Data controller is:
Welco Srl - via Pacinotti, 3/D - 20030 Senago (MI) Italia – P.IVA: IT11673650963
For further questions regarding this Data Protection Policy or about the protection of your personal data, you can contact us by phone ++39 (0) 299489276 or by contact form.
Personal data types we process
Here below you can find what personal data we process/ manage and store, this kind of information are provided directly from users during website use, depending on its interaction:
- • User ’s name and surname / Company name and fiscal information (VAT number);
- • Contact information: telephone number, fax number, e-mail address;
- • Shipment and invoice address;
- • IP address;
- • Information on transactions, purchased products and preferences;
Personal data treatment purposes and legal basis
Provided information will be treated for purposes listed below:
1) To handle sale process: dispatch orders, manage payment transactions, fulfill accounting procedures, prepare shipments;
The legal basis for processing personal data for the purpose of handling orders and fulfilling contractual obligations and exercising contractual rights is Article 6 (1) b) GDPR (contractual necessity). The legal basis for processing personal data for the purposes of understanding customer business activities and interests and order history is Article 6 (1) f) GDPR (legitimate interests). The legal basis for processing and keeping personal data for the purpose of complying with record keeping obligations (including commercial accounting standards and tax and fiscal retention obligations) is Article 6 (1) c) GDPR (legal obligation).
2) To manage online accounts and its information (orders history, purchased products, order process preferences); to improve and manage our website functionalities;
The legal basis for processing information about online browsing behavior, if it contains personal data, is Article 6 (1) a) GDPR (consent), if we ask you to provide consent and to agree to the processing of your personal data. Specific other provisions in laws relating to data processing in an online context may require your consent as well. Under some circumstances e.g. when we process a limited amount of personal data which, by type and nature does not significantly affect your rights and freedoms, the legal basis for processing your personal data in the context of your browsing or registering on our websites, social media pages or platforms is Article 6 (1) f) GDPR (legitimate interests).
3) To communicate with user/customer, reply to answers/requests or complains;
The legal basis for processing personal data for the purpose of communicating with you and to respond to any sort of inquiry or request is Article 6 (1) b) GDPR (contractual necessity), as far as it occurs in the context of preparing or facilitating the conclusion of a contract or to answer to inquiries and requests in connection with a contract. As far as personal data is processed for communicating with you on other matters the legal basis is Article 6 (1) f) GDPR (legitimate interests).
When we process personal data to contact you and to send you information about our goods and services, new technological developments, special offers and business opportunities the legal basis is Article 6 (1) a) GDPR (consent) if we ask you to provide consent and to agree to the processing of your personal data for that purpose. Under some circumstances e.g. when we process a limited amount of personal data which, by type and nature does not significantly affect your rights and freedoms, the legal basis for processing your personal data to contact you and to send you information about our similar goods and services, new technological developments, special offers and business opportunities is Article 6 (1) f) GDPR (legitimate interests).
4) Legal obligations and compliance
As a worldwide operating company we are subject to various laws and regulations that impose legal obligations on us. Some of these laws and regulations may require the collection and processing of personal data (e.g. tax laws, commercial laws, trade and export compliance regulations, customs codes, anti-money-laundering laws). Where such legal obligations are based on EU or EU Member State laws and regulations, the legal basis for processing personal data is Article 6 (1) c) GDPR. Where such legal obligations are based on laws and regulations of third countries (non-EU), compliance with these legal obligations may represent a legitimate interest. If so, the legal basis for processing personal data is Article 6 (1) f) GDPR. The latter applies also to the processing of personal data for the purpose of ensuring compliance with our policies, codes of conduct and regulations.
5) For security purposes, maintaining and protecting the security of our products, services and websites, preventing and detecting errors through the log files, security threats, fraud or other criminal or malicious activities.
Sharing Personal Data with Service Providers and Third Parties
1) Public and customs authorities, administrative bodies; law enforcement and fraud prevention agencies, courts, lawyers;
2) IT service providers, application service providers, Internet service providers, platform and website host service providers, data disposal companies, order and account management service providers, payment service providers, logistics service providers;
3) Third parties, involved in the supply chain (for example carriers, couriers, shipment agencies and brokers, shipment tracking service provider). In some cases with legal partners;
4) Third parties, involved in administrative, accounting and fiscal process (for example professional partner, accounting office and fiscal authorities)
Personal Data storing period
As a company we subject to record keeping obligations and must comply with tax laws and commercial laws that require much longer retention of certain documents and files that may contain personal data.
If we process personal data for the purpose of handling orders and fulfilling contractual obligations, we will keep your personal data for as long as you have a customer or business relation with us. Personal data that is included in documents or files that are subject to tax laws will be kept for 10 years (unless statutory provisions or pending lawsuits or tax proceedings require longer retention), personal data that is included in documents or files that are subject to commercial laws will be kept for 6 years (unless statutory provisions or pending lawsuits require longer retention).
If we process personal data for the purpose of communication, we will keep the data for as long as we need the data to communicate with you, or for as long as we have a legitimate interest to provide you with business, product and service information, or marketing, event and promotion materials, except where you have objected to the processing of your personal data for such purposes.
If we process personal data for the purpose of compliance with laws and regulations that impose legal obligations on RF, we keep personal data for as long as such laws and regulations require.
Access, modify, erase, restrict and other rights over personal data
You can anytime access and update your personal data entering your private area of the website.
Applicable data protection law provides you with the right to:
ACCESS: obtain information on your personal data we hold and/or processes about you and receive a copy of your personal data being processed in a structured, commonly used and machine-readable format;
RECTIFY: obtain the rectification of inaccurate personal data;
ERASE: obtain the erasure of your personal data, unless processing of her/his personal data is necessary for compliance with applicable legal obligations;
RESTRICT: obtain restriction of processing regarding your personal data;
OBJECT: object, on grounds relating to your situation, to processing of your personal data based on a legitimate interest of RF or a third party;
WITHDRAW CONSENT: You have the right to withdraw your consent at any time. However, withdrawal of consent takes typically effect for the future only. Any past processing of personal data that was legitimately based on consent may be subject to other provisions or obligations that require and legitimize further processing of the personal data;
COMPLAIN: You have the right to lodge a complaint with the relevant Data Protection Supervisory Authority if you believe that we have not handled your personal data correctly and lawfully or if you believe that we have not dealt appropriately with your requests.
The supervisory authority which is competent for us is:
Garante per la protezione dei dati personali
Piazza Venezia n. 11 - 00187 Roma
www.gpdp.it - www.garanteprivacy.it
Telephone: (+39) 06.69677.1
Amendments to this Policy
We reserve the right to amend this Policy at any time. This Policy can be amended under the defined procedure for amending policies and notifying amendments.