Privacy Policies
Privacy Notice under Art. 13 of Regulation (EU) 2016/679 (“GDPR”)
Website access/use
The information required by the GDPR regarding the processing of personal data connected with access to the website www.yamamay.com (hereinafter, the “Website”) and the use of the related services by the user is provided below.
For information regarding the sale of products on the Website, please refer to the specific “Sale” privacy notice published on the Website in the “Privacy policy” section.
The login and use conditions are available in the footer of the Website.
Information on the processing of browsing data and information relating to the use of cookies can be consulted in the privacy and cookie policy made available in the cookie banner that appears upon first access and in the footer of the Website.
1. Who is the “controller” of the processing of personal data (i.e., the party that determines the purposes and means of processing)
The data controller is Inticom S.p.a., tax code and VAT no. 02649140122, with registered office at Via Carlo Noè no. 22, 21013 – Gallarate (VA), e-mail address privacy@yamamay.com, certified e-mail address inticomspa@certimprese.it (hereinafter, the “Company”).
2. Contact details of the Data Protection Officer (DPO)
The Company’s DPO can be reached at the following contact point: dpo@yamamay.com.
3. Purposes and legal basis of processing and data retention period
| For what purpose are the data processed by the Company? | What is the legal basis that legitimises the processing? | How long are the data retained? |
|---|---|---|
| To allow the user to access the Website and use the related services (e.g. catalogue consultation, management of their account, etc.). | Performance of a contract to which the data subject is party, as provided for by Art. 6(1)(b) of the GDPR. | For the entire duration of the relationship and, as the ordinary limitation period, for the following 10 years. |
| To carry out marketing activities and therefore send communications, by e-mail and SMS, concerning news, promotions, discount vouchers, information relating to the Company’s products and events. | The data subject’s consent, as provided for by Art. 6(1)(a) of the GDPR. | For 4 years from the granting of consent, without prejudice to the data subject’s right to withdraw it or object at any time. |
| If necessary, to establish, exercise or defend the Company’s rights in judicial and/or extrajudicial proceedings. | The Company’s legitimate interest, as provided for by Art. 6(1)(f) of the GDPR. | In the event of litigation, for the entire duration thereof, until the time limits for bringing actions have expired. |
Once the retention periods indicated above have expired, the data will be destroyed, erased or anonymised, compatibly with the technical deletion and backup timescales.
4. Nature of the provision of data
Providing the e-mail address in the form is necessary in order to access the Website; therefore, failure to provide it will not allow registration.
5. Recipients of the data
The data will be processed by the employees of the company departments and by the Company’s collaborators assigned to carrying out the activities aimed at pursuing the purposes indicated above, who have been expressly authorised to process the data and have received specific operating instructions.
The data may be processed by third parties acting as independent controllers, authorised to receive the data, such as public authorities and professional firms.
The data may also be processed by external parties on behalf of the Company, designated as processors pursuant to Art. 28 of the GDPR, such as parties that perform activities functional to the purposes indicated above (e.g. IT services, customer care), also operating outside the European Union (“EU”). If such countries do not have an adequacy decision pursuant to Art. 45 of the GDPR, the standard contractual clauses adopted by the European Commission pursuant to Art. 46(2)(c) of the GDPR will be used as appropriate safeguards, with the possible provision of “supplementary measures” designed to ensure a level of protection substantially equivalent to that required by EU law.
6. Rights of the data subject
Data subjects (i.e. the persons to whom the personal data refer) may exercise the rights set out in Arts. 15-22 of the GDPR by contacting the Company at the e-mail address privacy@yamamay.com. In particular, data subjects may obtain from the Company confirmation as to whether or not Data concerning them are being processed and, where that is the case, access to such Data and to the information referred to in Art. 15 of the GDPR, rectification of inaccurate data, completion of incomplete data, erasure of data in the cases provided for by Art. 17 of the GDPR, restriction of processing in the cases provided for by Art. 18 of the GDPR, as well as object, on grounds relating to their particular situation, to processing carried out on the basis of the Company’s legitimate interest; furthermore, where the processing is based on consent or on a contract and is carried out by automated means, they may request to receive the data in a structured, commonly used and machine-readable format and, where technically feasible, to transmit them to another controller without hindrance (“right to portability”).
Data subjects may also, at any time, object to the processing of their data for direct marketing purposes, as well as withdraw the consent given for that purpose, including through the specific function available in their account.
In any case, data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State in which they habitually reside or work or in the State in which the alleged infringement occurred.
