Privacy Policy
DATA PROTECTION
1. General
The protection of your privacy when using our website and the Camifolla online store is very important to us. We have therefore created the following data protection declaration to explain to you what information Camifolla collects and how it is used. In this document, we also explain how we use cookies and analysis tools on our website and in our products and services.
By agreeing to the following data protection declaration, you consent to the collection, processing and use of your data in compliance with the applicable data protection laws and the following provisions. Please note that persons under the age of 16 are not allowed to transmit any personal data to us or give a declaration of consent without the consent of their legal guardian. All changes to our privacy policy will be published on this website and users will be notified by email if necessary.
The owner of the data collection and the data controller in the context of this data protection declaration is Camilla Gambari, owner of Camifolla based in Lugano.
2. Our contact
Do you have any questions or concerns about data protection at Camifolla? In this case, please contact us on info@camifolla.com.
3. Your rights
You can assert your data protection rights against us at any time and free of charge.
You have the right to request confirmation as to whether the data relating to you is being processed. If this is the case, you have a right to information about this data and further information in accordance with Art. 15 of the European General Data Protection Regulation (“GDPR”).
In accordance with Art. 16 GDPR, you have the right to request the correction of incorrect personal data without delay.
In accordance with Art. 17 GDPR, you have the right to demand that the data relating to you be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of the data.
In accordance with Art. 19 GDPR, you have the right to receive confirmation that all recipients who have received data from us have been informed of any correction, deletion or restriction of processing.
In accordance with Art. 20 GDPR, you have the right to receive the data provided to us in a structured, common and machine-readable format and to request that it be transmitted to other responsible parties.
You have the right to revoke your consent in accordance with Article 7 (3) GDPR at any time - even in part. Furthermore, based on Art. 21 GDPR, you have the right to object to the processing of your personal data if we process the data on the basis of Camifolla's legitimate interests. You have the right to refuse to use your data for direct mail at any time.
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence or the place of the alleged violation.
4. Where is your data located
Your data will be stored in the European Economic Area ("EEA"). Data processing also takes place outside of Europe within the legally permissible framework.
5. Transfer of data
Your personal data will be treated with strict confidentiality. The data will not be sold to third parties or passed on for advertising purposes. However, Camifolla can make your personal data accessible to third parties (so-called contract processors) if this is necessary for the provision and implementation of our services. Categories of such third parties are listed in the specific processes under section 9. These service providers are obliged to maintain strict confidentiality and are only allowed to process the data passed on for the services they are to provide. Wherever possible, the data is anonymized or pseudonymized in advance.
6. Deletion of data
Unless expressly stated in this data protection declaration, the data stored by us will be automatically deleted in accordance with Art. 17 and Art. 18 GDPR as soon as they are no longer required for the purposes stated in this data protection guideline and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, ie the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
7. Legal basis for data processing
Unless the legal basis is explicitly mentioned in the data protection declaration, the following applies: The legal basis for obtaining and processing data with your consent is Article 6 Paragraph 1 Letter a and Article 7 GDPR. The legal basis for processing for the performance of our services and the implementation of (pre-) contractual measures is Article 6 Paragraph 1 lit. b GDPR. The legal basis for processing in order to fulfill our legal obligations is Article 6 (1) lit. c GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party, Article 6 (1) (f) GDPR serves as the legal basis for processing. If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art.
8. When and how do we process personal data?
We process your personal data in order to ensure the smooth use of our services and to continuously improve them. We also use your data to adapt our product range to customer needs and to offer you personal product information that is optimized to your needs. The processing purposes can be summarized in the following groups:
8.1 Provision of the website
Purpose and scope of data processing
When visiting our website, we generally do not save any personal data. In so-called server log files, our web servers only log access data without personal reference, such as the IP address (shortened), version of your Internet browser and operating system, the previously visited page (so-called referrer URL), the page called up and the time of the call. This data is collected and processed for the purpose of enabling the use of our website (establishing a connection) and ensuring system security and stability as well as for the technical administration of the network infrastructure. We use the data to analyse the online behavior of our visitors in general. These data do not allow us to draw any conclusions about your person.
