PRIVACY POLICY
This privacy notice ("Privacy Policy") is intended to provide information about how the personal data of individuals who visit this website ("Website"), subscribe to SOVAIN's newsletter (as defined below), or place an order through the Website ("Users") are processed, in accordance with Article 13 of EU Regulation 2016/679 ("GDPR") and Italian Legislative Decree no. 196/2003, as amended (the “Privacy Code” and together with the GDPR, the “Privacy Regulations”).
This Privacy Policy does not apply to other websites accessible via links on the Website.
1. Data Controller
The data controller is Martina Spagnoli, VAT no. 01662240496 (“SOVAIN” or the “Controller”). The Controller's contact details are:
-
Address: Via Pacinotti n. 12, Livorno, 57128 - Italy
-
Email: sovainofficial@gmail.com
2. Personal Data Collected
SOVAIN processes Users' ordinary personal data, including but not limited to:
-
First name, last name, date of birth
-
Email address, phone number
-
Shipping address and payment details
-
Website browsing data
These personal data are collected when:
-
Users browse the Website;
-
Users place an order on the Website;
-
Users contact SOVAIN via email.
For more information on data collected through cookies, please refer to the Cookie Policy.
3. Purposes and Legal Bases of Processing
SOVAIN processes personal data in accordance with the Privacy Regulations for the following purposes:
-
a) to manage the contractual relationship with the User;
-
b) to respond to the User’s emails;
-
c) to comply with legal obligations;
-
d) to establish, exercise or defend the Controller’s legal rights in court or out of court;
-
e) to carry out direct marketing activities by sending newsletters;
-
f) to send promotional emails relating to products similar to those already purchased by the User (“soft spam”);
-
g) to ensure proper operation and security of the Website.
Legal bases:
-
a) based on performance of a contract and/or pre-contractual steps (Art. 6(1)(b) GDPR)
-
b) based on pre-contractual steps requested by the User (Art. 6(1)(b) GDPR)
-
c) based on compliance with legal obligations (Art. 6(1)(c) GDPR)
-
d) based on the Controller’s legitimate interest in defending its rights (Art. 6(1)(f) GDPR)
-
e) based on the User’s consent at the time of newsletter subscription (Art. 6(1)(a) GDPR)
-
f) based on the Controller’s legitimate interest in promoting its products (Art. 6(1)(f) GDPR)
-
g) based on the Controller’s legitimate interest in ensuring proper operation and security (Art. 6(1)(f) GDPR)
4. Data Retention Period
Personal data will be stored in Italy at the Controller's registered office.
They will be retained for as long as necessary to fulfill the processing purposes and legal obligations, up to a maximum of 10 years.
Data collected for marketing or soft spam purposes will be retained for 24 months, unless consent is withdrawn earlier.
After the retention period, personal data will be deleted or anonymized.
5. Methods of Processing and Data Provision Requirements
SOVAIN processes Users’ personal data using both manual and electronic tools, ensuring their security and confidentiality in accordance with the Privacy Regulations. The processing is carried out in line with principles of fairness, lawfulness, and transparency under the GDPR.
Providing data for purposes under points a), b), c), d), and g) is mandatory to fulfill those purposes. Refusing or providing inaccurate data may prevent the Controller from fulfilling them.
Providing data for purposes under e) (marketing) and f) (soft spam) is optional and subject to User consent. Not providing data for these purposes will prevent their use for promotional communications.
6. Disclosure of Personal Data to Third Parties
Personal data will be processed by individuals authorized by the Controller to achieve the above purposes.
Data will not be disclosed to the public but may be shared with:
-
Third parties appointed as data processors by the Controller;
-
Independent data controllers, such as Klarna Bank AB (for installment payments), which will process data under their own privacy policy.
If personal data is transferred outside the European Economic Area (EEA), the Controller will ensure adequate protection by:
-
Verifying third parties are certified under an EU adequacy decision; or
-
Using appropriate safeguards (e.g., standard contractual clauses under Art. 46(2)(c) and (d) GDPR); or
-
Adopting binding corporate rules under Art. 47 GDPR.
7. User Rights
Users may exercise their rights under Articles 15–21 of the GDPR by writing to the Controller at their address or by email to sovainofficial@gmail.com:
-
(i) Right of Access: to confirm whether their personal data is being processed and access the data, its origin, purposes, legal basis, recipients, and retention period.
-
(ii) Right to Rectification, Erasure, and Restriction: to request correction, erasure, restriction, anonymization or blocking of unlawfully processed data.
-
(iii) Right to Data Portability: to receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
-
(iv) Right to Object: to object to processing based on legitimate interests, including soft spam communications.
Users may also withdraw their consent for processing under point e) at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
8. Right to Lodge a Complaint or Appeal
Pursuant to Art. 13 GDPR and Art. 140-bis of the Privacy Code, if a User believes their data is processed in violation of the Privacy Regulations, they may lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or any other competent supervisory authority, or appeal to a competent judicial authority.
9. Changes to the Privacy Policy
SOVAIN may amend this Privacy Policy to reflect changes in its services or legal updates.
Users will be notified of significant changes by email.