Information on Privacy - GDPR

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

This privacy notice describes how E-COMIT S.r.l. processes the personal data of users who purchase or interact with the e-commerce website, using it primarily for the management of orders, payments, shipments and customer support and to comply with the legal obligations applicable within the European Union; subject to specific consent, the data may also be used for marketing purposes, newsletter distribution, promotional communications and remarketing activities, and may be shared, where necessary, with technical service providers, payment platforms, couriers and review collection systems; the data are retained for the time strictly necessary to achieve the purposes for which they were collected or until any withdrawal of consent, and the user may at any time exercise the rights provided for in Articles 15-22 of Regulation (EU) 2016/679 (GDPR) and lodge a complaint with the competent supervisory authority.

PRIVACY POLICY PURSUANT TO REGULATION (EU) 2016/679 ("GDPR")

1. DATA CONTROLLER

The Data Controller for personal data is E-COMIT S.r.l., acting through its pro-tempore legal representative, with registered office at Via G. Di Vittorio, 93-95 — Z.I. Terrafino — 50053 Empoli (FI), Italy, VAT No. IT06818930486, email: info@vernicispray.com, certified email (PEC): e-comit@pec.e-comit.it, phone: +39 0571530262.

The Data Controller determines the purposes and means of processing the personal data collected through the e-commerce website and related connected services.

Controller: E-COMIT S.r.l.
Registered office: Empoli (FI), Italy
Contacts: info@vernicispray.com — PEC e-comit@pec.e-comit.it

2. CATEGORIES OF DATA PROCESSED

In the context of e-commerce activities and related services, the Data Controller processes various categories of personal data, including:

Identification data: first name, last name, company name;
Contact data: email address, phone number, shipping and billing address;
Tax data: tax code, VAT number;
Order-related data: purchased products, purchase history, returns;
Payment data: information necessary to process payments (handled through certified providers);
Browsing data: IP addresses, system logs, data collected through cookies and similar tools;
Data relating to reviews and feedback.

Data may be collected directly from the data subject or through third parties duly authorized to do so.

Source: user, IT systems, third-party platforms
Type: ordinary data (no special categories of data pursuant to Art. 9 GDPR are processed)

3. PURPOSES AND LEGAL BASES FOR PROCESSING

3.1 Direct marketing, newsletters and promotional communications

Subject to specific consent expressed during registration or purchase, personal data may be processed for sending newsletters, commercial communications, promotions, personalized offers, invitations to initiatives, as well as for remarketing activities and behavioral advertising through third-party tools (e.g. Google Ads, Meta Ads).

Processing for marketing purposes is based on the data subject's consent pursuant to Art. 6(1)(a) GDPR. Consent is free, specific, informed and may be withdrawn at any time via an unsubscribe link or by a direct request to the Data Controller.

Legal basis: consent (Art. 6(1)(a) GDPR)
Activities included: newsletters, direct email marketing (DEM), promotions, remarketing
Withdrawal: possible at any time

3.2 Performance of the sales contract

Personal data are processed to allow registration on the website, order management, payment processing, product shipment, returns management and customer support.

The legal basis is the performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

Legal basis: contract performance
Purpose: order management, shipping, support

3.3 Legal and tax compliance

Processing is carried out to comply with legal obligations provided for by Italian and European legislation and, where applicable, by the laws of the EU destination countries (e.g. intra-EU VAT rules, national consumer protection rules).

Legal basis: legal obligation (Art. 6(1)(c) GDPR)
Rules: EU and national tax, accounting and consumer protection laws

3.4 Fraud prevention and protection of rights

Data may be processed to prevent fraud, abuse, unlawful use of the website or to exercise or defend a right in court.

Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
Purpose: security, fraud prevention, legal defense

3.5 Collection of reviews and ratings through third-party platforms

In order to improve transparency and the reputation of the service, the Data Controller may transmit limited data (e.g. name, email, order reference) to independent review collection platforms (e.g. Trusted Shops, Trustpilot or similar), so that the user can provide a rating.

The legal basis is the Data Controller's legitimate interest in protecting its commercial reputation, or consent, where required by applicable law.

Data shared: name, email, order reference
Legal basis: legitimate interest or consent
Purpose: collection of feedback and verified reviews

4. METHODS OF PROCESSING

Processing is carried out using IT and telematic tools, in accordance with principles of lawfulness, fairness, transparency, data minimization and security. Appropriate technical and organizational measures are adopted pursuant to Art. 32 GDPR.

Tools: digital and automated
Measures: technical and organizational security

5. DATA RETENTION

Data are retained for the time strictly necessary for the purposes indicated:

Contractual data: up to 10 years (Italian and European tax obligations);
Marketing data: until consent is withdrawn and in any case no longer than 24 months unless renewed;
Fraud prevention data: according to timeframes proportionate to the risk.

6. RECIPIENTS AND EXTRA-EU TRANSFERS

Data may be disclosed to:

Hosting providers and e-commerce platforms;
Payment service providers (e.g. PSD2-certified PSPs);
Couriers and logistics operators;
Marketing and remarketing platforms (e.g. Google, Meta);
Review platforms;
Tax, legal and technical advisors.

Where data are transferred to non-EU countries, the transfer will take place in accordance with Arts. 44-49 GDPR (e.g. adequacy decisions, standard contractual clauses, EU-US Data Privacy Framework where applicable).

