Latest update: 11th of November 2023
Information on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
1. Premise
This information policy, provided pursuant to Articles 13 and 14 GDPR refers to the website wiloclub.it (the “Site”) and is provided by B&T Service S.R.L., registered office Via Giacomo Bruzzo 2C, 16172 Genova, VAT Number 01106710997, as the Data Controller of personal data (hereinafter referred to as “B&T Service”).
The Site is owned by B&T Service, who is also the owner of the wiloclub.it domain name.
In this Policy, definitions in the singular form also include definitions in the plural form, and vice versa.
In compliance with the GDPR, we hereby inform you that B&T Service will process the personal data provided and collected through the Site as described below.
2. Types of processed data, purposes and legal basis of processing
B&T Service will process personal data collected and/or provided through the Site in the manner and for the purposes described in this section.
2.1 Registration on the Site
I. Data processed. When a person registers on the Site, irrespective of whether he or she makes a purchase or not, B&T Service may collect the following categories of personal data relating to him or her: name, surname, e-mail address, IP address, residential address.
II. Purpose of processing. The data collected pursuant to this paragraph will be collected and processed in order to allow a person to register on the Site by creating an account on the Site and, following registration, to allow him/her to access his/her reserved area on the Site and to use the online services offered by B&T Service to its registered users.
III. Legal basis. The legal basis for the processing described in this paragraph is the necessity to perform a contract, pursuant to art. 6, par. 1, letter b) GDPR, as registration is necessary to purchase products through the Site and in any case to create an account on the Site.
IV. Necessity of data provision. Providing the data mentioned in this paragraph is necessary and, without it, it will not be possible to register on the Site and purchase products on the Site.
V. Period of data retention. The data provided when registering on the Site will be kept by B&T Service until the account is canceled by the person to whom it relates. This is subject to the possibility of extending the aforementioned storage period when this is necessary to comply with a legal obligation to which B&T Service is subject or to protect the rights of B&T Service before a competent authority.
2.2 Making purchases through the Site
I. Data processed. When a person places a purchase order through the Site, B&T Service will process the following categories of personal data:
-
-
-
- first name and surname
- email;
- telephone number;
- IP Address
- data relating to the purchase (transaction amount, products purchased);
- shipping and/or billing address;
- data relating to the payment methods used (e.g. bank data, payment cards).
-
-
For further information on the processing of data relating to users’ payment cards, please see paragraph 3 below.
II. Purpose of processing. The data mentioned in this paragraph will be processed in order to allow the conclusion of the purchase contract and the proper execution of operations related to the latter, including the shipment of the products purchased by the interested parties (and, according to sector regulations, to fulfill tax obligations).
III. Legal basis. The legal basis of the processing is represented by the requirement to execute the contract signed by the specific user when purchasing a product on the Site (art. 6, par. 1, lett. b) GDPR).
IV. Necessity of data provision. Providing the data mentioned in this paragraph is necessary and without it, users will not be able to purchase products through the Site.
V. Period of data retention. B&T Service will keep the data processed to allow the purchase of a product through its Site for a maximum period of 10 (ten) years after the purchase. This is subject to the possibility to extend the above mentioned retention period if this is necessary to comply with a legal obligation to which B&T Service is subject or to protect a right of B&T Service before a competent authority.
2.3 Marketing activities
I. Data processed. Some of the personal data provided by a user when registering with the Site or when purchasing a product through the Site, such as: e-mail address, telephone number and postal addresses.
II. Purpose of processing. B&T Service may process the personal data mentioned in this paragraph for the purpose of carrying out marketing activities, which may take place in the following ways:
a) limited to B&T Service’s customers, by sending e-mail messages – to the coordinates provided by them in the context of a purchase through the Site or at the time of registration – referring to products similar to those purchased through the Site.
b) sending promotional newsletters, conducting market surveys, including those aimed at assessing user satisfaction, and sending advertising material on wiloclub.it’s products and/or services, including by means of automated systems such as e-mail, or by traditional means (e.g. paper mail or brochures), referring to products also not similar to those purchased by a customer through the Site or addressed to users who are not yet customers of wiloclub.it or B&T Service. Such messages and promotional communications may refer to B&T Service products as well as to products of companies belonging to the same group as B&T Service. In this respect, however, B&T Service will not share the data of the persons concerned with these companies but will send the communications and messages relating to their products itself. In this case, the legal basis of the processing is the consent of the individuals concerned to carry out this type of activity;
III. Legal basis of processing. The legal basis on which B&T Service’s processing of personal data for direct marketing purposes is based are, respectively:
a) the legitimate interest of B&T Service in the case of communications relating to products similar to those purchased by its customers on the Site, in application of the provisions of art. 6, par. 1, lett. f) GDPR and art. 130, paragraph 4 of Legislative Decree no. 196/2003 (“Privacy Code”). This is subject to the possibility of users to object to the processing in the manner set out in the following paragraph
b) the consent of the data subject in the case of promotional messages sent to non-customers of B&T Service or relating to products not similar to those already purchased by a customer of B&T Service (art. 6, par. 1, lett. a) GDPR).
