Privacy Policy
In this section, in accordance with the European legislation introduced by EU Regulation 679/2016 and with the Italian legislation (Legislative Decree no. 196/2003), information is provided regarding the processing of personal data of Users consulting the pages of the website www.wolbrookjamesltd.com (hereinafter: “Website”) or using the purchasing services made available on the same (hereinafter: “Users” or “Interested Parties”).
The information is provided exclusively for the Site and not also for any other websites that the user may consult via links within the Site.
Data Controller
The Data Controller of the personal data of users of the Site www.wolbrookjamesltd.com is the Company
FOREVER DI ENRICO GIOMI
Via Giordano Bruno 15/A, Cecina (LI), 57023, Italia
P.IVA: 02018740494
. e-mail: info@wolbrookjamesltd.com.
E-mail to contact the owner and request deletion of your data, if collected, with your consent: info@wolbrookjamesltd.com
***
A – Type of data processed
Identification data
In accordance with the European legislation introduced by EU Regulation 679/2016, consultation of the Site and the possible purchase of products sold on the Site may entail the processing of data capable of directly or indirectly identifying a natural person such as: name, surname, residential address, e-mail address, telephone number, IP address.
The Site does not require the Interested Party to provide so-called ‘special’ data, i.e., in accordance with the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person’s health or sexual life or sexual orientation. In the event that the service requested requires the processing of such data, the Data Subject will be informed in advance and asked to give his or her explicit consent.
Banking data
When purchasing products on the Site, bank data will also be processed, such as the number of the card or bank account indicated to make the payment, the holder of the card and bank account.
This data may be processed exclusively by third party companies that manage the payment methods used on the Site.
Please note that the Site uses the following payment services, whose respective privacy policies apply to the processing of data:
PayPal: https://www.paypal.com/it/webapps/mpp/ua/privacy-full
Google Pay: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en-GB
Amazon Pay: https://www.amazon.in/gp/help/customer/display.html?nodeId=202136010
Visa: https://usa.visa.com/legal/privacy-policy.html
Mastercard: https://mea.mastercard.com/en-region-mea/about-mastercard/what-we-do/privacy.html
American Express: https://www.americanexpress.com/it-it/chi-siamo/legal/centro-di-privacy/dichiarazione-sulla-privacy/
III. Browsing data
Browsing data are data acquired automatically by the systems and programs used to operate the Website and are necessary for the use of web services [e.g. IP addresses, the browser used, the domain names of the systems used by users to connect to the web portal, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment].
This data is acquired even in the absence of registration with the Site or a request for information.
Browsing data are used exclusively in an aggregate manner to process anonymous statistics on the consultation of the Site and to check its correct operation, and do not allow the users concerned to be identified; they are deleted immediately after processing in anonymous form.
They may, however, be used to ascertain responsibility in the event of computer crimes committed to the detriment of the website.
Data provided voluntarily by the user
The personal data voluntarily provided by the User (such as name, surname, telephone number, e-mail address) for the purpose of sending messages to the Site and/or purchasing the products made available are used for the sole purpose of meeting the requirements of the person concerned and to comply with legal obligations.
The legal basis for such processing is the fulfilment of services inherent to the requests made and purchases made, as well as compliance with legal obligations.
The information that the User of the Site decides to make public through the services and tools made available to him/her, is provided by the User knowingly and voluntarily, exempting the Site from any liability for any breach of law.
It is up to the User to verify that he/she has the permissions to enter personal data of third parties or content protected by national and international regulations.
Data collected through analytical cookies
The Site also acquires data relating to the User through the use of cookies.
For more information on the data processed through cookies, the types of cookies that are active and how to deactivate them, please refer to the cookie policy.
These cookies are used to track the User’s browsing preferences and to collect statistical data. The user can deactivate these cookies by accessing the settings of their browser, as indicated in the Site’s cookie policy.
***
B – Purpose of processing
The personal data collected is used to
enable the dispatch by e-mail of products purchased by the User;
respond to contact requests sent by the User
allow the User’s use of the Customer Service
to obtain anonymous statistical information on the use of the web portal
to check the proper functioning of the web portal;
to send communications and newsletters, both in paper and electronic format, to the e-mail address provided by the User: in the event that the User decides to subscribe to the newsletter of www.wolbrookjamesltd.com only after having given his/her specific consent, his/her personal data will be processed by the Data Controller for the purpose of sending commercial or promotional communications, updates relating, for example, to exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link at the bottom of the e-mails you receive or write to info@wolbrookjamesltd.com.
ascertaining liability in the event of hypothetical computer crimes to the detriment of the website;
compliance with any other legal obligation not included in the above purposes.
Data may only be communicated following a request by the Judicial Authority within the terms of the law.
***
C – Legal basis of processing
The legal basis for the processing of personal data is the performance of the services inherent to the relationship established by signing the Terms and Conditions, the consent of the data subject, compliance with legal obligations and the legitimate interest of the Data Controller in carrying out processing necessary for such purposes.
Execution of a contract
The Controller processes Personal Data relating to the User when the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures.
Consent of the data subject
The optional, explicit and voluntary sending of electronic mail, messages or any type of communication addressed to the addresses indicated on this Site entails the subsequent acquisition of the sender’s address, telephone number or any other personal data that will be used to respond to requests. Such processing is carried out on the basis of the consent of the person concerned.
