Privacy Policy
Privacy Policy – Cookies Policy
Filo Sofà Srl – Via del Tabacco, 39 – 70022 Altamura (Ba) Data Controller email address: info@filosofa.eu
For any clarification, information, or exercise of the rights listed in this policy, please contact the Data Controller at the following email: info@filosofa.eu
Personal data means any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
This is information collected automatically through this Website (including from third-party applications integrated into this Website), including: IP addresses or domain names of computers used by Users connecting to this Website, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal details of the visit (such as time spent on each page) and details of the path followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s IT environment.
The individual who uses this Website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website.
The Data Controller, unless otherwise specified, is the owner of this Website.
The hardware or software tool through which Personal Data of Users is collected and processed.
The Service provided by this Website as defined in the relevant terms (if any) on this site/application.
Unless otherwise specified, any reference to the European Union contained in this document is intended to extend to all current member states of the European Union and the European Economic Area.
A small piece of data stored within the User’s device.
This privacy policy is drawn up on the basis of multiple legislative frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy policy applies exclusively to this Website.
Among the Personal Data collected by this Website, either directly or through third parties, are: Cookies, Usage Data, first name, last name, email, username and website.
Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informational texts displayed prior to data collection.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this Website.
Unless otherwise specified, all Data requested by this Website is mandatory. If the User refuses to provide it, it may be impossible for this Website to provide the Service.
In cases where this Website indicates certain Data as optional, Users are free to refrain from providing such Data without any consequence on the availability or operation of the Service.
Users who have doubts about which Data is mandatory are encouraged to contact the Controller.
The use of Cookies – or other tracking tools – by this Website or by the owners of third-party services used by this Website, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for Personal Data of third parties obtained, published or shared through this Website and warrants that they have the right to communicate or disseminate them, releasing the Controller from any liability towards third parties.
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, other parties involved in the organisation of this Website (administrative, commercial, marketing, legal, system administration staff) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) may have access to the Data, and may be appointed as Data Processors by the Controller where necessary. An up-to-date list of Processors may be requested from the Data Controller at any time.
The Controller processes Personal Data relating to the User where one of the following conditions applies:
It is always possible to request that the Controller clarify the specific legal basis for each processing activity and in particular whether processing is based on law, provided for by a contract or necessary to conclude a contract.
Data is processed at the Controller’s operating premises and at any other location where the parties involved in the processing are located. For further information, please contact the Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. For more information on the place of processing, the User may refer to the section on details of Personal Data processing.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as the security measures adopted by the Controller to protect the Data.
If any such transfer takes place, the User may refer to the relevant sections of this document or request information from the Controller by contacting them at the details provided at the beginning.
Data is processed and stored for the time required by the purposes for which it was collected. Therefore:
Where processing is based on the User’s consent, the Controller may retain Personal Data longer until such consent is withdrawn. Furthermore, the Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this period, the right of access, erasure, rectification and the right to data portability may no longer be exercised.
The User’s Data is collected to enable the Controller to provide its Services, as well as for the following purposes: Analytics, Contacting the User, Content commenting, Displaying content from external platforms, Interaction with social networks and external platforms, Spam protection, User database management and Interaction with live chat platforms.
For further detailed information on the purposes of processing and the Personal Data specifically relevant to each purpose, the User may refer to the relevant sections of this document.
Personal Data is collected for the following purposes and using the following services:
Comment services allow Users to make and publish their own comments regarding the content of this Website. Depending on the settings chosen by the Controller, Users may also be able to leave a comment anonymously.
If the User’s email address is among the Personal Data provided, it may be used to send notifications of comments relating to the same content. Users are responsible for the content of their own comments.
If a third-party comment service is installed, it is possible that, even when Users do not use the comment service, it may collect traffic data relating to the pages on which the comment service is installed.
This Website has its own content comment system.
Personal Data collected: last name, email, first name, website and username.
By completing the contact form with their Data, the User consents to its use to respond to requests for information, quotations, or any other nature indicated in the form heading.
Personal Data collected: first name, last name, email, phone number.
This type of service allows interaction with live chat platforms, managed by third parties, directly from the pages of this Website. This enables the User to contact this Website’s support service or allows this Website to contact the User while they are browsing its pages.
If a live chat interaction service is installed, it is possible that, even when Users do not use the service, it may collect Usage Data relating to the pages on which it is installed. Furthermore, live chat conversations may be recorded.
This type of service allows interactions with social networks, or other external platforms, directly from the pages of this Website.
