Privacy Policy

Name and address of the data controller

Data Controller in accordance with the General Data Protection Regulation, the national laws of the EU Member States and other privacy regulations:

sibalgioielli@gmail.com
www.sibalgioielli.com

General notes on data processing

As a rule, we only process the personal data of our users to the extent necessary to offer a fully functional website as well as content and services. The processing of your personal data usually takes place only with your consent. Exceptions are cases in which, for concrete reasons, it was not possible to obtain the user's prior consent and the processing of data is required by law.

Insofar as we obtain consent from the data subject to process personal data, the legal basis for this consent is Art. 6 c.1 lett. a) of the EU General Data Protection Regulation (GDPR).

In case of processing of personal data aimed at fulfilling a contract of which the interested party is a contractual party, the legal basis is art. 6 c.1 lett. b) of the GDPR. The same legal basis also constitutes the reference in the event of processing necessary for the execution of pre-contractual measures.

If the processing of personal data is necessary in order to comply with a legal obligation to which our company is subject, the legal basis is art. 6 c.1 lett. c) of the GDPR.

If the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is art. 6 c.1 lett. d) of the GDPR.

If the purpose of the data processing is to protect a legitimate interest of our company or of a third party and in this context the interests, fundamental rights and freedoms of the data subject do not prevail, the legal basis for the processing is Art. 6 c. 1 lit. f) of the GDPR.

The personal data of the interested party will be canceled or blocked once the purpose of their conservation no longer exists. The retention of personal data may also take place if it is contemplated by European or national legislation within ordinances, laws or other Union rules to which the data controller is subject. Furthermore, the blocking or deletion of the data takes place after the expiry of the retention period stipulated by the aforementioned regulations, without prejudice to the possible need to further store the data for the purpose of concluding or fulfilling a contract.

Rights of the interested party

Pursuant to the GDPR, the user whose personal data is being processed is a data subject, who has the following rights vis-à-vis the data controller:

The user has the right to ask the owner for confirmation regarding his personal data being processed.

Against this treatment, the user has the right to request the following information from the owner:
• the purposes of the processing of personal data;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the user's personal data have been or are still being disclosed;
• the expected duration of retention of personal data or, if it is not possible to provide concrete indications, the criteria for determining the retention period;
• the existence of the right to rectification or cancellation of the personal data of the interested party, the right to limit the processing by the data controller or the right to oppose the processing;
• the existence of the right to lodge a complaint with a competent supervisory authority;
• all available information on the origin of the data, if such personal data have not been provided by the interested party;
• the existence of an automated decision-making process, including profiling, pursuant to art. 22 c. 1 and 4 of the GDPR and - at least in such cases - the relevant information about the logic adopted as well as the scope and effects that the data processing may have for the interested party.

The interested party has the right to request information about the possible transmission of their personal data to a third country or an international organization. In this context, the interested party has the right to request information about the adequate guarantees contemplated by art. 46 of the GDPR relating to the aforementioned transmission.

This right to information may be limited to the extent that it could presumably impede or seriously impair any research and statistical purposes and the limitation is necessary to achieve these purposes.

The user has the right, vis-à-vis the data controller, to have their personal data rectified and/or integrated, if they are incorrect or incomplete. The owner is required to promptly provide for the rectification.

This right to rectification may be limited to the extent that it could allegedly seriously impede or impair the statistical or research purposes and the limitation is necessary for said statistical and research purposes.

The user has the right to the limitation of the processing of his personal data in the presence of the following circumstances:
• if you dispute the correctness of your personal data for a period that allows the owner to verify the correctness of the data;
• if the processing is unlawful and the user refuses the deletion of personal data, requesting instead the limitation of their use;
• if the data controller no longer needs to process personal data, the user nevertheless needs it in order to assert, exercise or defend legal claims or
• if the user has opposed the processing of data pursuant to art. 21 c. 1 of the GDPR and it has not yet been established whether the legitimate reasons of the owner prevail over the reasons of the user.

If the processing of the personal data of the data subject has been restricted, these data - regardless of the storage of the same - may only be processed with the prior consent of the data subject or for the assertion, exercise or defense of legal claims, the protection of the rights of a third party natural or legal person or for important reasons of public interest of the Union or of a Member State thereof.

In the event of limitation of treatment in the circumstances described above, before proceeding with the cancellation of the limitation, the owner will inform the interested party.

The data subject's right to restriction of processing may be restricted to the extent that it could presumably impede or seriously impair the statistical or research purposes and the restriction is necessary for such statistical and research purposes.

The interested party has the right to request the data controller to immediately cancel their personal data and the owner is obliged to promptly cancel them, for the following reasons:
• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• The interested party revokes his consent to the processing of data contemplated by art. 6 c. 1 lit. a) or art. 9 c. 2 lett. a) of the GDPR and there is no other legal basis that justifies the processing.
• The interested party opposes the processing of data pursuant to art. 21 c. 1 of the GDPR and there are no priority and legitimate reasons for such processing, or the interested party opposes the processing of data pursuant to art. 21 c. 2 of the GDPR.
• The personal data of the interested party have been subject to unlawful processing.
• The deletion of the personal data of the interested party is necessary to fulfill legal obligations under the law of the Union or of the Member States to which the owner is subject.
• The personal data of the interested party have been collected for the purpose of the direct offer of the information society pursuant to art. 8 c. 1 of the GDPR.

