This page describes how the website www.bijouets.com owned by the sole shareholder HSL srl. (hereinafter referred to as the “Owner”) is managed in relation to the processing of users’ personal data (hereinafter referred to as the “Data Subject/s” or “User/s”) who visit it and/or sign up to the service for sending electronic communications on behalf of the Owner (for sending the newsletter and/o communications concerning the latter’s activity).
The above information is provided, pursuant to Art. 13 et seq. of EU Regulation 679/2016 (hereinafter the “Regulation”) to those who interact with the web services for personal data protection, accessible electronically from the URL www.bijouets.com, corresponding to the initial page of this Site (hereinafter referred to as the “Site”). The information is provided solely for the Site and not for other websites that may be visited by users through links. The information is also based on Recommendation no. 2/2001 that the European authorities for the protection of personal data, as part of the Group established by Art. 29 of directive no. 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for collecting personal data on-line, and, in particular, the methods, timing and nature of the information that data controllers must provide to users when the latter connect to web pages, regardless of the purposes of the link.
Personal data collected when browsing and/or signing up to this website and/or through e-mail messages (hereinafter referred to solely as “Data”) is processed in compliance with the requirements of national and European legislation and of the rights acknowledged by the law to “Data Subjects”.
Information on personal data protection
1. Purposes of the processing and legal basis
Following a visit to the Site, data relating to identified or identifiable persons may be processed. Data processing shall have the following purposes: a) to facilitate browsing of the Site and the technical use of the services described therein, to perform web analysis, to check the number of visitors to the Site, to check the progress of relations with Site Users; in such cases, the legal basis of the processing is the Owner’s legitimate interest in managing the Site, maintaining its proper functioning and in protecting its rights; b) to find any requests for information and / or execute the services requested through the Site, in such cases, the legal basis of the processing is the execution of measures taken at the request of the Data Subject, the execution of a contract of which the Data Subject is part of or pre-contractual measures taken at the request of the latter; c) to send to the Data Subject’s contact details (e.g. via telephone, social networks, email) communications on initiatives such as fairs, events, promotions and / or new services / products offered by the Data Controller, forwarding newsletters by email, in the event where the Data Subject has made a specific request and only after expressing his specific consent, which shall be requested separately; in this case, the legal basis of the processing is the Data Subject’s consent but also the legitimate interest of the Data Controller (as stated in Recital 47 of the Regulation) to make known and develop its business, without prejudice to the Data Subject’s rights ; d) to fulfil obligations deriving from laws, regulations, community legislation; in the latter case, the legal basis of the processing is the fulfilment of a legal obligation to which the Data Controller is subject; e) to perform the automated analysis of preferences, habits, behaviours, interests of the Data Subject, for example, by clicking on articles / sections of the Website, in order to send personalised commercial communications / perform targeted promotional actions. Personal data for profiling purposes shall take place, in the event of consent, with data processing tools that, as a result of a crossover, shall create a commercial and behavioural profile on the web related to the Data Subject. The above data processing tool relates data collected when browsing on the Website through the use of first and third party profiling cookies accepted by the Data Subject with Data collected when signing up. Furthermore, such Data and / or information shall be associated with any and / or additional data and / or information that we may already possess as a result of joining the services of the Data Controller; in this case, the legal basis of the processing is the User’s consent.
2. Place where data is processed, categories of recipients and transfer of personal data to a third Country
Data may be disclosed and processed by companies and consultants of the Data Controller and/or their representatives, for the design and/or maintenance of the Site’s technological part and for the performance of activities that are instrumental, supportive or functional to the execution of contracts or services requested by the Data Subject. In any case, the above parties shall process and disclose Data to third parties as “independent” owners or “data controllers” of the processing (pursuant to Article 28 of the Regulations) on the basis of the Data Controller’s instructions, also concerning security for the purposes stated above.
