Ancote

INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to and in accordance with Article 13 of the New European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION - GDPR)
As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding to the processing, the Data Subject (user of the website www.ancote.com) is informed that the personal data collected through the website are subject to processing by the Company by means of computer and/or telematic tools, for the purposes indicated in this policy.

DATA CONTROLLER
To this end, the data subject is subject to the Privacy Notice prepared by ANCOTE S.R.L. (hereinafter also "ANCOTE" or "the Company" or "the Data Controller"), the creator and promoter of the activities available on the website www.ancote.com. The Data Controller is ANCOTE S.R.L., with registered office in Via Don Brusadelli, 41 - 22100 Como, VAT No.: 01208250181.

PROCESSING INFORMATION
The personal data subject to processing are collected directly by ANCOTE S.R.L. or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.

LEGAL BASIS AND PURPOSE OF PROCESSING
The personal data conferred by the user when browsing the website www.ancote.com are processed by the Data Controller in accordance with current regulations on the Protection of Personal Data. The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of the online sales contract concluded between the parties and in the obligations to the same contract related to and/or arising directly and/or indirectly from the same.

The processing of personal data by ANCOTE is aimed at the pursuit of the following purposes:

1 SUBSCRIPTION TO THE NEWSLETTER OF ANCOTE.COM
In the event that the user decides to subscribe to the "ANCOTE Newsletter", only after eventual and specific consent, personal data will be processed by the Data Controller to send commercial or promotional communications, updates regarding, for example, the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link provided at the bottom of the emails you receive or by writing to [email protected].

1.2 The provision of personal data and consent to their processing is optional. Failure to provide consent means that ANCOTE will not be able to allow you to subscribe to the "ANCOTE Newsletter", send you commercial or promotional communications, updates regarding, for example, the latest trends, new arrivals, exclusive offers, special events and promotions.

1. 3 The Owner, in order to compare and possibly improve the results of communications, uses systems for sending newsletters and promotional communications equipped with a reporting mechanism, thanks to which the Owner will be able to know, for example: the number of readers, openings and clicks; the type of device used to read the communication (desktop, mobile);the number of pending users who have not yet confirmed their subscription; the number of emails sent by date/time/minute; the detail of emails delivered compared to those sent; the list of unsubscribers to the newsletter; email openings and clicks on individual links; message display problems; link tracking (i.e., the number of clicks made on links in the message); and click tracking (which links were clicked). All this data is used for the purpose of comparing, and possibly improving, the results of communications.

2 REGISTRATION ON ANCOTE.COM
In the event that the user decides to register on www.ancote.com, only following any and specific consent, personal data will be processed by the Data Controller for the purpose of registration on www.ancote.com. In particular, against the provision of your name, surname, e-mail address and the setting of a password for access, these will be processed for the creation of a personal account, to speed up the purchase process, to allow the user to view the status of orders and receive updates on purchases made, set and modify their data and any "Preferences" that will improve navigation, and update the account, view the history of returns and requests for exchange of goods, save favorite items in the Wishlist and to offer the possibility to join at a later time.

2.1 The provision of personal data and consent to their processing is mandatory. Failure to provide consent will result in the impossibility for ANCOTE to allow registration on www.ancote.com, the creation of the personal account, the speeding up of the purchase process, viewing the status of orders and receiving updates on purchases made, the possibility for the user to change personal settings and update the account, view the history of returns and requests for change of goods, save favorite items in the Wishlist.

3 ONLINE SHOPPING ACTIVITIES 
The personal data provided will be used for the purpose of the establishment, management, execution and/or conclusion of the online sales contract. The data provided will be processed by the Data Controller for the purpose of the management of the purchase order with reference, by way of example, to the activity of payment, shipping, taking charge of any returns, for customer service, for the execution of administrative - accounting purposes related to the management of the order, for the fulfillment of obligations under current regulations. In the case of payment by credit card, the information essential for the execution of the transaction (credit card holder, credit/debit card number, expiration date, security code) will be processed by Stripe or, possibly, by companies in charge of anti-fraud control via encrypted protocol and without third parties having access in any way. However, this information will never be viewed or stored by the seller (ANCOTE S.R.L.).

3.1 The provision of personal data and consent to their processing is mandatory. Any failure to provide consent will result in the impossibility for ANCOTE to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore the impossibility of performing, by way of example, activities related to payment, shipping, taking charge of any returns, customer service activities, the performance of administrative - accounting purposes related to the management of the order, and the fulfillment of obligations under current regulations.

4 PROFILING OF THE NATURAL PERSON
Only after eventual and explicit consent, the personal data provided may be processed by the Data Controller for profiling activities, i.e. analysis of preferences aimed at the creation of personalized content and offers. The provision of personal data and consent to their processing is optional.

Failure to provide consent means that ANCOTE will not be able to carry out profiling activities, i.e., preference analysis aimed at creating personalized content and offers.

