Preamble

Il Quadrifoglio di Mollo Maria Teresa, VAT number 01026430056 - C.F. MLLMTR65A63B111I, Via Piana del Salto, 66 - 14052 Calosso (Asti - IT) (hereinafter for brevity, also Il Quadrifoglio), pays the utmost attention to the confidentiality, protection and security of personal data relating to the people with whom it comes into contact. The User of this site, that is you, is therefore invited to first visit all the sections of this document, which describe how the site is managed with reference to the processing of personal data of the people who consult it. The User is the person who consults the site, be it a natural person or a person who operates in the name and on behalf of legal persons by providing personal data.

This document also has the information function, pursuant to art. 12 and 13 of EU Regulation 2016/679 and of the applicable national legislation on the processing of personal data (Legislative Decree 196/2003 updated to Legislative Decree 101/2018 and subsequent amendments and additions), for all those who interact with Il Quadrifoglio web services, accessible electronically at https://www.il-quadrifogliostore.it/, and exclusively for personal data collected through this site.

This information is provided and is valid only on this site and not for other websites that may be consulted by the User through links on the site; Il Quadrifoglio has no control over these sites or over the procedures they apply to respect the confidentiality of data. Therefore, we recommend that you consult the privacy rules of all the subjects with whom you come into contact before communicating personal information.

INFORMATION PURSUANT TO ART. 12 AND 13 OF EU REGULATION 2016/679 (GDPR)

Data Controller and contact details

The data controller is Il Quadrifoglio di Mollo Maria Teresa, VAT number 01026430056 - C.F. MLLMTR65A63B111I, Via Piana del Salto, 66 - 14052 Calosso (Asti - IT), in the person of the pro tempore legal representative, Tel: Tel +390141853603 - email: info@il-quadrifogliostore.it

Il Quadrifoglio informs you that your personal data will be processed in accordance with the rules established pursuant to EU Regulation no. 679/2016 (General Data Protection Regulation, hereinafter referred to as "GDPR" for brevity) and the applicable national legislation on the processing of personal data (Legislative Decree 196/2003 updated to Legislative Decree 101/2018 and subsequent amendments and additions ), by specifically authorized subjects, limited to the purposes and with the methods that will be specified below with reference to the functionalities of the web portal https://www.il-quadrifogliostore.it/

Object and purpose of the processing

Il Quadrifoglio, as Data Controller, informs you that it will process your personal data (if you are a natural person or if you are a natural person working in the name and on behalf of legal persons), and, specifically, your common personal data, i.e. name, surname, place and date of birth, tax code / VAT number, residential and / or domicile address, e-mail address, telephone / fax / mobile number, bank and credit card details, WhatsApp contact, IP addresses or domain names.

Your data, as described above, will be processed in the ways and in the forms prescribed by the GDPR, for the performance of the functions of this website. The User assumes responsibility for the personal data of third parties published or shared through this website and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

In particular, the personal data you provide to the Data Controller will be processed to achieve the following purposes:

A) Fulfillment of legal obligations. To fulfill any type of obligation contemplated and envisaged by current laws, regulations, related regulations and commercial uses, in particular, in tax / fiscal matters.

B) Execution of a contract or of pre-contractual measures. For the fulfillment and execution of the contract and the completion of any action aimed at fulfilling the mutual obligations arising from the contractual sales relationship; for the fulfillment of specific requests from the User before the conclusion of the final contract with the User. To follow up the registration and modification procedure of the personal account, or any requests for quotations or information on the products / services offered addressed to the Data Controller through the site or by means of specific requests via email or other communication channels.

C) Management of requests. To follow up on specific requests for information sent to the Data Controller through the Website and its communication tools (filling in the "Contact us" form, "send there an email", and other communication tools such as telephone communication, WhatsApp, email, fax, etc.), to manage operations within the Chat, when active.

D) Marketing activities. For sending commercial communications and various information relating to the sector in which the Data Controller operates, with the specific consent given by you by selecting the related box; for sending newsletters (by registering from the dedicated "Newsletter" portal), commercial proposals, advertising occurrence reporting; for sending promotional communications for similar services or managing direct relationships and contacts between company and customer-user, through e-mail, sms and WhatsApp and therefore for direct marketing activities, with the specific consent given by you by selecting the relevant box.

