PRIVACY POLICY

Privacy Policy

Privacy Policy pursuant to art. 13 of EU Regulation 679/2016 and the Privacy Code. 13 of EU Regulation 679/2016 and the Privacy Code Your privacy is very important to blueAndtrue, which collects and manages your personal data with the utmost care, adopting specific and adequate security measures. Below you will find the main information on the processing carried out in relation to your personal data collected through the website www.blueandtrue.com ("Site") both in the event that you access the Site and decide to simply browse using the services, without proceeding with the purchase, and in the event that you decide to purchase one or more products.
We invite you to read the following privacy policy and the General Conditions of Sale of the Site.

1.Who is the controller of your personal data?

In accordance with the current legislation and the provisions of EU Regulation 2016/679 (hereinafter also "GDPR") relating to the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data, we inform you that:
The data controller of your personal data is blueANDtrue, with registered office in Via Augusto Righi n. 13 - 40126 Bologna (Italy, VAT number IT03298641204 - Telephone: +39 334 3537640 - E-mail: E-mail: privacy@blueandtrue.com.

Please note that this information only concerns the processing of personal data carried out by blueANDtrue (possibly also through subjects who operate on its behalf as data controllers), while your interaction with third parties other than blueANDtrue (for example social media or other third parties that you may access via a link on the Site, via links, banners or other hyperlinks) will mean that the latter
operate as data controllers of the data that concern you and as such will provide you with the information pursuant to art. 13 GDPR. 13 GDPR.

2. What personal data we process

2.1. Browsing data

blueANDtrue may process personal data collected during navigation on the Site or use of the services offered by the Site. The computer systems and software procedures used for the operation of our Site, in fact, automatically acquire some personal data whose transmission is implicit in the use of the Internet.
communication protocols.

This category of data includes the IP addresses or domain name of the computer used to connect to the Site, the URI (Uniform Resource Identifier) ​​addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other data.
parameters relating to the operating system and your IT environment.

Such data are used exclusively for the purposes indicated below and are processed for the time strictly necessary to fulfill the purposes themselves:
- allow access and navigation of the Site;
- obtain statistical information on the use of our Site;
- to verify the correct functioning of the Site and to improve our offer and our services.

2.2 Data provided voluntarily

To simply consult the Site, you are not required to provide your personal data. As a user, you have the option of registering on the Site by creating your personal account in order to complete the purchase procedure. To register on the Site, blueANDtrue acquires the following personal data
by filling out a specific form: name, surname, e-mail address. To complete the registration procedure on the Site, you will need to create a personal password.

During the purchase process, blueANDtrue collects only the personal data necessary to complete the purchase, i.e. name, surname, shipping address, e-mail, telephone number, tax code.

The personal account will allow the user to check the order history. blueANDtrue does not collect payment data, such as credit card details or expiration date, which will be used for the purchase. This data will be encrypted and transmitted directly to the payment manager without passing through our servers.

Cookies - The Site does not use computer techniques for the direct acquisition of personal data identifying the user or user tracking or profiling systems. In fact, our computer systems do not use any type of persistent cookie, but only statistical tools and technical session cookies for the transmission of personal information, which are not stored at the end of the browsing session. Sometimes third-party cookies may still be activated using functions that allow interaction with social networks and the latter may therefore track navigation. This could happen, for example, using the sharing functions via Facebook, Linkedin, Twitter and Whatsapp. In this regard, we invite you to always refer to the information reported on the site
on the processing of personal data provided by the respective social networks.

3. For what purposes do we process your data and what are the legal bases we use?

The personal data you provide us will be used by blueANDtrue exclusively for the following purposes:

A) Allow registration on the Site and access to services reserved for registered users. The legal basis is the execution of a contract to which you are a party and/or the execution of pre-contractual measures.

B) In the event of a purchase through the Site, the execution of obligations arising from contractual sales relationships or the performance of pre-contractual activities, including the correct management of your purchase order and the necessary assistance for the finalization of the order itself if the
same has not been concluded. The legal basis of the processing is the execution of a contract to which you are a party and/or the execution of pre-contractual measures.

C) the fulfillment and observance of obligations arising from the law or from regulations and laws in force, in particular, in the administrative, accounting, tax and privacy fields. The legal basis is the fulfillment of one or more legal obligations to which blueANDtrue is subject.
D) limited to the e-mail address provided in the context of a purchase through the Site, to allow the direct offer, via e-mail, of products similar to those purchased (so-called soft spam purposes), provided that there is no opposition to such processing according to the methods indicated.

