Informed Consent Pursuant to Article 13 of EU Regulation No. 679/2016

CONCHE S.R.L. di Rondinone Tina, with its registered office at Vico Conche, 8/12, Matera (MT), and operational headquarters in Matera (MT), Tax Code and VAT Number 01387120775, represented by its legal representative (hereinafter also referred to as “CONCHE S.R.L.”), as the data controller of the personal data of users/visitors (hereinafter, “Users”) who access the website www.alleconche.com (hereinafter, the “Website”), invites you to read this privacy policy pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter “GDPR”) regarding the processing of your personal data, which contains important information on how we manage the Website in compliance with current regulations, as specified below.

This privacy policy applies exclusively to the website “www.alleconche.com” and not to other websites that you may visit through links.

1. Subject of the Processing

The Data Controllers will process personal identification data (by way of example: name, surname, address, phone number, email, etc., hereinafter also referred to as “Data”) that you voluntarily provide during the purchase process (e.g., through orders, etc.) of products, or when filling out and signing the Contract for the purchase of said products, or those Data you provide in order to use specific services offered by the Website. This also includes data (navigation data) normally accessible to the Data Controllers through the IT systems and software procedures necessary for the operation of the Website. This category of data includes, among other things, IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, request time, method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the operating system and the user’s IT environment.

2. Purposes of Processing

Your Data will be processed in a lawful and fair manner for the purposes described below.

Regarding navigation data: a) to allow the Data Controllers to obtain anonymous statistical information on the use of the Website and to monitor its correct functioning; b) for security reasons (spam filters, firewalls, and virus detection) to block attempts to damage the Website or to cause harm to users, and in any case to prevent harmful or illegal activities; c) to perform any other function necessary or instrumental to the Website’s operation, including the installation of technical cookies to improve the functionality of the Website, as described in the Cookie Policy; d) to enable the Data Controllers to fulfill legal, accounting, fiscal, administrative, and contractual obligations related to the management of the Website and the provision of requested services, as well as to manage relations with authorities, control bodies, and third public entities for purposes related to specific requests, legal obligations, or other procedures.

Regarding Data voluntarily provided by the user: to allow CONCHE S.R.L. to carry out all activities related (including preliminary) to the sale of products requested by the User, including fulfilling fiscal obligations (e.g., VAT-free transactions where applicable), administrative-accounting tasks (such as invoicing, historical archiving, debt collection – including factoring, credit insurance, credit assignment, etc.), and identifying the consumption characteristics of the professional or customer company, as well as to fulfill the User’s request for the purchase of products through the Website or the provision of other value-added services related to the purchase of these products. To enable CONCHE S.R.L. to manage treasury activities related to the contractual relationship (including the legal processing of bank details and/or other payment data, including credit card or payment card details), in accordance with the terms and conditions of the Contract and/or other specific contractual conditions agreed upon. To allow CONCHE S.R.L. to implement measures aimed at protecting against credit risk, including activities aimed at assessing the Customer and their financial reliability. To enable CONCHE S.R.L. to fulfill legal, accounting, fiscal, administrative, and contractual obligations related to the provision of requested services, as well as to manage relationships with authorities, control bodies, and third public entities for purposes related to specific requests, legal obligations, or other procedures. Unless the User gives CONCHE S.R.L. a specific and optional consent for further purposes, the User’s personal data will be used by CONCHE S.R.L. solely for the purpose of verifying the User’s identity (including email address validation) to prevent possible fraud or abuse, and to contact the User for service-related reasons. The personal data required for the purposes of processing described in this section are indicated with an asterisk in the registration form on the Website.

Only with your free, specific, and separate consent (pursuant to Art. 7 GDPR), allow CONCHE S.R.L. to conduct market research and analyses aimed at assessing customer satisfaction with the quality and type of services provided and initiatives for improving services, as well as to send newsletters, advertising material, and/or commercial marketing communications about new products for sale and new services offered by CONCHE S.R.L. or third parties (including other Group companies), including related offers, discounts, and other promotional and loyalty initiatives. This may be done through traditional contact methods (postal mail or operator calls) or through automated calling or communication systems without operator intervention, as well as via email and/or SMS (Short Message Service). If you do not consent, your ability to register on the Website and/or make purchases through the Website will not be affected. If you consent, you can withdraw it at any time by requesting it from CONCHE S.R.L. as indicated in the next paragraph 10. You can also easily opt out of further promotional communications via email by clicking the appropriate unsubscribe link included in each promotional email. After withdrawing consent, CONCHE S.R.L. will send you an email to confirm the revocation of your consent. If you wish to withdraw your consent for promotional communications via phone while still receiving promotional emails, or vice versa, please send a request to CONCHE S.R.L. as indicated in the next paragraph 10.