If you have published the personal data of the data subject and are subject to the cancellation obligation pursuant to art. 17 c. 1 of the GDPR, the data controller will have to adopt adequate measures, including of a technical nature, taking into account the available technologies and implementation costs, in order to inform the managers in charge of processing personal data that the interested party has requested the cancellation of any links to such personal data or to copies or reproductions of such data.

The right to erasure does not exist insofar as the processing is necessary
• in order to exercise the right to freedom of opinion and information;
• for the purpose of fulfilling a legal obligation to which the data controller is subject pursuant to the laws of the Union or of the Member States or in order to carry out a task in the public interest or if it occurs in the exercise of the public authority of which the holder has been invested;
• for reasons of public interest in the field of public health pursuant to art. 9 c. 2 lett. heie of the art. 9 c. 3 of the GDPR;
• for archiving purposes in the public interest, for historical or scientific research purposes or for statistical purposes pursuant to art. 89 c. 1 of the GDPR, insofar as the right mentioned in section a) can foreseeably frustrate or jeopardize the processing or
• is necessary in order to establish, exercise or defend legal claims.

If the interested party exercises the right of rectification, cancellation or limitation of processing against the owner, the latter has the obligation to communicate to all recipients to whom he has disclosed the personal data in question the correction, cancellation of data or limitation of the treatment, except in the case in which this proves unfeasible or involves a disproportionate commitment.

The interested party has the right to be informed by the owner about the recipients of their personal data.

The interested party has the right to receive the personal data concerning him provided to the owner, in a structured format, commonly used, and readable by an automatic device. You also have the right to transmit such data to another data controller, without impediment by the first controller to whom you provided the data, to the extent that

In exercising this right, the interested party also has the right to obtain the direct transmission of their personal data from one owner to another, if technically feasible. Fundamental rights and freedoms of third parties cannot be violated in this context.

The right to data portability does not exist in the event of personal data processing aimed at carrying out a task in the public interest or exercising the public authority vested in the holder.

The interested party has the right, for reasons connected to his particular situation, to object at any time to the processing of his personal data which takes place pursuant to art. 6 c. 1 lit. e) of) of the GDPR, including profiling based on these provisions.

The owner will refrain from further processing the personal data, except in the case in which he can demonstrate valid and legitimate reasons for proceeding with the processing, which prevail over the fundamental rights and freedoms of the interested party or if the processing is aimed at enforcing, exercise or defend a right in court.

If the data subject's personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for said purposes, including profiling if associated with said direct advertising.

In the event of the data subject's objection to data processing for direct marketing purposes, the data subject's personal data will no longer be processed for this purpose.

In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the interested party has the possibility of exercising the right of opposition through automated processes that use technical specifications.

For reasons due to their particular situation, the interested party also has the right to object to the processing of their personal data for historical or scientific research purposes or for statistical purposes pursuant to art. 89 c. 1 of the GDPR.

This right to object may be limited to the extent that it is alleged to impede or seriously impair any research and statistical purposes and the limitation is necessary to achieve these purposes.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to refuse to be subjected to an exclusively automated decision-making process, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way. The above does not apply where the decision-making process
1. it is necessary for the purpose of concluding or executing a contract between the interested party and the data controller,
2. it is permitted pursuant to the legal provisions of the Union or of the Member States to which the controller is subject and these provisions provide for adequate measures aimed at protecting the rights, fundamental freedoms and legitimate interests of the data subject or
3. takes place with the express consent of the interested party.

However, these decision-making processes are not based on the particular categories of personal data pursuant to art. 9 c. 1 of the GDPR, unless art. 9 c. 2 lett. a) or b) of the GDPR and adequate measures are not in place to protect the rights, fundamental freedoms and legitimate interests of the data subject.

With regard to the cases mentioned in points 1. and 3., the owner adopts adequate measures aimed at protecting the rights, fundamental freedoms and legitimate interests of the interested party, including at least the right to obtain the intervention of a person in charge of the owner, the right to explain his point of view and the appeal of the decision-making process.

Without prejudice to any other administrative or judicial appeal, the interested party who considers that the processing that concerns him violates the GDPR has the right to lodge a complaint with a supervisory authority, especially in the Member State in which he habitually resides, works or of the place where the alleged violation has occurred.

The supervisory authority to which the complaint has been lodged informs the complainant of the status and outcome of the complaint, including the possibility of judicial appeal pursuant to art. 78 of the GDPR.

Provision of the website and creation of log files

When you visit our website, our system automatically detects data and information from your computer.

While visiting our website, we collect the following data:
• information on the type of browser and the version used;
• user's operating system;
• your Internet provider;
• user's IP address;
• date and time of access;
• websites from which the user's system has been redirected to our site;
• websites viewed by the user's system through our site.

The above data is saved in the log files of our system. The storage of this data is not combined with other personal data of the user.

The temporary saving of the IP address by the system is necessary in order to make the site available to the user's device. In this sense, the user's IP address must be saved for the entire duration of the session.

Saving in log files takes place in order to ensure the functioning of the website. The above data also helps us to optimize the site, also ensuring the security of our IT systems. In this context, no evaluation of the data for marketing purposes takes place.

It is our legitimate interest to process data for these purposes in accordance with Art. 6 c. 1 lit. f) of the GDPR.

The legal basis for the temporary storage of data and log files is Art. 6 c. 1 lit. f) of the GDPR.

