Privacy information pursuant to art. 13 of EU Regulation 679/2016 and of the Privacy Code Your privacy is very important to blueAndtrue which collects and manages your personal data with the utmost care, adopting specific and appropriate security measures. Below you will find the main information on the treatments carried out in relation to your personal data collected through the site www.blueandtrue.com (“Site”) both if you access the Site and simply decide to browse using the services, without proceeding with the purchase, or if you decide to purchase one or more products.
1.Who is the data controller of your personal data.
Pursuant to current legislation and the provisions of EU Regulation 2016/679 (hereinafter also “GDPR”) concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data, we inform you that:
The data controller of your personal data is blueANDtrue, with registered office in Via Augusto Righi n. 13 – 40126 Bologna (Italy, VAT number IT03298641204 – Telephone: +39 334 3537640 – E-mail: E-mail: firstname.lastname@example.org.
We specify that this information only relates to the processing of personal data carried out by blueANDtrue (possibly also through subjects who operate on its behalf as data processors), while your interaction with third parties other than blueANDtrue (for example social media or other third parties to which you may possibly access through a link on the Site, via links, banners or other hypertext links) will result in the latter
operating as data controllers concerning you and as such they will provide the their information pursuant to art. 13 GDPR.
2. What personal data we process
2.1. Navigation data
blueANDtrue may process the personal data it collects while you browse the Site or use the services offered by the Site. The computer systems and software procedures used to operate our Site, in fact, automatically acquire some personal data whose transmission is implicit in the use of Internet
This category of data includes your IP addresses or the domain name of the computer used to connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request. to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other
parameters relating to the operating system and your IT environment.
These data are used exclusively for the following purposes and are processed for the time strictly necessary to fulfill the purposes:
-allow access to and navigation of the Site;
-obtain statistical information on the use of our Site;
-to check the correct functioning of the Site and to improve our offer and our services.
2.2 Data provided voluntarily
For the simple consultation of the Site, no provision of your personal data is required. As a user, you have the opportunity to register on the Site by creating your personal account in order to carry out the purchase procedure. To register on the Site, blueANDtrue acquires the following personal data
by filling in a specific form: name, surname, e-mail address. To complete the registration procedure on the Site, you will need to create a personal password.
During the purchase process, blueANDtrue only collects the personal data necessary for the completion of the purchase, that is, name, surname, shipping address, e-mail, telephone number, social security number.
The personal account will allow the user to check the order history. blueANDtrue does not collect payment data, such as credit card information or its expiry date, which will be used for the purchase. These data will be encrypted and transmitted directly to the payment manager without passing through our servers.
Cookies – No computer techniques are used on the Site for the direct acquisition of the user’s personal identification data or user tracking or profiling systems. In fact, our IT systems do not use any type of persistent cookies, but only statistical tools and technical session cookies for the transmission of personal information, which are not stored after the end of the browsing session. Sometimes third-party cookies could still be activated using functions that allow you to interact with social networks, and the latter could therefore track navigation. This could happen, for example by using the sharing functions via Facebook, Linkedin, Twitter and Whatsapp. In this regard, we invite you to always refer to the information on the
processing of personal data provided by the respective social networks.
3. For what purposes do we process your data and what legal bases we use
The personal data you provide to us will be used by blueANDtrue exclusively for the following purposes:
A) Allow registration on the Site and access the services reserved for registered users. The legal basis is the execution of a contract to which you are a party and / or the execution of pre-contractual measures.
B) In the case of making a purchase through the Site, the execution of obligations deriving from contractual sales relationships or the performance of pre-contractual activities, including the correct management of your purchase order and the necessary assistance in finalizing the order if the
same was not concluded. The legal basis of the processing is the execution of a contract to which you are a party and / or the execution of pre-contractual measures.
C)fulfillment and compliance with obligations deriving from the law or from the regulations an regulations in force, in particular, in the administrative, accounting, tax and privacy fields. The legal basis is the fulfillment of one or more legal obligations to which blueANDtrue is subject.
D) Limited to the e-mail address provided in the context of a purchase through the Site, to allow the direct offer, via e-mail, of products similar to those purchased (so-called soft spam purposes), provided that there is no opposition to such treatment in the manner indicated.
