Privacy policy

PRIVACY POLICY

Information on the Processing of Personal Data

D.S.T. Group S.r.l., located in San Giuseppe Vesuviano (NA), Via Pianillo n. 149 (VAT No. 05873991219), represented by its pro tempore legal representative Mr. Alessandro Casillo (the "Data Controller"), the exclusive owner of the “ZU Elements” brand, is committed to protecting the online privacy of the users of the website www.zuelements.it (the "Website"). This document (the "Notice") is intended to help you understand how your Personal Data, as defined below, will be processed when you use the Website. The Notice aims to provide you with the necessary information so that you can give explicit and informed consent to the processing carried out through the Website, if you deem it appropriate.

In general, any information or Personal Data you provide to the Data Controller via the Website, or that is otherwise collected through the Website, or that you provide to the Data Controller via registration on tablet devices in our flagship stores, within the use of services offered by D.S.T. Group S.r.l. (the "Services"), as better defined in Paragraph 3 below, will be processed in accordance with the principles prescribed by EU Regulation 2016/679 and internationally recognized principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, and confidentiality.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

D.S.T. Group S.r.l., as identified at the beginning of this Notice, is the Data Controller concerning all Personal Data processed through the Website.

You can contact the Data Protection Officer ("DPO") of D.S.T. Group S.r.l. at the following address: info@dstgroup.it.

1. PERSONAL DATA SUBJECT TO PROCESSING

Following the navigation of the Website, please note that the Data Controller will process your Personal Data, which may consist – depending on your decisions on how to use the Services – of an identifier such as your name, your email address, an identification number, an online identifier, or one or more elements characteristic of your physical, physiological, psychic, economic, cultural, or social identity that make you identified or identifiable (hereinafter referred to as "Personal Data").

Your Personal Data may be collected either because you voluntarily provided it (e.g., when you subscribe to the Newsletter or register through our flagship stores) or simply by analyzing your behavior on the Website.

The Personal Data processed through the Website are as follows:

A. Name, contact details, and other Personal Data

In different sections of the Website, especially the one related to the creation of a personal account, you will be asked to enter information such as your name, phone number, email address, date of birth, country of residence, gender, postal code, etc.

Additionally, when you communicate with the Data Controller through the contacts found on the Website or with Customer Care, the Data Controller may collect the additional information you decide to provide.

B. Location data

To provide you with more precise and useful Services, the Data Controllers might ask you to manually enter a physical address, postal code, or simply the State to find the nearest ZU Elements Store.

Alternatively, and with your prior and explicit consent, your Internet browser ("Browser") may share an approximation of your geographic location with the Website through information on the wireless access points in your vicinity and your device’s IP address.

In both cases, it is an entirely optional but extremely useful processing of a Personal Data to the Controllers for the provision of increasingly useful Services. If you believe that access to your approximate location via Browser sharing is too invasive, you can always revoke your consent from the Browser settings (or from your operating system settings). For more information, we invite you to consult the specific privacy information of your Browser.

C. Special categories of personal data

Some sections of the Website include free text fields where you can provide the Controllers with some information, which may contain Personal Data.

Since these fields are free, you might use them to communicate (voluntarily or not) some sensitive categories of Personal Data, such as data suitable to reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to health or a person’s sex life or sexual orientation.

The Controllers invite you not to send such Personal Data unless strictly necessary. In fact, such special categories of Personal Data can only be processed with your explicit consent (which can be expressed via the flag present on the Question screen) and in compliance with the applicable temporary regulations. The Controllers, therefore, emphasize the importance of manifesting your explicit consent to the processing of special categories of Personal Data, should you decide to share such information.

D. Data voluntarily provided by the data subject

As already mentioned above, in some parts of the Website, you are allowed to enter text messages or information, visible to the Data Controller, which may contain Personal Data of other people.

In these cases, you act as an autonomous data controller, assuming all the obligations and responsibilities provided by law. In this regard, you grant the widest possible indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc., that may be received by the Data Controller from third parties whose Personal Data have been processed through your use of the functions of the Website in violation of the applicable personal data protection regulations. In any case, should you provide or otherwise process Personal Data of third parties in the use of the Website, you guarantee from now on – assuming all related liability – that this particular case of processing is based on the consent of said third party or another appropriate legal basis that legitimizes the processing of the information in question.

E. Navigation data

The computer systems and software procedures responsible for the functioning of the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and associations with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are used only to obtain anonymous statistical information on the use of the Website and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Website or third parties: except for this possibility, at present, the data on web contacts do not persist for more than 50 days.

F. Cookies

Definitions, characteristics, and application of the legislation

Cookies are small text files that the sites visited by the user send and record on his computer or mobile device, to be then retransmitted to the same sites at the next visit. Thanks to cookies, a site remembers the actions and preferences of the user (such as, for example, the chosen language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to visit that site or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session tracking, and storage of information regarding the activities of users who access a site and may also contain a unique identification code that allows tracking the user’s navigation within the site itself for statistical or advertising purposes. During navigation on a site, the user may also receive on his computer cookies from sites or web servers other than the one he is visiting (so-called "third-party cookies").

