorenzi S.r.l., in order to protect its customers’ privacy.
Controller of data processing
- Flli Lorenzi S.r.l., Corso di Porta Romana 1, 20123 Milano, Italy
- Email address of the Person in Charge: This email address is being protected from spambots. You need JavaScript enabled to view it.
Types of data collected
- The Personal Data collected in this Website include: first name, family name, telephone number, VAT number, business name, address, email and city. Besides the aforementioned Personal Data, the technology used for the website gathers technical information through cookies, as specified hereafter in this document and specifically at point 8.
Information about Personal Data processing
- Complete details about each typology of data collected are supplied in the sections dedicated to this privacy policy or through specific informative notes to be read before the collection of this data.
- Personal Data can be freely supplied by the User.
- If not differently specified, all Data required by this Website is mandatory. In case the User refuses to transmit it, this Website might not supply the Service. When this Website indicates some data as non-obligatory, Users are free to decide whether to transmit this Data, without any consequences for the availability of the Service or for its functioning.
- Users that have doubts about which Data is obligatory, please do not hesitate to contact the Data Controller.
- The possible use of Cookies or other tracing tools used by this Website or by Data Controllers of third-party services used by this Website, where not differently specified, has the objective of supplying the Service required by the User, besides the other objectives described in this document and in the Cookie Policy.
- The User will be responsible for Personal Data of third parties obtained, published or shared through this Website, and guarantees to have the right of communicating or spreading it, thus exempting the Data Controller from any responsibility towards third parties.
Methods of Data processing
The Data Controller adopts proper safety measures to block non authorized access, divulgation, modification or destruction of Personal Data. The processing is carried out through telematic or computer tools, with organizational methods or logics strictly connected to the objectives indicated.
Besides the Controller, in some cases, other people involved in the organization of this Website might access (administrative, commercial, marketing, legal staff and system managers), such as external personnel like suppliers of technical services, pony express, hosting providers, IT companies, communication agencies) appointed by the Controller, if necessary, also Data Processors. The updated list of Data Processors can always be required contacting the Data Controller.
Legal basis of Data processing
The Data Controller can process Users’ personal data in case one of the following conditions subsists:
- The User has given his consent for one or two specific objectives; Note: In some regulations the Controller can be authorized to process Personal Data even without the User’s consent or without the consent of another legal basis later on specified, until the User opts out from this processing. However, this cannot be applicable if the processing is regulated by the European legislation as far as concerns Personal Data;
- The processing is mandatory when a contract with the User is signed and /or during the execution of pre-contractual measures; the processing is mandatory to fulfil a legal obligation to which the Controller is subjected;
- The processing is mandatory for the execution of a task of public interest or for the exercise of public powers that the Controller can exercise; the processing is mandatory for the pursuit of legitimate interest of the Controller or of third parties.
However, it is always possible to ask the Controller to clarify the actual legal basis of each processing and, in particular, to specify whether the processing is based on the law, is included in an agreement, or is mandatory to close a contract.
Place
- Data is processed at the operational offices of the Controller and in any other place where the parties involved in the processing are located. For further information, you are invited to contact the Controller.
- The User has the right to obtain information regarding the legal basis of the data transmission outside the EU or to an international organization of international public right or constituted of two or more countries like ONU, or information regarding the safety measures adopted by the Controller for data protection.
Storage period
Data is processed and stored for the time needed to carry out the objectives for which data is collected. Therefore:
- Personal Data collected for objectives linked to the execution of a contract between the Controller and the User will be stored until the execution of this contract is valid.
- Personal Data collected for objectives linked to the legitimate interest of the Controller will be stored until this interest is fulfilled.
- When the processing is based on the User’s consent, the Controller can store Personal Data for a longer time, until this consent is revoked. Furthermore, the Controller might be forced to keep Personal Data for a longer period in compliance with a law obligation or at the behest of an Authority. When the period of storage expires, Personal Data will be cancelled. Therefore, when the deadline expires the right to access, cancellation, rectification and the right to portability of Data will no longer be possible.
Objective of the processing of the data collected
User’s data is collected to permit the Controller to supply his Service. The information can be used for the following objectives: contacting Users, payment management, commenting on the contents, contact management, sending messages, social network interaction, external platforms and content visualization from external platforms. To obtain further information about the objectives of the processing and about personal data concretely pertinent to any objective, Users can study the related sections of this document more in detail.