CONCHE S.R.L. informs you that, following the exercise of the right to object to the sending of promotional communications via email, it is possible that, for technical and operational reasons (e.g., the formation of contact lists completed shortly before the Partner receives the request to opt-out), you may continue to receive some additional promotional messages. If you continue to receive promotional messages after 24 hours from exercising your right to object, please report the issue to CONCHE S.R.L. using the contact details provided in the next paragraph 10.

Only with your free, specific, and separate consent (pursuant to Art. 7 GDPR), allow CONCHE S.R.L. to process your data to suggest features, products, and services that may interest you, to identify your preferences and personalize your experience, and to show you advertisements based on your interests related to features, products, and services that might be of interest to you. Additionally, with your free, specific, and separate consent (pursuant to Art. 7 GDPR), allow CONCHE S.R.L. to use your personal data to evaluate certain aspects of you, particularly to analyze or predict aspects related to your professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

With your free, specific, and separate consent, allow CONCHE S.R.L. to analyze and process information for the creation of homogeneous groups based on tastes and behaviors – so-called ‘profiles’ – aimed at identifying the individual user or, more often, a group of users or the terminal from which they connect, for the purpose of offering personalized goods or additional or related services. If you do not consent, your ability to register on the Website and/or make purchases through the Website will not be affected. If you consent, you can withdraw it at any time by requesting it from CONCHE S.R.L. as described in the next paragraph 10.

3. Methods of Processing

The processing of your Data is carried out through the operations referred to in Art. 4(2) GDPR, specifically: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, restriction, deletion, or destruction of Data.

Your Data are processed both in paper and electronic and/or automated form.

The Data acquired are processed in full compliance with legal regulations and the principles of legality, fairness, transparency, data minimization, and protection of your privacy and rights.

Processing of data of minors is not envisaged. Upon request from Users, the Data Controllers will promptly delete all personal data unintentionally collected related to individuals under 18 years of age.

4. Data Retention Period

The Data Controllers retain Data in accordance with local laws and internal company policies and procedures for the time necessary to achieve the purposes mentioned above and to fulfill their legitimate commercial interests, legal obligations, or to establish, exercise, or defend legal rights. Once the need to retain the Data for these purposes has expired, it will be securely deleted.

In particular:

Data necessary for the conclusion and execution of the sales contract for Products to the User are retained until the completion of administrative-accounting formalities. Billing data will be retained for ten years from the date of issuance.

Data collected for marketing purposes are retained until the termination of the service or the User’s exercise of opposition through unsubscribing.

Data collected for profiling purposes for marketing are retained until the User requests the cessation of the activity and in any case for up to 2 years from the User’s last interaction of any kind with CONCHE S.R.L.

Data collected for the purpose of providing the newsletter service are retained until the termination of the service or the User’s exercise of opposition through unsubscribing.

Data collected for managing services for the registered User are retained until the termination of the service or the User’s exercise of opposition through unsubscribing.

In all other cases, Users’ personal data will be retained for the time strictly necessary to fulfill the primary purposes described in the previous section 2, point B, or as otherwise necessary for the protection of both Users’ and CONCHE S.R.L.’s civil interests.

5. Legal Basis for Processing

The processing of the aforementioned Data is necessary to allow you to navigate the site and to respond to your requests (including the request to purchase the aforementioned products, which is based on your purchase order sent to the Data Controller and/or on your signature on the Contract with the Data Controller). Where necessary for specific purposes, explicit consent from the User will be obtained.

Processing of Data for marketing purposes is permitted in relation to the free flow of data as provided by the GDPR and may involve activities aimed at satisfying the legitimate commercial interests of the Data Controller, including any commercial development activities (such as marketing, customer satisfaction, etc.) carried out by the Data Controller.

6. Communication, Dissemination, and Access to Data

Your Data may be made accessible for the purposes described above to:

Employees and collaborators of the Data Controllers in Italy and abroad, in their capacity as internal data processors and/or sub-processors/data handlers and/or system administrators;

Other companies of the CONCHE S.R.L. Group (parent companies, subsidiaries, and/or affiliates) in Italy and abroad, and to their employees and collaborators (for example, for administrative and accounting purposes);

Carriers or shippers for the management of all activities related to the delivery of goods to the Customer;

Agents, sales representatives, attorneys, contractors, and any other party acting on behalf of the Data Controller;

Other third parties or entities (by way of example but not limited to, credit institutions for payment and collection management, financial intermediaries, credit insurance institutions, professional firms, consultants, etc.) that perform outsourced activities on behalf of the Data Controllers, in their capacity as external data processors, including suppliers or parties appointed to carry out ancillary or instrumental services for the purposes indicated above, with whom the Data Controllers enter into specific agreements.

