Privacy policy

This Privacy Policy refers to the website https://www.daikowelding.com and to the webpages and/or third-level domains connected to it (hereinafter, the "Website”, in particular https://store.daikowelding.com (hereinafter, the "Store"), and it does not concern other websites that may be consulted by clicking links that redirect to other external websites. In accordance with the European Regulation on Data Protection [Regulation (EU) 2016/679, hereinafter also "GDPR"] and the relevant Italian legislation (hereinafter, collectively, the "Applicable Law"), this Privacy Policy is provided to the individual who interacts with the Website, consulting its pages (hereinafter, the “User” or “Users”).
With respect to cookies, please refer to the Cookie Policy. The latter is integral part of this Privacy Policy and available at the link that the User can find in the footer of the Website.

1. Data Controller and contact details

The Data Controller is the company Daiko S.r.l. with registered office in Viale Felissent 84/D, 31100 Treviso (TV), C.F. e P.IVA IT04907220265, R.E.A. n. 416562, hereinafter also "Data Controller" or only “Controller”.

For any clarification, information, exercise of the rights listed in this Privacy Policy, the User can contact the Data Controller at the following contact details: tel. +39 0422893167, e-mail: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein., PEC: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein..

2. Personal data subject to processing

The personal data processed through the Website are the following:

A. NAVIGATION DATA
The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These personal data are not collected to be associated with identified data subjects, but, considering their nature and intrinsic characteristics, they could, through processing and association with data held by third parties, enable users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, at the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment. This data is used for the sole purpose of obtaining aggregate or anonymous statistical information on the use of the website and to check its correct functioning to identify anomalies and/or abuse and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes or at the request of the Public Authority.
B. DATA PROVIDED ON A VOLUNTARY BASE:

By means of the Website, the User may voluntarily provide personal data such as, for example:

  • personal data provided by the User (for example, name, surname, e-mail, phone number, country, and company represented) while filling the forms available on the “Products” section, on the “Download” section and on the “Contacts” section of the Website. The above-mentioned forms can be used by Users for any requests for information and/or clarifications, also concerning products and their technical specifications (included technical data sheets).
    In the “Contacts” section, the User will also have to choose the “contact type”, which means if the request concerns product purchase or other type of information.
  • personal data provided by the User (for example, name, surname, e-mail address) in order to create a customer account on the Website, which will be accessible by the User for consultation and/or modification of data and information stored there, to check the status of pending orders and to view any previously placed orders. The creation of a customer account is possible and requested: 
    • to Users who are not yet customers of Daiko S.r.l. (hereinafter, “New Customers”) who will be able to order the products sold on the Store and pay them online choosing one of the payment methods made available through the payment provider (credit card, Apple Pay, Google Pay, PayPal);
    • to Users who are already customers of Daiko S.r.l. (hereinafter “Existing Customers” or “Existing Customer”) who will be able to order the products sold on the Store; in this case, the payment will take place according to the methods previously agreed with the Existing Customer.
  • other personal data provided by the User on the Store (for example, shipping address, telephone number of the company contact) while finalizing the purchase order;
  • personal data relating to the credit card or other digital payment instrument used by the Existing Customer, in accordance with the procedures indicated by the Controller for the purchase of the products. In particular, the User will be redirected to the webpage of the payment service provider, which is Mollie B.V., and he/she will have to enter the data required to complete the purchase process. The data in question will not pass through the Website's server;
  • other personal data provided in the event of any requests for modification/cancellation of the order and/or complaints. 

The Data Controller shall process personal data in compliance with the Applicable Law, assuming that they refer to the User or to third parties (in particular, customers or potential customers) who have expressly authorised the User to provide them or whose personal data that the User was entitled to provide. With respect to these assumptions, the User undertakes to indemnify and hold harmless the Data Controller from any dispute, claim or request for compensation for damage caused by the processing of personal data that may be received from such third parties.