The legal basis that allows the processing is the legitimate interest of the Data Controller to send this type of communications. This legitimate interest can be considered equivalent to the interest of the interested party to receive "soft spam" communications. Pursuant to art. 130 of Legislative Decree
196/2003, the processing carried out for this purpose does not require specific consent from the interested party, who however, at the time of sending the communication, is informed of the possibility of opposing the processing at any time by exercising the so-called opt-out to interrupt such processing.
communications.

E) Manage any complaints and/or disputes with customers of the Site. The legal basis is the legitimate interest of the Data Controller to manage the problems that have arisen and customer complaints about products or services. This legitimate interest is equivalent to that of the customer.
receive a response to communications or requests sent and see the problems raised managed.

F)Only with your express consent, your personal data will be processed for sending commercial and/or promotional communications (including the Newsletter) relating to the initiatives, products and services offered by blueANDtrue (direct marketing purposes). The
basic legal purposes of the processing is the specific consent of the interested party which can be revoked at any time.

3. Mandatory or optional nature of providing data.

The provision of your data is:
- Mandatory for the purposes A), B), C) indicated in the previous point. In the absence of the requested data, it will not be possible to conclude or execute the contract, nor fulfill legal obligations.

- Optional for purpose D). Failure to provide this information prevents blueANDtrue from following up on requests for assistance or information.

- For purpose E) the data used have already been collected by the Data Controller to pursue the other purposes indicated above. Therefore, the provision of data by is not expressly requested as blueANDtrue already has them.

- Optional for purpose F). In the absence of your specific consent, we will not be able to process your data to achieve the purpose in question.

4. How we process your personal data

The processing of your data will take place through the collection, recording, storage and processing, through the use of IT, electronic and telematic tools, suitable for storing, managing and transmitting the data themselves, with logics strictly related to the purposes themselves.

5. Who will process your personal data and to whom your personal data will be communicated

The data will be processed by personnel appointed and trained by blueANDtrue, specifically authorized pursuant to art. 4, paragraph 10, of EU Regulation 2016/679, and designated pursuant to art. 2 quaterdecies of Legislative Decree 101/2018, with technical and IT methods that allow data processing.
tools suitable for protecting the confidentiality and security of your personal data.

Without prejudice to communications made in compliance with legal obligations, your data may be communicated to third parties who operate on behalf of blueANDtrue and according to its instructions, as Data Processors. In particular, the data may be communicated to:

- to companies or third parties responsible for shipping and/or delivery services for products sold through the Site and for managing logistics services and suppliers connected to the fulfillment of purchase orders;
- Banking institutions and companies that manage the payment circuits through which payments are made for products purchased through the Site;
- to freelancers or companies or consultants belonging to the following categories: internet providers, companies specialized in IT services, consulting firms responsible for installing, maintaining and updating the Site and which blueANDtrue uses for the provision of
its services, including sending newsletters through automated systems;
- to all those public and/or private entities, natural/legal persons (consulting, legal, administrative, tax firms, Judicial Offices, etc.), if communication is necessary or functional to the correct fulfillment of a legal obligation;
- To all subjects who have access to personal data by virtue of regulatory or administrative provisions.
-The interested party may request the complete and updated list of the subjects appointed as data controllers by contacting one of the contacts indicated below. Your data will NOT be disclosed under any circumstances.

6. How long and where we store your personal data (data retention)

The information and personal data that the user will provide through the Site, including the data freely provided by filling in the forms on the Site, will be retained for a limited period of time in order to fulfill the purpose for which they were collected and in compliance with applicable laws.

In particular:

-Personal data collected through the Contact session and processed for the execution of the sales contract, including pre-contractual activity, are retained for 10 years from the conclusion of the contract or, in the event that the pre-contractual activity does not lead to the conclusion of a contract, for 2 years from the end of the aforementioned pre-contractual activity.
-Personal data processed in the context of the management and maintenance of company accounting are retained for the time necessary to fulfill tax obligations and to maintain accounting, and in any case for a maximum period of 10 years.
Personal data processed for "soft spam" activities are retained, in relation to this specific purpose, pursuant to and for the purposes of art. 130 of the Privacy Code and until you expressly declare that you do not wish to receive further communications (opt-out). 130 of the Privacy Code and until you expressly declare that you do not wish to receive further communications (opt-out).
-The processing of data for direct marketing purposes and the storage of personal data may be carried out until the withdrawal of consent by the interested party as provided by the Guarantor for the protection of personal data with provision no. 181 of 15 October 2020, or for a period of 3 years
from the last interaction of the user with the Newsletter.

