With this privacy policy, we want to illustrate how your personal data will be collected and processed through our site, therefore, we invite you to read it carefully before providing us with any personal data.
This policy is provided in accordance with the current regulations regarding personal data for users interacting with the services offered here under EU Regulation 2016/679 (hereinafter "GDPR") and is intended solely for the site www.freekidsmontessori.com (hereinafter "site") and not for other websites that the user may consult through our links.
1. Data Controller
The data controller is FREEKIDS MONTESSORI S.R.L., with registered office at Piazza Fabrizio De Andrè, 1 Jesolo 30016 (VE), VAT number 04841890272 (hereinafter "FREEKIDS" or "Controller").
2.Purpose of data processing and data retention time
Your personal data will be processed for the following purposes:
a) to respond to the requests of the data subject, to fulfill contractual and pre-contractual obligations (receiving and managing orders, providing products, processing payments);
b) to comply with obligations arising from the law, regulations, and community legislation;
c) sending informative and promotional communications related to offers of products and services. Such communications may be made via email or SMS, through postal mail and/or the use of the telephone with an operator, as well as through messaging platform services, chat, and official pages on social networks.
The data collected by the Data Controller, with reference to the purposes mentioned in points a) and b), will be kept for the time necessary to manage the activities related to the processing of the data itself.
With reference to the purpose mentioned in point c), however, the data of the data subjects will be kept for the time necessary for the execution of the activity and, in any case, until the revocation of your consent.
3. Legal basis for processing
The legal basis that legitimizes the processing of your data in relation to the purposes identified above is:
- the necessity to fulfill requests from the data subject for the purposes referred to in the previous art. 2 lett- a) and b);
- the consent of the data subject for the purpose referred to in letter c) of art. 2
4. Types of data processed
4.1 Navigation data
The computer systems and software procedures used for the operation of the site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and associations with data held by third parties, allow for the identification of users. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.).) and other parameters related to the operating system and the user's computing environment. This data is used solely to obtain anonymous statistical information on the use of the site and to monitor its proper functioning, and is deleted after processing. The data may be used to ascertain responsibility in the event of hypothetical cyber crimes against the site.
4.2 Data provided voluntarily by the user
The provision of data is mandatory for the conclusion of the contract and/or for its execution, as well as to respond to user requests. Therefore, refusal to provide the data does not allow for the establishment of the contractual relationship and/or the fulfillment of the resulting obligations, as well as to follow up on requests.
4.3 Data of third parties voluntarily provided by the user
If the user provides personal data of third parties, the user will act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, the user grants the broadest indemnity against any dispute, claim, request for damages from processing, etc. that may be received by the Data Controller from third parties whose personal data has been processed through the user's use of the site services in violation of applicable data protection laws.In any case, if the user provides or otherwise processes personal data of third parties while using the site, they guarantee from now on – assuming all related responsibility – that such specific processing is based on the prior acquisition – by the user – of the third party's consent to the processing of information concerning them.
4.4 Cookies
Cookies refer to a text element that is inserted into the hard drive of a computer only after authorization. Cookies serve to streamline the analysis of web traffic or to signal when a specific site is visited and allow web applications to send information to individual users. No personal data of users is acquired in this regard by the site. No use is made of cookies for the transmission of personal information, nor are so-calledpersistent cookies of any kind, that is, systems for tracking users. The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site. The so-called session cookies used on the site prevent the use of other potentially harmful IT techniques for the confidentiality of users' browsing and do not allow the acquisition of personally identifiable user data.
For more information, please consult the site's cookie policy.
5.Recipients of personal data
Your personal data may be shared, for the purposes listed above, with:
entities that typically act as data processors, namely (i) individuals delegated or appointed to carry out technical maintenance activities, (ii) hosting service providers, (iii) individuals, companies, or professional firms that provide assistance and consultancy to the Data Controller in accounting, administrative, legal, and financial matters;
entities, bodies, or authorities to which it is mandatory to communicate user data by virtue of legal provisions or orders from authorities;
individuals authorized by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of services.
The complete list of data processors is available by sending a written request to the Data Controller.
6.International Transfers
If we need to transfer personal data outside the territory of the European Union, we will cover such transfers with an adequate level of protection. In particular, the user's personal data may be transferred outside the territory of the European Union, alternatively, based on their consent, based on the necessity to execute the contract concluded with the Company, or for the execution of pre-contractual measures taken at their request, based on the necessity to conclude or execute a contract entered into between the Company and a third party in their favor.
If and when we transfer data to our suppliers residing outside the territory of the European Union, we do so based on an existing adequacy decision or based on the Standard Contractual Clauses approved by the European Commission.
7.Treatment Methods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.
8. Rights of the Data Subjects
Within the limits and under the conditions provided by law, the data controller is obliged to respond to requests from the data subject regarding personal data concerning them. In particular, under current legislation:
1. the data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed and, in that case, to obtain access to the personal data;
2.The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning them without unjustified delay. Taking into account the purposes of the processing, the data subject has the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.
3. The data subject has the right to obtain from the data controller the erasure of personal data concerning them without unjustified delay, and the data controller is obliged to erase personal data without unjustified delay within the limits and cases provided for by current legislation. The data controller shall communicate to each of the recipients to whom the personal data have been disclosed any rectifications or erasures or restrictions of processing within the limits and in the forms provided for by current legislation.
4.The data subject has the right to obtain from the data controller the restriction of processing.
5. The data subject has the right to receive in a structured, commonly used, and machine-readable format the personal data concerning them provided to a data controller and has the right to transmit such data to another data controller without hindrance from the data controller to whom they were provided.
In any case, the user always has the right to lodge a complaint with the competent supervisory authority (Data Protection Authority).