E) Statistics. It should be noted that the processing of the data provided in a generic way will be carried out, even following automatic collection during navigation, for the sole purpose of ascertaining and controlling access to the Website. This also applies to any technical cookies, to be intended as session, functionality or analytics cookies that meet the requirements specified by the Guarantor. In any case, for these analytics cookies, the Website, also in accordance with the clarifications of the Guarantor, has provided for the anonymization of IP addresses; the collection and the use of the aforementioned navigation data (without prejudice to the anonymization of the IP addresses) enable the monitoring of the trend of the Website and enable the improvement of the service offered, giving the User a better browsing experience.
Personal Data processed: Cookies; Usage data.
Google Analytics: the place of processing is Google Ireland Limited https://policies.google.com/privacy.
The user gives his consent to the processing through the information banner on Cookies.

F) Legitimate Interest. The processing of personal data can be based, prior positive judgment about balancing the interests of the Data Controller and the rights of the Customer, also on the legitimate interest of the Data Controller, such as the exercise of their rights in the context of the company as a reseller of products, when there is a relevant and appropriate relationship between the data subject and the data controller, and in the event that the data subject is already a client of the data controller (so-called "soft spam" with guarantee of the right to object / "opt-out", pursuant to art. 130, 4th paragraph, Privacy Code).

G) Remarketing activities. These services allow this Website to communicate, optimize and serve advertisements based on your use of this Website in the past. This activity is carried out by tracking usage data and by the use of cookies.

Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google, which connects the tracking activity carried out by Google Analytics and its Cookies with the Google Ads advertising network and the Doubleclick Cookie.
Personal Data processed: Cookies; Usage data.
Google Doubleclick: the place of processing is Google Ireland Limited https://policies.google.com/privacy.
The user gives his consent to the processing through the information banner on Cookies.

Remarketing with Facebook, Inc. - Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network. This website uses the Facebook Pixel tool provided by Facebook Inc., in order to measure conversions. Thanks to the Facebook Pixel it is possible to understand the actions that people perform on the Website. The personal data that is collected can be used for:

- ensure that the advertisements are shown to people correctly identified as recipients;

- create audience groups to reach with advertisements;

- take advantage of the additional advertising tools of the platform used to advertise.

The information collected is anonymous to the operators of this site and cannot be used to find the identity of a single user. However, the information is saved and analyzed by Facebook, which could link the action to a single profile and use this information for internal Facebook advertising purposes, as outlined in Facebook's privacy policy, to which full reference is made for further information. This will allow Facebook to show advertisements both on Facebook and on third-party sites. The Site Owner has no control over how this data is used.
Personal Data processed: Cookies; Usage data.
Facebook: place of processing Facebook Ireland Ltd - https://www.facebook.com/policies/cookies/
The user gives his consent to the processing through the information banner on Cookies.
For more information on the use of cookies, read the information on the Cookie Policy website.

This policy is effective only with reference to the aforementioned web portal https://www.il-quadrifogliostore.it/, but not with reference to the services provided by Facebook, or other social networks, by Instagram or to other and different portals or websites that may be consulted through the links therein, of which the Quadrifoglio is in no way the owner, even in relation to the WhatsApp contact service (for which the User has already given his consent by registering for the service). For the effect, we invite you to read the privacy policies of the respective platforms. The Data Controller informs you that in the case that an interaction service with social networks is made, it is possible that, even if the Users do not use the service, it collects traffic data relating to the pages in which it is installed.

Legal basis of the processing and consequences for the failure to provide your data

Apart from what is specified for navigation data, the communication to the Data Controller by you of the personal data specified above has as prerequisites for the lawfulness of the processing:

- For the purposes referred to in point A), the legal basis falls under art. 6, par. 1, letter c) of the GDPR. The User is always free to provide personal data, but in this case the provision of data is necessary. The failure of the providing will make it impossible to obtain what is requested or to use the services of the Data Controller.