- Once the indicated purposes have been achieved or following the revocation of your consent, your personal data will be deleted or destroyed.

7. Transfer of data abroad

The Data Controller may transfer your data to third parties that may be located outside the European Union / EEA and that offer an adequate level of data protection, as established by specific decisions of the European Commission (https://www.garanteprivacy.it/web/guest/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-internazionale/trasferimento-dati-estero).

The transfer of your personal data to countries for which there is no adequacy decision will only occur following the conclusion of specific agreements with such parties, containing safeguard clauses and adequate guarantees for the protection of your personal data, so-called "standard contractual clauses", also approved by the European Commission with decision 2021/914 of 4 June 2021 or in the event that the transfer is necessary for the conclusion and execution of a contract for the purchase of goods offered on our Site, for registration on the Site or for the use of the services of the Site,
or for the management of your requests.

8. Security measures

blueANDtrue adopts adequate security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. Technical, logistical and organizational measures are developed that aim to prevent damage, loss, even accidental, alteration,
improper and unauthorized use of the data processed.

9. What are your rights?

We remind you that in relation to your personal data you may exercise your rights towards the Data Controller, pursuant to articles 15 et seq. of EU Regulation 2016/679, i.e. you may obtain confirmation of the existence of your personal data and request communication of the same in an intelligible form. You will also have the right to obtain the updating, rectification, integration and deletion of the data or the limitation of the processing. Finally, you will have the right to object, in whole or in part, for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection.
You may exercise the right to data portability and file a complaint with the Supervisory Authority.

Below is a list of your rights Rights
of the interested party articles 15-22 of EU Reg. 2016/679

15 Right of access by the interested party: the interested party has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, to obtain access to the personal data and related information (categories of data, purposes, possible recipients, retention period or criterion, etc.).

Art. 16 Right to rectification: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 Right to erasure (<>): the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, if there is a right to erasure.
of the reasons set out in art. 17 paragraph 1 letter a, b, c, d, e, f, par. 2, par. 3 letter a, b, c, d, e.

Art. 18. Right to restriction of processing: The interested party has the right to obtain from the data controller the restriction of processing when one of the hypotheses referred to in Article 18 par. 1 lett. a, b, c, d, par. 2, comma 3 occurs.

Art. 19 Obligation to notify in case of rectification or erasure of personal data or restriction of processing: The data controller shall communicate to each recipient to whom the personal data have been disclosed any rectification or erasure or restriction of processing carried out pursuant to Article 16, Article 17, paragraph 1, and Article 18, unless this proves impossible or involves disproportionate effort. 17, paragraph 1, and Article 18, unless this proves impossible or involves disproportionate effort. The data controller shall communicate these recipients to the interested party if the latter requests it.

Article 20 Right to data portability: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the cases referred to in Article 20, paragraph 1, letters a, b, 2, 3, 4 apply.

Art. 21 Right to object. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6, paragraph 1, letters e or f, including profiling based on those provisions. 1, letter e or f, including profiling based on those provisions. Where personal data are processed
for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for
direct marketing purposes, the personal data shall no longer be processed for such marketing purposes.

10. How to exercise the rights of the interested party.

The User may request information on the processing methods and on the exercise of his/her rights as an interested party, through the following methods:
-For doubts or clarifications regarding this information or the methods of processing of your personal data, you can contact the Data Controller blueANDtrue, with headquarters in Via Irnerio 36 - 40126 Bologna

(Italy, VAT number IT03298641204 - Telephone: +39 334 3537640 - Email: service@blueandtrue.com

- for formal requests to exercise rights by the interested party, it is preferable to send them via the request form prepared by the Guarantor for the protection of personal data (downloadable at the following link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/1089924)) addressed to blueANDtrue via certified mail, to the address blueandtrue@legalmail.it or via ordinary mail to the address of the registered office in Bologna, Via Augusto Righi n. 13.

11. Changes to this Privacy Policy

Remo may modify or simply update this Privacy Policy, in whole or in part. Any modifications or updates to the Privacy Policy will be available to all users in the Privacy section of the Site as soon as the updates are active and will be binding as soon as they are published on the Site in this section, where the date of the last update will also be indicated. We therefore invite you to periodically check the contents of our Privacy Policy. If you do not intend to accept such modifications, you can stop using our Site at any time.

Updated version 03/03/2022