Privacy policy


Information according to the UE regulation on Privacy (2016/679)
and the Privacy Code (D. Lgs. 30 June 2003, n° 196 and subsequent amendments and supplements)

This information refers to the processing of personal data carried out by the company Crispo S.r.l.
on the occasion of the users’ visit to the website www.crispoconfetti.com
The disclosure specifies the identity of the owner of the treatment who controls and manages the personal data collected and processed through the website, indicates which personal information is collected and the purposes, the methods of processing, the aim of communication to third parties, security measures taken to protect and defend the user’s personal data and the manners in which the user can verify the processing of data concerning him and exercise the rights recognized by EU Privacy regulation (2016/679) and the Italian Privacy Code (D. Lgs. 30 June 2003, n° 196 and subsequent amendments and supplements).

Owner of the treatment:
The owner of the treatment is the company Crispo S.r.l., in the person of its legal representative Mr. Michele Crispo. The company Crispo S.r.l. is based in Via Pianillo 138 – 80047 San Giuseppe Vesuviano (NA), Vat Number 01293331219, Telephone number 081 529 4444 – 081 529 4376, Fax
number 081 529 2028, e-mail privacy@crispoconfetti.com

The updated list of data managers and processors is kept at the company.

The company Crispo S.r.l., in quality of owner of the treatment, informs you that, pursuant the article n°13 of the D. Lgs. 30.6.2003 (referred to as “Privacy Code”) and the article n°13 of the EU regulation n. 2016/679 (referred to as “GDPR”) your data will be treated with the following manners and purposes:

Nature of data, purpose and treatment:
The company Crispo S.r.l., collects and processes the personal data provided by the user/customer during the consultation of the website www.crispoconfetti.com. to subscribe the service of newsletter sending; prize contests; request for news on opening hours; request for information on stores; request for quotes; payments; information and registration to events/fairs and exhibitions organized by the same company Crispo S.r.l., or by other companies too. The personal data that the company Crispo S.r.l. collects and treats include name, address, e-mail address, telephone number, fax number and other possible personal information, details related to payments and also data related to the use of the website by the user.

Surfing the web does not involve in itself the provision of personal data, but its collection is necessary for the service provision of services /products requested by the user; such as the answers to the user’s questions, sending requests for information by the same, sending quotes; products information, subscription to the newsletter; booking to events/fairs, exhibitions; competitions; etc.
Your personal data is processed:
A) Without your explicit consent (art. 24 letters a), b), c) of Privacy Code and art. 6 letters b),
e) of the GDPR) for the following service purposes:
1) Allow you to sign in the website;

2) Manage and maintain the website,
3) Allow you to subscribe to the newsletter service provided by the company Crispo S.r.l., and to further products/services possibly requested by you;
4) Complying to pre-contractual, contractual and fiscal obligations arising from relationships with you;
5) Complying with prescriptions from laws, regulations, community legislations and authorities;
6) Prevent or discover fraudulent activities or damaging infringement for the website;
7) Exercise the owner’s rights, for example the right of defense in a court;
B) Marketing purposes:
The company Crispo S.r.l. sends periodically, with specific and distinct consent (arts. 23 and 130 Privacy Code and art.7 GDPR), newsletter, advertising materials, discounts, promotions, news on contests, events dates, organized events/fairs, or by the same company Crispo S.r.l., or by other subjects.

Treatment method:
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and in art. 4 n. 2) of GDPR, namely: collection, registration, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, inter- connection, blocking, communication, deletion and destruction of the data.
Your personal data is processed via either paper or electronic and/or automated records.
The owner shall process your personal data for the time necessary to fulfill the above-mentioned functions and in any case for not longer than 10 years from the end of the relationships for service purposes and not longer than 2 years from the collection of data for marketing purposes.

Data access:
Your data may be made accessible as per above mentioned purposes to employees and co – workers of the owner, in their capacity as agents and/or internal accountable for the treatment and7 or system administrators;
The company Crispo S.r.l. also treats users’ browsing data, that is the data whose communication to the site is involved in the operation of the computer systems responsible for managing the website and the use of the internet own communication protocols. Web surfing data is, for example, IP addresses or domain names of computers used by users who connect to the website and other parameters related to the type and to the computer operating system used by the user. Web surfing data is collected and processed by the company Crispo S.r.l. only for statistical purposes on website access and use and for monitoring purposes of the correct operation of the website; such data may be use for verification purposes of potential responsibility in case of Cybercrime against the website or made through the website. Except for this hypothesis, the company Crispo S.r.l. keeps the users’ browsing data for the time needed for the purposes mentioned above. They can be kept only anonymously. It is therefore excluded any form of proliferation of users aimed at monitoring users’ use of electronic communication services.