Storage duration and access to data
For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of 7 days and then automatically deleted.
This data is not passed on to third parties, unless this is necessary for the provision of our service (e.g. hosting provider, web analysis company).
Legal basis and possibility of objection
The storage of every access to our server (server log files) is based on Article 6 (1) (f) GDPR and our legitimate interests such as the optimization of our services or protection against misuse through unauthorized use.
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.
8.2 Provision of services and processing of orders
Purpose and scope of processing
We process personal data in order to provide you with our products or services or when you contact us. We also use personal data to process purchases and the associated order processing (including guarantee and service, returns, notification of the delivery status and payment processing).
In order to fulfill our contractual obligations and services, we process inventory data (contact data such as name, address, email, telephone number and date of birth) and contract data (e.g. service used, names of contact persons, payment information, order data). When contacting us (e.g. by e-mail, telephone or via social media), the information provided by the user is processed in order to process and process the contact request. The user information can be stored in a customer relationship management system ("CRM system").
Storage duration and access to data
The deletion of the order data takes place after the expiry of statutory warranty and comparable obligations. Information in any customer account remains until it is deleted. When you contact us, we delete information provided that it is no longer required. In the case of the legal archiving obligations, the deletion takes place after their expiry.
This data is generally not passed on to third parties, unless it is necessary to provide the above-mentioned services (e.g. payment service provider, warehouse, parcel services, website manager) or to pursue our claims (e.g. credit reference agencies, debt collection agencies, debt collection offices, civil courts, law enforcement authorities and institutions for Anti-fraud).
Legal basis and possibility of objection
The processing to fulfill the contract is based on Art. 6 Paragraph 1 lit. b GDPR. The storage takes place on the basis of the legitimate interests in protection against misuse and other unauthorized use in accordance with Art. 6 Para. 1 lit. f GDPR.
8.3 Newsletter direct marketing
Purpose and scope of data processing
When registering for the newsletter, the following data is collected: Name, email address, IP address and registration notification in the double opt-in procedure.
Storage period and recipient of the data
The user's name and email address will be stored as long as the subscription to the newsletter is active. The subscription is automatically considered inactive if no message has been opened for two years. As an exception, we also save this data in so far as and as long as we are subject to statutory retention or documentation obligations for this data.
In connection with the sending of the newsletter, the data is not passed on to third parties, unless this is necessary for the provision of our services (e.g. marketing agencies, advertising partners, website operators and managers, shipping service providers). The newsletter is sent via Shopify. The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on Shopify’s servers. Shopify uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Shopify can use this data to optimise or improve its own services, e.g. to technically optimise the dispatch and display of the newsletter or for economic purposes, to determine from which countries the recipients come. However, Shopify does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
Legal basis and possibility of withdrawal
When registering for the newsletter, the subscription (in the double opt-in procedure) requires consent to data processing in accordance with Art. 6 Para. 1 lit. a GDPR. The collection of the email address or telephone number is used to deliver the newsletter. The collection of other personal data during the registration process is based on Art. 6 Para. 1 litz. f GDPR to prevent misuse of the services or the e-mail address used. The measurement of success via "web beacon" is based on Article 6, Paragraph 1, Letter f of the GDPR, to improve our service technically and to adapt it to the interests and reading habits of our users.
You can cancel the receipt of our newsletter at any time, ie revoke your consent. Your consent to sending by Mailchimp and your consent to statistical analyzes will expire at the same time. There is a corresponding link in every newsletter for this purpose.
9.5 Contests
Purpose and scope of data processing
We process personal data of participants in our competitions. When you register for the competition, we collect the following data: age, name and email address or telephone number. The collection of the email address or telephone number serves to identify and notify the winner. You can provide additional data or your advertising consent on a voluntary basis. Participation is possible without advertising consent.