- For the purposes referred to in points B) and C), the legal basis falls under art. 6, par. 1, letter b) of the GDPR, concerning the execution of a contract of which the User is a party or the execution of pre-contractual measures adopted at the request of the same (such as the request for a quote for further information on products / services) or for to follow up on specific requests addressed by you to the Data Controller. The User is always free to provide personal data, but in this case the provision of data is necessary. Failure to provide it will make it impossible to establish and execute the contractual relationship of which you are a party with the signing of the contract itself or pre-contractual measures, in particular with reference to all the specific services connected to the establishment and correct execution of the aforementioned contractual relationship, such as, for example, the management of requests for information / quotes, with the consequence that failure to communicate your data will make it impossible for the Data Controller to process your requests.

- For the purposes referred to in points D) and G), the legal basis falls under art. 6, par. 1, letter a) of the GDPR, concerning your express free, specific, informed and unequivocal consent, for this purpose we inform you that the aforementioned consent can be issued only if you are aged 16 (sixteen) in default you will not be able to proceed but solely and exclusively the holder of parental responsibility will.

The User is always free to provide personal data:

For the purposes referred to in point D), consent is purely optional and is freely expressed by the User by selecting the appropriate box. In case of omitted communication, no marketing activities, inclusion in the mailing list, sending of commercial information, etc. will be carried out.

For the purposes referred to in point G), consent is purely optional and is freely expressed by the User by selecting the appropriate box at the beginning of navigation by operating on the cookie information banner. In case of refusal by the User, unnecessary cookies will be blocked.

- For the purposes referred to in points E) and F) the legal basis falls under art. 6, par. 1, letter f) of the GDPR. The processing is necessary for the pursuit of the legitimate interest of the Data Controller. However, it should be noted that, as mentioned above, with regard to the statistical purpose (E), the information generated by the cookie on its use of the Site (including the IP address) is not transmitted to Google as this site is equipped with tools that reduce the identifying power of cookies, it is however possible for the user to operate on his consent to these cookies by acting on the information banner of cookies.

Methods of processing

The processing of personal data communicated by you is carried out by means of the operations indicated in art. 4 n. 2) of the GDPR, and more precisely: "collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data".

The personal data communicated by you are automatically processed for the time strictly necessary to achieve the purposes for which they were collected, with technical methods adopted to prevent the loss of data, illicit and / or incorrect use and unauthorized access, and such, therefore, to ensure a level of security appropriate to the risk pursuant to art. 32 of the GDPR, by specifically authorized persons, in compliance with the provisions of art. 29 of the GDPR, or employees and / or collaborators of the Data Controller in their capacity as authorized subjects and / or system administrators, who will be able to carry out consultation, use, processing, comparison and any other appropriate operation in compliance with the necessary legal provisions to guarantee, among other things, the confidentiality and security of the data as well as the accuracy, the updating and relevance of the data in compliance with the stated purposes and methods.

It should be noted, in particular, that the personal data communicated by you will be processed only at the headquarters of the Data Controller, except as specified below, they will therefore not be disseminated and, pursuant to art. 13, paragraph 1, lett. (e), the same may be processed only by authorized subjects and / or by external data processors (in the person of individual professionals and / or complex professional associations), among which the hosting company is explicitly included, and / or by technical personnel in charge of the management and / or maintenance of the website, but only and exclusively for the purposes expressly and specifically indicated above.

Automated decision-making process and profiling

Except as provided in the above paragraphs, the Data Controller informs you that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, that are those aimed at making decisions based solely on technological means and on predetermined criteria (i.e. without the human involvement), nor does it carry out profiling activities, i.e. those aimed at using your personal data to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel, etc.

Receivers and categories of receivers of the data collected and data transmission

Il Quadrifoglio will process Users' data in compliance with the obligations for the protection of personal data, provided for by the applicable legislation. The information acquired in the exercise of the activity will not be used to obtain any personal advantage of the company or third parties. The Data Controller will ensure that the duty of confidentiality is also respected by its trainees, employees and / or collaborators.