The Data Controllers also reserve the right to share personal data with certain third parties, including: IT providers for system development and technical support; auditors and consultants for ensuring compliance with external and internal requirements; certification bodies; legal entities, law enforcement agencies, and parties to legal proceedings in compliance with legal obligations or claims; potential successors or business partners of the Data Controllers or a group company in the event of a sale, transfer, or other extraordinary transactions; police forces, armed forces, and other public authorities for the fulfillment of legal, regulatory, or EU legal obligations.

In the event that such parties are established in non-EU countries, the Data Controller ensures that the transfer of non-EU Data will be carried out in accordance with applicable legal provisions, following the standard contractual clauses set forth by the European Commission.

Users have the right to obtain a list of any external data processors appointed by each Data Controller by requesting it from the relevant Data Controller using the methods indicated in the following paragraph 10.

7. Data Transfer

Data will be stored on servers located within the European Union. It is understood that the Data Controller, if necessary, has the right to share data also with other companies in the Group and/or to transfer Data to non-EU countries; in such cases, the Data Controller ensures that the transfer of non-EU Data will be carried out in accordance with applicable legal provisions, following the standard contractual clauses set forth by the European Commission.

The Data Controller will apply all necessary safeguards to such transfers in accordance with the current privacy regulations.

8. Nature of Data Provision and Consequences of Failure to Provide Data

Providing Data for the purposes described in Article 2 “A.” is optional but necessary for visiting and accessing the various features of the Site and ensuring correct navigation.

Providing Data for the purposes described in Article 2 “B.” is also optional but necessary for allowing CONCHE S.R.L. to follow up on your requests.

Providing Data for the purposes described in Article 2 “C.” is optional but not necessary for visiting and accessing the various features of the Site and/or for making purchases through the Site. You can therefore choose not to provide any data or to subsequently deny the possibility of processing data already provided: in such cases, you will not receive the requested information, newsletters, commercial communications, or advertising materials related to the services offered by the Data Controller.

Providing Data for the purposes described in Article 2 “D.” is optional but not necessary for visiting and accessing the various features of the Site and/or for making purchases through the Site. You can therefore choose not to provide any data or to subsequently deny the possibility of processing data already provided:

9. Data Subject Rights

As a data subject, you have the rights set out in Articles 13(2)(b), (c) and (d), 15, 16, 17, 18, 19, and 21 of the GDPR, including the following rights to:

Obtain confirmation of whether or not data concerning you exists, even if not yet registered, and receive such data in an intelligible form;

Receive information on:

a) The source of the data;
b) The purposes and methods of processing;
c) The logic applied to automated processing;
d) The identity of the Data Controller, the Data Protection Officer, any data processors, and the representative designated under Article 3(1) GDPR;
e) The recipients or categories of recipients of the data;
Request:

a) The updating, rectification, or, where appropriate, the integration of data;
b) The erasure, anonymization, or restriction of data processed unlawfully, including data that is no longer necessary for the purposes for which it was collected or further processed;
c) Confirmation that the above actions have been communicated, including their content, to those to whom the data was disclosed, unless this proves impossible or involves a disproportionate effort;
Object, in whole or in part:

a) On legitimate grounds, to the processing of data concerning you, even if it is relevant to the purpose of collection;
b) To the processing of data concerning you for direct marketing purposes or market research, including the use of automated calling systems without an operator, and by email and/or traditional marketing methods by telephone and/or postal mail. Please note that the right to object to direct marketing extends to both automated and traditional methods, and you can choose to receive only one type of communication or none at all;
Where applicable, also have the rights under Articles 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority;

Withdraw consent at any time, if consent has been given.

10. How to Exercise Your Rights
You can exercise your rights or make a request at any time using the following methods:

By sending a registered letter with return receipt requested to the registered office of the Data Controllers:

For CONCHE S.R.L.: CONCHE S.R.L. di Rondinone Tina, Vico Conche, 8/12, Matera (MT), Italy, Tax Code and VAT Number 01387120775
By sending an email to:

For CONCHE S.R.L.: alleconche@gmail.com or a certified email (PEC) to: conche@pec.it
11. Data Controller, Data Protection Officer, and Data Processors
The Data Controller is:

CONCHE S.R.L. di Rondinone Tina, Tax Code and VAT Number 01387120775, represented by the legal representative, with its registered office at Vico Conche, 8/12, Matera (MT), Italy.
The Data Protection Officer for CONCHE S.R.L. can be contacted at the following email address: alleconche@gmail.com

Information regarding the categories of Data Processors is available at the registered office of the Data Controller and can be requested by the User using the methods and contact details provided above.