Privacy Policy

ENGLISH

 

Privacy Policy for zoraido.com

This website (hereinafter referred to as the “Application”) collects certain Personal Data from its Users.

 

Data Controller (hereinafter referred to as the “Controller”)

Piero SRLS

via Giuseppe Garibaldi 8, 40066 Pieve di Cento (BO) - Italy

info@zoraido.com

VAT number 03803881204

Tel. +39 051 975588

 

Types of Data collected

Among the Personal Data collected by this Application, either independently or through third parties, are: Cookies; Usage Data; first name; last name; country; email; city.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Application.

Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. In cases where this Application indicates certain Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability or operation of the Service.

Users who have doubts about which Data is mandatory are encouraged to contact the Controller.

Any use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and guarantees that they have the right to communicate or disseminate them, releasing the Controller from any liability to third parties.

 

Methods and place of processing of the collected Data

Method of processing

The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

Processing is carried out using IT and/or telematics tools, with organizational methods and logics strictly related to the purposes indicated. In addition to the Controller, in some cases, other parties involved in the organization of this Application (administrative, commercial, marketing, legal personnel, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by the Controller. The updated list of Data Processors can always be requested from the Data Controller.

 

Legal basis of processing

The Controller processes Personal Data relating to the User if one of the following conditions exists:

  • the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below having to exist, until the User objects (“opt-out”) to such processing. However, this is not applicable if the processing of Personal Data is regulated by European legislation on the protection of Personal Data;
  • processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures;
  • processing is necessary to fulfill a legal obligation to which the Controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.

It is in any case always possible to ask the Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract.

 

Place

The Data is processed at the Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, please contact the Controller.

The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User can refer to the section relating to the details on the processing of Personal Data.

The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization of public international law or constituted by two or more countries, such as the UN, as well as regarding the security measures adopted by the Controller to protect the Data.

The User can verify whether one of the transfers described above takes place by examining the section of this document relating to the details on the processing of Personal Data or request information from the Controller by contacting them at the details provided at the beginning.

 

Retention period

The Data is processed and stored for the time required by the purposes for which it was collected.

Therefore:

Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the execution of such contract is completed.

Personal Data collected for purposes attributable to the legitimate interest of the Controller will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.

When processing is based on the User’s consent, the Controller may retain Personal Data for longer until such consent is revoked. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, Personal Data will be deleted. Therefore, at the expiry of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

 

Purpose of processing collected Data

The User’s Data is collected to allow the Controller to provide its Services, as well as for the following purposes: Displaying content from external platforms, Interaction with social networks and external platforms, Contacting the User, Statistics, Optimization and distribution of traffic, Hosting and backend infrastructure and Tag management.

To obtain further detailed information on the purposes of processing and on the Personal Data concretely relevant for each purpose, the User can refer to the relevant sections of this document.

 

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

  • Mailing list or newsletter (this Website)

By registering for the mailing list or newsletter, the User’s email address is automatically added to a list of contacts to whom email messages containing information, including commercial and promotional information, relating to this Website may be sent. The User’s email address may also be added to this list as a result of registering on this Website or after making a purchase.

Personal Data collected: email and name.

  • Payment management

Payment management services allow this Website to process payments via credit card, bank transfer or other tools. The data used for payment is acquired directly by the requested payment service provider without being processed in any way by this Website.

Some of these services may also allow the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.

PayPal (Paypal)

PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments.

Personal Data collected: various types of Data as specified by the service’s privacy policy.

Place of processing: Consult Paypal’s privacy policy – Privacy Policy.

 

  • SPAM protection

This type of service analyzes the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content recognized as SPAM.

Google reCAPTCHA (Google Inc.)

Google reCAPTCHA is a SPAM protection service provided by Google Inc.

The use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use.

Personal Data collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy. Subject adhering to the Privacy Shield.

 

  • Tag management

This type of service is functional to the centralized management of tags or scripts used on this Application.

The use of these services involves the flow of User Data through them and, if applicable, their retention.

 

  • Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC.

Personal Data collected: Cookies; Usage Data.

 

  • Hosting and backend infrastructure

This type of service has the function of hosting Data and files that allow this Application to function, allow its distribution and provide a ready-to-use infrastructure to deliver specific functionalities of this Application.