Information about personal data processing
Personal Data is collected for the following objectives and the following services are employed:
8.1 Visualization of contents from external platforms
This type of services permits to visualize contents hosted on external platforms directly from the pages of this Website, and to interact with them. In case this type of service is operational, it might be possible that this Service collects traffic data related to the pages where it is installed, even if the User does not utilize the Service.
8.2 Contact and registration form
- The User, filling in the contact and registration forms - present in this Website - with his personal information, agrees to their use in order to reply to the request for information, quote, purchase or any other matter indicated in the form letterhead.
- Personal Data stored: first name, family name, username/email, password, company, place and date of birth, telephone, VAT number and tax code, shipping address.
8.3 JOOMLA Platform
This service is aimed at hosting and implementing key components of this Website to allow service delivery from a single platform. This platform provides the Controller with a wide range of tools, such as, for example, analytical tools for the management and registration of Users, for the management of comments and database, for e-commerce, for payment processing, etc. The use of these tools involves the collection and processing of Personal Data. Some of these services work through servers geographically positioned in different places, thus making it difficult to determine the exact place where Personal Data is stored.
Joomla platform is based on the following websites:
- org/3
- joomla.org
- joomla.org
- joomla.org
- joomla.org/joomla-training.html
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- joomla.org
- org
- org
- joomla.org
The aforementioned sites are managed by the following company: Open Source Matters, Inc.
Personal Data collected: various typologies of data according to what specified by Joomla’s privacy policy.
Place of processing
Joomla’s applications are installed on physical computers based in North-American territories or in Great Britain in the offices of the following companies:
- Rochen Limited, legal offices based at 11 Dudhope Terrace, Dundee, DD3 6TS United Kingdom, company registered with number SC242971 - https://www.rochen.com
- Joomla Content Delivery Network (CDN) managed by: MaxCDN / StackPath LLC, legal offices located at 2021 McKinney Ave. - Suite 1100 - Dallas, TX 75201, United States. No personal information is transmitted to StackPath through CDN.
- Joomla email accounts (joomla.org, community.joomla.org, opensourcematters.org, conference.joomla.org) as well as other services belonging to G Suite are installed on physical computers located in North-American territory at the following corporations: Google LLC, legal offices located at 1600 Amphitheatre Parkway - Mountain View, CA - United States.
- A copy of Data Processing Addendum (DPA) stipulated between Open Source Matters and Google LLC regarding the use of GSuite is available at the following address: https://gsuite.google.com/terms/dpa_terms.html
- EU Model Clauses for GSuite between Open Source Matters, Inc. and Google LLC are available at the following address: https://admin.google.com/terms/apps/1/5/en/mcc_terms.html
- Backups of all joomla.org applications (websites) are carried out and hosted at Amazon Web Services. All backup files are based in the EU, at the headquarters of AWS.
- All the outgoing emails from websites “.joomla.org” are handled through the API of Elastic Email. The related Service Privacy Policy is available at the following address: https://elasticemail.com/resources/usage-policies/privacy-policy.
Joomla Privacy Policy and Joomla Cookie Policy are available at the address https://www.joomla.org , at the menu “Privacy Policy” and “Cookie Policy”.
8.4 Payment management
The services for payment management allow this Website to process payments with credit cards, bank transfers or by other tools. The data used for payments is directly stored by the manager of the payment service required without being processed by this Website in any way. Furthermore, a number of these services might permit the programmed transmission of messages to the User, like emails containing invoices or notifications regarding payments.
8.5 Banca Sella
Data Protection Officer (hereafter also called “RPD” or “DPO” - Data Protection Officer”) can be contacted at the following addresses:
- e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it. oppure This email address is being protected from spambots. You need JavaScript enabled to view it..
- postal address: Axerve S.p.A.: Via Corradino Sella 10, Biella.
- e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it..
8.6 PayPal (PayPal Inc.)
PayPal is a payment service supplied by PayPal Inc. which allows the User to carry out online payments.
Personal data collected: various types of Data according to what specified by the Privacy Policy of the service.
Place of Processing: Consult the Privacy Policy of PayPal - Privacy Policy
Users’ Rights
- Users can exercise specific rights with reference to Data processed by the Controller. In particular, the User has the right of :
- Revoking his consent at any time. The User can revoke his consent - previously accepted - to the processing of his Personal Data.
- Opposing the processing of his Data. The User can oppose the processing of his data when the processing involves a legal basis different from consent.
Further details about opposition rights are indicated in the section below.
Accessing your own Data
The User has the right of:
- obtaining and receiving a copy of the data processed.
- verifying and demanding rectification. The User can verify the correctness of his own Data and demand updating or correction.
