Nereidis S.r.l. (hereinafter “Nereidis”) provides the following information in accordance with Articles 13 and 14 of the Regulation 2016/679/EU (or General Data Protection Regulation, hereinafter “G.D.P.R.”) and subsequent national implementing law (hereinafter, together with the G.D.P.R., the “Applicable Privacy Legislation”), making it available to all users who use the Nereidis website (hereinafter the “Site”), at the following address https://soloblu.com/. User related information which constitutes personal data within the meaning of the Applicable Privacy Legislation, may be collected when they visit the site.
This disclosure applies solely to the site referred to above, and does not concern any other sites that may be reached by the user through the links on that site.
The Data Controller is Nereidis S.r.l., with registered office in Milan (MI), via A. Locatelli, no. 6, 20124.
Types of data processed
Personal data acquired automatically when you visit the Site
o Web surfing information. Nereidis automatically collects data on your device (pc, tablet, mobile phone or other mobile device)and the connection you use, including, for example, your IP address, access date and time, hardware and software information, device event information, unique identifiers, crash data, and pages you viewed before or after using the Site.
This data is collected even if the user has not logged into the account created on the Site, or, in any case, even if the user has not created an account on the Site.
- Site usage data. Nereidis collects information about how you have used the Site, including, for example, the pages of the Site or other content displayed, searches, links to third-party applications on which you have clicked.
Personal data provided directly by the user
- Data required to use the account created on the Site, and to make purchases on the Site
o Data providedforaccount registration. When you register on the Site by creating an account, Nereidis collects the information required to create your account, such as your email address and password.
o Data related totheuser’s account. Nereidis collects a variety of information related to how you use your account (for example, adding items to your cart).
o Transaction data. Nereidis collects information about your transactions on the Site, such as your name, surname, tax code and address, or the name, VAT number and address of the Company, as well as the payment instruments used, the amounts paid, the payment instrument expiration date and other transaction details. This information is necessary for the regular and proper execution of the contract between Nereidis and the user, and to allow the latter to finalize purchases made on the Site.
The user is informed that the transaction data are collected through the Gestpay platform , which is managed by Easy Nolo S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, no. 1 - (Tel. 015 2526511).
The transaction related information is processed by Easy Nolo S.p.A. in its capacity as an external data processor in order to fulfil its contractual obligations towards Nereidis.
o Shipment data. Nereidis collects information about shipments of products you purchase on the Site, such as your billing address, your shipping address, and order numbers.
- Optional data
- Data provided through requests for information via e-mail. If the user explicitly and voluntarily sends electronic mail to the addresses indicated on the Site to request information, Nereidis acquires the e-mail address of the user and any other personal data of the user included in the email.
- Data provided for the activation of the newsletter service. If the user decides to activate the newsletter service offered by Nereidis, the latter shall acquire the user’s email address.
Personal data collected through cookies
Purpose of the processing
To ensure the operation of the Site; fulfil contractual obligations to users and provide them with services available fromNereidis through the Site;protect the vital interests of the user; comply with the regulations in force or to fulfil other requirements of public interest
User data is processed to:
- operate, measure and improve the Site and the services provided by Nereidis through the Site;
- enable account management and payment processing;
- maintain the services provided by Nereidis through the Site safe, secure and operational;
- provide users with information about their accounts and resolve any account related problems;
- resolve disputes that have arisen with the user, collect fees and other amounts due from the user or to collect amounts which are otherwise required to provide the services rendered by Nereidis through the Site;
- prevent, detect, mitigate and determine fraud, security breaches and potentially prohibited or illegal activities.
Pursue the legitimate interests of Nereidis while ensuring that these interests do not prevail over the fundamental rights and freedoms of the user
Indeed, the user’s data is processed:
- to identify and resolve any problems with usage of the Site (for example, pages that are blocked or malfunctioning) and to provide an improved experience overall;
- to receive user opinions collected through surveys or questionnaires;
- to measure the performance of email marketing campaigns (for example, by analysing open and click through rates).
Perform marketing operations after obtaining consent beforehand
- If a user has subscribed to the newsletter, with the latter’s consent (which is revocable at any time, in the manner that will be described), that data may be processed for:
- emailing marketing information, advertising, information about special promotions and discounts and updates on the services offered by Nereidis.
Personal data may be known and processed by Nereidis staff, duly instructed about the precautions to take as provided by the Applicable Privacy Legislation.
The specific time during which personal user data is stored is documented in the register of Nereidis’ processing activities (implemented in accordance with article 30 of the G.D.P.R.).
The data collected by Nereidis (see above) is stored for a period of time that is commensurate with the time required for Nereidis to provide the site services (according to the criteria in recital 39 and art. 5, paragraph 1, letter e) of the G.D.P.R.).