Storage duration and recipient
The personal data will be deleted no later than 90 days after the end of the competition. There is no transfer of data to third parties in connection with competitions, unless this is necessary for the provision of our services (e.g. media and marketing agencies, shipping providers).
Legal basis and revocation
Your data is provided on the basis of your consent in accordance with the provisions of Art. 6 (1) (A) GDPR. You have the right to withdraw your consent to the processing of your personal data at any time. However, we would like to point out that this will lead to the exclusion of your participation.
9. Cookies, analysis tools and social media applications
9.1 Cookies
Cookies are small files that make it possible to save specific, device-related information on the user's access device (PC, smartphone, etc.) and to retrieve it when you visit the same website again. Cookies are used to improve your online experience with us by helping us to make the website more user-friendly, faster and safer. They also serve the purpose of advertising and market research by anonymously analyzing the use of our website. We use cookies based on Article 6, Paragraph 1, Letter f of the GDPR on the basis of our legitimate interests in the analysis, optimization and economic operation of our online shop.
"Third-party cookies" are cookies that are offered by providers other than the person responsible for operating the online offer. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. Most of the cookies we use are so-called "session cookies", which are automatically deleted after your visit. A distinction can also be made between the following categories of cookies - depending on the purpose pursued:
Technical / Required Cookies : These cookies are function-related , ie absolutely necessary in order to guarantee the essential functions of the website. They cannot therefore be deactivated. They enable you to navigate on the page, for example.
Performance / Analytic Cookies : These cookies are performance-related and enable the functions of the website to be improved. For example, you can increase the speed, save the page settings you have chosen or your wish list. Analytical cookies are also used for the statistical evaluation of the use of the website and to improve it. If you refuse these cookies, the site may react more slowly or certain functions may be restricted.
Advertising / Tracking Cookies : They aim to create user profiles and are used to send advertisements to the user based on their browsing behavior. We use tracking cookies to analyze visitor preferences (e.g. which pages of our online store a customer visits, which products he has viewed). This enables us to personalize your shopping experience and thus improve marketing communications. If you refuse these cookies, this may mean that the product suggestions do not match your interests.
The following information can be collected by cookies: IP address, specific device identification number (UDID) and the device type, domain, browser type and language used, operating system and system settings, country and time zone-specific cookie identifier (cookie identifier), cookie information and information about whether your device has the appropriate software to use certain functions, previously visited Internet pages, forwarding URLs, information about the interaction with our pages, such as access times, click behavior, preferences and purchases.
9.2 Deactivating cookies
You can influence the use of cookies yourself, as most browsers have an option that restricts or completely prevents the storage of cookies. However, we would like to point out that in this case you will not be able to use all functions of the website to their full extent.
You can also use cookies, which are used for range measurement and advertising purposes, via the deactivation page of the network advertising initiative ( http://optout.networkadvertising.org/ ) and the US website ( http://www.aboutads.info/) choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).
9.3 Use of Facebook, Instagram and Pinterest lug-ins
Plug-ins from Facebook, Instagram, Youtube, Twitter, Pinterest and Snapchat (hereinafter "social media platform") are used on our website. You can recognize the plugins by the respective company logo. If you use such a plug-in, a connection to the server of the corresponding social media platform is established and your message is displayed on this social media platform. Your IP address is transmitted to the social media platform and which of our websites you visited and when. If you are logged in as a member of a social media platform at the same time, the social media platform will assign this information to your personal user account. The social media service is able to use the transmitted data to identify your user name and, if applicable, even to determine your real name and assign this information to your personal user account with the social media service. You can prevent this by logging out of your user account on the social media platform before using the plug-in. For more information on the collection and use of data by Facebook, Instagram and Pinterest with regard to your rights and options for protecting your privacy, please refer to the relevant data protection information on the social media platform.
10. By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.