- obtaining the limitation of processing. Under certain circumstances, the User can demand the limitation of the processing of his own Data. In this case, the Controller will process his Data for mere storage and for no other cases.
- obtaining the cancellation or removal of his own Personal Data. Under certain circumstances, the User can demand the Controller the cancellation of his Data.
- receiving his Data or having it transferred to another controller. The User has the right of receiving his data in a structured format, of common use and readable on automatic devices where technically feasible, of obtaining the transfer to another controller with no hindrances. This regulation is applicable when Data is processed with automatic devices and the processing is based on the User’s consent, on a contract which has the User as one of the Party, or on contractual measures related to it.
- making a complaint. The User can file a complaint to the authority in charge of the control of personal data protection.
Details on the right of opposition
- When personal data is processed in the public interest, in the exercise of public authorities that the Controller is entitled to exercise, or else to fulfil a legitimate interest of the Controller, Users have the right to oppose the processing due to reasons connected to their particular circumstance.
- Please notice that, where users’ data is processed with the objectives of direct marketing, users can oppose the processing without producing any motive. To discover whether the Controller processes data with the objective of direct marketing, Users can refer to the respective sections of this document.
How to exercise your rights
To exercise their rights, Users can address a request to the contact addresses of the Controller written in this document. The requests are registered free of charge and handled as soon as possible, in any case within a month’s time.
Further information about data processing
Defense in court
User’s Personal Data can be used by the Controller summoned or during the preparatory phases of his possible introduction for the defense from violations by the User of the use of this Website or of the Services connected. The User claims he is aware that the Controller might be obliged to reveal Data by order of public authorities.
Specific information
Upon User’s request, in addition to the information contained in this privacy policy, this Website might supply the User with extra and contextual notices about specific Services, or with the storage and processing of Personal Data.
System Log and maintenance
Due to needs linked to the functioning and maintenance, this Website and the possible third parties’ services used by it, might collect system Logs, namely files that record interactions and that might also contain Personal Data, such as IP User’s address.
Information not contained in this policy
Further information in relation to the processing of Personal Data might be required at any moment to the Data Processor by using his contact addresses.
Reply to the “Do Not Track” requests
This Website does not support “Do Not Track” requests. To discover whether the possible Services of third parties support them, the User is invited to consult the related privacy policy.
Modifications to this privacy policy
The Data Controller reserves his right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this Website and, if technically and legally feasible, by sending a notification to Users through one of their contact addresses which had been previously given to the Controller. You are therefore invited to regularly consult this page, making reference to the latest date of modification indicated on the bottom. Should the changes involve legal basis processing and consent, the Data Controller will collect the User’s consent again, if needed.
Definitions of legal references
Personal Data (or Data) - It constitutes personal data any information that, directly or indirectly, also in connection with any other piece of information such as a personal identification number, makes a physical subject identified or identifiable.
Data of Use - It is the information collected automatically through this Website (also from applications of third parties integrated in this Website), including: IP addresses of the computer used by the User logging in with this Website, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used while sending the request to the server, the dimension of the file obtained in reply, the numeric code indicating the status of the server reply (positive ending, error, etc.), the country of origin, the features of the browser and of the operative system used by the visitor, the various time information (for example the time of visit on each page) and the details related to the itinerary followed within the Application, with particular reference to the sequence of the pages visited, to the parameters related to the operative system and the IT environment of the User.
User - The individual that uses this Website who, except where differently specified, coincides with the interested party.
The interested Party - The physical person whom Personal Data refers to.
Data Processor (or Processor) - The physical person, the juridical person, public administration and any other institution or body that processes data on behalf of the Controller, according to what stated in this privacy policy.
Data Controller (or Controller) - The physical person, the juridical person, public authority, the service or other body that, singularly or together with others, determines the objectives and the methods of personal data processing and the tools used, including the safety measures related to the functioning and the fruition of this Website. The Controller is the owner of this Website.
This Website (or this Application) - The hardware or software through which Personal Data of Users are collected.
Service - The Service supplied by this Website as defined in the related terms (if present) on this website / application.
European Union (or UE) - Except when differently specified, every reference to the European Union contained in this document is to be considered extended to the present members of the European Union and of the European Economic Area.
Cookie - Small portion of data within User’s device.
Legal references - the present privacy policy is written on the basis of several legislative regulations, including art. 13 and 14 of EU regulations 2016/679. Where not differently specified, this privacy policy regards exclusively this Website.
Latest update: 10th December 2020