User data may be stored (according to recital 65 of the G.D.P.R.) for longer periods only if the longer retention period is required in order for Nereidis to comply with specific legal obligations, to ascertain, exercise or defend a legal claim and/or to pursue other tasks in the public interest (for example, in the case of orders of public authorities relating to the storage of data following an investigation, or for the storage of personal data for purposes related to a dispute, or for mandatory storage obligations relating to tax and accounting purposes).
Users who have consented to the processing of their data for marketing purposes are entitled to revoke that consent at any time (see below).
After the expiry of these storage periods, user data are either deleted or permanently anonymised.
Nereidis will communicate the personal data of users only and exclusively to the parties and for the purposes indicated below.
Shipment and payment execution; fight against illegal acts, fraud and security breaches
- Nereidis will communicate the personal data of users (to the extent necessary to meet the relevant purposes of processing) to third parties that provide services to Nereidis, in particularpayment processors, to prevent and detect potentially unlawful acts, fraud and security breaches (as well as mitigate their negative effects on users), and to collect invoice receivables.
- Nereidis will communicate users’ personal data (only as necessary to meet the relevant processing purposes) to third parties who provide shipping services, with whom we will share delivery addresses, contact information and order numbers in order to facilitate the delivery of items purchased and communications related to delivery.
- These communications of user data allow the regular and proper execution of the service provided by Nereidis.
Law enforcement, judicial proceedings and procedures authorised by law
- Nereidis may disclose your personal data to courts, public authorities, government authorities or authorized third parties, in the event and to the extent that Nereidis is required or authorized to do so by law, or if such disclosure is reasonably necessary. Such communications will have the purpose of:
- discharging Nereidis’ legal obligations;
- responding to claims made against Nereidis;
- complying with verified requests relating to a criminal investigation or suspected illegal activity or any other activity that may expose Nereidis or users to legal consequences;
- protecting the rights, property or personal safety of Nereidis, its employees, users or the public at large.
Data subject rights
Pursuant to the Applicable Privacy Legislation, at any time, free of charge and without any special charges or formalities users may:
o obtain confirmation that Nereidis processes their data;
- access the data collected by Nereidis, and be informed of the origin of the data, the purposes and objectives of the processing, the storage period (or criteria used to determine it) of the data, and information about third parties to whom the data were communicated;
- revoke consent at any time, if the processing is pursued on the basis of such consent. It is nevertheless specifically noted that any revocation of consent does not affect the lawfulness of the processing carried out prior to such revocation;
- update or correct the data collected by Nereidis, so that it is always correct and accurate;
- exercise their right to be forgotten, i.e. ensure that their data collected by Nereidis are deleted from Nereidis’ databases and/or backup archives.User data is deleted if:
- it is no longer necessary for the purposes of the processing, or if the user has withdrawn consent to the processing of the data, has opposed the processing of the data (in the cases specified below), the data have been processed unlawfully or the Applicable Privacy Legislation provides for such erasure;
- if the processing of user data is not necessary for Nereidis for one of the reasons referred to in Article 17, paragraph 3 of the G.D.P.R. (including, in particular, the fulfilment of a legal obligation requiring such processing; the pursuit of requirements that are in the interest of the public; the establishment, exercise or defence of legal claims);
- to limit the processing of personal data by Nereidis, in the cases referred to in Article 18, paragraph 1 of the G.D.P.R. (e.g. where the accuracy of the data has been contested);
- at any time, users are entitled to oppose the processing of data to pursue requirements that are in the interest of the public or the legitimate interests of Nereidis, unless Nereidis demonstrates that such data is processed for legitimate unavoidable purposes or for the detection, exercise or defence of its rights in court;
- a user may request that data processed pursuant to a user’s consent, or to fulfil contractual obligations towards the user and provide the latter with Nereidis services, be provided in a structured, commonly used format which can be read by an automatic device. A user may then transmit such data to third parties, without Nereidis being entitled to take any action to prevent this;
- be informed, within a reasonable time, of any rectification, erasure or restriction of the processing ordered by Nereidis, as well as of any revocation of such measures and the reasons for such revocation (for example, for the limitations on the processing, the expiration of the limitation period, or if the circumstances that caused the limitation of the processing no longer apply: for example, verification of the accuracy of the user’s personal data).
A user may exercise these rights by sending an informal written request to Nereidis, via e-mail to [*].Contact firstname.lastname@example.org
Once Nereidis has received the aforementioned e-mail, through the data controller, it will satisfy the user’s request without delay, and, in any case, at the latest within one month from the receipt of the request itself. This period may be extended by two months where necessary based on the complexity and the number of applications. In the event of an extension, within one month of receiving the request, Nereidis will inform the user of the extension of the deadline and the reasons thereof.
Nereidis hereby reminds users that, in the event of dissatisfaction with the response they receive to a request, they are entitled to address and lodge a complaint with the Data Protection Authority (http://www.garanteprivacy.it/) in the manner provided by the Applicable Privacy Legislation.
Last updated: July 2018