In particular, in relation to the purposes indicated above, the data could be communicated to the following subjects and / or to the categories of subjects indicated below, or they could be communicated to companies and / or persons, who provide services, including external ones, on behalf of the Data Controller Treatment. Among these, for greater clarity, by way of example but not limited to: subjects - internal or external to the company - who provide IT and telematic services for the management of the information system used by the Data Controller and of the telecommunications networks (including mail electronic and management of web portals and internet sites - hosting), subjects that the Data Controller reserves the right to appoint as data processors in the event; suppliers, commercial agents, carriers, transport companies; financial administrations and other companies or public bodies in fulfillment of regulatory obligations; competent authorities and / or Supervisory Bodies for the fulfillment of legal obligations; consulting firms and firms; companies and law firms for the protection of contractual rights; subjects who carry out operations of control, revision and certification of the activities carried out by the Data Controller who operate as external data processors pursuant to art. 28 of the GDPR, or in total autonomy as separate Data Controllers.

This site may also share some of the data collected with localized services both within the EU and outside the EU. In the latter case, it will only refer to countries whose transfer has been authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, for which no further consent is required. In particular and by way of example, the following examples are indicated:

Google Analytics with anonymized IP (Google Inc.) Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the personal data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. https://policies.google.com/privacy

Facebook Ireland Ltd. In the event that consent has been given to remarketing cookies. https://www.facebook.com/policies/cookies/

In any case, the Data Controller ensures that the transfer of data will take place in compliance with the applicable legal provisions and, in particular, in accordance with articles 44 - 45 - 46 - 47 - 48 and 49 of the GDPR and other applicable laws.

Data retention period

Personal data are processed and stored for the time required by the purposes for which they were collected.

We point out that, in compliance with the principles of lawfulness, purpose limitation and data retention and minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, that is for the entire duration of the fulfillment of the aforementioned purposes.

Therefore:

- As for personal data collected for tax / administrative obligations, they will be kept for the time necessary for the fulfillment of the aforementioned purposes and in accordance with the provisions of the law, and in any case for a period not exceeding that dictated by civil law.

- As for personal data collected for purposes related to the execution of a contract or pre-contractual measures, including preventive measures, between the Owner and the User, they will be retained until the execution of this contract is completed.

- As for the personal data collected for purposes related to the User's consent, the Data Controller may retain the Personal Data for a period of time not exceeding the achievement of the purposes for which they are collected, therefore until the requests made by the Users are processed or until the consent is revoked.

Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the Personal Data concerning you will be deleted from any physical and IT support (personal data / database) of the Data Controller.

User rights

Right of Access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR

As an interested party, pursuant to art. 15 of the GDPR, you have the right to obtain from the Data Controller confirmation of the existence or otherwise of the processing of personal data concerning you, to obtain access to them and to all the information referred to in the same art. 15, paragraph 1, letters from (a) to (h), by issuing a copy of the data being processed in a structured format, commonly used, readable by an automatic and interoperable device. Pursuant to art. 16 of the GDPR, you also have the right to obtain from the Data Controller the correction and / or integration of the data being processed if they are out of date and / or inaccurate and / or incomplete.

Right of cancellation pursuant to art. 17 of the GDPR and right to limit the processing pursuant to art. 18 of the GDPR.

As an interested party, you have the right to obtain, without undue delay, from the Data Controller, exclusively in the cases referred to in art. 17, paragraph 1, letters (a) to (f), of the GDPR, the deletion of data concerning you - with the exception of the hypotheses specifically provided for by art. 17 paragraph 3. As an interested party, pursuant to art. 18 paragraph 1, letters from (a) to (d), of the GDPR, you have the right to request and obtain from the Data Controller the limitation of the processing of your personal data, or that such data are not subjected to further processing and can no longer be modified. The Data Controller ensures that the limitation of the processing is implemented through appropriate technical devices that guarantee its inaccessibility and immutability.

Right to data portability pursuant to art. 20 of the GDPR.

As an interested party, you have the right to receive, pursuant to art. 20 of the GDPR, by the Data Controller the personal data concerning him, the processing of which is carried out by automated means, in a structured format, commonly used and readable by an automatic device, and also has the right to transmit such data to another holder of the treatment, or to obtain from the Data Controller, where technically feasible, the direct transmission of such data to another specifically identified data controller.