Information pursuant to art. 13 of the European Regulation 679/2016.
Pursuant to art. 13 of the European Regulation (EU) 2016/679 (hereafter referred to as GDPR), and with reference to the personal data of which TULSISHOP s.r.l. will enter availability via:
– the inclusion of the same in the “Contact” form on the website www.tulsishop.com;
– completing the “Newsletter” form;
– insertion in the form “Register your Account” and “Checkout”.
Data controller and responsible for the protection of personal data
Data controller is indicated in the person of TULSISHOP s.r.l. (hereinafter referred to as “Data Controller”) with address in Marittima – Diso (LECCE) Italia 73030, at Via Armando Diaz 47.
The Data Controller, with reference to any request concerning the management and processing of personal data, can be contacted via the following e-mail address: firstname.lastname@example.org.
TULSISHOP s.r.l. has not appointed a person responsible for the protection of personal data (DPO, or DPO, Data Protection Officer), not falling into the categories of subjects obliged to nominate him, nor by recurring any of the conditions set by the Art. 37 of the GDPR.
Purposes of data processing
The processing of data acquired with the aforementioned methods aims to:
To allow the correct and complete execution of the purchase agreement concerning the products marketed by TULSISHOP s.r.l., to provide information concerning the same, the offers and the discounts, as well as to find the requests for information received;
Fulfill the obligations envisaged in the fiscal and accounting field, as well as the obligations established by current legislation.
Personal data may be processed by means of paper or electronic archives and managed strictly in order to meet the aforementioned purposes.
Legal basis of the processing
TULSISHOP s.r.l. manage personal data lawfully, where the processing:
it is necessary for the execution of the purchase and sale contract concerning the products marketed by the same, or other pre-contractual and contractual measures connected;
is based on the expressed consent to the receipt of information concerning the products marketed, promotional offers and discounts, as well as the requests for information received, in order to fulfill the duty of cooperation and information in the pre-contractual and contractual phase of the relationship, in compliance to the provisions of the Law.
Consequences of failure to communicate personal data
With regard to the personal data requested, the non-communication of the same prevents the improvement of the contractual relationship itself and does not allow the sending of information, in the manner indicated.
The personal data, object of treatment, will be conserved for the duration of the contractual relationship and, in any case, for a period of time not exceeding that necessary to fulfill the purposes for which they were collected and / or subsequently processed and / or to fulfill conservation obligations for tax purposes or other purposes prescribed by law.
Personal data may be communicated to:
– Judicial or administrative authorities, for the fulfillment of legal obligations;
– Subjects who process data in execution of specific legal obligations;
– Banking institutions or other third-party companies that provide functional services for the purposes indicated above.
Data dissemination through automated decision-making processes and profiling
Personal data are not subject to dissemination or to any fully automated decision-making process, nor to profiling, or any form of treatment performed in an automated form involving personal information in order to evaluate aspects of an individual’s personal sphere and / or a group of individuals, also for advertising and / or marketing purposes.
Rights of the interested party
The rights recognized by the GDPR include those of:
– ask the Data Controller for access to personal data and information relating thereto;
– the modification of inaccurate data or the integration of incomplete data;
– the cancellation of personal data, c.d. right to be forgotten (on the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article);
– the limitation of the processing of personal data previously provided (upon the use of one of the hypotheses indicated in Article 18, paragraph 1 of the GDPR);
– request and obtain from the Data Controller – in the cases in which the legal basis of the treatment is consent, and the same is done by automated means – a copy of the personal data provided and those generated in the performance of the report (and not data anonymous or not exclusively concerning the person of the applicant) in a format of common use and legible by automatic device, also in order to communicate such data to another data controller, so-called right to the portability of personal data.
The exercise of the right to portability does not automatically imply the deletion of data, which must be the subject of a specific request. The Data Controller may not issue a copy of the data if the data were deleted at the request of the applicant or after the retention period has expired, as specified above.
In order to guarantee security and prevent illegal activities, the release of a copy of personal data is subject to the passing of procedures for verification of the identity of the applicant by the Data Controller.
In any case, TULSISHOP s.r.l.:
– is not responsible in any way for the processing carried out by the individual concerned or by another person who receives the data subject to portability;
– may object to the processing of personal data at any time upon the occurrence of particular situations;
– may revoke the consent at any time, limited to the cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (eg address of residence, date of birth, etc.), or particular categories of data (eg data on health status, racial origin, political opinions, religious beliefs, sex life, etc.).
The treatment based on consent and prior to the revocation of the same is nevertheless lawful.
To exercise the aforementioned rights, a request must be sent by e-mail to the following address: email@example.com propose a complaint to a supervisory authority (Authority for the protection of personal data – www.garanteprivacy.it).
Security and personal data
TULSISHOP s.r.l. has adopted appropriate security measures to protect the data and personal information provided from unauthorized access or use. As far as TULSISHOP s.r.l has taken all possible precautions to ensure the security of personal data, it must be kept in mind that the transmission of data on the Internet is never completely secure and that any information disseminated online could be collected and used by different subjects from those to whom it was directed.
Transactions are managed via Stripe and PayPal services.
Our website Tulsishop.com may store or retrieve information from the browser in the form of cookies. Cookies are necessary for the proper functioning of the site and to improve the browsing experience of users because they store some information (eg preferences, internet access device, etc) useful for subsequent access to the site.
Cookies used on our site