The data will be deleted once it is no longer needed for the purpose for which it was collected. In the case of data collection in order to make the website available, the purpose ceases once the visit session on the same is concluded.

In the case of saving data in log files, the purpose ceases after 90 days at the latest. It is possible to save data beyond these terms. In this case, the IP addresses of the users will be deleted or anonymised in order to prevent their association with the respective user.

The collection of data and the storage of data in log files are strictly necessary in order to provide the website. There is no right for the user to object in this sense.

Use of Cookies

Our website uses cookies. Cookies are small text files saved in or by the browser on the user's device. When the user opens a site, a cookie is generated, which is subsequently saved in the user's operating system. Said cookie contains a characteristic sequence that allows the browser to be clearly identified on the next visit.

We use cookies to improve the usability of our site. Some elements of our site require identification of the browser even after the user has moved to another website.

The cookies save and transmit the following data:
• language settings;
• login data.

This site also uses cookies that allow the user's surfing behavior to be analysed.

The data transmitted in this case are:
• search terms entered;
• page viewing frequency;
• use of site functions.

The user data collected in this way is pseudonymized by means of technical intervention; therefore, it will no longer be possible to associate the data with the user who visits the site. The data is not saved together with other personal data of the user.

The purpose of using technically necessary cookies is to facilitate the use of the site by the user. Without the use of cookies some functions of our site would not be available. To offer these functions it is necessary to recognize the browser even after the user has switched to another site.

Cookies are required for the following applications:
• storage of language settings;
• storage of search terms.

User data collected through technically necessary cookies will not be used for profiling purposes.

The use of analytical cookies takes place in order to improve our site and its contents. Analytical cookies provide us with data relating to how the site is used, which allow us to constantly optimize our offer.

The legal basis for the processing of personal data through the use of cookies that are not necessary for the functioning of the site is art. 6 c. 1 lit. a) of the GDPR.

The legal basis for the processing of personal data through the use of technically necessary cookies is Art. 6 c. 1 lit. f) of the GDPR.

Cookies are saved on the user's device, which in turn transmits them to our site; therefore, the user has full control over the use of cookies. By changing the settings in the browser, the user has the option of deactivating or limiting the use of cookies. Cookies that have already been saved can be deleted at any time, even through an automated procedure. In case of deactivation of cookies for our site, some functions of the same may be available only to a limited extent.

In the case of the Safari browser in version 12.1 and later, cookies are automatically deleted after seven days. This also applies to opt-out cookies saved for the purpose of preventing tracking operations.

Registration

Our site offers users the opportunity to register by providing some personal data. These data are entered in appropriate fields and then sent to our company, which saves them. We do not forward this data to third parties. Below are the data collected during registration:
• email address;
• surname;
• first name;
• username;
• address;
• telephone/mobile number;
• IP address of the device used for access;
• date and time of recording.

User registration is required in order to be able to make certain content and services available on our website. Registration takes place on a voluntary basis and is not strictly necessary.

The legal basis of the data processing against the consent expressed by the user is art. 6 c. 1 lit. a) of the GDPR.

The data will be deleted once it is no longer needed for the purpose for which it was collected.

This applies to the data collected during registration, if the registration on our site is changed or cancelled.

The user has the right to cancel the registration at any time. For this purpose it is sufficient to give informal communication to support@oceansapart.com. The user can request the modification of his saved personal data at any time.

Shop online

Our website includes an online shop.

We use the appropriate software for this purpose:

Shopify

For more information, you can consult the supplier's privacy policy on the page: https://www.shopify.com/it/legal/privacy

The servers automatically detect and save information in so-called server log files transmitted by the user's browser during the visit to the site. The information saved in this context is:
• type and version of browser used;
• operating system used;
• URL of the referrer;
• host of the accessing device;
• date and time of the request sent to the server;
• IP address;

This data is not merged with other data sources. The data collection takes place on the basis of art. 6 c. 1 lit. f) of the GDPR. It is in the legitimate interest of the site operator to be able to present a technically flawless and optimized site. For this purpose it is necessary to generate log files.

We have entered into a contract with the respective service provider, according to which the latter is obliged to protect your data and to prohibit its forwarding to third parties.

The headquarters of the server used by the site is located in Canada.

Payment Options

We offer our customers different payment methods related to the orders they place. In doing so, we redirect customers to the platform of the respective payment provider, depending on the payment option chosen. After completing the payment process, the service providers or the bank transmit the customers' payment data to us, which we process for billing and accounting purposes.

Payment by credit card

Payment can be made by credit card.

If the customer selects payment by credit card, the payment data will be transmitted to the respective service provider. All providers of this service comply with the "Payment Card Industry (PCI) Data Security Standards" and have been certified by a qualified and independent PCI security assessor (QSA).

Payment by credit card requires the transmission of the following data:
• purchase amount;
• date and time of access;
• name and surname;
• address;
• email address;
• credit card number;
• credit card expiry;
• security code (CVC);
• IP address;
• telephone/mobile number.

Payment data is forwarded to the following service providers: Shopify Inc.

In this context, data may be transmitted to Shopify Payments servers in the United States. Shopify has joined and certified under the EU-US Privacy Shield Framework; therefore, it undertakes to comply with the standards and regulations of European data protection legislation. More information is available at the following link: https://www.shopify.com/it/legal/privacy

For more information: https://www.shopify.com/it/legal/privacy

Payment with Paypal

Payment can be made using the PayPal service. In addition to an immediate payment method, PayPal offers payment options on invoice, by direct debit, by credit card and in installments.