Interactions and information acquired by this Website are in any case subject to the User’s privacy settings for each social network.
If a social network interaction service is installed, it is possible that, even when Users do not use the service, it may collect traffic data relating to the pages on which it is installed.
The Facebook “Share” button and social widgets are services for interaction with the Facebook social network, provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
The Pinterest “Pin it” button and social widgets are services for interaction with the Pinterest platform, provided by Pinterest Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
The Tweet button and Twitter social widgets are services for interaction with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
This type of service analyses the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content identified as SPAM.
Akismet is a spam protection service provided by Automattic Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: USA – Privacy Policy.
The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of User behaviour.
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data, collected anonymously on this site, for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data, collected anonymously on this site, to contextualise and personalise the advertisements of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out.
This type of service allows content hosted on external platforms to be displayed directly from the pages of this Website and to be interacted with.
If such a service is installed, it is possible that, even when Users do not use the service, it may collect traffic data relating to the pages on which it is installed.
Google Fonts is a typeface visualisation service managed by Google Inc. that allows this Website to integrate such content within its pages.
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: USA – Privacy Policy.
Gravatar is an image visualisation service managed by Automattic Inc. that allows this Website to integrate such content within its pages.
Please note that if Gravatar images are used for comment systems, the commenter’s email address (or part of it) may be sent to Gravatar, even if they are not registered with the service.
Personal Data collected: Usage Data and email.
Place of processing: USA – Privacy Policy.
YouTube is a video content visualisation service managed by Google Inc. that allows this Website to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
The website includes a Newsletter dedicated exclusively to our customers, who occasionally receive notices and/or service communications by email.
For the delivery and management of the Newsletter, the service provided by SendinBlue (SendinBlue, 55 rue d’Amsterdam, 75008 Paris, France) is used, and the data collected is stored on the service provider’s secure servers.
Pursuant to SendinBlue’s privacy policy, data will never be used directly by SendinBlue or sold by it to third parties. SendinBlue uses duly authorised operators for the maintenance of the service and in the exercise of that function they may have access to your data.
In any case, the guarantees provided by the Sendinblue privacy policy apply.
Users may exercise certain rights with regard to the Data processed by the Controller.
In particular, the User has the right to:
To exercise their rights, Users may address a request to the Controller’s contact details indicated in this document. Requests are submitted free of charge and fulfilled by the Controller as soon as possible, and in any case within one month.
The User’s Personal Data may be used by the Controller in legal proceedings or in the preparatory stages leading to possible legal action for defence against abuse in the use of this Website or the related Services by the User.
The User declares awareness that the Controller may be required to disclose Data at the request of public authorities.
At the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional contextual information regarding specific Services, or the collection and processing of Personal Data.
For operational and maintenance purposes, this Website and any third-party services it uses may collect system logs, i.e. files that record interactions and may also contain Personal Data such as the User’s IP address.
Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
The Data Controller reserves the right to make changes to this privacy policy at any time, notifying Users on this page. Users are therefore encouraged to review this page regularly, taking as reference the date of last modification indicated at the bottom.
In the event of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that point.
Data Controller
Filo Sofà Srl – Via del Tabacco, 39 – 70022 Altamura (Ba) Data Controller email address: info@filosofa.eu
For any clarification, information, or exercise of the rights listed in this policy, please contact the Data Controller at the following email: info@filosofa.eu
Definitions and Legal References
Personal Data (or Data)
Personal data means any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.
Usage Data
This is information collected automatically through this Website (including from third-party applications integrated into this Website), including: IP addresses or domain names of computers used by Users connecting to this Website, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal details of the visit (such as time spent on each page) and details of the path followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s IT environment.
User
The individual who uses this Website who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller, as described in this privacy policy.
Data Controller (or Controller)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website.
The Data Controller, unless otherwise specified, is the owner of this Website.
This Website (or this Application)
The hardware or software tool through which Personal Data of Users is collected and processed.
Service
The Service provided by this Website as defined in the relevant terms (if any) on this site/application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union contained in this document is intended to extend to all current member states of the European Union and the European Economic Area.
Cookie
A small piece of data stored within the User’s device.
Legal References
This privacy policy is drawn up on the basis of multiple legislative frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy policy applies exclusively to this Website.
Types of Data Collected
Among the Personal Data collected by this Website, either directly or through third parties, are: Cookies, Usage Data, first name, last name, email, username and website.
Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informational texts displayed prior to data collection.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during use of this Website.
