Data protection / Privacy Policy / Cookies

ZETA ELLE SRL
Piazza Padre Pio, 68, 71121 Foggia – Italy
info@zlribs.com

Legal notice:

By visiting or using the zlribs.com website, you agree to the following terms of use.

Copyright

Information and the design (content) thereof are subject to copyright protection. Only ZETA ELLE SRL is authorised to use this protected content, unless otherwise stated.

Reproduction and/or representation of the whole or parts thereof is only permitted with the written consent of ZETA ELLE SRL. In particular, it is not permitted to copy images or layouts from the website and use them for one’s own purposes.

Data protection policy

1. Introduction

With the following information we would like to give you, as the “data subject”, an overview of our processing of your personal data and your rights under the data protection laws. A use of our internet pages is in principle possible without the input of personal data. If a data subject wishes to make use of specific services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject must generally consent to us processing their data.

The processing of personal data, such as your name, address or e-mail address, shall always be in line with the Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to “ZETA ELLE SRL”. By means of this data protection policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

We have implemented numerous technical and organisational measures as the group responsible for the processing of personal data in order to ensure that all personal data processed via this website are protected as completely as possible. Nevertheless, internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, everyone is free to transmit personal data to us by alternative means, for example by telephone.

2. Definition of Terms

The privacy policy is based on the terms used by the European guideline and regulation provider when the General Data Protection Regulation (GDPR) was issued. Our privacy policy is intended to be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection policy:

2.1 Personal data

Personal data is all the information which relates to an identified or identifiable natural individual. An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).

2.3 Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

2.4 Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

2.5 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

2.6 Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

2.7 Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

2.8 Recipient

The recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.9 Third parties

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.#

2.10 Consent

Consent shall mean any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies their agreement to the processing of their personal data.

3. Legal basis of the processing

Art. 6 Para. (1) lit. a GDPR (in conjunction with Section 25 (1) sentence 1 TDDG) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1). (1) lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing shall be based on Art. 6 (1) lit. c GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on Art. 6 para. (1) lit. d GDPR.

Ultimately, processing operations could be based on art. 6 para. (1) lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2, GDPR).

4. Technology

4.1 SSL/TLS encryption

This site is using SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that there is a “https://” instead of a “http://” in the address line of the browser and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

4.2 Data collection when visiting the website

When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data which your browser transmits to our server (known as “server log files”). Our website collects a series of general data and information every time a person or an automated system accesses the website. This general data and information is stored in the server’s log files. The following may be recorded

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the subpages, which are accessed via an accessing system on our website,
  5. the date and time of access of the website,
  6. the internet protocol address (IP address),
  7. the Internet service provider of the accessing system

This general data and information does not allow us to draw any conclusions about the data subject. Rather, this information is needed,

  1. to deliver the contents of our website correctly,
  2. to optimise the contents of our website as well as the advertising for it,
  3. to ensure the permanent functionality of our information technology systems and the technology of our website, as well as
  4. to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.

This anonymously collected data and information is therefore evaluated by it statistically with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files is stored separately from all personal data provided by a data subject.

The legal basis for the processing of data is Art. 6 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

5. Cookies

5.1 General information about cookies

We use cookies on our website. These are small files which your browser automatically creates and which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimise user-friendliness. If you visit our site again to use our services, it will automatically be recognised that you have already been on the website, along with which inputs and settings you opted for, so that you do not have to re-enter them.

On the other hand, we use cookies to make statistical records on the use of our website and to evaluate it for the purpose of optimising our offer for you. When you return to our website, these cookies enable us to automatically recognise that you have already been to our website. These cookies are automatically deleted after a defined period of time.

5. Contents of our website

5.1 Contact / Contact form

Personal data is collected when contacting us (e.g. via the contact form or email). The data collected in the case of a contact form can be seen from the contact form in question. This data is stored and used solely for the purpose of responding to your enquiry and the associated technical administration. The legal basis for the data processing is our legitimate interest in responding to your enquiry in accordance with Art. 6 Para. (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. (1) lit. b GDPR. Your data will be deleted after the final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified, and provided that there are no legal storage obligations to the contrary.

6. Your rights as a data subject

6.1 Right to confirmation

You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

6.2 Right of access Art. 15 GDPR

You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

6.3 Right of rectification Art. 16 GDPR

You have the right to request that inaccurate personal data concerning you be corrected. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

6.4 Deletion Art. 17 GDPR

You have the right to demand that we delete the personal data relating to you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

6.5 Restriction of processing Art. 18 GDPR

You have the right to request us to restrict processing if one of the following conditions is met.

6.6 Data portability Art. 20 GDPR

You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another data controller without obstruction by the data controller to whom the personal data have been provided, provided that the processing is based on the consent provided for in Art. 6 Para. (1) lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20 Para. 1 of the GDPR, you have the right to have the personal data transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.

6.7 Objection Art. 21 GDPR

You have the right to object, at any time, for reasons arising from your particular situation, to the processing of your personal data carried out on the basis of Art. 6 (1) lit. e (data processing in the public interest) or f (data processing on the basis of a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 of the GDPR

If you lodge your objection, we will no longer process the personal data which concern you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In individual cases, we will process your personal data for direct marketing purposes. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

6.8 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time.

6.9 Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

7 Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject.

If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

8. Duration of the storage of personal data

The criterion used to determine the period of storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted if it is no longer required to fulfil the contract or for initiating a contract.