It is ensured that such processing will be based on the principles of lawfulness, fairness, transparency, appropriateness, relevance and necessity referred to in Article 5(1) of the GDPR. Specific summary disclosures will be progressively reported or displayed on the pages of the sites set up for particular on-demand services.
III. Fulfilment of legal obligations
Personal data may be processed without the consent of the data subject in the event that the Data Controller has to fulfil a legal obligation.
Legitimate interest of the Controller
The Controller processes Personal Data relating to the User in the event that the processing is necessary for the pursuit of the legitimate interest of the Controller or of third parties.
Optional supply of data
Apart from what is specified for the fulfilment of the contract or legal obligations, for cookies and navigation data, the user is free to provide or not to provide his/her personal data. However, failure to provide data may result in the impossibility of obtaining the service.
***
D – Modalities and duration of processing
Personal data are processed using IT tools and in accordance with EU Regulation No. 679/2016.
The data processed will be stored for the time necessary for the purposes described in this information notice and, therefore, for the minimum time necessary or until explicitly requested by the data subject and in any case within the time limits imposed by law.
The Data Controller undertakes to adopt all appropriate security measures to prevent the loss and alteration of personal data, as well as any unlawful and unauthorised use thereof.
The data shall be processed exclusively by subjects authorised by the Data Controller, including possible data processors, representatives and public entities for the fulfilment of obligations provided for by law, who carry out their respective processing activities as autonomous data controllers.
The subjects authorised by the Data Controller who may process data include, by way of example: commercial and legal department collaborators, as well as third-party www.wolbrookjamesltd.com service providers, hosting providers and IT companies (this list is not exhaustive). The processed data will not, however, be disclosed to unspecified recipients.
Subjects authorised by the Data Controller who may process data for profiling purposes include the online marketing platforms “Klaviyo” (https://www.klaviyo.com/legal/privacy-notice) and “Omnisend” (https://www.omnisend.com/privacy/) and “WordPress” (https://wordpress.org/about/privacy).
The security of the collected information cannot be guaranteed against hacker attacks and, in general, against breaches of the security rules put in place for data protection.
In the event of attacks or breaches, however, the same will be communicated to those concerned and to the competent authorities in accordance with the law.
***
E – Place of processing
Processing relating to the services of the web portal is carried out by staff identified and expressly designated according to the specific purposes of the services requested and subscribed to.
For the processing in question, the Data Controller may avail itself of the aid of external companies, forwarding agents, consultants, consortia, software and service suppliers operating, through identified and appointed personnel, within the scope of the intended purposes and in such a way as to guarantee maximum data security and confidentiality. In other cases, the personal data collected will not be disclosed to third parties, except with the express consent of the person concerned, except in cases where disclosure to third parties is necessary to comply with obligations imposed by laws, regulations or provisions of supervisory authorities, or is essential to protect the rights of other users or of the website itself.
Personal data will be processed and stored, solely for the above-mentioned purposes and for safekeeping and storage, on remote servers operated by industry-leading providers that ensure compliance with high standards of data protection.
This may involve the transfer of data to countries outside the EU, where all or part of such servers may be located.
In particular, personal data may be transferred outside the European Union to the company “WordPress” (https://wordpress.org/about/privacy), an e-commerce plug-in used by the Site operated by the Controller.
The processing and storage of data by the aforementioned provider will take place to a third country that is “adequate” within the meaning of the decision taken by the European Commission, including in particular the decision for the adequacy of the protection provided by the Canadian Personal Information Protection and Electronic Documents Act or Privacy Shield certification (USA), or on the basis of a contractual obligation or standard contractual clauses approved by the European Commission, or binding corporate rules approved through the specific procedure set out in Article 47 GDPR.
For the transfer of data to non-EU countries, there is normally no need to wait for national authorisation from the Garante. However, authorisation from the Garante will still be required if a data controller wishes to use specific contractual clauses that have not been recognised as adequate by a decision of the European Commission or administrative agreements concluded between public authorities.
F – Rights of data subjects
During processing, the data subject may at any time exercise the following rights
to obtain confirmation of the existence or otherwise of such data and, if so, to know its content and origin
verify the accuracy of the data; request the rectification of inaccurate data, the integration of incomplete data or the updating of outdated data
obtain the restriction of processing, where one of the hypotheses provided for in Article 18 GDPR applies;
request the deletion of data processed in breach of the law, or in the presence of one of the other conditions set out in Article 17(1)(a), (b), (c), (e) and (f) GDPR
to object in any case, for legitimate reasons, to their processing, or to object to their processing in the other cases provided for in Articles 21(2) and (3) and 22 GDPR;
withdraw at any time their freely given consent to the processing of personal data for the purposes specified below;
obtain the release of the personal data undergoing processing in a format compatible with standard IT applications, in order to allow their transfer to other platforms of your choice, without any impediment to the direct transmission of the processed data to another Data Controller, where such direct transmission is technically feasible (so-called right to data portability).
Requests concerning the exercise of the aforementioned rights should be addressed to the Data Controller by e-mail (info@wolbrookjamesltd.com).
In the event of failure or partial response by the Data Controller to the aforementioned requests, the data subject shall have the right to lodge a complaint with the Garante per la protezione dei dati personali (www.garanteprivacy.it) or take legal action within the terms and according to the procedures provided for under Articles 77 et seq. of EU Regulation 2016/679 (GDPR).
G – Updates to the policy
Future regulatory updates may lead to the modification of the current information notice, uploaded on the Site on 20.01.2023.
In the event of a change, the Data Controller will give notice thereof on the Site.