Data communication and security:
Without your explicit consent (ex art.24 letters a), b), c) of Privacy Code and art. 6 letters b), e) of the GDPR), the owner will be able to communicate your data for the purposes of the letter A) to supervisory bodies, judicial authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishments of the mentioned purposes.
Your data will not be disclosed.
Furthermore, it may be necessary that the company Crispo S.r.l. makes available data concerning you to computer companies; courier companies and delivery workers; banking, financial and insurance services companies, including the subjects involved in the management of payment systems; to debt collection companies; to the subjects that will make or receive payments ; to companies, studios, consultants or professionals who shall carry out tasks in support, in Italy and abroad, in labor, legal, financial, fiscal and accounting or in charge of checks, inspections, auditing and certifications; to companies performing technical and care tasks; to subjects that provide services for the information system management.

Nature of the data provision and consequences of denial:
The provision of data for the purposes referred to in letter A) is mandatory. In case of denial, we cannot provide neither the registration to the website nor the Services listed in letter A). The provision of data for the purposes referred to in letter B) is instead optional. Therefore, you may decide not to provide any data or subsequently deny the possibility to process any data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material regarding Services offered by the Owner. In any case you will be entitled to Services listed in letter A).

Data transfer:
The management and storage of personal data shall take place within the European Union on servers belonging to the owner and/or third-party companies, hired and duly appointed as accountable for the treatment. At present the servers are located in Italy. The data shall not be transferred outside the European Union. It is understood in any case, that the owner if it is necessary, shall have the right to move the server location in Italy and/or in non – EU countries. In this case, the owner ensures from now on that the transfer of data to non-EU countries shall take place pursuant to legal provisions, applicable by concluding agreements, if necessary, that provide an adequate protection level and/or adopting the standard contractual clauses provided for the European Commission.

Data subject’s rights:
In your quality of data subject, you have the rights as per art. 7 Privacy Code and art. 15 GDPR and expressly the rights to:
1. Obtain confirmation about the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
2. Obtain the indication: a) about the origin of the personal data; b) about purposes and methods of the processing; c) about the logic applied in case of treatment carried out with the aid of electronic tools; d) about the identification details of the owner, managers and designated

representative ex art. 5, par. 2 of Privacy Code and art. 3, par. 1 of GDPR; e) about the subjects of subject categories to whom personal data may be communicated or who can get to know it as territorial appointed representatives of the state, as managers or delegated;
3. Obtain: a) the update, the correction or, when interested, the integration of the data; b) the deletion, the conversion into anonymous form or blocking of the data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected and subsequently processed; c) the statement that the operations as per letters a) and b) have been made known, also about their content, to whom the data had been communicated or diffused, except when such fulfillment proves impossible or requires manifestly excessive means compared to the protected right.
4. Object, totally or partially: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent with the purpose of the collection; b) to the processing of data concerning you , aimed at sending you advertising or direct sale material, or at carrying out marketing research or at commercial communication, through the usage of automated call systems without operator intervention, by e-mail and/or through traditional marketing methods, by telephone and/or paper mail. It should be noted that the right of opposition of the data subject, mentioned at letter b) about direct marketing purposes through automated methods, extends to traditional ones and that in any case possibility remains for the data subject to exercise the right of opposition also only partially. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or neither of them.
Where applicable, you also have the rights ex articles 16-21 of GDPR (right of correction, right to be forgotten, right of treatment restriction, right of data portability, right of objection), as well as right to complain with the Privacy Authority (in Italy Privacy warrant authority).

Withdrawal of consent:
In relation to art. 23 of D. Lgs 196/2003 and art. 6 of GDPR 679/16, the data subject may withdraw consent, at any time.

Minors:
This site and the Services of the owner are not intended for minors of under 18 years and the owner does not collect intentionally personal information about minors. In case information about minors was unintentionally registered, the owner shall delete it in a timely manner, at users request.

Methods of exercising the rights:
In relation to art. 7 of D. Lgs 196/2003 and art. 15 “right of access”, art. 16 “right of reply” art. 17 “right to be forgotten”, art. 18 “right to restriction of processing”, art. 20 “right of data portability”, art. 21 “right of objection to the automated decision – making process of GDPR 679/2016”, the data subject exercises his own rights by writing to the owner to the following address:
Crispo S.r.l. – Ufficio Responsabile Privacy – Via Pianillo 138 – 80047 San Giuseppe Vesuviano (NA) Telephone number 081 529 4376, Fax number 081 529 2028

Privacy information may also be requested at the following e-mail address: privacy@crispoconfetti.com

Amendments to this disclosure:
This disclosure may change.
It is recommended therefore to regularly check the present disclosure and refer to the most updated version.