The European company that manages the PayPal service is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg.

If the customer selects payment with PayPal, the data necessary for the operation will be automatically transmitted to the company.

Specifically, it concerns the following data:
• surname;
• address;
• email address;
• telephone/mobile number;
• IP address;
• Bank account details;
• credit card number;
• deadline and CVC code thereof;
• number of articles;
• item number;
• data relating to goods and/or services;
• amount of the transaction and taxes due;
• data on previous buying behavior.

In some cases, PayPal may forward the transmitted data to credit centres. This forwarding is intended to verify the customer's identity and creditworthiness.

PayPal may also pass on personal data to third parties, insofar as this is necessary to fulfill contractual obligations or to process the data on commission. In the context of the transmission of personal data between companies affiliated with PayPal, the binding rules (Binding Corporate Rules) approved by the competent supervisory authorities apply. The text can be viewed at the following link: https://www.paypal.com/de/webapps/mpp/ua/bcr Any other data transfers are also in accordance with the contractually agreed data protection provisions. For more information you can contact PayPal.

PayPal transactions are subject to PayPal's privacy policy, which can be consulted at https://www.paypal.com/it/webapps/mpp/ua/privacy-full/.

We use PayPal services to manage the payment and related invoicing.

The legal basis of the data processing is art. 6 c. 1 lit. b) of the GDPR, as the processing of data is necessary for the purposes of the stipulated sales contract.

Payment data and data relating to any chargebacks will be kept only for the time necessary to manage the payment, any rejected charges, the collection of the amount due and to counter any abuses.

Data retention could also continue to the extent and for the period of time necessary to comply with the retention terms established by law or to pursue any concrete abuse.

The customer's personal data will be deleted after the statutory retention periods have expired, i.e. after 10 years at the latest.

The customer has the right to oppose the processing of his payment data at any time by notifying the data controller or the service provider. For its part, however, the service provider has the right to process the customer's payment data to the extent and for the period of time necessary to process the payment stipulated in the contract.

Payment by direct transfer in Sofort banking

Payment can be made by direct transfer in Sofort banking. The data collection in this case is performed by Sofort GmbH, Theresienhöhe 12, 80339 Munich.

The data controller does not collect or save the data already mentioned.

When arranging a direct transfer in Sofort banking, the customer instructs Sofort GmbH to verify by automated means
• coverage of the user's bank account and that any transfers in Sofort banking in the last 30 days have been successful;
• in the face of the positive outcome of this check, he also authorizes the company to electronically transmit the approved transfer order to the bank and to inform our company of the successful transfer, as the recipient of the payment indicated by the customer (online supplier).

For this purpose, Sofort GmbH requires the IBAN, PIN and TAN of the online account held by the customer. When ordering, the customer will be automatically redirected to the highly secure payment form of Sofort GmbH.

Immediately following, the customer receives confirmation of the transaction and our company credits the amount.

Anyone who can operate in online banking with the PIN/TAN procedure can use the transfer in Sofort banking.

We point out that some banks still do not support the transfer in Sofort banking.

For more information please refer to the following link: https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworthen/.

You can find more information about saved data at https://www.klarna.com/sofort/#cq-0.

We make use of Sofort services for the management of payment and related invoicing.

The legal basis of the data processing is art. 6 c. 1 lit. b) of the GDPR, as the processing of data is necessary for the purposes of the stipulated sales contract.

Payment data and data relating to any chargebacks will be kept only for the time necessary to manage the payment, any rejected charges, the collection of the amount due and to counter any abuses.

Data retention could also continue to the extent and for the period of time necessary to comply with the retention terms established by law or to pursue any concrete abuse.

The customer's personal data will be deleted after the statutory retention periods have expired, i.e. after 10 years at the latest.

The customer has the right to oppose the processing of his payment data at any time by notifying the data controller or the service provider. For its part, however, the service provider has the right to process the customer's payment data to the extent and for the period of time necessary to process the payment stipulated in the contract.

Forwarders

When the customer purchases products or services on our website that require delivery by courier, he will receive confirmation of the order and shipment at the indicated e-mail address as well as, depending on the forwarder in charge, notification of arrival of the shipment and/or a delivery note with different delivery options.

The data will be transmitted to the following shipping services:
• CNE Express
•YUN Express
• GLS SpA with registered office in via Basento 19 - 20098 San Giuliano Milanese (MI) – Italy.
• SDA Express Courier SpA with registered office in viale Europa 175, 00144 Rome – Italy

The data regularly transmitted are the following
• surname;
• address;
• email address;
• telephone number.

The purpose of the processing of personal data is to allow shippers to inform the recipient via e-mail on the progress of the shipment, thus increasing the probability of the goods being delivered without problems.

The legal basis for the transmission of name and address is Art. 6 c. 1 lit. b) of the GDPR.

Legal basis for the transmission of the e-mail address and telephone number to the respective carrier as well as the use of this data is our legitimate interest in accordance with Art. 6 c. 1 lit. f) of the GDPR.

The transmitted data will be deleted by the respective shipper once the parcel has been delivered.

The interested party can cancel the courier's messaging service at any time, using the opt-out link shown in each courier's e-mail message.