Unless otherwise specified, all Data requested by this Website is mandatory. If the User refuses to provide it, it may be impossible for this Website to provide the Service.
In cases where this Website indicates certain Data as optional, Users are free to refrain from providing such Data without any consequence on the availability or operation of the Service.
Users who have doubts about which Data is mandatory are encouraged to contact the Controller.
The use of Cookies – or other tracking tools – by this Website or by the owners of third-party services used by this Website, unless otherwise specified, is intended to provide the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.
The User assumes responsibility for Personal Data of third parties obtained, published or shared through this Website and warrants that they have the right to communicate or disseminate them, releasing the Controller from any liability towards third parties.
Methods and Place of Processing of Collected Data
Methods of Processing
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, other parties involved in the organisation of this Website (administrative, commercial, marketing, legal, system administration staff) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies) may have access to the Data, and may be appointed as Data Processors by the Controller where necessary. An up-to-date list of Processors may be requested from the Data Controller at any time.
Legal Basis of Processing
The Controller processes Personal Data relating to the User where one of the following conditions applies:
- the User has given consent for one or more specific purposes; Note: in some jurisdictions the Controller may be authorised to process Personal Data without the User’s consent or another of the legal bases specified below, until the User objects (“opt-out”) to such processing. This does not apply, however, where the processing of Personal Data is governed by European personal data protection legislation;
- processing is necessary for the performance of a contract with the User and/or for the execution of pre-contractual measures;
- processing is necessary to comply with a legal obligation to which the Controller is subject;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
It is always possible to request that the Controller clarify the specific legal basis for each processing activity and in particular whether processing is based on law, provided for by a contract or necessary to conclude a contract.
Place
Data is processed at the Controller’s operating premises and at any other location where the parties involved in the processing are located. For further information, please contact the Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. For more information on the place of processing, the User may refer to the section on details of Personal Data processing.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as the security measures adopted by the Controller to protect the Data.
If any such transfer takes place, the User may refer to the relevant sections of this document or request information from the Controller by contacting them at the details provided at the beginning.
Retention Period
Data is processed and stored for the time required by the purposes for which it was collected. Therefore:
- Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the performance of that contract is complete.
- Personal Data collected for purposes attributable to the legitimate interest of the Controller will be retained until that interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
Where processing is based on the User’s consent, the Controller may retain Personal Data longer until such consent is withdrawn. Furthermore, the Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, upon expiry of this period, the right of access, erasure, rectification and the right to data portability may no longer be exercised.
Purposes of Processing the Collected Data
The User’s Data is collected to enable the Controller to provide its Services, as well as for the following purposes: Analytics, Contacting the User, Content commenting, Displaying content from external platforms, Interaction with social networks and external platforms, Spam protection, User database management and Interaction with live chat platforms.
For further detailed information on the purposes of processing and the Personal Data specifically relevant to each purpose, the User may refer to the relevant sections of this document.
Details on the Processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Content Commenting
Comment services allow Users to make and publish their own comments regarding the content of this Website. Depending on the settings chosen by the Controller, Users may also be able to leave a comment anonymously.
If the User’s email address is among the Personal Data provided, it may be used to send notifications of comments relating to the same content. Users are responsible for the content of their own comments.
If a third-party comment service is installed, it is possible that, even when Users do not use the comment service, it may collect traffic data relating to the pages on which the comment service is installed.
Directly Managed Comment System (This Website)
This Website has its own content comment system.
Personal Data collected: last name, email, first name, website and username.
Contacting the User
Contact Form (This Website)
By completing the contact form with their Data, the User consents to its use to respond to requests for information, quotations, or any other nature indicated in the form heading.
Personal Data collected: first name, last name, email, phone number.
Interaction with Live Chat Platforms
This type of service allows interaction with live chat platforms, managed by third parties, directly from the pages of this Website. This enables the User to contact this Website’s support service or allows this Website to contact the User while they are browsing its pages.
If a live chat interaction service is installed, it is possible that, even when Users do not use the service, it may collect Usage Data relating to the pages on which it is installed. Furthermore, live chat conversations may be recorded.
Interaction with Social Networks and External Platforms
This type of service allows interactions with social networks, or other external platforms, directly from the pages of this Website.
Interactions and information acquired by this Website are in any case subject to the User’s privacy settings for each social network.
If a social network interaction service is installed, it is possible that, even when Users do not use the service, it may collect traffic data relating to the pages on which it is installed.