Interested parties may object, in any time, to the processing of their personal data for this purpose in the following ways:
-
-
- marketing consent revocation: by sending an e-mail to the address service@wiloclub.it from the email with which you are registered on the Site;
- unsubscribe from newsletters: by clicking on the appropriate link located at the bottom of each newsletter or by writing an e-mail to service@wiloclub.it from the email with which you registered on the Site or by contacting the Data Controller at the contact details indicated in the following paragraph 7.
-
If you wish to unsubscribe from the Site, you can send an email to the Data Protection Officer at the email address service@wiloclub.it from the email with which you are registered on the Site.
IV. Necessity of data provision. The provision of the data referred to in this paragraph, as well as the consent to the processing of the data where necessary, is optional and any failure to do so will not affect the registration of a user on the Site or the completion of a purchase through the Site.
V. Period of data retention. The data processed for direct marketing purposes will be kept for a period of 24 (twenty-four) months from the date on which it is provided and consent to its processing is given, where required. At the end of this period, B&T Service will proceed to request renewal of consent to process such data. This is subject to B&T Service’s possibility to extend the above-mentioned storage period if this is necessary to comply with a legal obligation of B&T Service or to protect a right of B&T Service before a competent authority.
2.4 Data profiling
I. Data processed. Data provided in the context of registering on the Site or during a purchase on the Site, data relating to the preferences and purchasing habits of Site users.
II. Purpose of processing. The personal data mentioned in this paragraph may be processed by B&T Service in order to carry out profiling activities, i.e. to analyze the preferences and consumption habits of the persons concerned by detecting the type and frequency of their purchases, in order to allow B&T Service to send personalized advertising material or promotional communications, as well as to offer users products of their own specific interest.
III. Legal basis. The legal basis for B&T Service’s profiling activities is represented by the consent of the individuals concerned, pursuant to art. 6, par. 1, letter a) GDPR.
IV. Necessity of data provision. The provision of the data described in this section, as well as the consent to the processing of the same, is optional and, without it, it will not be possible for B&T Service to deliver personalized promotional messages and communications to the interested parties. The lack of consent to the processing of data will not affect the possibility for a person to register on the Site and/or to make purchases through the Site.
V. Period of data retention. Data processed for profiling purposes will be kept for a period of 12 (twelve) months from the date on which the data is provided and consent to its processing is given, where required. At the end of this period, B&T Service will proceed to request renewal of consent to process such data. This is subject to B&T Service’s possibility to extend the above-mentioned storage period if this is necessary to comply with a legal obligation of B&T Service or to protect a right of B&T Service before a competent authority.
2.5 Data provided in relation to contacts with the concerned individuals
I. Data processed. B&T Service may process the personal data provided by the individuals concerned (e.g. name, surname, contact details, any other information included in the requests of the individuals concerned) when they decide to contact the company through the contact details on the Site (e.g. telephone number, e-mail, paper mail), as part of the customer care service or for any other request relating to the products and activities of B&T Service.
II. Purpose of processing. B&T Service will process the personal data referred to in this paragraph for the sole purpose of responding to the requests made by the concerned individuals.
III. Legal basis of the processing. The legal basis of the processing described in this paragraph are represented by:
a) the need to perform a purchase contract in the case of the individuals concerned contacting B&T Service for customer care activities (Art. 6(1)(b) GDPR);
b) the consent of the individuals concerned in case they contact B&T Service for any other kind of information (art. 6, par. 1, lett. a) GDPR). In particular, the fact that an individual decides to contact B&T Service by submitting a request to B&T Service shall be considered an unequivocal positive action equivalent to written consent within the meaning of Article 4(11) GDPR.
IV. Necessity of data provision. The provision of the data referred to in this paragraph is optional but, without it, B&T Service will not be able to comply with the requests made by interested parties.
V. Period of data retention. The data processed in accordance with this paragraph will be kept for the period of time strictly necessary to respond to the requests of the interested parties. This is subject to the possibility for B&T Service to extend the above-mentioned period if this is necessary to comply with legal obligations to which it is subject or to protect B&T Service rights before a competent authority.