The legal basis that allows the processing is the legitimate interest of the Data Controller to send this type of communication. This legitimate interest can be considered equivalent to the interested party’s interest in receiving “soft spam” communications. Pursuant to art. 130 of Legislative Decree.
196/2003, the treatment put in place for this purpose does not require a specific consent from the interested party, who however, when the communication is sent, is informed of the possibility of opposing the treatment at any time by exercising the so-called opt -out to stop such
E)To manage any complaints and / or disputes with the customers of the Site. The legal basis is the legitimate interest of the Data Controller to manage problems that have emerged and customer complaints about products or services. This legitimate interest is equivalent to that of the customer
to receive a response to communications or requests sent and to see the problems raised managed.
F)Exclusively with your prior express consent, your personal data will be processed for sending commercial and / or promotional communications (including the Newsletter) relating to the initiatives, products and services offered by blueANDtrue (direct marketing purposes). The legal
basis of the processing is the specific consent of the interested party which can be revoked at any time.
3. Compulsory or optional nature of providing data.
The provision of your data is:
– Mandatory for the purposes A), B), C) indicated in the previous point. In the absence of the requested data, it will not be possible to conclude or execute the contract, nor to fulfill legal obligations.
– Optional for purpose D). Failure to provide it prevents blueANDtrue from following up on requests for assistance or information.
– For the purpose E) the data used have already been collected by the Data Controller to pursue other purposes indicated above. Therefore, the provision of data by is not expressly requested as blueANDtrue already has it.
– Optional for purpose F). In the absence of your specific consent, we will not be able to process your data for the achievement of the purpose in question.
4. How we process your personal data
The processing of your data will be carried out through the collection, registration, storage and processing, through the use of digital, electronic and telematic IT tools, designed to store, manage and transmit the data, with logic strictly related to the purposes themselves.
5. Who will process your personal data and to whom your personal data will be disclosed
The data will be processed by personnel appointed and instructed by blueANDtrue, specifically authorized pursuant to Article 4, paragraph 10 of the 2016/679 EU Regulation, and designated pursuant to art. 2 quaterdecies of Legislative Decree 101/2018, with procedures, technical and IT
tools suitable for protecting the confidentiality and security of your personal data.
Without prejudice to the communications made in execution of legal obligations, your data may be disclosed to third parties who operate on behalf of blueANDtrue and according to its instructions, as Data Processors. Specifically, the data may be disclosed:
-to companies or third parties in charge of shipping and / or delivery services for products sold through the Site and management of logistics services and suppliers related to the fulfillment of purchase orders;
-banking institutions and companies that manage the payment circuits through which payments are made for products purchased through the Site;
-to freelancers or companies or consultants belonging to the following categories: internet providers, companies specialized in IT services, consultancy companies in charge of the installation, maintenance and updating of the Site and which blueANDtrue uses for the provision of
its services, including also the sending of newsletters by means of automated systems;
-to all those public and / or private subjects, natural / legal persons (consultancy, legal, administrative, tax offices, Judicial Offices, etc.), if the communication is necessary or functional for the correct fulfillment of a legal obligation;
-to all subjects who have access to personal data by virtue of regulatory or administrative measures.
-The interested party may request a complete and updated list of the persons appointed as data processors by contacting one of the contacts indicated below. Your data will NOT be disclosed under any circumstances.
6. How long and where do we keep your personal data (data retention)
The information and personal data that you will provide through the Site, including data freely provided by filling out the forms on the Site, will be kept for a limited period of time to fulfill the purpose for which they are collected and in compliance with the applicable laws.
-the personal data collected through the Contacts session and processed for the fulfillment of the sales contract, including the pre-contractual activity, are kept for 10 years from the conclusion of the contract, or in the event that the pre-contractual activity does not lead to the conclusion of a contract, for 2 years from the end of the aforementioned pre-contractual activity.
-Personal data processed in the context of the management and keeping of company accounts are kept for the time necessary to fulfill tax obligations and to keep accounting records, and in any case for a maximum time of 10 years.
-Personal data processed for “soft spam” activities are stored, in relation to this specific purpose, pursuant to and under the terms of art. 130 of the Privacy Code and as long as you do not expressly declare that you do not wish to receive further communications (opt-out)
-The processing of data for direct marketing purposes and the storage of personal data may be carried out until the consent is revoked by the interested party as provided for by the Guarantor for the protection of personal data in provision no. 181 of 15 October 2020, or for a period of 3 years
from the user’s last interaction with the Newsletter.