Newsletters

Our website offers the possibility to subscribe to a free newsletter. The registration data entered in the appropriate mask will be transmitted to our company. These are:
• email address;
• surname;
• first name;
• IP address of the device used for access;
• date and time of recording.
• date of birth;

The transmission of registration data to the Shopify e-mail service is aimed at delivering the newsletter. For more information on this see section XXI. Plugins used (Using Shopify Email) under this privacy policy.

The user's e-mail address is required for sending the newsletter.

The collection of other personal data during registration is intended to prevent misuse of the services or the e-mail address used.

The legal basis of the data processing following the registration to the newsletter and in response to the user's consent is art. 6 c. 1 lit. a) of the GDPR.

The data will be deleted once it is no longer needed for the purpose for which it was collected. Therefore, the user's e-mail address will be kept as long as the subscription to the newsletter is active.

The interested party can unsubscribe from the newsletter at any time. Each newsletter contains a specific link for this purpose,

which also allows you to revoke your consent to saving the data collected during registration.

Contact by email

Our site offers the possibility to contact us at the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail message will be saved.

The data is used exclusively for the purpose of managing the conversation.

In the case of contact by e-mail, the processing of the relevant data is in our legitimate and necessary interest.

The legal basis for the processing of data transmitted when sending an e-mail message is art. 6 c. 1 lit. f) of the GDPR. If the contact via e-mail is aimed at stipulating a contract, a further legal basis for the processing is art. 6 c. 1 lit. b) of the GDPR.

The data will be deleted once it is no longer needed for the purpose for which it was collected. In the case of personal data transmitted by e-mail, the purpose is to be considered achieved once the conversation with the user has ended. The conversation is considered concluded if from the circumstances it is inferred that the aspect in question has been addressed and definitively clarified.

The user has the right to object to the processing of personal data at any time. In this case it will not be possible to continue with the conversation. The personal data saved during contacts between us and the user will be deleted in this case.

Contact form

Our website features a contact form that can be used to contact our company digitally. If the user makes use of this option, the data entered in the appropriate fields will be transmitted to our company, which will save them.

At the time of sending the message, the following data will be saved:
• email address;
• surname;
• first name;
• address;
• order number;
• IP address of the device used for access;
• date and time of the contact request;
• reason for the contact;
• other data provided by the user on a voluntary basis.

When sending the message, the user's consent to the processing of data is requested, referring to this privacy statement.

Alternatively, our site provides the possibility of contacting us at the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail message will be saved.

The data is used exclusively for the purpose of managing the conversation.

The processing of personal data entered in the appropriate fields is aimed solely at processing the request object of the contact. In the case of contact by e-mail, the processing of the relevant data is in our legitimate and necessary interest.

The remaining personal data processed during the sending of the message is used to prevent misuse of the contact form and to ensure the security of our IT systems.

The legal basis of the data processing against the consent expressed by the user is art. 6 c. 1 lit. a) of the GDPR.

The legal basis of the processing of data transmitted when sending an e-mail message is art. 6 c. 1 lit. f) of the GDPR. If the contact via e-mail is aimed at stipulating a contract, a further legal basis for the processing is art. 6 c. 1 lit. b) of the GDPR.

The data will be deleted once it is no longer needed for the purpose for which it was collected. In the case of personal data transmitted via the contact form and those transmitted via e-mail, the purpose is to be considered achieved once the conversation with the user has ended. The conversation is considered concluded if from the circumstances it is inferred that the aspect in question has been addressed and definitively clarified.

The user has the right to revoke his consent to the processing of personal data at any time. If you contact our company by e-mail, the user has the right to object to the processing of personal data at any time. In this case it will not be possible to continue with the conversation. The personal data saved during contacts between us and the user will be deleted in this case.

Company pages

Use of company pages in social platforms

Instagram:

Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

Our company page provides information and offers Instagram users the opportunity to communicate with us. By interacting with our Instagram page (e.g. entering comments, uploading texts, clicking on "Like" etc.) the user could make the personal data provided in this context public (e.g. the name in clear text or the photo of the user profile). However, since we have no influence on the processing of this personal data by Instagram, which is jointly responsible for the management of the company page Rise Up Fashion GmbH, it is not possible for us to provide certain information about the purpose and extent of this data processing by part of said social platform.

We use our company page on the various social platforms for the purpose of communicating and sharing information with (potential) customers. Specifically, we use our company page for the following purposes:
• advertising;

The contents published on the page in this context may be the following:
• product information;
• advertising;

Each user has the right to make their personal data public by interacting with the platform.

The legal basis for the processing of data based on the user's consent is art. 6 c. 1 lit. a) of the GDPR.

We also save the activities and personal data on our Instagram company page until you withdraw your consent. We also comply with the statutory retention periods.

Instagram has joined and certified under the EU-US Privacy Shield Agreement and is therefore committed to complying with the standards and norms of European data protection legislation. More information is available at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

The user has the right to oppose the processing of personal data collected in the context of the use of our Instagram page at any time, by asserting the rights of the interested party contemplated in section IV of this privacy policy. For this purpose it is sufficient to give informal communication to info@levantefitness.com. For information on the processing of personal data by Instagram and the related opposition options, consult the page:

Instagram: https://help.instagram.com/519522125107875

TikTok:

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

Our company page provides information and offers TikTok users the ability to communicate with us. By interacting with our TikTok page (e.g. entering comments, uploading texts, clicking on “Like” etc.), the user may make the personal data provided in this context public (e.g. name in clear text or photo of the user profile). However, since we have no influence on the processing of this personal data by TikTok, which is jointly responsible for the management of the company page Rise Up Fashion GmbH, we are unable to provide clear information about the purpose and extent of this data processing by part of said social platform.