METHODS OF DATA PROCESSING AND STORAGE
The processing of personal data is carried out by the Data Controller in compliance with the provisions of the current legislation on Privacy. The Data Controller carries out the processing of personal data by means of computer and/or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this statement, as well as by adopting appropriate security measures in order to prevent unauthorized access, disclosure, modification or destruction of personal data, their loss and their illegal and incorrect use. However, the Company cannot guarantee its users that the measures taken for the security of the site and the transmission of data and information on the site are capable of limiting or excluding any risk of unauthorized access or dispersal of data by devices pertaining to the user. For this reason, it is suggested that users of the site ensure that their computer is equipped with appropriate software for the protection of network transmission of data (e.g. up-to-date antivirus) and that their Internet Provider has taken appropriate measures for the security of network transmission of data. The Company also undertakes to process data in accordance with the principles of fairness, lawfulness and transparency, to collect them to the extent necessary and accurate for processing, and to allow their use only by personnel authorized for the purpose. The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and/or third party companies appointed as External Data Processors and, in any case, currently located in Italy.

In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in accordance with the relevant regulations in force.

In any case, the Company will take care to avoid the indefinite use of the data by proceeding, on a periodic basis, to suitably verify the effective permanence of the interest of the person to whom they refer.

RECIPIENTS AND DATA PROCESSORS
The data collected will not be disseminated in any way, but will be processed within the limits and for the purposes described by employees of the Company on the basis of appropriate operational instructions (e.g. administrative, sales, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties, appointed External Data Processors, which the Data Controller uses or may use as part of the management of the contractual relationship, the provision of services offered and for organizational needs of its business. In particular, the data could be communicated to:

subjects, public and private, who can access the data by virtue of a provision of the law, regulation or EU legislation, within the limits provided by these rules;
subjects who need access to the data for purposes related to the contractual relationship in place between the parties, within the limits strictly necessary to carry out auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and shipping companies)
consultants, to the extent necessary for the performance of their professional duties.
TRANSFER OF DATA ABROAD
The management and storage of personal data will take place on servers of the Data Controller and/or third party companies duly appointed as External Data Processors located within the European Union.

Personal data may be transferred abroad, in accordance with current regulations, including to countries outside the European Union. Transfer to non-EU countries, in addition to cases where this is guaranteed by Commission Adequacy Decisions, is carried out in such a way as to provide appropriate and adequate Guarantees in accordance with Articles 46 or 47 or 49 of the Regulations.

RIGHTS OF THE INTERESTED PARTIES
As a Data Subject, you may exercise, at any time, the rights provided for in Articles 15, 16, 17, 18, 20 and 21 of the GDPR which confer, in particular, the right to:

• obtain from the Data Controller, pursuant to Article 15, confirmation as to whether or not any processing of your personal data is taking place and, if so, obtain access to such data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if the recipients are located in Third Countries or International Organizations; (iv) when possible, the expected period of storage of the personal data or, if this is not possible, the criteria used to determine this period;
• obtain from the Data Controller, in accordance with Article 16, the rectification of inaccurate personal data concerning him/her without undue delay; taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration;
• obtain from the Data Controller, pursuant to Article 17, the erasure of personal data concerning him/her without undue delay. The Data Controller is obliged to delete, without undue delay, the personal data if any of the reasons indicated in paragraph 1 of Article 17 exist;
• Obtain from the Data Controller, pursuant to Article 18, the restriction of processing when one of the hypotheses governed by paragraph 1 of Article 18 applies;
• obtain from the Data Controller, pursuant to Article 20, data portability i.e. to receive in a structured, commonly used and machine-readable format, personal data concerning him/her provided to a Data Controller. The Data Subject also has the right to transmit such data to another Data Controller without hindrance from the first Data Controller to whom he or she provided it, if the conditions indicated in Article 20 paragraph 1 are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
• object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning him/her.

It should also be noted that the Data Subject has the right to revoke consent at any time without affecting the lawfulness of the processing based on the consent given prior to revocation, without prejudice to the consequences indicated above regarding any refusal to provide such personal data. The Data Subject also has the right to lodge a complaint with a Supervisory Authority. In the event of a request for rectification, cancellation as well as limitation of processing, the Data Controller undertakes to communicate the outcomes of requests received from the Data Subject to each of the recipients of his or her data, unless this proves impossible or involves a disproportionate effort. The Company specifies that a possible contribution may be requested from the Data Subject if the requests are manifestly unfounded, excessive, or repetitive; in this regard, the Data Controller will have a register to track requests for action.

AMENDMENT TO THIS POLICY
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users at www.ancote.com. Therefore, please consult this page often, taking as reference the date of last modification indicated at the end of the document. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject may request the Data Controller to delete his/her personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that point.

Privacy Policy updated on 03/23/2021

The Data Controller is: Best Luxury Shopping, ANCOTE s.r.l., VIA XX SETTMBRE 1/3 - 22100 - COMO (CO), in the person of its pro-tempore legal representative PHONE: 089794545, MAIL: [email protected]