Privacy policy

Pursuant to Reg mentation (EU) no. 679/2016 this page describes the methods of processing the personal data of users who consult the website 2changingart.com.

This information does not concern other sites, pages or online services that can be reached via hypertext links that may be published on the sites, but referring to resources external to the Owner’s domain.

1. OWNER OF THE TREATMENT

The Data Controller is STKZ S.r.l. Via Marco Fabio Quintiliano, 24/A 20138 Milano, MI CF/PI 12782150960 REA MI-2684504 e-mail info@2changinart.com.

2. CATEGORIES OF DATA PROCESSED

Navigation data. The computer systems and software procedures used to operate this site automatically acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are the IP addresses or domain names of the computers used by the connecting user, the addresses in URI notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response , the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the permanence on each page) and details relating to the itinerary followed within the site, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the user’s IT environment.

Data common personal collected upon registration and/or communicated by the user.

Please note that the optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller involves the acquisition of the sender’s contact details and any additional personal data included in the communications, which are necessary to manage and respond to the contact request made.

Data relating to specific user preferences and interests (with the express consent of the user).

Remember that the user can revoke his consent to the processing of these categories of data at any time, through the appropriate section of the profile or by contacting the Data Controller at the addresses indicated in this statement. The revocation, however, will not affect the lawfulness of the treatment based on the consent before the revocation.

3. PURPOSE AND LEGAL BASES OF THE TREATMENT

The processing of personal data provided by the user when using the services will be carried out for the following purposes:

1. allow the user to use the services made available on the website, including registering as a user, view content, indicate preferences, purchase products, make returns and/or enjoy other features of the site, including the customer support service;

2. fulfil the legal and accounting administrative management obligations incumbent on the Data Controller;

3. carry out marketing activities, newsletters, promotional actions and market research;

4. collect and analyze user behavioral preferences (profiling).

The processing of the user’s personal data for the purposes stated above is lawful where it is:

– necessary for the fulfillment of (pre)contractual obligations established by the terms and conditions (art. 6, lett b) GDPR);

– necessary for the fulfillment of legal obligations to which the Data Controller is subject (art. 6, letter c) GDPR);

– based on the user’s express consent to the processing of personal data for the purposes referred to in numbers 3) and 4) indicated above<.

The provision of data for the purposes referred to in numbers 1) and 2) is mandatory and refusal by the user may not make it possible the use of the services. In particular, when the data requested by the site are marked as mandatory, the provision of the same by the user is necessary for it to be possible to render the requested service.

In any case, it is specified that the communication of data to the public Authorities will be carried out in cases where it is required by law.

The provision of data for the purposes referred to in numbers 3) and 4) is instead optional and the user’s refusal to provide data for these purposes it will have no consequence other than to prevent by the Data Controller the treatment for marketing activities/newsletter and profiling.

4. PROCESSING METHODS

The data as indicated above are processed with mainly telematic and IT tools or systems in accordance with the provisions of the Reg (EU) n. 679/2016.

The Data Controller uses automated decision-making processes, including profiling, exclusively with the express consent of the user concerned.

5. DATA CONSERVATION

The acquired data will be processed exclusively for the necessary period to the performance of the services requested and, as regards registration data, until the account is canceled by the user. In fact, it is specified that the user is guaranteed at any time the right to definitively cancel his/her account by means of thespecial procedure described in the Terms and Conditions, however always without prejudice to the legitimacy of the treatment of the personal data necessary to pursue the purposes indicated under par. 3., nos. 1-2) of this information. It should be noted that, in the event of definitive cancellation of the account, the user’s personal data will no longer be disclosed on the website, nor will they be accessible by other users.

The user is also guaranteed the possibility of unsubscribing from the newsletter via a special link accessible from each newsletter e-mail, as well as withdraw your consent to the processing of personal data for profiling purposes via specific section of the profile or by contacting the Data Controller at the addresses indicated in this information.

Although user data is processed only for the time strictly necessary to achieve the purposes described above, the same will subsequently be kept for the period necessary during which responsibilities may arise for the Data Controller deriving from the processing in compliance with current legislation.

COMMUNICATION OF DATA AND TRANSFER ABROAD

Consistent with the purposes indicated above, personal data may be disclosed, with different levels of access depending on the tasks assigned, by the personnel in charge of the Data Controller and , in particular, the personnel involved in the management of functional activities for the correct provision of services and their IT management.

Furthermore, users’ personal data may be disclosed to other recipients for the performance of regulatory obligations envisaged for this purpose and in order to be able to comply with the obligations imposed by the laws in force, without prejudice to the guarantee of protection of the rights of the interested party. These include credit institutions, logistics service providers, technology and analysis service providers, judicial or administrative authorities.

Where necessary, for the stated purposes, some processing of the user’s personal data may also be carried out by external subjects to whom the Data Controller entrusts certain activities (or part of them) functional to the management of the established relationship, in all its phases. In this case, the same external subjects, who will operate as Data Processors and are essentially included in the following categories:external professionals and consultants who provide functional services for the purposes indicated above, artists (in case of purchase of works), information society and IT development and assistance.

The user’s personal data may be transferred abroad even outside the territory of Italy and in particular in [•], Country belonging to the European Economic Area and considered as a country able to guarantee an adequate level of protection. In any case, computer and technical security systems are used in the transfer activity such as to guarantee the confidentiality of the data.

RIGHTS OF THE INTERESTED

As an interested party, each User has the right to request at any time:

• access to data, so as to know what information is recorded, the types and purposes of the treatments carried out;

• the limitation, rectification and updating of data concerning him;

• the cancellation of one’s data where the conditions exist;

• easily transportable copy of your data to be transmitted to third parties in the manner prescribed by the Regulation;

• the withdrawal of consent without prejudice to the lawfulness of the treatment based on the consent given before the revocation;

and propose any complaints to the Data Protection Authority or other competent Authority on the point where it believes that its rights have been violated.