We use our company page on the various social platforms for the purpose of communicating and sharing information with (potential) customers. Specifically, we use our company page for the following purposes:
• advertising;

The contents published on the page in this context may be the following:
• product information;
• advertising;

Each user has the right to make their personal data public by interacting with the platform.

The legal basis for the processing of data based on the user's consent is art. 6 c. 1 lit. a) of the GDPR.

We also save your activity and personal data on our TikTok business page until you withdraw your consent. We also comply with the statutory retention periods.

As part of the use of TikTok, the Irish company could send personal data to the US parent company. In order to ensure adequate protection at the level of transmission and processing of personal data outside the EU, the transmission and processing by TikTok takes place, according to the company, on the basis of suitable measures pursuant to the art. 46 and following of the GDPR, and in particular by means of so-called standard data protection clauses pursuant to art. 46 c. 2 lett. c) of the GDPR.

The user has the right to oppose the processing of personal data collected in the context of the use of our TikTok page at any time, by asserting the rights of the interested party contemplated in section IV of this privacy policy. For this purpose it is sufficient to give informal communication to info@levantefitness.com. For information on the processing of personal data by TikTok and related opposition options, consult the page:

TikTok: https://www.tiktok.com/legal/privacy-policy?lang=en

Facebook:

Facebook, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

Our company page provides information and offers Instagram users the opportunity to communicate with us. By interacting with our Instagram page (e.g. entering comments, uploading texts, clicking on "Like" etc.) the user could make the personal data provided in this context public (e.g. the name in clear text or the photo of the user profile). However, since we have no influence on the processing of this personal data by Instagram, which is jointly responsible for the management of the company page Rise Up Fashion GmbH, it is not possible for us to provide certain information about the purpose and extent of this data processing by part of said social platform.

We use our company page on the various social platforms for the purpose of communicating and sharing information with (potential) customers. Specifically, we use our company page for the following purposes:
• advertising;

The contents published on the page in this context may be the following:
• product information;
• advertising;

Each user has the right to make their personal data public by interacting with the platform.

The legal basis for the processing of data based on the user's consent is art. 6 c. 1 lit. a) of the GDPR.

We also save the activities and personal data on our Instagram company page until you withdraw your consent. We also comply with the statutory retention periods.

Instagram has joined and certified under the EU-US Privacy Shield Agreement and is therefore committed to complying with the standards and norms of European data protection legislation. More information is available at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

The user has the right to oppose the processing of personal data collected in the context of the use of our Instagram page at any time, by asserting the rights of the interested party contemplated in section IV of this privacy policy. For this purpose it is sufficient to give informal communication to info@levantefitness.com. For information on the processing of personal data by Instagram and the related opposition options, consult the page:

Facebook: https://www.facebook.com/business/help

Geotargeting

We use the IP address and other data provided by you (in particular the postcode during registration or ordering) in order to reach target groups on a regional level (so-called "geotargeting'').

Said targeting is aimed, for example, at automatically activating offers and advertisements on a regional basis which are more relevant to users in a given area. Legal basis for the use of the IP address and other data provided by the user (in particular the postal code) is Art. 6 c. 1 lit. f) of the GDPR, by virtue of our legitimate interest in guaranteeing targeted communication with customers, proposing offers and advertising that are more relevant to the respective user group.

In doing so, we only select a part of the IP address as well as other data provided by you (in particular the postal code), which will not be stored separately.

You have the option to prevent geotargeting by using, for example, a VPN server or a proxy server that prevents precise location. Depending on the browser used, it is also possible to act on the settings of the same (provided that the browser supports this function) to disable localization.

This site uses geotargeting for the following purposes:
• contact with the customer;
• advertising.

Plugins used

We use plugins for different purposes. We list the plugins used below

Use of Google Ads Remarketing

We use Google Ads Remarketing, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the European Union representative Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter “Google”).

Google Remarketing serves to reach site visitors for advertising purposes, through Google Ads. Google Ads Remarketing allows you to create target groups of users ("Similar target groups") who have, for example, viewed certain pages. In this way it is possible to identify the user on other sites by inserting targeted advertisements. In this context, Google saves a cookie on the user's device. In this way, personal data can be stored in log files and analyzed, in particular data relating to user activity (especially viewed pages and clicked items), device and browser (especially IP address and operating system), data on displayed advertisements (in particular the advertisements displayed and possibly clicked on by the user) as well as data from advertising partners (in particular pseudonymized user IDs).

In this context, data may be transmitted to a Google server in the USA. Google has joined and certified under the EU-US Privacy Shield Agreement; therefore, it undertakes to comply with the standards and regulations of European data protection legislation. For more information, refer to the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

For more information on data processing by Google, please consult the page
https://policies.google.com/privacy?gl=DE&hl=it

The purpose of the processing of personal data is to reach a certain target group of users who have shown interest by visiting the page. The cookies saved on the user's device recognize him when he visits a site, thus presenting interest-based advertising from time to time.

The legal basis of the data processing is the consent given by the user pursuant to art. 6 c. 1 lit. a) of the GDPR.