Data may be transferred to Non-EU Countries exclusively within the aforementioned purposes and in compliance with the Regulation (therefore on the basis of a decision of the European Commission for adequacy of the personal data protection level guaranteed by the third country or on the basis of adequate assurances, pursuant to articles 45 and 46 of the Regulation), or, failing that, if for example it is necessary for the execution of a contract between the Data Controller and the Data Subject, or in favour of the latter, or for the execution of pre-contractual measures adopted upon the latter’s request, or on the basis of the latter’s prior consent (as required by Article 49 of the Regulation).
In particular, for example, for the purposes referred to in letter c) of point 1 above, for managing external services (for sending the newsletter), the Data Controller uses the “MailChimp” service of the company The Rocket Science Group, LLC, 675 Ponce De Leon Ave, Suite 5000, Atlanta, Georgia 30308, and therefore, in the event of subscribing to the newsletter service, Data may be forwarded and made known to the latter company, which adheres to the Privacy Shield (that is the subject-matter of the decision of the European Commission 2016/1250), with which standard contractual clauses were signed in order to legitimise and guarantee the transfer outside the EU. The specifications related to the service that the Data Controller uses for managing and sending emails are available at the following linkshttp://mailchimp.com/legal/terms/ and http://mailchimp.com/legal/privacy/.
3. Types of data processed
3.1 Browsing data – The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transfer is implicit in the use of Internet communication protocols. This is information that is not collected in order for it to be associated with identified parties, but which due to its very nature could, through processing and association with data held by third parties, may allow for users to be identified.
The above category of data includes IP addresses or domain names of the computers used by users who connect to the Site, addresses in the URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters relating to the operating system and the user’s IT environment.
The above data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site (e.g. obtaining statistical information on the use of services, such as most visited pages, number of visitors per hour or day, geographical areas of origin, etc. ; to check the correct operation of the services offered) and to check its correct functioning. Browsing data is deleted following the relevant statistical processing, unless its additional storage is not necessary for detecting offences on the basis of the Data Controller’s legitimate interest to counteract any cyber attacks. Browsing data could be used to ascertain liability in the event of hypothetical cybercrime against the Site.
3.2 Data provided voluntarily by the user – The optional, explicit and voluntary sending of e-mails to the addresses mentioned on the Site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Specific summary information shall be progressively provided or displayed on the pages of the Site made available for particular services on request.
4. Optional provision of Data
Apart from what has been specified for browsing data, Users are free to provide personal data contained in the Site’s request forms, for example to request the sending of newsletters, informative material or other communications. Failure to provide the above data shall make it impossible to obtain what has been requested. For the sake of completeness, it must be noted that in some cases (not subject to the site’s ordinary management) the Antitrust Authority may request, the Data Controller, the manager, the data subject or even third parties, to provide information and to produce documents also pursuant to Art. 58 of the Regulation, for purposes of monitoring the processing of personal data. In the above cases a response shall be mandatory under penalty of an administrative fine.
5. Methods used for processing data and storing it
Data shall be processed in a manner that guarantees security and confidentiality and may be carried out on paper or electronically or in any case in an automated, computerised, manual form and which is logically designed to ensure that Data is processed securely, that it always remains intact and available and that it is processed in compliance with the principles set out in EU Regulation 679/2016 and for the sole purposes envisaged. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorised access.
Data is kept for the time deemed strictly necessary for the pursuit of the aforementioned purposes (referred to in the aforementioned letters a, b,d). In relation to the sub purposes c and e, the processing of collected contact data shall last until the service of the Data Controller is active, or until the User validly revokes the consent (which must always be possible also by means of a cancellation link included in all e-mails) or until the opposition to further processing for the aforementioned purposes is notified.
6. Rights of the data subjects
Data subjects are entitled to exercise the following rights (specifically described in Article 15 of Article 22 of EU Regulation 679/2016), by contacting the Data Controller without any formalities (at the e-mail address provided below): to request the Data Controller to confirm whether or not it is performing the processing of data concerning the data subject and, in this case, obtain access to the data; request the correction and / or the addition, removal or restriction of its processing; oppose to its processing; to request data portability; to file a complaint to a supervisory authority; obtain all the available information on the Data’s origin and on the categories of Data, if it is not collected from the Data Subject; to obtain information on the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject; not be subjected to a decision based solely on automated processing, including profiling.