Some of these services operate through servers located geographically in different places, making it difficult to determine the exact place where Personal Data is stored.

 

  • Interaction with social networks and external platforms

This type of service allows interaction with social networks, or with other external platforms, directly from the pages of this Application.

The interactions and information acquired by this Application are in any case subject to the User’s privacy settings for each social network.

This type of service could still collect traffic data for the pages where the service is installed, even when Users do not use it.

It is recommended to disconnect from the respective services to ensure that the data processed on this Application is not reconnected to the User’s profile.

 

  • Facebook Like button and social widgets (Facebook, Inc.)

The Facebook “Like” button and social widgets are services for interacting with the Facebook social network, provided by Facebook, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy.

 

  • Tweet button and Twitter social widgets (Twitter, Inc.)

The Tweet button and Twitter social widgets are services for interacting with the Twitter social network, provided by Twitter, Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy.

 

  • “Pin it” button and Pinterest social widgets (Pinterest)

The “Pin it” button and Pinterest social widgets are services for interacting with the Pinterest platform, provided by Pinterest Inc.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy.

 

  • Optimization and distribution of traffic

This type of service allows this Application to distribute its content through servers located throughout the territory and to optimize its performance.

The Personal Data processed depends on the characteristics and implementation method of these services, which by their nature filter communications between this Application and the User’s browser.

Given the distributed nature of this system, it is difficult to determine the places where the content is transferred, which may contain the User’s Personal Data.

 

  • Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

 

  • Google Analytics with anonymized IP (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, compile reports and share them with other Google services.

Google may use Personal Data to contextualize and personalize the ads of its advertising network.

This integration of Google Analytics anonymizes your IP address. Anonymization works by shortening the IP address of Users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google servers and shortened within the United States.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy – Opt Out.

 

  • Facebook Ads conversion tracking (Facebook pixel) (Facebook, Inc.)

Facebook Ads conversion tracking (Facebook pixel) is a statistics service provided by Facebook, Inc. that links data from the Facebook ad network with actions performed within this Application. The Facebook pixel tracks conversions that can be attributed to Facebook, Instagram and Audience Network ads.

Personal Data collected: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Subject adhering to the Privacy Shield.

 

  • Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of this Application and to interact with them.

In the event that a service of this type is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages on which it is installed.

 

  • Google Maps Widget (Google Inc.)

Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such content within its pages.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy.

 

  • YouTube Video Widget (Google Inc.)

YouTube is a video content visualization service managed by Google Inc. that allows this Application to integrate such content within its pages.

Personal Data collected: Cookies; Usage Data.

Place of processing: USA – Privacy Policy.

 

User Rights

Users can exercise specific rights regarding the Data processed by the Controller.

In particular, the User has the right to:

  • withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously given.
  • object to the processing of their Data. The User can object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
  • access their Data. The User has the right to obtain information about the Data processed by the Controller, on certain aspects of the processing, and to receive a copy of the processed Data.
  • verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
  • obtain restriction of processing. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Controller will not process the Data for any purpose other than its storage.
  • obtain the erasure or removal of their Personal Data. When certain conditions are met, the User can request the erasure of their Data by the Controller.
  • receive their Data or have them transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain its transfer without hindrance to another controller. This provision is applicable when the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party, or on contractual measures related thereto.
  • lodge a complaint. The User can lodge a complaint with the competent data protection supervisory authority or take legal action.

 

Details on the right to object

When Personal Data is processed in the public interest, in the exercise of official authority vested in the Controller, or for the purposes of the legitimate interests pursued by the Controller, Users have the right to object to the processing on grounds relating to their particular situation.

Users are advised that, if their Data is processed for direct marketing purposes, they can object to that processing without providing any justification. To find out whether the Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

 

How to exercise your rights

To exercise their rights, Users can address a request to the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Controller as quickly as possible, in any case within one month.

 

Further information on processing

Legal defense

The User's Personal Data may be used by the Controller in legal proceedings or in the preparatory stages of such proceedings to defend against abuse in the use of this Application or related Services by the User.

The User declares to be aware that the Controller may be obliged to disclose the Data by order of public authorities.