C. COOKIES AND OTHER TRACKING TOOLS
With regard to the types of cookies used by the Website, the User can refer to the Cookie Policy.
3. Purposes and legal basis of the processing
The following table provides the purposes and legal basis concerning the processing of the above-mentioned personal data:
PURPOSES LEGAL BASIS
  • Providing feedbacks to any requests for information/clarification, also concerning products and their technical specifications, sent using the forms available on the Website;
  • creating a customer account;
  • allowing the online purchase of products and processing the order/concluding the contract through the Store;
  • providing feedbacks to any communications and/or notifications coming from customers of Daiko S.r.l and/or to requests to exercise the rights arising from the contract concluded through the Store and/or provided for by current legislation in relation to the same contract (for example, assistance and customer care activities; possibility, under certain conditions, of modification/cancellation of the order) and carrying out the activities that are necessary as a result of the exercising of those rights.
The implementation of pre-contractual measures taken at the User’s request and/or the contract to which the User is a party [art. 6 (1)( b), of the GDPR].
  • Fulfilling the obligations of administrative and/or accounting and/or fiscal nature connected to the order/contract concluded through the Store (for example, the issuing of the invoice);
  • complying with legal obligations to which the Data Controller is bound, included to respond to any requests to exercise the User’s rights as data subject under current data protection legislation.
The compliance with legal obligations to which the Data Controller is bound [Article 6(1)(c) of the GDPR].
Carrying out marketing/promotional activities by sending, by e-mail, promotional/marketing proposals and/or communications and, in any case, sending promotional/marketing communications concerning Daiko S.r.l. and/or the products of the latter. The data subject’s consent to process the User’s personal data [art. 130 of Legislative Decree No. 196/2003 (so-called “Privacy Code”) - art. 6, (1)(a), of the GDPR].
Verifying any fraudulent or illegal use of the Store and/or the Website in general and ensure its security and functionality in the interest of the Users and the Data Controller. The legitimate interest of the Data Controller and the Users themselves to prevent or identify any fraudulent or otherwise illegal use of the Store, and the Website in general [art. 6(1)(f) of the GDPR].
Carrying out research/statistical analysis on aggregate or anonymous data, without therefore being able to identify the User, to measure traffic and assess usability and interest with respect to the Store and the Website in general. The legitimate interest of the Controller to verify the usability and appeal of the Store and of the Website in general [art. 6(1)(f) of the GDPR].
Ascertaining, exercising, or defending legal claims or whenever courts are acting in their judicial capacity. The legitimate interest to ascertain, exercise, or defend legal claims or whenever the courts are acting in their judicial capacity [art. 6(1)(f) of the GDPR].
4. Consequences of failure to provide personal data
The provision of data by the User is optional. Nonetheless, failure to provide them, in whole or in part, could make it impossible to provide feedbacks to any requests for information/clarifications and/or requests to exercise the rights and/or could make it impossible to process the order and/or conclude the purchase of products. Failure to give consent to the sending of promotional/commercial communications, on the other hand, will have no consequence other than the impossibility of remaining updated and receiving news regarding Daiko S.r.l. and/or its products/services.
5. Methods of personal data processing

Personal data are processed with manual and/or paper-based and/or computer-based and/or telematic instruments and/or supports, in any case in such a way as to guarantee their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organisational, appropriate to the level of risk related to the processing of personal data carried out.

In particular, the Website functionality is provided on HTTPS encrypted connection and personal data are collected, filed, and stored on secure servers, protected by firewalls, and physically located within the European Union.

6. Recipients of personal data
The personal data of the User may be shared, for the purposes set out in paragraph 3 above, with:
  • employees or other types of collaborators of the company authorized by the Data Controller to process those personal data pursuant to and for the purposes of Article 29 of the GDPR and Article 2-quaterdecies of the Privacy Code and who have received specific instructions on how to process the data in accordance with the Applicable Law;
  • companies, consultants, or professionals who may be entrusted with the installation, maintenance, updating of the Site (for example, web agencies and/or marketing agencies) and, in general, with the management of the hardware and software of the Owner, included hosting providers and cloud computing services providers that act as data controllers pursuant to and for the purposes of art. 28 of the GDPR; 
  • the payment service provider who will act as independent data controllers; 
  • Public Authorities to whom, in their capacity as independent data controllers, it is mandatory to disclose the personal data of the User by virtue of legal provisions or orders of the authorities;
  • law firms, associated firms, consultants, or professionals (e.g., legal, administrative and/or tax consultancies) who may be appointed to support the Data Controller in order to ensure the correct fulfilment of the legal obligations with which he is required to comply; the ascertainment, exercise or defence of a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions; 
  • companies that provide logistical support and/or support related to shipping and delivery of products purchased through the Store;
7. Transfers to non-EU countries and/or international organisations

The Data Controller's hosting provider's servers, Digital Ocean LLC, are located within the European Union. Despite this circumstance, it is not possible to exclude a transfer of personal data in countries outside of the E.U. (in particular, the United States of America) considering the fact that the hosting provider's registered office is located in the American territory. The Data Controller, in accordance with art. 46, par. 2(c) of the GDPR and the indications provided by the competent Authorities, has entered into a specific agreement with the aforementioned hosting provider, the Data Processing Agreement (hereinafter, "DPA"), of which the standard contractual clauses most recently approved by the European Commission are integral part, in order to offer data subjects adequate guarantees regarding the level of protection of Users' personal data.

