You have no items in your shopping cart.
Information on the protection of personal data.
Art. 13 Reg. EU 679 of 27 April 2016
According to art. 13 of the “European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data” (hereinafter “GDPR”), Aboca S.p.A. Società Agricola, with legal offices in Aboca, 20 - 52037 Sansepolcro (AR), Italy - Tax code and registration number at the chambers of commerce in Arezzo - Siena: 01704430519, Share Capital 16.921.084 euros, as Data Controller of the data provided in order to use the services available through the functions of the Website, including the purchase of products (including, but not limited to: gift ideas, books, fine works of art, art reproductions) without prejudice to the definitions set out in the GDPR, is required to inform You of the following.
(A). - How the Website works.
The Website www.abocashop.com, through the system provided by Shopify www.shopify.com, allows you to purchase and receive a wide range of products delivered to your home.
In order to use these services, you must access the Website by connecting to the following link: www.abocashop.com, registering (free of charge) to obtain your personal and non-transferable account. You can cancel your account at any time.
Having completed your registration, during which you can decide the relevant login credentials, including your password, which only be known to you, you will be able to access the services from your mobile device or desktop, entering the personal authentication credentials you have chosen, and that you will have to keep with the utmost care, into the appropriate fields.
After registering, you can choose the products and place the relevant order, following the procedure indicated on the Website. Once completed, you will receive a confirmation email.
(B). – Applicable laws and the legal basis for the processing.
The processing operations, which we will describe in detail below, have their legal basis in Art. 6(a) and (b) and art. 9(a) of the GDPR.
(C). - Nature of the data being processed.
Only upon your consent, where provided, will the following categories of personal data concerning you be or may be processed for the purposes indicated:
(D). – Provision and sources of personal data.
The provision of your personal data is not normally compulsory but, in some cases, it is necessary, and therefore mandatory, to allow you to benefit from the services and the functionalities of the purchase.
The provision of certain data (name and surname, email, password, telephone number, delivery address and IP address) is necessary, and therefore mandatory, to enable and execute the services; You are free to choose not to provide your personal data, but in this case it may be impossible for the Data Controller to satisfy your requests, to meet your requirements or to have them use, in their entirety, all the services available on the Website.
(E). - Purpose of the processing.
In addition to the processing necessary in relation to legal obligations, regulations, or arising from orders of the Authority, the Data Controller will carry out the operations necessary for the following purposes:
The Data Controller, through external managers, specifically designated according to art. 28 of the GDPR, will carry out the technical treatments necessary to enable it to benefit from the services.
(F). - Methods of data processing, storage and security.
Your data may be processed by electronic means and will be kept by the Data Controller, in compliance with all the security measures provided for by law, for the time necessary for the pursuit of the abovementioned aims and in particular the contractual obligations assumed, and in any case for no more than two years after the last interaction.
In the event of a purchase, we will retain your data for the purpose of fulfilling legal obligations and to enforce and defend a legal right for the period of 10 years.
After these retention times, or after deletion by you, the data that is no longer needed will be removed.
Your personal data will be kept in Italy as well as on Shopify servers located in Canada. The related security policies are reviewed by accredited certifiers, in accordance with the Policies of ISO/IEC 27001:2013, Information Security Management Systems, Tier III, PCI DSS.
(G). - Navigation data
The computer systems and the software required for the functioning of the Website acquire, as part of their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. It is information that is not collected to be associated to identified interested parties, but that by their very nature could, through processing and association with data held by third parties, make it possible to identify users.
This category of data includes IP addresses or other device identifiers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server. the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good, error, etc.) and other parameters related to the operating system and the user's computer environment.
These data are used only for the purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used for the assessment of liability in the event of hypothetical cybercrimes against the Website: except for this possibility, in the state, the data on web contacts do not persist for more than 7 days.
The authentication data will be encrypted from their first use and the Data Controller will in no way be able to identify them.
(H). - Cookies.
(I). - recipients of data and data transfers abroad.
As Data Controllers and data processors, the following persons may become aware of the personal data referred to in this policy:
In order to perform its ordinary management, accounting and administrative activities, Aboca S.p.A. Società Agricola may communicate your personal data, subject to obtaining your consent in the manner required by law, where applicable, in compliance with security measures, to third party service providers for the sole purpose of performing the service you have requested.
The list of these subjects to whom the data may be communicated is available at the Data Controller's offices.
Aboca S.p.A. Società Agricola does not transfer personal data abroad under its own initiative. However, some third-party service providers have their servers physically located abroad. In such cases, the transfer of data abroad will take place exclusively within the scope of and in compliance with Art. 44 et seq. of the GDPR.
Under no circumstances may your personal data be disseminated.
(L). Rights of the person concerned.
Articles 15 to 22 of the GDPR give the parties concerned the exercise of specific rights. Art. 15 of the GDPR gives the data subjects the right to access their personal data and to obtain a copy thereof. The right to obtain a copy of the data must not prejudice the rights and freedoms of others.
You have the right to obtain confirmation from the Data Controller on whether or not a processing is in progress using your personal data and to know the purposes and categories of data processed, the third parties to whom the data are communicated and whether the data are transferred to a non-EU member country with appropriate guarantees. You also have the right to know the time of retention of your personal data and have the right to request the correction of incorrect and incomplete data, the cancellation (right to be forgotten) under the conditions indicated by art. 17 of the GDPR, the limitation of processing, the withdrawal of consent, the portability of data and the right to object, at any time and without having to provide any justification, to the processing for direct marketing purposes.
These rights may be exercised via email to the address of the Data Protection Officer for Aboca S.p.A. Azienda Agricola, or by ordinary mail to the address indicated below. The Data Protection Officer may need to identify you by requesting that you provide a copy of your identification document. If you believe that the processing of your personal data infringes the provisions of the GDPR or the internal law on the protection of personal data, you have the right to make a complaint to the Data Protection Authority and/or to bring the matter before the judicial authority.
In order to exercise these rights, or to obtain any other information about them and, more generally, the processing of your personal data, requests may be addressed to:
The Data Controller is Aboca S.p.A., an agricultural company with registered offices in Loc. Aboca 20, 52037 - Sansepolcro (AR), Italy. The complete list of persons responsible for the processing is available from the offices of Aboca S.p.A. Azienda Agricola. This mandatory information shall be subject to adjournment, depending on any changes in the applicable laws.