Personal Data and Privacy Policy
Welcome to website of Diana.
On this page you may find the privacy policy pursuant to Art. 13 of EU Regulation 2016/679 (“GDPR”) in regards to the processing of the personal data that is collected when a user browses the Website and interacts with the related services.
The privacy policy only concerns this Website as well as its possible subdomains, and does not apply to any other website which the user may browse via links.
1. Data Controller
DIANA E-COMMERCE CORPORATION SRL, based in Torreglia (PD) Italy at via San Daniele No. 137/139, 35038, Italian VAT No. 05097740285, e-mail: privacy@dianacorp.com (“Diana” or “Data Controller”) is the data controller.
2. Data Protection Officer (DPO)
Diana has appointed a Data Protection Officer (DPO), who may be contacted via email at privacy@dianacorp.com.
3. Categories of Personal Data
a) Navigation data
By browsing the Website and accessing its related services some personal data relating to the user’s navigation is collected, including IP addresses or domain names of devices used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the server response status (successful, error etc.) and other parameters based on the user’s operating system and IT environment. Such information is not collected in order to be associated with identified data subjects; however, due to its very nature, it may, through processing and association with data held by third parties, allow the identification of the interested data subjects.
b) Personal Data provided voluntarily
The Data Controller processes personal data that the user voluntarily provides when contacting us, such as personal identification data and contact details.
c) Cookies
The Website uses cookies. For more information on cookies and their use on this Website, see the cookie page.
4. Purposes Of The Processing, Legal Basis and Retention Period
The user’s personal data will be processed by the Data Controller for:
# | PURPOSE | LEGAL BASIS | RETENTION PERIOD |
A | Website navigation: to allow the user to browse the Website and access its services as well as, in particular, obtain anonymous statistical information on the use of the Website and the services it offers, in addition to checking that it is functioning correctly | Legitimate interest of the Data Controller | The time necessary for processing |
B | Customer support: to manage and provide feedback to users’ requests sent via the contact form | Execution of the contract or pre-contractual measures requested by the user | The time necessary to respond to the user’s request (without prejudice to further retention, where necessary, for the following purposes) |
C | Applications evaluation: to evaluate unsolicited applications sent via the Website in order to establish either a working relationship or internship | Execution of the contract or pre-contractual measures requested by the user | A maximum time of 24 months (without prejudice to further retention, where necessary, for the following purposes) |
D | Fulfilment of legal obligations: for the fulfilment of legal obligations (in particular for civil, tax, public security, banking and personal data protection matters) | Fulfillment of legal obligations | The time defined by the law. |
E | Litigation and crime prevention: to defend or assert a right of Diana and/or for the detection and prevention of fraud as well as other crimes or offences | Legitimate interest of the Data Controller | The time necessary to achieve the purpose for which the data is collected in accordance with the applicable legislation (for example, statute of limitation) |
and with the user’s consent for the following purposes:
F | Newsletter: sending the newsletter by email regarding Data Controller’s products, services and events | User’s consent | Until consent has been withdrawn, or until the termination of the service |
5. Nature of Data Provision
The provision of data in the fields marked with an asterisk (*) for the purposes referred to in Art. 4, letters A) to E) above, is required to browse the Website and take advantage of its related services, while failure to provide such data makes it impossible to obtain the requested services. On the other hand, the release of data in the fields not marked with an asterisk, although may be useful to facilitate relations with the Data Controller, is optional and failure to complete these does not affect the provision of the requested services.
In reference to the newsletter purposes referred to in Art. 4, letter F), the provision of data is optional and any refusal results with the impossibility for the Data Controller to process the data provided by the user in order to send newsletters, but does not prevent navigating the Website and using its related services.
6. Categories of Recipients of Personal Data And Dissemination of Data
In the pursuit of the purposes for which personal data is collected, the Data Controller may employ the following categories of subjects to whom data may be forwarded or who may acquire knowledge thereof in their capacity as data processors: providers of IT services, such as those operating internet and cloud computing services; subjects who perform tasks and provide services on behalf of the Data Controller; subjects who perform customer assistance activities; firms and other subjects that provide assistance, consultancy and services, for example with regard to legal, tax, accounting, economic-financial, technical-organisational, data processing and communication matters; as well as subsidiaries, parent companies, investees and associates, public authorities, supervisory and control bodies.
The updated list of data processors is available upon explicit request to the Data Controller submitted according to the indications in Art. 9 below.
All data collected and processed may be provided, exclusively for the previously indicated purposes, to internal figures within the Data Controller authorised to process personal data in the performance of their respective duties.
No data collected on this Website is subject to dissemination.
7. Data Transfer to a Third Country and/or International Organisation
The user’s personal data may be transferred, for the purposes for which it is collected, to the United States of America, which is a country outside the European Union.
The transfer of personal data to organisations located in the USA will take place exclusively by virtue of the contractual clauses adopted or approved by the European Union Commission (Art. 46 (II) (c) and (d) of the Regulation).
To obtain a copy of this data, please contact the Data Controller, as indicated in Art. 9 below.
8. Minors
Please note that the Website and its related services is intended for the sale of products and services to individuals who have reached the age of eighteen. Therefore, the Data Controller does not intentionally collect the personal data of persons under the age of 18. By accessing the services of the Data Controller, the user declares to be over 18.
9. Rights of Data Subjects
In relation to the personal data provided by the user, the data subject shall have the right to request access to, the rectification or deletion of his/her personal data or the restriction of the processing activities concerning him/her or the object to the processing of his/her personal data, as well as the right to data portability. In the event that the user provides his/her consent, the user shall have the right to withdraw that consent without prejudice to the lawfulness of any processing based on that consent prior to being withdrawn.
To exercise these rights, the user may send the Data Controller an email: privacy@dianacorp.com.
In addition, if subscribed to the newsletter service, the user may withdraw the consent via the link found in each newsletter received by the Data Controller.
Finally, please note that, as a data subject, if the necessary conditions are met, the interested parties also have the right to lodge a complaint with the Data Protection Authorities according to the provided procedures.