2.6 Browsing data
When a user visits the Site, B&T Service collects the following browsing data:
-
-
-
-
- technical information, including IP address, information on the devices used by visitors to the Site, browser and operating systems, etc.
- information on the browsing on the Site, including URLs of the pages visited and activities performed on the page, dates and times of browsing, time spent on the Site, click streams.
-
-
-
This information is collected for the proper operation, management, maintenance and improvement of the Site, as well as to ensure that your browsing is safe and to enable us to determine liability for cyber-security breaches. They are also used to allow B&T Service to obtain statistical analysis on the use of the Site with the possibility of analyzing the data also in aggregate form and to allow you to receive promotional advertisements in line with your wishes and interests.
The processing of browsing data is also necessary to allow purchases to be made through the Site.
Users of the Site are always free to decide whether to provide their browsing data, for example by choosing to disable cookies through their browser settings. However, refusal to provide information necessary for browsing may make it impossible to carry out activities strictly related to browsing and, therefore, also to consult and interact with our Site, as well as to make purchases through the Site.
This data is kept only for the time strictly necessary for the purposes for which it is collected.
Browsing data is collected through the use of cookies. To find out more about how cookies work, and how to enable and disable them, please see our cookie policy.
2.7 Plug-ins and social network interaction
The Site allows interaction with third-party sites and social networks (Google, Instagram, Facebook) through hyperlinks, share buttons, social plug-ins and other similar tools.
By accessing one of the areas of the Site equipped with these types of tools, the Internet browser will connect the interested parties directly to the servers of the third-party sites in question, thus transferring their personal data to the operators of these sites.
The data transfer will be carried out on the basis of the consent of the individuals concerned, expressed unequivocally when they click on a specific hyperlink, plug-in button or other similar tool.
Depending on the specific agreements in place with the operators of such third party sites, B&T Service may act as the autonomous controller or joint controller with respect to such data transfers. With regard to the privacy protection methods and the processing of personal data collected by the operators of third party sites with which the described interactions take place, please refer to the relevant sites.
3. Data relating to card payments and the use of Stripe
To make a payment using one of the payment card types indicated on the Site, the user enters the confidential data of the payment card directly on a page that communicates via secure encryption protocol with Stripe, the payment service provider (acting as the autonomous data controller). This data will not pass through the B&T Service server, which will therefore not process this data in any way. The data will be acquired in encrypted format.
With regards to the processing of payment card data and the data requested by Stripe, please note that this is necessary in order to conclude the online purchase contract with B&T Service. Failure to provide this data will therefore not allow users to complete the on-line purchase process.
4. Processing methods
The processing of the personal data of the interested parties will mainly be carried out with the aid of electronic or otherwise automated means. It will be carried out in accordance with the methods and with the tools suitable for guaranteeing the security and confidentiality of the data in accordance with the GDPR. In particular, all the necessary technical, IT, organizational, logistical and procedural security measures will be adopted so that the minimum level of data protection required by law is guaranteed, allowing access only to the individuals assigned to processing by B&T Service or the data processors designated by B&T Service.
The information acquired and the manner in which it is processed will be relevant and will not exceed the type of services rendered. The data will also be managed and protected in environments where access is under constant control.
5. Communication and dissemination of data
The personal data of the individuals concerned processed pursuant to this information notice may be communicated:
-
- to all those individuals (including Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;
- to companies or third parties in charge of printing, enveloping, shipping and/or delivery and/or collection services of the products purchased through the Site;
- post offices, couriers or shippers in charge of delivering the products purchased through the Site;
- banks and companies that manage national or international payment circuits through which on-line payments for products purchased through the Site are made;
- companies, consultants or professionals responsible for the installation, maintenance, updating and, in general, the management of B&T Service’s hardware and software or which B&T Service uses to provide its services;
- external companies in charge of sending advertising communications on behalf of B&T Service;
- employees and/or collaborators of B&T Service;
- persons handling online payment transactions;
- to all public and/or private entities, natural and/or legal persons (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labour, etc.), if such communication is necessary or functional to the proper fulfillment of contractual obligations undertaken, as well as obligations arising from the law.
The data relating to the interested parties will not be disseminated, except in anonymous and aggregate form, for statistical or research purposes.
6. The transfer of data outside the EEA
B&T Service will not transfer your personal data to countries outside of the European Economic Area (“EEA”), which includes, in addition to the Member States of the European Union, Norway, Liechtenstein and Iceland.
