PRIVACY POLICY

Link to the General Data Protection Regulation no. 2016/679 (GDPR) In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of the EU Regulation 2016/679 (GDPR) the following information is provided to the Users of the website www.xcape.com and for the link operating link https://www.x-capeb2b.com. This information refers exclusively to the processing carried out through said website and not through other websites that may be visited via links from this one, for which it is suggested that the Users read the relevant information provided by the respective Data Controllers.

The purpose of the privacy policy is to provide maximum transparency regarding the information that the site collects and the purposes and methods of use.

1 – Data controller

Incor 3 Srl with registered office in Via Eligio Brigatti, 56 20885 Ronco Briantino (MB) (the ‘Company’, ‘ www.x-cape.com and for linking to the operational link https://www.x-capeb2b.com’ or the ‘Data Controller’), in its capacity as the data controller of the personal data of users of the website www.x-cape.com and for linking to the operational link https://www. xcapeb2b.com guarantees compliance with the regulations on the protection of personal data by providing the following information on the processing of data communicated or in any case collected during navigation on this website, pursuant to Article 13 of Legislative Decree 196/2003 and pursuant to Articles 13 and 14 of EU Regulation 2016/679 of 27 April 2016. You can contact the Data Controller using the following contact details: Tel: + 39 0396815050 Fax: + 39 0396079126 Email: privacy@incor3.it Pec: incor3@postacertificata.com The Data Processor is INCOR3 SRL The System Manager is INCOR3 SRL.

2 – Legal basis for processing

The processing of personal data is based on the right to information, the fulfilment of contractual obligations or social contact, or where necessary consent by freely and consciously filling in the appropriate information fields in the dedicated forms. The provision of data and thus consent to the collection and processing of data are optional. The User may deny consent, and may revoke consent already given at any time (by clicking on the Cookie Policy link at the bottom of the page, or through the browser settings with reference to cookies). However, denying consent may result in the inability to provide certain services and the site navigation experience may be reduced.

3 – Purpose of processing and modalities

Processing of personal data means any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data. The personal data of the Users of the Website www.x-cape.com and the operational link https://www.x-capeb2b.com will be processed in the manner and form prescribed by the GDPR, for the performance of the Website’s own functions, with particular, but not exclusive, reference to the procedures described therein for data collection, contact forms, possible registration/access to the reserved area, subscription to the newsletter and the like. The processing of the data collected by the site, in addition to the purposes connected with, instrumental to and necessary for the provision of the service, is aimed at the following purposes:

Following up specific requests made to the Controller by the User via the Website and its communication tools (contact forms, product and service information request forms and the like);
Possible subscription to the newsletter (where applicable) and the consequent sending of commercial communications and various information concerning the sector in which the Owner operates, with the specific consent given by the User;
For communications of an informative nature relating to the services of the Data Controller itself, following requests for information by e-mail or by completing the contact form and other communication tools;
For other purposes incidental or related to those indicated above and in any case falling within the scope of the Website’s activities, including geolocation on the map;
For the processing of the e-mail address, provided by the interested party in the context of the sale of a product or service, also for the purpose of sending, without further consent, communications for the subsequent direct sale of products or services similar to those being sold
For the collection of data and information in an exclusively aggregate and anonymous form for the purpose of verifying the correct functioning of the site, to improve the online shop (where applicable) and the platform, as well as its performance and features.

None of this information is related to the physical person-user of the site, and does not allow in any way its identification. The data collected will be processed by means of electronic or in any case automated, computerised and telematic instruments, or by means of manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to guarantee the security of the same. The data are kept for the time strictly necessary to manage the purposes for which the data are collected in compliance with the regulations in force and legal obligations. The processing of personal data at Via Eligio Brigatti, 56 20885 Ronco Briantino (MB) will be carried out exclusively by our Data Processing Officers, and will be provided to Third Party Companies only upon specific request and requirement (see paragraph 5). The newsletter with promotional content (where present) is, on the other hand, provided directly by the data controller, using MailUp which, processing data on behalf of the data controller, is responsible for the processing. The User may also easily object to further newsletter mailings by clicking on the appropriate revocation of consent link, which is present in each email containing the newsletter. Once consent has been revoked, the Controller will send the User a message confirming that consent has been revoked.

4 – Data collected

This site collects user data in two ways.

4.1 – Automatically collected data

During navigation on the website, a series of information relating to the computer systems used by the user is normally acquired. These are for example:

internet protocol (IP) address;
browser type;
name of the internet service provider (ISP);
date and time of visit;
the visitor’s web page of origin (referral) and exit;
possibly the number of clicks and page(s) visited;
device data.

This data is used for statistical and analysis purposes, in aggregate form only. None of this information is related to the physical person-user of the site, and does not allow their identification in any way. The IP address is used solely for security purposes and is not cross-referenced with any other data.

4.2 – Data voluntarily provided

The site may collect other data in the event of voluntary use of services by users, such as comment services, communication (chat, contact forms, sending newsletters), and purchasing (shopping cart). These are examples:

first name and surname;
username;
email address;
physical residence address;
shipping address (where applicable for shipping purposes);
social profiles;
geographical location.