Facebook “Share” Button and Social Widgets (Facebook, Inc.)
The Facebook “Share” button and social widgets are services for interaction with the Facebook social network, provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Pinterest “Pin it” Button and Social Widgets (Pinterest)
The Pinterest “Pin it” button and social widgets are services for interaction with the Pinterest platform, provided by Pinterest Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Twitter Tweet Button and Social Widgets (Twitter, Inc.)
The Tweet button and Twitter social widgets are services for interaction with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy.
Spam Protection
This type of service analyses the traffic of this Website, potentially containing Users’ Personal Data, in order to filter it from parts of traffic, messages and content identified as SPAM.
Akismet (Automattic Inc.)
Akismet is a spam protection service provided by Automattic Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: USA – Privacy Policy.
Analytics
The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of User behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data, collected anonymously on this site, for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data, collected anonymously on this site, to contextualise and personalise the advertisements of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy – Opt Out.
Displaying Content from External Platforms
This type of service allows content hosted on external platforms to be displayed directly from the pages of this Website and to be interacted with.
If such a service is installed, it is possible that, even when Users do not use the service, it may collect traffic data relating to the pages on which it is installed.
Google Fonts (Google Inc.)
Google Fonts is a typeface visualisation service managed by Google Inc. that allows this Website to integrate such content within its pages.
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: USA – Privacy Policy.
Gravatar (Automattic Inc.)
Gravatar is an image visualisation service managed by Automattic Inc. that allows this Website to integrate such content within its pages.
Please note that if Gravatar images are used for comment systems, the commenter’s email address (or part of it) may be sent to Gravatar, even if they are not registered with the service.
Personal Data collected: Usage Data and email.
Place of processing: USA – Privacy Policy.
YouTube Video Widget (Google Inc.)
YouTube is a video content visualisation service managed by Google Inc. that allows this Website to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
Newsletter
The website includes a Newsletter dedicated exclusively to our customers, who occasionally receive notices and/or service communications by email.
For the delivery and management of the Newsletter, the service provided by SendinBlue (SendinBlue, 55 rue d’Amsterdam, 75008 Paris, France) is used, and the data collected is stored on the service provider’s secure servers.
Pursuant to SendinBlue’s privacy policy, data will never be used directly by SendinBlue or sold by it to third parties. SendinBlue uses duly authorised operators for the maintenance of the service and in the exercise of that function they may have access to your data.
In any case, the guarantees provided by the Sendinblue privacy policy apply.
User Rights
Users may exercise certain rights with regard to the Data processed by the Controller.
In particular, the User has the right to:
- withdraw consent at any time. The User may withdraw consent to the processing of their Personal Data previously given.
- object to processing of their Data. The User may object to the processing of their Data where it occurs on a legal basis other than consent. Further details on the right to object are provided in the section below.
- access their Data. The User has the right to obtain information about the Data processed by the Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
- verify and request rectification. The User may verify the accuracy of their Data and request that it be updated or corrected.
- obtain restriction of processing. Where certain conditions apply, the User may request the restriction of processing of their Data. In that case, the Controller will not process the Data for any purpose other than its storage.
- obtain the erasure or removal of their Personal Data. Where certain conditions apply, the User may request the erasure of their Data by the Controller.
- receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision applies where the Data is processed by automated means and the processing is based on the User’s consent, on a contract to which the User is a party or on pre-contractual measures related to it.
- lodge a complaint. The User may lodge a complaint with the competent personal data protection supervisory authority or take legal action.
How to Exercise Rights
To exercise their rights, Users may address a request to the Controller’s contact details indicated in this document. Requests are submitted free of charge and fulfilled by the Controller as soon as possible, and in any case within one month.
Further Information on Processing
Legal Action
The User’s Personal Data may be used by the Controller in legal proceedings or in the preparatory stages leading to possible legal action for defence against abuse in the use of this Website or the related Services by the User.
The User declares awareness that the Controller may be required to disclose Data at the request of public authorities.
Specific Notices
At the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional contextual information regarding specific Services, or the collection and processing of Personal Data.
System Logs and Maintenance
For operational and maintenance purposes, this Website and any third-party services it uses may collect system logs, i.e. files that record interactions and may also contain Personal Data such as the User’s IP address.
Information Not Contained in This Policy
Further information regarding the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
Changes to This Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time, notifying Users on this page. Users are therefore encouraged to review this page regularly, taking as reference the date of last modification indicated at the bottom.
In the event of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Website and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to Personal Data collected up to that point.