Version adopted on 1 June 2022
This document contains the principles and rules which the company So Simple Distribution Spa adheres to in the processing of its customers' data, in compliance with the European Regulation on the protection of personal data no. 679/2016 (hereinafter for the sake of brevity GDPR). Users are provided with all information relating to the processing of data and the rights that can be exercised by them.
This information is also intended for individuals who access the site on behalf of legal persons in the performance of their duties and use their personal data.
- Main definitions (Article 4 of the GDPR)
- The owner of the treatment
- Purpose of data processing, type of data collected and legal basis of the processing.
- Registration and purchase of goods on the website
- Payment services
- Shipment of purchased goods
- Use of data for fraud prevention
- Defense of a right
- Use of data for marketing and profiling purposes
- Sending communications on products similar to those purchased
- Social media
- Employees and Third Party Partners
- Transfer of data to third parties
- Recipients outside the EU
- Security measures
- Retention times of the processed data
- Rights of the interested party
1. Main definitions (Article 4 of the GDPR).
any information relating to an identified or identifiable natural person ("data subject"); the natural person is considered identifiable who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social.
any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to professional performance, economic situation, health, personal preferences, the interests, reliability, behavior, location or movement of that natural person.
the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to its designation may be established by Union or Member State law.
Responsible for the treatment
the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
Data Protection Officer (DPO / RPD)
figure provided for by the GDPR 679/2016 which, if appointed, supports the Data Controller and / or the Data Processor in the management of data processing.
2. The data controller
The Data Controller is So Simple Distribution SPA with registered office in Turin, Via Della Rocca n. 20
Tel: +39 0115536800
Fax: +39 0115536805
3. Purpose of data processing, type of data collected and legal basis of the processing
The purposes of the data processing, which are the legal bases of the same and which personal data will be processed are listed and specified below.
In the event that you act on behalf of a legal person for the purposes indicated below and except in cases where consent is required or there is another legitimate interest of the Data Controller, the legal basis for the processing of your data is constituted from the legitimate interest of SO SIMPLE DISTRIBUTION SPA to process the personal data of employees, managers, referents or administrators of the legal person customer for the purpose of stipulating, fulfilling and executing the contract signed with the latter, in compliance with article 6, paragraph 1, letter f), GDPR. In this case, your personal data will be processed exclusively to the extent that it is strictly necessary for the management of the relationship between the Data Controller and the legal person for which you operate.
3.1 Registration and purchase of goods on the website
In order to purchase the goods advertised on the website www.sosimpledistribution.it, it is necessary to register by creating a user profile with username and password.
The data processed are the following:
- Mobile Phone
- Postal Code
In the case of companies / partnerships / professionals, the following data will also be processed:
- Business Name
- VAT number
- Unique Code
- Possible website
- Group (type of shop)
- Bank support
- Account No.
- Shipping addresses if different from the main address
- Terms of payment
The communication of the data indicated above is essential in order to be able to conclude and execute the contract for the sale of the goods advertised on the website, including tax obligations (such as invoicing).
Failure to provide such data will prevent the conclusion of the contract.
The processing of the data provided for the conclusion and execution of the contract finds its legal basis in Article 6, paragraph 1, lett. b) of the GDPR (processing necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same).
3.2 Payment Services
Payment methods can be made by:
- use of credit card (without storing bank data)
- PayPal (without storing bank details)
- Bank transfer
As regards payments by credit card and PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) or by bank transfer, the payment data will be processed directly by the service provider contractually appointed by So Simple Distribution
- Nexi Payments
- Intesa Sanpaolo
Please refer to the privacy policies of the individual intermediaries
For companies / professionals So Simple Distribution Spa carries out a financial verification using the CRIBIS service (https://www.cribis.com/privacy-policy) and reserves the right not to activate the account related to the profile following checks on the required brands or financial situation.
In the event of refunds due to returns of goods, you will be required to communicate your bank details for the refund itself. Your bank details will be deleted immediately after making the payment of the amount to be returned.
Failure to communicate payment data will prevent the conclusion of the contract.
