Newsletter Subscription

The information required by the GDPR regarding the processing of the e-mail address (hereinafter, the “Data”) provided for the purpose of subscribing to the newsletter service, namely the periodic sending of e-mail communications containing updates on products, offers and initiatives from the Yamamay world (hereinafter, the “Newsletter Service”), is provided below.

1. Identity and contact details of the data controller

Inticom S.p.a., tax code and VAT no. 02649140122, with registered and operational office at Via Carlo Noè 22, 21013 – Gallarate (VA), e-mail address privacy@yamamay.com, certified e-mail address inticomspa@certimprese.it (hereinafter, the “Controller”).

2. Purposes of processing, legal bases and data retention periods

why is personal data processed?	what is the legal basis that makes the processing lawful?	how long do we retain personal data?
To provide the Newsletter Service.	The performance of a contract to which the data subject is party.	Until withdrawal from the Newsletter Service in the manner indicated in point 5 below.

Once the retention periods indicated above have expired, the Data will be destroyed, erased or anonymised, compatibly with the technical timing of erasure and backup.

3. Provision of data

The user is only required to provide the e-mail address, which is necessary for the provision of the Newsletter Service; therefore, any refusal to provide it will make it impossible to use the Newsletter Service.

The granting of a discount voucher on the user’s first order is merely an incentive for users to subscribe to the Newsletter Service and to learn more about the activities of the Controller. It is understood that the user is always allowed to withdraw from the Newsletter Service, without this preventing them from benefiting from such discount voucher.

4. Withdrawal from the Newsletter Service

In order to stop receiving e-mails relating to the Newsletter Service, the user may click on the unsubscribe link at the bottom of each e-mail.

5. Categories of recipients.

The Data may be communicated to third parties acting as independent controllers, such as public authorities and professional firms. The Data may also be processed, on behalf of the Controller, by third parties designated as Processors pursuant to art. 28 of the GDPR, such as natural and/or legal persons carrying out activities functional to the purposes indicated above (e.g. IT services, mass communication sending services), also operating outside the European Union (“EU”).

In particular, the data will be transferred to the company responsible for managing and maintaining the Site, namely Shopify International Limited, and may also be transferred to its sub-processors established outside the EU. Where such sub-processors are established in countries without an adequacy decision pursuant to art. 45 of the GDPR, the standard contractual clauses adopted by the European Commission pursuant to art. 46, par. 2, letter c) of the GDPR will be used as appropriate safeguards, with the possible provision of “supplementary measures” designed to ensure a level of protection substantially equivalent to that required by EU law.

Furthermore, the Data is processed by the Controller’s employees - belonging to the company functions responsible for pursuing the purpose indicated above - who have been expressly authorised to process the data and have received appropriate operating instructions.

6. Rights of the data subject

The data subject may exercise the rights set forth in articles 15 to 22 of the GDPR, where applicable, and, in particular, obtain from the Controller confirmation as to whether or not personal data concerning them is being processed and, where this is the case, access to such data and to the information referred to in art. 15, rectification of inaccurate data, completion of incomplete data, erasure of data in the cases provided for by art. 17, and restriction of processing in the cases provided for by article 18 of the GDPR. Furthermore, where the processing is based on consent or on a contract and is carried out by automated means, the data subject has the right to receive the data in a structured, commonly used and machine-readable format and, where technically feasible, to transmit such data to another controller without hindrance (“right to data portability”).

To exercise these rights, the data subject may contact the Controller at the contact points indicated in paragraph 1.

The data subject has the right to lodge a complaint with the competent supervisory authority in the Member State where they habitually reside or work, or in the State where the alleged infringement occurred.