Personal data will be kept for the period necessary for the purposes contemplated in this privacy policy or in compliance with the provisions of the law, including for tax and accounting purposes.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to prevent the processing of his personal data by Google by deactivating third-party cookies on his device, using the "Do not track" function of the browser, always deactivating the execution of scripts or by installing a script block, such as e.g. NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

The user can also prevent the collection of data generated by the cookie and their use by the site (including the IP address) and the processing of the same by Google by downloading and installing the browser plugin available at the page
https://tools.google.com/dlpage/gaoptout?hl=it

The link below allows you to deactivate the use of your personal data by Google:
https://adssettings.google.de

For more information on the opposition and removal options against Google, consult the page
https://policies.google.com/privacy?gl=DE&hl=it

Use of Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and its EU representative Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter “Google”).

Google Analytics analyzes the origin of visitors, the time spent viewing individual pages as well as the use of search engines, thus allowing for better feedback and monitoring the outcome of advertising campaigns. In this context, Google saves a cookie on the user's device.

In this way, personal data can be saved in log files and analyzed, in particular data relating to user activity (especially viewed pages and clicked items), device and browser (especially IP address and operating system), data on displayed advertisements (in particular the advertisements displayed and possibly clicked on by the user) as well as data from advertising partners (in particular pseudonymised user IDs).

The data generated by the cookies relating to the use of this site are transmitted to a Google server in the United States and then saved. In case of anonymization of the IP address for the visit to this site, in the Member States of the European Union and in the countries that have acceded to the Agreement on the European Economic Area, Google will truncate the IP address before transmission to the server. The data generated by the cookies relating to the use of this site are transmitted to a Google server in the United States and then saved.

Google is a member and certified under the EU-US Privacy Shield Agreement, and is therefore committed to complying with the standards and regulations of European data protection legislation. For more information, refer to the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Part of the terms of use of Google Analytics as a Google advertising product are the so-called EU standard contractual clauses (Art. 46 para. 2 of the GDPR). These clauses can be classified as an adequate guarantee of protection during the transfer and processing of personal data beyond the borders of the EU.

This site has activated the anonymization of the IP address. On behalf of the operator of this site, Google will use the data to analyze the use of the site, prepare reports on site activity and to provide the site operator with further services related to the site itself and to the use of the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data held by Google. The user can disable cookies by changing the settings of his browser; however, we point out that in this case not all functions of the site may be fully available.

For more information on data processing by Google, please consult the page
https://policies.google.com/privacy?gl=DE&hl=it

The purpose of the processing of personal data is to reach a certain target group of users who have shown interest by visiting the page.

The legal basis of the data processing is the consent given by the user pursuant to art. 6 c. 1 lit. a) of the GDPR.

Personal data will be kept for the period necessary for the purposes contemplated in this privacy statement or in accordance with the provisions of the law. According to Google, the company anonymizes the marketing data contained in the server protocols by eliminating parts of the IP address and the data generated by the cookies after 9 or 18 months.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to prevent the processing of his personal data by Google by deactivating third-party cookies on his device using the "Do not track" function of the browser, always deactivating the execution of scripts at the browser level or installing a script blocker, e.g. NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

The user can also prevent the collection of data generated by the cookie and their use by the site (including the IP address) and the processing of the same by Google by downloading and installing the browser plugin available at the page
https://tools.google.com/dlpage/gaoptout?hl=it

The link below allows you to deactivate the use of your personal data by Google:
https://adssettings.google.de

For more information on the opposition and removal options against Google, consult the page
https://policies.google.com/privacy?gl=DE&hl=it

Use of Google Tag Manager

We use Google Tag Manager (https://www.google.com/intl/de/tagmanager/, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and its representative for the European Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter "Google").

Google Tag Manager allows you to manage tags from Google and third-party services, inserting them in combined form on the website. Tags are small code elements of a website aimed, among other things, at detecting the number and behavior of users who visit the site, at testing and optimizing the effect of online advertising and social channels, remarketing and targeting target groups. When a user visits the site, the existing tag configuration is sent to the browser used. It contains instructions relating to the tags to be activated from time to time. Google Tag Manager activates other tags, which themselves, under certain circumstances, collect data. Information in this regard can be consulted in the sections of this privacy statement regarding the use of the related services. Google Tag Manager has no access to this data,

Which could still be transmitted to a Google server in the USA. Google is a member and certified under the EU-US Privacy Shield Agreement, and is therefore committed to complying with the standards and regulations of European data protection legislation. For more information, refer to the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Part of the terms of use of Google Analytics as a Google advertising product are the so-called EU standard contractual clauses (Art. 46 para. 2 of the GDPR). These clauses can be classified as an adequate guarantee of protection during the transfer and processing of personal data beyond the borders of the EU.

For more information on Google Tag Manager, see https://www.google.com/intl/de/tagmanager/faq.html and the Google privacy policy https://policies.google.com/privacy?hl =de

The purpose of the processing of personal data is the coordinated and clear management and efficient use of third-party services.

The legal basis of the data processing is the consent given by the user pursuant to art. 6 c. 1 lit. a) of the GDPR.