The legal basis is in any case constituted by article 6, paragraph 1, letter b) of the GDPR (processing necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same) .
3.3 Shipping of the purchased goods
The data relating to the delivery address are transmitted to the supplier appointed by So Simple Distribution SPA for the delivery of the goods:
Logistics and transport (by GLS) DHL Supply Chain S.p.A.
GLS GLS ENTERPRISE SRL
SDA Poste Italiane S.p.A.
BRT BRT S.p.A.
In order to ensure compliance with contractual obligations relating to the purchase and delivery of goods, the following data is communicated to the company in charge
- Name (Business name)
- Postal Code
- email address
- phone number
The aforementioned data are transmitted for the purposes outlined above and deleted by the Supplier once the delivery has been made, unless the Company in charge has in turn a legal obligation of conservation.
Failure to communicate the data for the shipment of the goods will prevent the conclusion of the contract.
The legal basis of the processing for these purposes is given in Article 6 paragraph 1 letter b) of the GDPR (processing necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same
3.4 Use of data for fraud prevention
So Simple Distribution may use the data provided as part of the purchase order in order to prevent fraud and identity theft that can occur, for example, when:
- the shipping address and the billing address are different.
- multiple orders are placed on the same item.
- large orders are placed
- suspicious email addresses or telephone numbers are provided (different names, companies pretending to be individuals, countries or area codes other than the billing address).
The legal basis for carrying out this verification a is constituted by Article 6 paragraph 1 letter f) GDPR (legitimate interest of So Simple Distribution to avoid outstanding payments, scams, identity theft).
3.5 Defense of a right
If necessary, your data may be processed to ascertain, exercise or defend the rights of SO SIMPLE DISTRIBUTION SPA in court or out of court.
The legal basis is constituted by article 6 paragraph 1 lett. f) GDPR (legitimate interest of So Simple Distribution to ascertain, exercise or defend a right in court or out of court).
3.6 Use of data for marketing and profiling purposes
For the following purposes:
carrying out advertising, marketing or promotional activities (via e-mail, postal service, social networks, text messages) by sending commercial newsletters, offers, promotions, discounts and invitations to events or events;
profiling, through the reading and analysis, through automated decision-making processes, of purchasing behavior, using the data relating to your expenses, in order to improve the commercial offer and carry out specific product promotions and commercial offers as suitable as possible to your profile and your needs, including through surveys and market research;
the following data may be used:
- Email address
- Cookies (on the management of cookies and profiling, please refer to the https://sosimpledistribution.it/eng/cookie-policy)
Data concerning the use of the site by the user such as navigation, items placed in the shopping cart, both for the purpose of statistical surveys and personalized advertising.
Sharing of user data with third party advertisers within the same product sector as So Simple Distribution Spa.
The processing of the data indicated above for the purposes outlined can only take place with the consent of the interested party in accordance with the provisions of Article 6, paragraph 1, letter a) of the GDPR
You have the opportunity to subscribe to the newsletter to receive news relating to the goods for sale and any promotions launched and any personalized offers. After sending the newsletter subscription request, you will receive an email in which you will be asked to confirm your subscription: the subscription will be effective only by activating the confirmation link.
The legal basis of the processing is consent, pursuant to Article 6, paragraph 1, letter a) of the GDPR.
3.8 Sending communications on products similar to those purchased
You may be sent, exclusively to the e-mail address provided during the purchase of a good from the website, promotional messages on goods similar to those purchased by you, in accordance with the provisions of Article 130 paragraph 4 of the Privacy Code (Legislative Decree n. 196/2003).
The legal basis of this processing is constituted by the legitimate interest of So Simple Distribution Spa in carrying out promotional activities pursuant to Article 6, paragraph 1 letter f) of the GDPR
You have the right to object to this treatment at any time by sending a communication to So Simple Distribution at the addresses contained in the Contacts.
3.9 Social media
So Simple Distribution SPA is present for advertising purposes with official profiles on Facebook, Instagram.