Should this be necessary in order to pursue the purposes of the processing described in this Policy, B&T Service guarantees that any transfer of data outside the EEA will take place in a way that ensures full protection of your rights and freedoms. In the event that no adequacy decision has been issued by the European Commission with respect to the third country of destination, data transfers will be carried out using the safeguards set out in articles 46 et seq. of the GDPR, including standard contractual clauses approved by the European Commission, and a thorough assessment of the legislation of the third country of destination, if any.
7. Data Controller
B&T Service, in its capacity as Data Controller of personal details, can be contacted at the following addresses:
Address: B&T Service Srl. – Via Giacomo Bruzzo 2C, 16172 Genova.
Phone: +39 010 7450877 (Monday-Friday 9.30-13.30 and 14.30-18.00).
To contact us via email, please use our page Contacts.
B&T Service has appointed a Data Protection Officer (DPO) in accordance with current legislation. The DPO can be contacted for any request or need relating to the protection of your personal data via the following e-mail: service@wiloclub.it.
8. Rights of the data subject
Pursuant to article 13 of the GDPR, B&T Service informs you that you have the following rights in relation to your personal data:
-
- Access: you may obtain information about the processing of your personal data and a copy of such personal data (Art. 15 GDPR);
- Rectification: if you believe that your personal data is inaccurate or incomplete, you may request that such data be rectified or amended following your instructions (Art. 16 GDPR);
- Deletion: You have the right to request the deletion of your personal data, which will be granted in the cases provided for by the applicable legislation, and in particular if: (a) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) where the processing of your data is based on consent, you revoke the consent in question; (c) you object to the processing and there are no compelling legitimate reasons to continue (moreover, your right to object to processing for direct marketing purposes is absolute); (d) your personal data are unlawfully processed; (e) your personal data must be erased in order to comply with a legal obligation; (f) your personal data relate to children and have been collected in connection with the provision of information company services (Art. 17 GDPR);
- Limitation: you may obtain a temporary limitation of the processing of your personal data in the event that one of the following occurs: (a) you dispute the accuracy of your personal data, for the period necessary for B&T Service to verify the accuracy of your personal data; (b) the processing of your personal data is unlawful but you object to its deletion and instead request that its use be limited; (c) although B&T Service no longer needs your personal data for processing purposes, your personal data are necessary for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your personal data pursuant to Art. 21, par.1 GDPR, pending verification as to whether legitimate reasons of the data controller prevail over those invoked by you (Art. 18 GDPR);
- Objection: in relation to your particular situation, you have the right to object to the processing of your personal data based on B&T Service’s legitimate interest pursuant to Article 6(1)(f) GDPR at any time. After receiving your objection, B&T Service will only continue with the processing if there are demonstrable compelling legitimate grounds that override your rights, interests and freedoms or for the establishment, exercise or defense of legal claims. You have the absolute right to object at any time to the processing of your personal data carried out for direct marketing purposes, including profiling to the extent that it is related to such direct marketing (Art. 21 GDPR);
- Withdrawal of consent: in the event that the processing of your personal data is based on consent, you have the right to withdraw your consent at any time (Art. 7 GDPR);
- Data portability: where processing is based on consent or is necessary for executing a contract, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and, where technically possible, to the secure transmission of your personal data to another data controller (Art. 20 GDPR).
8.1 Procedure for the exercise of the interested party rights
In addition to the provisions of paragraph 2.3, the rights referred to point 8) may be exercised by you with a request addressed – without formalities – to the Data Protection Officer (DPO), by sending an email to the following address: service@wiloclub.it (from the email with which you registered on wiloclub.it) or with a request to B&T Service Srl, Via Giacomo Bruzzo 2C, 16172 Genova. These requests will be processed without delay and, in any case, in compliance with the deadlines set by current legislation.
9. Protection of your rights
In order to protect your rights and to safeguard your personal data, you may, at any time, decide to lodge a complaint with the relevant supervisory authority (in Italy, the Garante per la protezione dei dati personali – Piazza Venezia, 11 – 00187 Roma; Tel. +39 06 696771; e-mail protocollo@gpdp.it) or take legal action before the competent national judicial institutions.
Subject to this right, we always invite you to contact us to exercise your rights through our contact channels listed in paragraph 8 above.
10. Amendments
B&T Service reserves the right to make changes to this policy at any time, giving appropriate notice to users of the Site and ensuring in all cases an adequate and similar protection of personal data. In order to view any amendments, you are invited to regularly consult this policy.
In any event, should B&T Service make any substantial changes to this policy (e.g. processing of personal data for different and additional purposes), it will inform the interested parties by email.