privacy protection

PRIVACY POLICY
pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)

1. Data Controller

The Data Controller is:

Lazzarotto Souvenirs SAS di Lazzarotto Federica & C.
Legal representative: Lazzarotto Raoul

Via Werner von Siemens 16
39100 Bolzano – Italy
VAT No.: IT01600970212
Company Registration (REA): 132204
Tel.: +39 0471 914384
E-mail: info@lazzarotto-souvenirs.it

2. Purpose of processing

Personal data are processed for the following purposes:

management and execution of business relationships
order processing, supply and delivery of goods
administrative, accounting and tax compliance
payment and collection management
operational communication with customers and suppliers
compliance with legal obligations

3. Obligation to provide data

The provision of personal data is mandatory for the purposes listed above.

Failure to provide the required data may make it impossible to establish or perform the contractual relationship.

Processing is carried out in accordance with GDPR principles, including lawfulness, fairness, transparency, purpose limitation and data minimisation.

4. Categories of data processed

Only data strictly necessary for the business relationship are processed, including:

company identification data (company name, VAT number, tax code, address, SDI, PEC where applicable)
contact details (email, phone number, fax where used)
billing and shipping addresses
order and transaction data
access credentials (encrypted passwords)

5. Processing methods

Data are processed using electronic, telematic and, where necessary, paper-based tools.

Appropriate technical and organisational measures are implemented to ensure the security, confidentiality and integrity of personal data.

No automated decision-making or profiling activities are carried out.

6. Data disclosure

Personal data may be disclosed, within the limits of the purposes described above, to:

tax and accounting advisors
banks and payment service providers
public authorities and tax administrations
debt collection agencies (where necessary)
commercial agents
logistics and transport companies

These entities act as independent controllers or processors in accordance with the GDPR.

7. International data transfers

Personal data are not transferred outside the European Union or the European Economic Area.

If such transfer becomes necessary in the future, it will be carried out in compliance with Articles 44–49 of the GDPR.

8. Data retention

Data are stored for the duration of the business relationship and subsequently for as long as required by applicable civil, accounting and tax regulations.

9. Rights of the data subject

Data subjects have the following rights under the GDPR:

right of access
right to rectification
right to erasure (“right to be forgotten”)
right to restriction of processing
right to object to processing
right to data portability (where applicable)

Requests may be addressed to the Data Controller using the contact details above.

10. Right to lodge a complaint

Data subjects have the right to lodge a complaint with a supervisory authority:

Italy: Garante per la Protezione dei Dati Personali
Germany: competent regional authority
Austria: Austrian Data Protection Authority
Other EU countries: local data protection authority

11. Data security

Data are processed using electronic, telematic and paper-based systems and are protected by appropriate technical and organisational security measures to prevent loss, misuse or unauthorised access.

12. Website usage data

When accessing the website, anonymous technical and statistical data may be collected for security and analytical purposes.

Registered users may access a restricted area where order-related data are stored.