Art.13 of Regulation EU 2016/679 (“GDPR”)
Your data shared or generated through the use of the website www.corojewels.com is processed by the company Co.Ro. Srls (VAT number: 12989871004, HQ: Via della Scrofa 52 00186 Rome (RM) in the capacity of “Data Controller”.
Pursuant to Article 13 of EU Regulation no. 2016/679 (hereinafter: the “GDPR”), we inform you that your data will be processed in the following manner and for the following purposes:
- Subject of the Data Processing
The Data Controller processes personal data and usage data generated by visitors through their interactions with the website www.corojewels.com (hereinafter: the “Website”) accessible at the address https://www.www.corojewels.com/. Additionally, the Website is capable of tracing some data relating to the network and infrastructure used by visitors (such as the IP address).
- Purpose and legal basis of the Data Processing
Users’ personal data is processed to:
- enable users to send messages to the Data Controller by interacting with contact forms and web chats available on the Website;
- carry out sales through the Website;
- enable users to register a personal account on the Website;
- fulfill contractual obligations;
- fulfill legal obligations;
- acquire statistics and metrics necessary to maintain the correct functioning of the Website;
- exercise the rights of the Website’s owner (for example the right to defense in court).
The legal bases of the treatments listed above are as follows: in
- In relation to the purposes a), b), c) and d), the data processing is necessary for the execution of a contract between the Data Controller and Website’s users, and/or for the execution of pre-contractual activities requested by Website’s users;
- In relation to the purpose e), the data processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
- In relation to the purposes f) and g), the legal basis is a legitimate interest of the Data Controller, that is to monitor the correct functioning of the Website and exercise the rights of the Data Controller.
The provision of data for the purposes listed above is necessary to access the Platform. Should you decide not to communicate the requested data, it will not be possible for you to use the Platform.
Furthermore, depending on your specific and distinct consent (pursuant to Article 7 of the GDPR), your data may or may not be processed for the following Marketing and Profiling Purposes:
- h) To send emails with promotional and commercial communications;
- i) To conduct automated profiling through the collection of information acquired directly from users and data relating to the activities carried out by users while using the Platform. Profiled users may be offered personalized packages and offers, including through promotional
The provision of data for marketing and profiling purposes is optional. You can therefore decide not to provide any data and to deny the possibility of processing the data provided earlier. You may withdraw your consent to the processing of your data at any time without prejudice to the lawfulness of the processing based on consent prior to the revocation.
Should you purchase products through the Website, we may send you commercial communications relating to the Controller’s services and products similar to those you have purchased, unless you opt-out (Article 130 c. 4 of the Privacy Code).
- Data Retention Period
Personal Data will be kept for the time necessary to fulfill the purposes indicated in the present Privacy Notice. As required by the Civil Code, the Data Controller shall preserve a copy of the correspondence with legal and commercial relevance for ten years. Additionally, the user’s Personal Data may be preserved for the time necessary to guarantee that the Data Controller may exercise rights such as the right for defense in court or to pursue abuses of the Website.
Data collected for marketing activities (such as sending newsletters and commercial communications) may be preserved until you actively revoke your consent.
- Communication of Data
We may not disclose your personal data to any third parties unless it is necessary for the provision of services or by law:
- to employees and collaborators of the Data Controller in Italy and abroad, in their capacity of subjects authorized to process personal data (for example system administrators);
- to third-party companies or other subjects (e.g.: credit institutions, professional companies, IT consultants, etc.) who carry out outsourced activities on behalf of the Data Controller in the capacity of external data processors.
The Data Controller may communicate your data for the purposes referred to in art. 2. of the GDPR to: supervisory bodies, judicial authorities, and public bodies to which it is mandatory to communicate the data in question.
- Transfer of Data
Personal data are stored on servers located within the European Union, managed by third-party companies appointed as Data Processors.
To carry out some types of data processing, the Data may be transferred to countries outside the European Union, but only to countries deemed “adequate” and thus “safe” by the European Commission, and to which it is necessary to transfer the data to fulfill contractual obligations with the user.
- Your rights
In relation to the data processing described therein, as the Data Subject, you may exercise the rights provided for by the GDPR (articles 15-22), including:
- access rights – receive confirmation that your data is held by the Data Controller, and access its content;
- right of rectification – update, modify and/or correct your Data;
- right to be forgotten and right to limitation – request the cancellation of data and/or limitation of the data processing if you believe that your data is being processed in ways that do not comply with the present Privacy Notice;
- right to object – oppose the processing of your Data;
- submit a complaint to the relevant Supervisory Authority – the Guarantor for the protection of personal data (accessible on www.garanteprivacy.it) in case of violation of the regulations on the protection of personal Data;
- right to data portability – receive an electronic copy of the data concerning you (when such data have been rendered in the context of the contract) and request that the data in question be transmitted to another data controller.
- How to exercise the rights and contact details of the Data Controller
The Data Controller is Co.Ro. Srls with the HQ in Via della Scrofa 52 00186 Rome (RM).
You may exercise your rights at any time by sending a letter with a return receipt to: Co.Ro. Srls, Via della Scrofa 52 00186 Rome (RM), or an e-mail to firstname.lastname@example.org.
- Information not contained in this Privacy Notice
More information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.
- Changes to this Privacy Notice
This Privacy Notice may undergo changes. Should you have any concerns with the processing of your data at any time, please consult this page (XXX) and refer to the updated version.
Version updated on 06/22/2021.