For more information on data transfers, including obtaining a copy of the DPA, the User can contact the Data Controller at the following e-mail addresses: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein., PEC Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein..

8. Period of retention of personal data

The User's personal data or provided by the User will be kept for a period not exceeding the one necessary for the pursuit of the purposes indicated above and for which they are processed.

In particular, personal data will be kept for the period necessary to provide feedbacks to any requests for information and/or clarifications received and, in any case, for a period not exceeding 10 years from the moment the user provided those personal data, in fulfilment of the legal obligations to which the Data Controller  is bound. This maximum retention period may be extended, where the conditions are met, in order to allow the User to exercise and defend a right in court or whenever the Judicial Authority exercises its functions and/or at the request of the latter. In no case will the data relating to the User's credit card or other payment instrument be stored in order to facilitate further online transactions.

With regard to the processing of personal data for promotional/marketing purposes, these data will be kept for a period of maximum 24 months from the moment the User provided the consent to process his/her personal data for marketing purposes. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Rights of the data subject

We inform the User that, as the data subject, he/she is entitled:

  • to receive confirmation as to whether or not his/her personal data are being processed and, if so, to obtain access to them and to a range of relevant information, including, by way of example, information concerning : a) the purposes of the processing; b) the categories of personal data that are subject to processing; c) the entities or categories of entities to whom or which the personal data have been or will be communicated; d) the storage period of the data or, if that is not possible, the criteria used to determine that period; e) the source of the personal data, if they have not been provided by the User;
  • to request and obtain the updating of personal data, the rectification of inaccurate data or, when needed, the integration of incomplete data;
  • to request and obtain the erasure of personal data if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the User objects to the processing carried out on the basis of a legitimate interest of the Controller and there is no overriding legitimate reason to continue the processing; c) the personal data have been processed unlawfully; d) the personal data must be erased by the Controller in compliance with a legal obligation; 
  • to request and obtain the restriction of processing in the event of: (a) contestation of the accuracy of his/her personal data for the time necessary for the Data Controller to carry out the requested verifications; (b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) ascertainment, exercise or defence of a right of the User in court, although the Data Controller no longer needs the data for the purposes of processing; (d) awaiting the outcome of the verification as to whether the Data Controller's legitimate reasons prevail over those of the data subject;
  • in cases where the processing of personal data is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format his/her personal data and, if technically feasible, to obtain the direct transmission of them by the Controller to another controller;
  • to object, in whole or in part, on legitimate grounds relating to the User’s particular situation, to the processing of personal data concerning the User, even though they are relevant to the purpose of collection;
  • in cases where the processing of personal data is based on the consent, to withdraw, at any time, the consent given; the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal;
  • to file a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR and Articles 140-bis et seq. of the Privacy Code.

 

The Data Controller shall inform each of the recipients to whom the User’s personal data have been transmitted of any rectification, cancellation and/or restriction of processing carried out, except when this proves impossible or involves a disproportionate effort.

10. Ways of exercising rights of the data subject

As data subject, the User may exercise the above-mentioned rights at any time by sending an e-mail to the following e-mail addresses: e-mail Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein., PEC Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.

If the User wishes to lodge a complaint, he/she may use the forms available on the website of the Italian Data Protection Authority.

11. Changes to this Privacy Policy

This Privacy Policy may be amended and/or integrated and/or updated periodically, also as a consequence of the updating of the Applicable Law.

In this case, the Data Controller shall inform the User of any amendments and/or additions and/or updates to this Privacy Policy by publishing the updated version of the Privacy Policy on the Website.

Last update: 28.11.2022

© Daiko s.r.l 2022 - Viale G. G. Felissent 84/D, 31100 Treviso, Italien
REA 416562 VAT and T.C. IT04907220265 - Alle Rechte vorbehalten