– Once the stated purposes have been achieved or following the revocation of your consent, your personal data will be deleted or destroyed.
7. Transfer of data abroad
The Data Controller may transfer your data to third parties which may be based outside the European Union / EEA and which offer an adequate level of data protection, as established by specific decisions of the European Commission (https://www.garanteprivacy.it/web/guest/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-internazionale/trasferimento-dati-estero).
In the transfer of your personal data to countries for which there is no adequacy decision, it will take place only after the conclusion with said subject of specific agreements, containing safeguard clauses and appropriate guarantees for the protection of your personal data so-called “standard contractual clauses”, also approved by the European Commission with decision 2021/914 of 4 June 2021 or if the transfer is necessary for the conclusion and execution of a contract for the purchase of goods offered on our Site, for registration on the Site or the use of services on the Site
or for the management of your requests.
8. Security measures
blueANDtrue adopts adequate security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. Technical, logistical and organizational measures are developed which aim to prevent damage, even accidental losses, alterations,
improper and unauthorized use of the data processed.
9. What are your rights
We remind you that in relation to your personal data you can exercise the rights towards the Data Controller, as per articles 15 et seq. of EU Regulation 2016/679, i.e. you can obtain confirmation of the existence of your personal data and request their communication in an intelligible form. You will also have the right to obtain the updating, rectification, integration and deletion of data or the limitation of processing. Finally, you will have the right to object, in whole or in part, for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection.
You will have the right to exercise the right to data portability and to lodge a complaint with the Supervisory Authority.
Below is the list of your rights
Rights of the interested party articles 15-22 of the EU Reg. 2016/679
Art. 15 Right of access of the interested party: the interested party has the right to obtain confirmation as to whether or not personal data concerning him is being processed, to obtain access to personal data and related information (categories of data, purposes, possible recipients, retention period or criterion …)
Art.16 Right of rectification: the interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
Art. 17 Right to cancellation (<< right to be forgotten >>): the interested party has the right to obtain from the data controller the cancellation of personal data concerning him without undue delay and the data controller is obliged to delete personal data without undue delay, if there is one
of the reasons referred to in art. 17 par.1 lett. a, b, c, d, e, f, par. 2, par. 3 lett. a, b, c, d, e.
Art.18. Right to limitation of treatment: The interested party has the right to obtain from the data controller the limitation of treatment when one of the hypotheses referred to in Article 18 par. 1 letter a, b, c, d, par. 2, paragraph 3.
Art. 19 Obligation to notify in case of rectification or cancellation of personal data or limitation of processing: The data controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of processing carried out pursuant to Article 16, of the art. 17, paragraph 1, and article 18, unless this proves impossible or involves a disproportionate effort. The data controller communicates these recipients to the interested party if the interested party requests it.
Article 20 Right to data portability: the interested party has the right to receive the personal data concerning him / her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the data controller to whom he provided them in the event of the cases referred to in Article 20 paragraph 1 lett. a, b, par. 2, 3,4.
Art.21 Right to object. The interested party has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to Article 6, par. 1, lett. and or f, including profiling based on these provisions. If personal data are processed
for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent that it is connected to such direct marketing. If the interested party objects to the processing for
direct marketing purposes, the personal data are no longer processed for these purposes
10. How to exercise the rights of the interested party.
The User can request information about the methods of treatment and the exercise of their rights as an interested party, through the following methods:
-for doubts or clarifications regarding this information or the methods of processing your personal data, you can contact the Data Controller blueANDtrue, based in Via Irnerio 36 – 40126 Bologna
(Italy, VAT number IT03298641204 – Telephone: +39 334 3537640 – Email: email@example.com
-for formal requests to exercise rights by the interested party, it is preferable to be sent via the request form provided by the data protection supervisor (downloadable through the following link https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/1089924)) addressed to blueANDtrue by certified mail, to the address firstname.lastname@example.org by ordinary mail to the address of the registered office in Bologna, Via Augusto Righi n. 13.
Updated version of the 03/03/2022