1.1 Information regarding the collection of personal data
In the following we inform about the collection of personal data when using our website. Personal data are all data that refer to you personally e.g. name, address, e-mail addresses, user behaviour.
The responsible party, pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR), is Nikal Solutions S.r.l., with headquarters in Piazza Aldo Moro, 3, Frascati, Italy, main telephone number +39.06.9420204, www.nikal.it .
The use of our website functions is fundamentally possible without the processing of personal data. Please refer to the corresponding remarks below concerning the (personal) data transmitted technically to us by you. If we use contracted service providers for the individual functions of our offer or if we wish to use your data for advertising purposes, we shall inform you in detail below regarding the respective procedures. Finally, we also name the criteria of storage duration established.
1.2. Purposes and legal basis of the processing
Unless otherwise stated or specified, the purpose of our data processing activities is the pursuit of our own business purposes.
We use different legal bases for the data processing.
• If you give us consent for certain processing operations of personal data, the legal basis is Article 6 I lit. a of the GDPR hereinafter also referred to as "consent").
• If the processing of personal data is necessary for the initiation or performance of a contract whose (potential) contracting party is the data subject, e.g. if you inquire about products and/or order goods with us and the data processing is necessary for the delivery of the goods, Article 6 I lit. b of the GDPR is the legal basis (hereinafter also referred to as "contract performance").
• If the processing of personal data is required to fulfil a legal obligation, e.g. for the fulfilment of tax filing obligations, Article 6 I lit. c of the GDPR is the legal basis.
• The processing of personal data may, according to Article 6 I lit. f of the GDPR, be permitted under data protection law if it is necessary for the protection of a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate (hereinafter also referred to as "balance of interests"). We consider the performance of our business in the interest of safeguarding the jobs of our employees and of the well being of shareholders as our fundamental legitimate interest. This is also covered by the legitimate interests of companies expressly described by the European legislator. Therefore, a legitimate interest can be assumed if the data subject and the company are in a customer relationship (Recital 47 sentence 2 of the GDPR) or personal data are processed for direct marketing purposes.
1.3. Your rights
You have the following rights regarding us with respect to the personal data concerning you:
• Right to information
• Right to rectification or deletion
• Right to restriction of processing
• Right to object to the processing
• Right to data portability
You also have the right to complain to us about the processing of your personal data by means of a data protection supervisory authority. Your rights are regulated in Chapter 3 of the GDPR.
1.4. Opposition to or revocation of the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the legitimacy of the processing of your personal data after you have notified us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which is described by us in each case in the following description of functions. In the event of such a revocation, we shall ask you to explain the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will examine the situation and will either discontinue or adapt the data processing or inform you of our compelling legitimate reasons with which we continue the processing.
Of course, you are entitled to object to the processing of your personal data for advertising and data analysis purposes at any time. Concerning your objection to advertising, you can contact us using the details shown in section 1.
1.5. Recipients and categories of recipients of your personal data
Information about our customers is important to us and helps us optimise the services we offer. We only pass on the information we receive to third parties in the extent described below:
• Service providers outside the EU/EEA: We cannot rule out that our subcontractors use other service providers in third countries. Pursuant to Article 28 para. 4 of the GDPR we obligate all service providers to adhere to adequate and appropriate guarantees in accordance with Article 44 ff. of the GDPR (transfer to third countries).
• Newsletters/Surveys: We offer you the opportunity to subscribe to our newsletter, by adding your email address to the dedicated section in the footer of www.esaspaceshop.com. If you do not want to receive such offers, you can unsubscribe at any time by writing an email to [email protected] If you have an account, you can also change your settings in "My account", section “Newsletter Subscription” by unflagging “General subscription”. E-mail contacts used to send out the periodic newsletter come from voluntary subscriptions on the part of the recipient, from whom confirmation is always requested, as well as from information collected during the sale of goods or services of the Data Controller or similar for legitimate interests. The newsletter involves sending information, communications, including of a commercial or promotional nature, and material. Please note that contacts are not obtained from public lists of subscribers. Where communications are not of interest to the recipient, any further communications from specific sources can be stopped by clicking the unsubscribe link contained in each message from that source, or further contact can be stopped by writing to the contact provided, exercising the right to unsubscribe from the newsletter.
1.6. Criteria for the storage of personal data
We process personal data in accordance with the legal basis stated in this declaration and store personal data. If the data is routinely no longer required to initiate a contract or fulfilment of the contract, it shall be deleted in accordance with the respective statutory retention period.