The responsibility for managing data in compliance with the regulations relating to the protection of personal data lies with each provider to which reference should be made for the respective information and policies on data processing (Instagram - https://www.instagram.com/terms/accept/ Facebook – https://www.facebook.com/privacy/explanation/)
By logging off from the social network pages and deleting the installed cookies, you can prevent social networks from linking information regarding your visit to our site to your user account on the respective social network.
4. Employees and Third Party Partners
Your data covered by this disclosure are communicated and processed by those who, within the organization of So Simple Distribution, need it as a result of the position held. These subjects are the persons authorized to process under the direct authority of the Data Controller pursuant to art. 4 n. 10 of the GDPR.
To carry out the activity and provide the service, So Simple Distribution makes use of third party partners (transport and logistics companies, companies in charge of the maintenance and management of programs and IT tools, professionals, sole proprietorships, companies that carry out support or advice to the Data Controller).
The processed data is transmitted to these third party partners if this is necessary in the context of the provision of services. In this case, third parties process the data on behalf of So Simple Distribution and are identified as data controllers. In this case the data will be processed only for the purposes expressly provided for in the deed with which they are appointed and to the extent to achieve these purposes, in accordance with the instructions of So Simple Distribution.
Transfers and communications of data that may be made to public authorities or for the fulfillment of legal obligations remain unaffected.
4.2 Recipients outside the EU
In general, we do not transfer your data to recipients located outside the European Union or the European Economic Area.
Should this be necessary, So Simple Distribution Spa acts in compliance with the provisions of Chapter V of the GDPR.
All measures will be taken to ensure the protection of personal data by basing the treatment:
- on an adequacy decision of the European Commission;
- on the existence of adequate guarantees pursuant to Article 46 of the GDPR;
- on the adoption of binding corporate rules pursuant to art. 47 GDPR.
You can ask So Simple Distribution Spa for any further information or clarification from the contacts indicated.
5. Security measures
So Simple Distribution Spa has adopted technical and management measures aimed at protecting and preventing unlawful access to the data processed.
Users are advised to use a complex password (consisting of at least 8 characters with a capital letter, a number and a sign) in order to make the account more secure.
It is recommended not to share the password with third parties or to use the same password on several different sites.
If the user believes that his account has been hacked, he can directly contact So Simple Distribution at the contact addresses contained in this statement.
The services provided on the site are reserved for adult users (18 years of age). Data of minors are not processed. If a minor has registered on the website without the consent of a parent or guardian, they must immediately communicate it to the contact addresses provided in this statement so that the minor's data can be deleted without delay and the registration canceled.
Similarly, immediate cancellation is carried out if you become aware of the fact that a minor has registered on the website.
7. Retention times of the processed data
The retention period of the processed data varies according to the purposes of the processing and is indicated below.
In any case, specific legal obligations (for example in tax, accounting and civil law matters) which may require the Data Controller to further retain your data only for the purposes provided for by the specific legislation (for example to fulfill regulatory obligations of a tax / accounting nature).
In cases where the processing of data requires the consent of the interested party, the latter always has the right to withdraw consent by sending a communication to the addresses indicated in the Contacts.
Therefore, without prejudice to any additional obligations referred to above:
- the data collected for the stipulation and execution of the contract are kept for the entire duration of the same and until the expiry of any legal or contractual guarantees, without prejudice to the additional legal obligations referred to above and, from the termination of the contractual relationship, for the term maximum of 10 years in compliance with the limitation period provided for by the civil code.
- the data relating to the activated account (including the sending of the newsletter) provide for storage linked to the ongoing use of the account itself (in other words, the data is kept as long as you are an active customer). The customer account is deleted after 3 years of inactivity;
- the sending to the e-mail address provided during the purchase of a good from the website, of promotional messages concerning goods similar to those purchased, in accordance with the provisions of article 130 paragraph 4 of the Privacy Code, is linked to the ongoing use of the account itself (in other words, sending assumes that you are an active customer). Sending will cease after 2 years of inactivity with consequent cessation of data processing for these purposes;
- use of data for marketing purposes (without tracking): 5 years from the last contact, unless the user has previously revoked the consent.