Some operations could not be performed without the use of cookies, which in certain cases are therefore technically necessary for the same functioning of the site.

There are various types of cookies, depending on their characteristics and functions, and they can remain on the user’s computer for different periods: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user’s equipment until a pre-established expiry date.

According to the applicable legislation, the user’s express consent is not always required for the use of cookies. In particular, usually, technical cookies do not require such consent, i.e., those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary to provide a service explicitly requested by the user. In other words, these are indispensable cookies for the functioning of the site or necessary to perform activities requested by the user.

For profiling cookies, on the other hand, i.e., those aimed at creating user profiles and used to send advertising messages in line with the preferences expressed by the user during web navigation, the user’s prior consent is usually required, depending on the applicable legislation.

Types of cookies used by the Website and the possibility of (de-)selection

The Website uses the following cookies which can be deselected, except for third-party cookies for which you must refer directly to the respective selection and de-selection methods of the respective cookies, indicated via link:

• Technical navigation or session cookies, strictly necessary for the functioning of the Website or to allow you to use the contents and services requested.

• Analytical cookies, which allow understanding how the Website is used. With these cookies, no information is collected about your identity, nor any Personal Data. The information is processed in aggregate and anonymous form.

• Functionality cookies, i.e., used to activate specific features of the Website and a series of selected criteria (such as the language) to improve the service provided.

• Profiling cookies used to send advertising messages in line with the preferences you have expressed while navigating the web.

The Data Controller also uses third-party cookies, i.e., cookies of sites or web servers other than that of D.S.T. Group S.r.l., used for purposes of said third parties, including profiling cookies. It is specified that these third parties, listed below with the respective links to their privacy policies, are typically autonomous data controllers of the data collected through the cookies they serve, or act as data processors for the Data Controller (i.e., they process Personal Data on behalf of the Data Controller).

For more information about third parties who send cookies through the Website, find the links to their respective privacy policies below:

• Google: https://www.google.com/policies/privacy/partners/ https://tools.google.com/dlpage/gaoptout.
• DoubleClick – Google: https://policies.google.com/privacy?hl=en
• Adform: https://site.adform.com/privacy-policy-opt-out/
• Facebook: https://it-it.facebook.com/about/privacy/update
• Youtube: https://www.youtube.com/static?gl=IT&hl=it&template=terms

Cookie settings

You can block or delete (in whole or in part) technical and functionality cookies through the specific functions of your Browser. However, please note that not authorizing technical cookies might make it impossible to use the Website, view its content, and use its services. Disabling functionality cookies may result in some services or certain functions of the Website not being available or not working correctly, and you might have to modify or manually enter some information or preferences each time you visit the Website.

The choices made concerning the cookies on the Website will be recorded in a special cookie. However, this cookie might not work correctly in some circumstances: in such cases, we recommend deleting unwanted cookies and disabling their use through the functions of your Browser.

Your preferences regarding cookies should be reset if you use different devices or Browsers to access the Website.

How to view and modify cookies through the Browser

You can authorize, block, or delete (in whole or in part) cookies through the specific functions of your Browser. For more information on how to set preferences for the use of cookies through the Browser, you can consult the relevant instructions:

• Internet Explorer
• Firefox
• Chrome
• Safari

You can also manage your cookie preferences from third parties using online platforms such as AdChoice.

ATTENTION: Disabling technical and/or functionality cookies may make the Website not viewable, or some services or certain functions of the Website may not be available or work correctly, and you may be forced to modify or manually enter some information or preferences each time you visit the Website.

1. PURPOSES OF THE PROCESSING

The Data Controller will use your Personal Data, collected through the Website, for the following purposes:

• to provide the Services such as sending you the ZU Elements newsletter you requested as a Service by subscribing, which contains only informational and not commercial material; finding the nearest ZU Elements Store and providing any other Service you request ("Service Provision");
• to send you marketing communications from stores through apps/platforms of instant messaging (e.g., WhatsApp, Telegram, Hangouts, Messenger, etc.);
• to send you marketing communications, promotions, and advertisements, market research and surveys, via email, SMS, push notifications, by phone, through banners, instant messaging, through an operator, through the official social media pages of the Data Controllers, related to products and/or services referable to ZU Elements and/or third parties ("Marketing");
• to create your profile through the use of profiling cookies, where accepted, thus collecting and analyzing information on the selections and choices you make on the Website. This profile will be used to provide you with information about other products and/or services that the Data Controller believes may interest you and to show you advertisements that may be relevant to your tastes. All algorithms involved in this automated or semi-automated process are regularly tested to ensure that you are not offered products that do not interest you ("Profiling");
• to fulfill legal obligations that require the Data Controllers to collect and/or further process certain types of Personal Data ("Compliance");
• to prevent or detect any abuse in the use of the Website, or any fraudulent activity, thus allowing the Data Controllers to protect themselves in court ("Abuse/Fraud").

1. LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF PROCESSING

The legal bases used by the Data Controllers to process your Data, according to the purposes indicated in Paragraph 3 above, are as follows:

• Service Provision: Processing for this purpose is necessary to provide you with the Services and, therefore, for the performance of the contract with you. It is not mandatory to provide the Data Controller with your Personal Data for this purpose, but otherwise, it will not be possible to provide you with any Service. The same applies to the newsletter service, which arises from a specific request from you through the insertion of an email address and which you can revoke at any time by following the instructions in Paragraph 8 of this Notice.
• Marketing: Processing for this purpose is based on your consent. It is not mandatory to give your consent to the Data Controller for this purpose, and you are free to revoke it at any time without any consequence (except that you will no longer receive marketing communications from the Data Controller). You can revoke your previously given consent by following the instructions in Paragraph 8 of this Notice.
• Profiling: Processing for this purpose is based on your consent. It is not mandatory to give your consent to the Data Controller for this purpose, and you are free to revoke it at any time without any consequence (except the inability to benefit from the customization of commercial offers that you will receive from the Data Controller). You can revoke your previously given consent by following the instructions in Paragraph 8 of this Notice.
• Compliance: Processing for this purpose is necessary for the Data Controller to comply with any legal obligations. When you provide Personal Data to the Data Controller, they must be processed according to applicable regulations, which may involve their storage and communication to the Authorities for accounting, tax, or other obligations.
• Abuse/Fraud: The information collected for this purpose will be used exclusively to prevent and/or detect any fraudulent activities or abuse in the use of the Website and thus allow the Data Controller to protect themselves in court.

1. RECIPIENTS OF PERSONAL DATA

Your Personal Data may be shared with the entities listed below (the "Recipients"):

• entities that typically act as data processors, namely: i) persons, companies, or professional firms providing assistance and consultancy services to the Data Controllers in accounting, administrative, legal, tax, financial, and credit recovery matters concerning the provision of the Services;
• entities with which it is necessary to interact for the provision of the Services (e.g., hosting providers or platforms for sending emails);
• entities delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks);
• persons authorized by the Data Controllers to process Personal Data necessary to perform activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an adequate legal obligation of confidentiality (e.g., employees of the Data Controllers);
• entities, bodies, or authorities to which your Personal Data must be communicated for Compliance, Abuse, or Fraud purposes, or by order of the authorities.

1. TRANSFERS OF PERSONAL DATA

Personal data are stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, prior stipulation of the standard contractual clauses provided by the European Commission.

More information is available from D.S.T. Group S.r.l. by writing to the following address: info@dstgroup.it.

1. STORAGE OF PERSONAL DATA

Personal Data processed for the purpose of Service Provision will be stored by the Data Controller for the time strictly necessary for the aforementioned purpose (e.g., for sending the purchased product). In any case, since these Personal Data are processed to provide you with the Services, the Data Controller may store them for a longer period, however, not exceeding 10 years from the termination of the relationship for the purposes of providing goods and/or services, particularly to protect the Data Controller’s interests from possible complaints related to the Services.

Personal Data processed for Marketing and Profiling purposes will be stored by the Data Controller until you revoke your consent. In any case, we will remind you of the consents you have given us every 24 months. Once consent is revoked, the Data Controller will no longer use your Personal Data for such purposes but may still retain them, particularly to protect the Data Controller’s interests from possible complaints based on such processing.

Personal Data processed for Compliance purposes will be stored by the Data Controllers for the period provided by specific legal obligations or applicable regulations.

Personal Data processed for the purpose of preventing Abuse/Fraud will be stored by the Data Controllers for the time strictly necessary for the aforementioned purpose and thus until the Data Controllers are required to retain them to protect themselves in court or communicate said data to the competent authorities.

1. RIGHTS OF THE DATA SUBJECT

You have the right to ask the Data Controller, at any time:

• for access to your Personal Data, (or a copy of such Personal Data), as well as further information on the processing currently being carried out on them;
• for the correction or updating of your Personal Data processed by the Data Controller, where they are incomplete or not updated;
• for the deletion of your Personal Data from the Data Controller's database;
• for the restriction of the processing of your Personal Data by the Data Controller;

Additionally, you may:

• object to the processing of your Personal Data by the Data Controller;
• revoke your consent for Marketing and Profiling purposes.

When requesting the Services, you may have selected the communication channels through which you want to be contacted for Marketing purposes (i.e., phone, SMS, email, mail, push notifications, social media).

You can revoke your consent for Marketing related to each of these communication channels. You can also revoke consent to Marketing sent by email and stop receiving it by using the specific link found at the bottom of each received email. The same method can be used to stop receiving the newsletter, if you requested it as a Service.

Consent to Profiling through cookies can be revoked using the methods indicated in Paragraph 2.f above.

You can exercise your rights by writing to the Data Controller at the following address: info@dstgroup.it.

In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali) if you believe that the processing of your Personal Data is contrary to current legislation.

1. CHANGES

This privacy policy is effective from 30.11.2021. The Data Controller reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. The Data Controller will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Website. The Data Controller therefore invites you to visit this section regularly to be aware of the most recent and updated version of the privacy policy so that you are always up to date on the data collected and their use by the Data Controller.