Personal data will be kept for the period necessary for the purposes contemplated in this privacy statement or in accordance with the provisions of the law. According to Google, the company anonymizes the marketing data contained in the server protocols by eliminating parts of the IP address and the data generated by the cookies after 9 or 18 months.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to prevent the processing of his personal data by Google by deactivating third-party cookies on his device, using the "Do not track" function of the browser, always deactivating the execution of scripts or by installing a script block, such as e.g. NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

The user can also prevent the collection of data generated by the cookie and their use by the site (including the IP address) and the processing of the same by Google by downloading and installing the browser plugin available at the page
https://tools.google.com/dlpage/gaoptout?hl=it

The link below allows you to deactivate the use of your personal data by Google:
https://adssettings.google.de

For more information on the opposition and removal options against Google, consult the page
https://policies.google.com/privacy?gl=DE&hl=it

Use of Google AdWords

We use Google AdWords, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and the European Union representative Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin , Ireland (hereinafter “Google”).

Using this service we can place advertisements. In this context, Google saves a cookie on the user's device. In this way, personal data can be stored in log files and analyzed, in particular data relating to user activity (especially viewed pages and clicked items), device and browser (especially IP address and operating system), data on displayed advertisements (in particular the advertisements displayed and possibly clicked on by the user) as well as data from advertising partners (in particular pseudonymized user IDs).

In this context, data may be transmitted to a Google server in the USA. Google is a member and certified under the EU-US Privacy Shield Agreement, and is therefore committed to complying with the standards and regulations of European data protection legislation. For more information, refer to the following link:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

For more information on data processing by Google, please consult the page
https://policies.google.com/privacy?gl=DE&hl=it

We only get to know the total number of users who have reacted to our advertisement. In this context, no data transmission takes place that allows us to identify the person of the individual user. The use of this service is intended only to trace the above data.

The legal basis of the data processing is the consent given by the user pursuant to art. 6 c. 1 lit. a) of the GDPR.
4. Storage period

Personal data will be kept for the period necessary for the purposes contemplated in this privacy policy or in compliance with the provisions of the law, including for tax and accounting purposes.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to prevent the processing of his personal data by Google by deactivating third-party cookies on his device, using the "Do not track" function of the browser, always deactivating the execution of scripts or by installing a script block, such as e.g. NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

The link below allows you to deactivate the use of your personal data by Google:
https://adssettings.google.de

For more information on the opposition and removal options against Google, consult the page
https://policies.google.com/privacy?gl=DE&hl=it

Using Gobot – At the Chatbot

We use the functionality of Gobot plugins provided by Gobot Llc., 378 Crest Rd, Ridgewood, NJ 07450 United States.

The plugin supports us in interacting with customers by providing a chat function as well as the ability to generate reports and analyzes of the chats themselves.

In this context, Gobot saves cookies on the user's device,

which allow the following personal data to be processed by Gobot:
• first name;
• surname;
• email address;
• other contact details, if provided on a voluntary basis.

This data is transmitted to Gobot servers in the USA. Gobot has joined and certified under the EU-US Privacy Shield Agreement, therefore we are committed to complying with the standards and norms of European data protection legislation. For more information, refer to the following link:
https://uploads-ssl.webflow.com/5e42e4922dcda3c571648e2f/5edeb7516d1c2528a490d0b0_Gobot%20Privacy%20Policy%20V3.pdf

Additional data recipients could be:
• associated companies;
• in charge of the treatment.

For more information on data processing by Gobot, please consult the page
https://uploads-ssl.webflow.com/5e42e4922dcda3c571648e2f/5edeb7516d1c2528a490d0b0_Gobot%20Privacy%20Policy%20V3.pdf

We use Gobot for the purpose of improving communication between you and the support team.

The legal basis for the processing of data based on the user's consent is art. 6 c. 1 lit. a) of the GDPR. Once the user has given express consent, Gobot will proceed with the processing of the data.

Personal data will be kept for the period necessary for the purposes contemplated in this privacy policy or in compliance with the provisions of the law, including for tax and accounting purposes.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.

The interested party has the right to prevent the processing of their personal data by Gobot by deactivating third-party cookies on their device, using the "Do not track" function of the browser, always deactivating the execution of scripts or by installing a script block, such as e.g. NoScript (https://noscript.net/)) or Ghostery (https://www.ghostery.com)).

For more information on the opposition and removal options against Gobot, consult the page
https://uploads-ssl.webflow.com/5e42e4922dcda3c571648e2f/5edeb7516d1c2528a490d0b0_Gobot%20Privacy%20Policy%20V3.pdf

Use of TrackingMore

We use the features of the TrackingMore service, Shenzhen, Guangdong, China.

TrackingMore provides a logistics platform that allows us to ship parcels and tracking links for the respective parcel.

The following personal data is transmitted to TrackingMore via the appropriate plugin:
• tracking code;
• first name;
• surname;
• email;
• address;
• telephone/mobile number;
• company name.

We have also included a widget on our site that allows us to integrate part of the TrackingMore website, which allows us to provide parcel tracking data.

For more information on the processing of data by TrackingMore, please consult the page
https://www.trackingmore.com/privacy.html

We use TrackingMore to ship parcels and provide related tracking links.

Legal basis for the transmission of the e-mail address and telephone number to the respective carrier as well as the use of this data is our legitimate interest in accordance with Art. 6 c. 1 lit. f) of the GDPR.

Personal data will be kept for the period necessary for the purposes contemplated in this privacy policy or in compliance with the provisions of the law, including for tax and accounting purposes.

The interested party has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out up to that moment in relation to the consent given.