In compliance with Regulation (EU) 2016/679 and applicable data protection laws, we provide you with the following information regarding the processing and protection of your personal data.
Data Controller
Ave Caprice, with registered office at Strada Giuseppe Mazzini 1/b, 43121 Parma, Italy, VAT No. IT00587450347, Phone: +39 0521 348263, Email: info@avecaprice.it
Source of Personal Data:
Personal data are collected directly from the Data Subject when completing this form for the purchase of the products offered on this website, including purchases made without the need to create a user account.
Purposes of Processing
The personal identification data collected from the Data Subject, as a user of the website, are processed directly for the following purposes:
Account Registration
To process requests for account registration and create a personal user account.
Failure to provide the required data, or providing inaccurate or incomplete information, may make it impossible, in whole or in part, to complete the registration process.
- Legal basis: Performance of pre-contractual and contractual measures; consent is not required.
- Retention period: 10 years from the date of registration.
Purchase Processing and Contract Performance
To conclude and perform contracts relating to the purchase of products available on this website, including order management, fulfillment, shipping, and related customer assistance.
Providing the requested data is mandatory in order to complete a purchase.
- Legal basis: Performance of a contract; consent is not required.
- Retention period: 10 years from the date of purchase.
Administrative and Accounting Purposes
To fulfill administrative, accounting, tax, and legal obligations arising from the contractual relationship.
- Legal basis: Compliance with legal obligations.
- Retention period: As required by applicable laws and regulations.
Protection of Rights and Debt Recovery
For the establishment, exercise, or defense of legal claims and for debt collection activities.
- Legal basis: Legitimate interest of the Data Controller; consent is not required.
- Retention period: 10 years from the date of the last purchase.
Service Improvement and Customer Satisfaction
To improve the quality of our services and to conduct customer satisfaction surveys regarding products and services provided directly and/or through our website.
- Legal basis: Legitimate interest of the Data Controller, where applicable, or consent where required by law.
- Retention period: For the period strictly necessary to achieve the stated purposes and in accordance with applicable legal requirements.
Recipients of Personal Data
The personal data collected will not be disclosed to the public.
Personal data may be communicated to third parties where such communication is necessary to comply with tax, accounting, administrative, or legal obligations, as well as to entities engaged by the Data Controller to perform activities that are instrumental and/or ancillary to the fulfillment of its contractual obligations and the provision of the services offered.
By way of example, personal data may be shared with:
- Shipping and logistics companies responsible for delivering purchased products;
- Legal advisors and professional consultants;
- Customer satisfaction service providers;
- Payment service providers and payment processing platforms (such as Nexi);
- IT service providers and technical support partners involved in the operation of the website and related services.
Personal data may also be disclosed to public authorities, regulatory bodies, judicial authorities, or other entities where required by applicable laws, regulations, or orders issued by competent authorities.
Methods of Processing
Your personal data will be processed in accordance with the principles of fairness, lawfulness, and transparency, while safeguarding your privacy and protecting your rights.
The data will be processed using electronic and computerized systems, as well as paper-based records where necessary, by personnel who have been duly authorized and instructed regarding confidentiality obligations and the use of personal data solely for the purposes identified by the Data Controller.
The Data Controller shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with the processing of personal data.
Upon expiration of the retention periods indicated above, all personal data will be deleted, destroyed, or irreversibly anonymized, insofar as this is compatible with applicable technical deletion procedures and backup systems.
Transfer of Data Outside the EU
The Data Subject’s personal data will not be transferred to countries outside the European Economic Area (EEA).
Should it become necessary in the future to transfer personal data to non-EEA countries or international organizations, all provisions set out in Chapter V of Regulation (EU) 2016/679 (GDPR) will be fully complied with in order to ensure an adequate level of data protection.
Data Subject Rights
You have the right to request from the Data Controller access to your personal data, their rectification or erasure, and, where applicable, the restriction of their processing.
You may also request complete and detailed information regarding the processing of your personal data and the rights granted to you under applicable data protection laws by contacting the Data Controller using the contact details provided at the beginning of this Privacy Notice.
Right to Lodge a Complaint
If you believe that the processing of your personal data infringes Regulation (EU) 2016/679 (GDPR), you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) using the contact details available on the website www.garanteprivacy.it