Possible transfers: USA or other third countries
Safeguards: SCCs, adequacy decisions, DPF

7. COOKIES AND TRACKING TECHNOLOGIES

The website uses technical, analytical and profiling cookies, including third-party cookies. Their use is governed by a specific Cookie Policy compliant with the ePrivacy Directive 2002/58/EC and the relevant national implementing rules (e.g. the Italian Data Protection Authority's measures).

Types: technical, analytical, marketing
Consent management: compliant banner

8. DATA SUBJECT RIGHTS

The data subject may exercise at any time the rights provided for by Arts. 15-22 GDPR: access, rectification, erasure, restriction, objection, portability, withdrawal of consent.

It is also possible to lodge a complaint with the competent Data Protection Supervisory Authority in the Member State of residence.

Rights: Arts. 15-22 GDPR
Complaint: competent national EU supervisory authority

9. NATURE OF DATA PROVISION

Providing data for contractual purposes is mandatory; failure to provide such data makes it impossible to place an order. Providing data for marketing purposes is optional.

Mandatory: data necessary to place the order
Optional: marketing

10. LEGAL REFERENCES

This notice is drafted pursuant to Regulation (EU) 2016/679 (GDPR), the Directive 2002/58/EC (ePrivacy), the applicable national implementing laws in the individual EU Member States, and the consumer and tax rules applicable to distance selling within the European Union.

GDPR (EU Regulation 2016/679): Official text on EUR-Lex
ePrivacy Directive 2002/58/EC: Official text on EUR-Lex

COOKIES AND SIMILAR TECHNOLOGIES

1. What cookies and similar technologies are

Cookies are small text files that websites store on the user's device (computer, smartphone or tablet) while browsing. They are used, for example, to ensure the proper functioning of the website, remember preferences, measure performance and provide more relevant content or advertisements.

In this document the term cookies also includes similar technologies such as pixels, tags, SDKs or other online identifiers that allow information to be stored or accessed on the user's device for technical, statistical or marketing purposes.

2. Data Controller

The Data Controller is:

E-COMIT S.r.l.
Via G. Di Vittorio, 93-95 — Z.I. Terrafino
50053 Empoli (FI), Italy
VAT number IT06818930486
Phone: +39 0571530262
Email: info@vernicispray.com
Certified email (PEC): e-comit@pec.e-comit.it

The Data Controller processes personal data in accordance with applicable European and national data protection laws.

3. Scope of application

This Cookie Policy applies to the VerniciSpray websites, including:

vernicispray.com
vernicispray.fr
vernicispray.es
vernicispray.co.uk

This document describes in detail the use of cookies and tracking technologies during browsing on the above websites.

4. Legal basis for the use of cookies

The use of cookies complies with applicable European legislation, in particular:

Regulation (EU) 2016/679 (GDPR)
Directive 2002/58/EC (ePrivacy Directive)
national implementing laws and guidelines issued by competent supervisory authorities

Necessary technical cookies may be installed without the user's consent because they are essential for the functioning of the website or for providing the service requested by the user.

Other cookies or similar technologies installed by third party services may require the user's consent.

5. Cookies used directly by the website

The VerniciSpray websites use first party technical cookies that are necessary for the operation of the e-commerce platform.

5.1 First party cookies table

Cookie name	Type	Purpose	Duration	Provider
JSESSIONID	Technical session cookie	Session management cookie generated by the Apache Tomcat application server. It enables the correct functioning of browsing, the shopping cart and the checkout process.	Session	VerniciSpray website
cookie_consent	Technical cookie	Stores the user's preferences regarding cookie acceptance or refusal. It remembers the choice made in the cookie banner and prevents it from appearing again on every visit.	180 days	VerniciSpray website

6. Third party services that may use cookies

While browsing the website, services provided by third parties may be used and they may install cookies or similar technologies on the user's device.

The Data Controller has no direct control over cookies installed by these services. For detailed information users are invited to consult the respective privacy and cookie policies.

6.1 Google Analytics

The website may use Google Analytics, a web analytics service provided by Google LLC that collects statistical information about website usage such as pages visited, duration of visits and navigation paths.

Further information:

6.2 Google Ads

The website may use advertising tools provided by Google to analyze conversions from advertising campaigns and measure the effectiveness of advertisements.

https://policies.google.com/technologies/ads

6.3 YouTube

Some pages of the website may include embedded videos from the YouTube platform. Viewing these videos may result in cookies being installed by the service.

https://policies.google.com/privacy

6.4 Trusted Shops

The website may integrate services provided by Trusted Shops to display trust badges or systems for collecting reviews related to purchases made on the website.

https://help.trustedshops.com/hc/en-gb/articles/360026139111-Data-protection-at-Trusted-Shops

6.5 Trustpilot

The website may use widgets or integrations from the Trustpilot service to allow users to view or submit reviews about products or services offered on the website.

https://legal.trustpilot.com/for-reviewers/end-user-privacy-terms

6.6 Hotjar

The website may use user experience analysis tools such as Hotjar to understand how users interact with pages and to improve the usability of the website.

https://www.hotjar.com/legal/policies/cookie-information/

7. Managing cookies

Users can manage or disable cookies through their browser settings.

Disabling technical cookies may affect some features of the website such as login or the purchasing process.