This data is provided voluntarily by the User when requesting the service, and will be used solely for the purpose of providing the requested service. Users exempt this site from any liability for possible violations of the law. It is up to the User to verify that he/she has permission to enter personal data of third parties or content protected by national and international regulations.

5 – Transfer of collected data to third parties

The data collected by the site are not provided to third parties, except in the case of a legitimate request by a judicial authority and only in the cases provided for by law. However, the data may be provided to third parties if this is necessary for the provision of a specific service, or for the performance of security checks or site optimisation. The user expressly consents to the transfer of data in the cases indicated below.

5.1 – Third-party service providers

This Web Site may provide some personal data to Consultants, Web Agencies and Software Houses to perform security checks or site optimisation, to judicial authorities in case of specific request, to third party companies operating on behalf of the Owner (for example shipping samples or products) or to MailUp platform to send newsletters. In the case of e-commerce, this Website shares your personal data with the shipping company in charge of delivering the ordered goods. In order to complete the payment, we provide the necessary payment data to the credit institution or payment provider we have selected as the payment processor or the payment service provider selected during the purchase process. These providers only have access to the personal data that are necessary to perform their tasks. The same suppliers may not use the same data for other purposes and are also obliged to process personal data in accordance with this Privacy Policy and the instructions provided by the Controller, and in accordance with applicable data protection regulations.

5.2 – Business Transfers

In the event that the ownership of the site or all its assets are transferred to a third party, or in the event of a merger, joint venture or reorganisation, the personal data of customers will naturally be among the transferred assets.

5.3 – Protection of the company and others

We only disclose account and other personal data if we are expressly required to do so by law; to enforce or apply our Terms and Conditions of Use and other agreements; to protect our property or rights; and for the safety of our company, our users or others. This includes exchanging information with other companies and organisations that provide fraud prevention or credit risk reduction. Obviously, this does not include selling, sharing or otherwise disclosing personal data received from customers for commercial purposes, contrary to the commitments made in this Privacy Policy. Under no circumstances will your data be passed on to third parties for marketing purposes. Only in the case of operational and organisational needs and only with companies with which there is a cooperation agreement determined by a specific contract may it be necessary to transfer Personal Data to recipients outside the European Union. In these specific cases, however, all regulations in force will be implemented and provided for in the GPDR procedures of ‘assimilation to confidentiality and adequacy’ or with a specific written agreement ‘in derogation’ and within the limits specified therein or international organisations will be stored on servers located in a third country.

6 – Place of processing

The data collected by the site are processed at the Data Controller’s premises and at the Web Hosting’s datacenter. Web Hosting is located in the European Economic Area and acts in accordance with European standards.

7 – Data storage period

The data provided by the Data Subject will be retained until they are expressly revoked by the Data Subject, including by means of an action on his/her browser, cleaning of cookies, a request expressed by email or telephone to the Data Controller (see specific paragraph) or otherwise manifested. Surfing data will be kept for the technical time necessary to perform the functions for which they were collected.

8 – Security Measures

The Data Controller processes the data of visitors/users in a lawful and correct manner, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the data. Processing is carried out by means of computer and/or telematic tools, with organisational methods and logic strictly related to the stated purposes. We undertake to protect the security of your personal data during their transmission, using Secure Sockets Layer (SSL) software, which encrypts the information you enter. It is important that you adopt suitable protections against unauthorised use of your credentials to access the site.

9 – Rights of the User/Processor

Pursuant to European Regulation No. 679/2016 (GDPR) and Article 7 of Legislative Decree No. 196 of 30 June 2003, the User may, in the manner and within the limits provided for by the legislation in force, exercise the following rights:

object in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication surveys
request confirmation of the existence of personal data concerning him/her (right of access);
to know its origin
receive intelligible communication of the data;
obtain information on the logic, methods and purposes of the processing;
request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary for the purposes for which they were collected;
in cases of processing based on consent, to receive, at the sole cost of any support, your data provided to the controller, in a structured and machine-readable form and in a format commonly used by an electronic device
the right to lodge a complaint with the Data Protection Authority (Garante Privacy) http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524;
as well as, more generally, to exercise all the rights recognised to him by current legal provisions.

These rights may be exercised in the forms and terms set out in Article 12 of the GDPR, by written communication sent to the Data Controller by e-mail to incor@incor3.it. Requests should be addressed to the Data Controller or the Data Processor.

10 – Complaints

Each Data Subject has the right to lodge a complaint pursuant to Article 77 et seq. of the GDPR to a supervisory authority, which for the Italian State is identified in the Garante per la protezione dei dati personali. The forms, methods and time limits for bringing complaint actions are provided for and governed by the national legislation in force. The complaint is without prejudice to administrative and jurisdictional actions, which for the Italian State may be brought alternatively before the same Garante or before the competent Court.

11 – Profiling

The personal data provided through the forms are NOT subject to profiling.

Profiling enables the Data Controller to assess certain personal aspects of the Data Subject relating in particular to his/her preferences, interests, tastes with reference to the products sold and the activities carried out by the Data Controller, in order to enable the Data Controller to offer the Data Subject a sales service that is more specific and targeted to his/her needs.

12 – Updates

This privacy policy is updated as of 25 May 2018.