2. Data processing for individual types of use
2.1. Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure stability and security:
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• The amount of data transmitted
• Website from which the request comes
• Operating system and its interface
• Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and by means of which the location which sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the Internet offer more user friendly and effective. The legal basis of the data processing is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
When you contact us by email or by means of a contact form, the information you provide (your email address, your name and telephone number if applicable) shall be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.
Should you be our customer have questions or complaints about your order, the legal basis of the data processing is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance"). If you are not a customer of ours, the legal basis is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
2.3. More features and offers of our website
In addition to the purely informative use of our website, we offer various services that can be used if you are interested. To do so, you will generally need to provide other personal information that we use to provide the service and for which the aforementioned data processing principles apply.
In part, we use external service providers to process your data. These were carefully selected and commissioned by us and are bound by our instructions.
Furthermore, we can pass on your personal data to third parties, if the participation in offers, competitions, contracts or similar services are offered by us together with partners. You will receive further information on entering your personal data or in the description of the offer.
This website uses the following types of cookies, the scope and operation of which are explained below:
• Transient cookies
• Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser setting according to your wishes and for example decline the acceptance of third party cookies or all cookies. We inform you that you may not be able to use all features of this site.
The Flash cookies are not detected by your browser, but rather by your Flash plug-in. Furthermore, we use HTML5 storage objects which are stored on your end device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not wish any processing of the Flash cookies, you must install a corresponding add-on, e.g. “Better Privacy" for Mozilla Firefox or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.
2.5. Use of our webshop
If you wish to order in our online shop, for the conclusion of the contract it is necessary for you to provide obligatory information: first and last name, address, email address, purchased product(s), size and colour where relevant, credit card details if chosen as payment methods. This data is needed for processing your order and is marked with an asterisk. Further details are voluntary. We process the data provided by you to handle your order. For this purpose we can pass on your payment data to our own bank. The legal basis for this is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance").
You may voluntarily create a customer account that will allow us to store your data for further purchases, your past and current order information and your interaction with Nikal Solutions S.r.l.:
• Your above mentioned customer data and obligatory information.
• Overview of your completed and current orders at esaspaceshop.com with details of order number, brand, article name, profile, dimension/size, colour, order date, delivery date, delivery status, details, etc.
• Your last login data with date, day and time are displayed.
• Costs of your order, billing address, delivery address, order history, information regarding scheduling and status, etc.
When you create an account under "My Account", the data you provide will be stored. All other data, including your user account, can always be deleted in the customer area. The legal basis for the use is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
We may also process the information you provide to inform you of other interesting products from our range or to send you emails with technical information. Due to trade and tax regulations, we are obligated to save your address, payment and order data for a period of ten years. However, we impose restrictions on processing, i.e. your data shall only be used to comply with legal obligations.
The ordering process is encrypted to prevent unauthorised access to your personal data by third parties, especially financial data.
2.5.b. Collection of Personal Financial Information by a Payment Service.
2.6. Use of social media
We currently use the following social media plug-ins: Facebook, Twitter, Pinterest, Instagram, YouTube. We use the so-called two-click solution. That means, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in is recognised by the respective logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online service. In addition, the data specified in this policy shall be transmitted. In the case of Facebook, according to the respective providers in Italy, the IP address is made anonymous immediately after collection. By activating the plug-in, personal data is transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). As the plug-in provider carries out the data collection in particular by means of cookies, we recommend that you delete all cookies before clicking on the greyed-out box by means of the security settings of your browser.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, or the retention periods. We also have no information regarding the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for purposes of advertising, market research and/or needs based design of the website. Such an evaluation is performed in particular (also for non-logged in users) for the display of needs based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. By means of the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected by us shall be assigned directly to your existing account with the plug-in provider. If you press the activated button and for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being mapped to your profile with the plug-in provider.
For more information on the purpose and extent of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers shown below. There you will also find further information about your rights and the configuration options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the data collection:
http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc., Privacy information: https://help.instagram.com/155833707900388
YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC. Information on privacy and compliance with the EU-US Privacy Shield: https://policies.google.com/privacy?hl=de&gl=de
Pinterest Inc., 651 Brannan Street, San Francisco, California 94107, USA; Privacy Information https://policy.pinterest.com/en/privacy-policy