Privacy Policy www.balilla4.com – Protection of Personal Data pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) In this page, the management methods of the website concerning the processing of personal data of Users who navigate or interact with it are described. This notice is provided to those who interact with the website accessible at www.balilla4.com. The notice does not apply to other websites that may be consulted by the User via links. Purpose and Legal Basis of Processing Personal data may be requested and provided for the following purposes:

  1. Website navigation;
  2. Contact with the User, aimed at exchanging information related to the services offered by the data controller, based on the intentions manifested by the User through spontaneous messages/requests sent to the contacts provided on the website;
  3. Administrative and accounting purposes required by law, as these are strictly related to the execution of the contract.

With the explicit consent of the User (Newsletter subscription), the following purposes are pursued:

  1. Sending commercial information via email, customer satisfaction surveys, general promotions, profiling, and analysis of browsing experience for marketing and promotional purposes.

The legal basis for the processing of the User's personal data is the need to allow navigation of the Balilla website and to meet the requests made by the User. METHODS OF PROCESSING The processing will take place using manual, electronic, and telematic tools, with logics strictly related to the purposes for which they were collected, and in any case, in such a way as to guarantee the security and confidentiality of the data, in compliance with art. 11 paragraph 1 of Legislative Decree no. 196 of June 30, 2003. Type of Personal Data Processed Data voluntarily provided by the User Sending emails to the addresses indicated on this site voluntarily and explicitly implies the acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message. Browsing data The computer systems and software procedures that ensure the functioning of this website collect, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users, but by its very nature, through processing and association with data held by third parties, could identify the Users. This category of data includes IP addresses or domain names of computers used by Users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (success, error, etc.), and other parameters related to the User's operating system and IT environment. These data are used only to obtain anonymous statistical information on the use of the site and to verify its correct functioning. They are deleted within approximately twelve months. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site. Cookies Cookies are small files stored on the User's terminal while browsing the web. They can be persistent or temporary (session cookies) and serve to enable certain site features (technical cookies, which for example, track language preferences, visual display modes of the pages, allow the User to log in if registration is possible, etc.), or to analyze traffic and provide the site manager with information on the number of visits received (analytical cookies, which can be managed by the site owner or by third parties, possibly adopting technical solutions to avoid further tracking of the User's data), or to profile the tastes and interests expressed by the User in order to create advertising messages in line with the created profile (profiling cookies, which can also be managed by the site owner or third parties). For first-party technical and analytical cookies, the User's consent is not required, while for third-party analytical cookies (without particular privacy measures for the User) or profiling cookies, their use is subject to prior User consent, expressed through an unequivocal positive action. For more information about the types of cookies used by this site, the User is referred to the specific notice available on the home page. Optional Nature of Data Provision Apart from what is specified for browsing data, the User is free to provide personal data; however, failure to provide them may make it impossible, fully or partially depending on the case, to fulfill the User's requests. Regarding cookies, the User can always delete or block their installation by referring to the browser's guide, and in such cases, some site functionalities may not be activated. A guide to deleting/blocking cookies for the most common browsers can be consulted at https://www.attacat.co.uk/resources/cookies/how-to-ban. Data Retention Period Data are processed and retained for the necessary period based on the purposes for which they were collected. In particular:

  • Personal data collected for the execution of a contract between the Controller and the User will be retained until the completion of that contract.
  • Personal data collected for the Controller's legitimate purposes will be retained until those interests are fulfilled.

If processing is based on the User's consent, the Controller may retain personal data until such consent is revoked. In addition, it may be necessary to retain data for a longer period to comply with a legal obligation or an order from an authority. Once the retention period expires, the data will be deleted. Access to Personal Data Only authorized individuals, such as internal staff performing their work duties, may access the Users' personal data, or those acting as administrators for the administration and maintenance of the website. Communication and Dissemination of Personal Data No User data is communicated to third parties or disseminated in any form. The User's data will not be transferred to non-EU countries. Data Controller – Data Protection Officer The data controller for the User's personal data is: San Babila Store S.r.l. Registered office: Via Leonardo da Vinci, 43 20090 Trezzano sul Naviglio (MI) Email: doc.viabalilla4@gmail.com Rights of the Data Subject – Complaint to the Authority The User, by contacting the addresses indicated in this notice, may exercise the rights granted by Regulation (EU) 2016/679 to the data subject. Specifically, the User may exercise the right to access their data, correct inaccurate data, delete, limit, transfer, and oppose the processing of their data (the complete list of rights recognized to data subjects is found in Articles 15-22 of the mentioned Regulation). Furthermore, in the case of processing in violation of personal data protection regulations, the data subject has the right to file a complaint with the Data Protection Authority.