- tracking data: 3 years from the last contact, unless the user has previously revoked the consent.
- tax obligations: for the entire duration of the contract as well as for the next 10 years from the end of the fiscal year following that of competence, to deal with tax assessments / disputes.
- in the presence of legal disputes, in the event that it is necessary to defend or act or even make claims against you or third parties, the Data Controller may keep the personal data that it reasonably deems necessary for these purposes and for the time in which this claim can be prosecuted.
8. Rights of the interested party
The GDPR recognizes the owner of the processed data a complex series of rights that allow you to constantly monitor the processing of your data by So Simple Distribution.
Specifically, your rights are:
- Right of access to your personal data stored by us (article 15 of the GDPR): as an interested party, you have the right to obtain from the Data Controller (So Simple Distribution) confirmation as to whether or not personal data concerning you are being processed and in this case to obtain access to personal data and the following information:
- a) the purposes of the processing;
- b) the categories of personal data processed;
- c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;
- d) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
- g) if the data are not collected from you, all available information on their origin.
- Right to rectify inaccurate data or to integrate incomplete data (Article 16 of the GDPR)
- Right to delete stored data (Article 17 of the RGPD), provided that So Simple Distribution does not have to comply with further retention periods provided for by legal obligations and if we do not have our right to further storage for the assessment, exercise or the defense of a right in court (for example, in the event of outstanding claims against you).
- Right to limit the processing of your data (article 18 of the GDPR)
This right can be exercised if:
- contest the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
- the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited;
- although the data controller no longer needs them for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
- the interested party opposed the processing pursuant to Article 21, paragraph 1 of the GDPR, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party
We remind you that, if the data processing has been limited following the exercise of your right, the data can be processed, except for storage, only with the consent of the interested party or for the verification, exercise or the defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State.
If you have obtained the processing limitation you are informed by the Data Controller before this limitation is revoked.
- Right to data portability (article 20 of the GDPR):
If you wish to receive, in a structured format of common use and readable by an automatic device, certain data stored by us concerning you or request that such data be transmitted to another data controller;
- Right to object (Article 21 of the GDPR) and to withdraw consent
You can object at any time to the processing of your personal data for marketing purposes or revoke any consent provided by sending a communication by post or by e-mail to the addresses indicated in the Contacts.
You can also exercise these rights directly on our site in the "My Account" section.
After receiving your opposition or revocation, So Simple Distribution will refrain from using, processing and transmitting the data concerned, without prejudice to the technical time required to process your request.
You can also object at any time to the processing of data that is based on a legitimate interest of So Simple Distribution including any profiling that takes place on the basis of this provision. So Simple Distribution will refrain from processing that has this legal basis, unless there are compelling legitimate reasons to proceed with the processing that prevail over your interests or rights or in the event that it is necessary to ascertain, exercise or defend a right. in court.
- Right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affect you or that significantly affect your person in a similar way (Article 22 GDPR). The decisions that are necessary for the conclusion or execution of a contract between you and the data controller are reserved; that are authorized by the law of the European Union or of the Member State to which the Data Controller is subject (Italy in the specific case); that are based on your express consent.
- Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)
If you believe that the processing of your data is carried out in violation of the data protection legislation, you can contact the Guarantor for the protection of personal data, in the manner indicated by the same on its website (www.garanteprivacy.it) or to the supervisory authority of another EU country where you reside or work or where you believe the alleged violation has occurred.
Please note that the rights and faculties indicated above may be subject to limitation / exclusion, pursuant to Article 23 of the GDPR and Article 2 duodecies of the Privacy Code (Legislative Decree No. 196/2003) for reasons of justice (which include the judicial treatment of business and disputes). In such cases, you can still exercise your rights through the Data Protection Authority in the manner provided for in Article 160 of the Privacy Code.
You can assert the rights described above, as well as the revocation of consent to the processing of your data in the cases provided for by this information by writing to So Simple Distribution SPA, Via Della Rocca n. 20 - 10123 TURIN or by sending an e-mail to firstname.lastname@example.org.