In cases where the legal basis of the processing is the consent (e.g. for sending electronic communications related to the activity carried out by the Data Controller, profiling), data subjects have the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation.
7. The Data controller
Information on cookies
1. Definition of cookies
Cookies are small text files that the site visited by the user sends to his/her terminal (usually the browser), where they are stored before being re-transferred to the site itself, during the next visit.
Cookies collect information for technical, statistical or marketing purposes, recognising users during a visit and in subsequent visits and remembering their preferences and configurations. They are essential for some features of the site, as well as for allowing faster browsing, and to customise the experience based on a user’s preferences.
Users can receive on their device both cookies sent by the site owner (so-called first-party cookies) or from other websites or web servers (so-called third-party cookies), through elements on the site (such as, for example, images, maps, sounds, specific links to pages of other domains).
Cookies are used on the website www.bijouets.com for the purposes explained in the list below. For some functions, third-party tools are used, which can install cookies during their operation.
Technical cookies: help to make a website usable by enabling basic functions, such as page browsing, and facilitating access to the site’s protected areas by the user.
- PHPSESSID: stores the user’s status on the site’s various pages
- woocommerce_cart_hash: identifies the user’s cart and remembers its contents
- woocommerce_items_in_cart: states the quantity of products included in the cart
- wp_woocommerce_session_: identifies the user’s active session
- ClusterD e ClusterBAK: it is used for balancing the band used by the server
- wpml_admin_referer_url: saves the last URL of the site requested by the user to show the correct language of the page
- wordpress_logged_in_: recognises the user who logged in
- PYPF (Paypal): is provided and used by PayPal to recognise users of its platform at the time of payment based on the email that is sent, speeding up the payment process
Cookie preferences: allow a website to remember information that influences the way in which the site behaves or presents itself, such as the preferred language or the region to which it belongs.
- _icl_current_language: saves the user’s preferred language on the website
- _icl_visitor_lang_js: saves the user’s preferred language on the website
- wpml_browser_redirect_test: saves the user’s preferred language on the website
Statistical cookies: help website owners to understand how visitors interact with sites, collecting and providing information in an anonymous way.
- _ga: records a unique ID used to generate statistical data on how the visitor uses the website
- _gat (Google Analytics): it is used by Google Analytics to limit the frequency of requests
- _gid: records a unique ID, used to generate statistical data on how the visitor uses the website
Marketing cookies: they are used to monitor visitors on websites. The intention is to display relevant and engaging ads for individual users and those of greater value to third party publishers and advertisers.
- fr (Facebook): is used by Facebook to provide a series of advertising products, such as real-time offers from third-party advertisers
- r/collect (Doubleclick): it is used by Doubleclick to send data to Google Analytics on the visitor’s device and behaviour. Tracks the visitor on various devices and marketing channels
- Facebook Pixel: it is used to analyse users’ behaviour and remarketing activities
- Google Analytics: it is used to analyse users’ behaviour
- Hotjar: it is used to track and examine the behavior of users on the site, in an anonymous and aggregated form
- Google Tag Manager: it is used to analyse users’ behaviour and remarketing activities
- _fbp (Facebook): contains a unique user ID
- _fbc (Facebook): is configured only if the user has arrived at the page and in the URL the fbclid parameter is present
Social network cookies: allow visitors to share the material on the site, and at the same time allow the site to show content from the social network. The site integrates the main social networks. Some pages may show content from third-party sites, such as video, feed-back system, maps.
- Youtube: it is used to embed videos on some pages of the website
- Google Maps: it is used to view the map; if users share their geolocation, they can find the nearest store
3. Disabling cookies and managing preferences
It is possible to disable or change the behaviour of cookies by changing your browser’s preferences. To find out how to block cookies, please refer to the browser’s manual. For convenience, the following links provide instructions for the most commonly used browsers:
Please note that blocking some cookies may prevent the site from functioning properly.