Privacy & Cookie Policy


Privacy & Cookie Policy

This policy is provided pursuant to art. 13 of the D.L. 20 June 2003 n. 196 - Privacy Code and 13 of the European Regulation n. 679/2016 and applies to all data collected through the site https://koryyork.com/ or to data collected by the Data Controller at its operational premises or outside its operational premises.

Data controller

The controller that is responsible for the management of the data collected from this website is sole proprietorship of Semprini Andrea with headquarters in Riccione (RN- Italy) in Via Torquato Tasso n.181 – Italy- Email for contact info@koryyork.com telephone (+39) 328.1561686 (hereafter know in short as the ‘Owner’).

Recipients of this policy

This policy is intended for physical persons who access the site https://koryyork.com/ or the operational headquarters of the data controller, or come into contact with the data controller for any purpose. Hereafter, the recipient will be referred to as 'User'.

Conditions of management of the personal data.

The personal data provided by the Data Controller or acquired by the same are subject to processing based on principles of correctness, lawfulness, transparency, and protection of confidentiality pursuant to current regulations.

The Data Controller processes the Users Personal Data by using the appropriate physical and digital security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data and guaranteeing the rights established by the GDPR EU Reg. 2016 / 679.

The processing is carried out using analogue, IT and / or digital tools, with organizational methods and with logic strictly related to the purposes indicated.

Other than the Owner, in some cases, employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services such as transporters and shippers, hosting providers, IT companies, communication agencies, legal and commercial consultants) also appointed as Data Processors by the Owner could have access to the Data.

Among the Personal Data collected by this Site or at the Data Controller's operational premises or outside of this, either independently or through third parties, there are or may be: Cookies, Device usage data and device data , Email, Name and Surname, useful data for billing and shipping, contact forms, any registration procedures and access to a reserved area, possible subscription to a newsletter, the procedure for purchasing products and services and related to the "Shopping Cart" , similar and analogous operations. Other Personal Data collected may be indicated in other sections of this Privacy policy.

The personal Data can be given voluntarily by the User or can be collected automatically during the use of the Data controller’s website (koryyork.com/) or collected in other ways within or out with the headquarters.

Failure to provide some Personal Data may impede the Data Controller from providing some of their services.

The User takes responsibility for the Personal Data of third parties published or shared and guarantees they have the right to share them, freeing the Owner from all responsibility towards third parties.

Data provided voluntarily by the User.

The explicit and voluntary sending of emails via the ‘contact us’ form or via the email addresses shown on the Data Controller’s website (koryyork.com/), or the sending of personal data necessary during the final phase of the purchase order also at the Data Controller’s headquarters or outside of this, involves the subsequent acquisition of the sender's address, necessary in order to respond to requests, as well as any other personal data entered by the User along with content or other data entered during the completion of the purchase order.

Place of processing

Personal data may be processed at the Data Controller's headquarters or outside their premises.

The Personal Data may be processed by the website supplier, Shopify (https://it.shopify.com), that provides the host service for the koryyork.com/ website.

According to the conditions established by Host provider Shopify (https://it.shopify.com) which the Data Controller uses, the following applies:

- if the User resides in a country which is part of the European Union, they have the right to access the personal information in our possession, to transfer it to a new service and to request that their personal information be corrected, updated or deleted. If you wish to exercise these rights, you can contact the Data Controller or the Shopify Host provider (https://it.shopify.com)

- personal information will initially be processed in Ireland and then transferred outside Europe for storage and further processing, including in Canada and the United States. For more information on how data transfers are GDPR compliant, you can consult the Shopify GDPR white paper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

- if you reside in California (CCPA), you have the right to access the Personal Information that is held about you (also known as the "Right to Know"), to transfer it to a new service and to request that your personal data is corrected, updated or deleted. If you wish to exercise these rights, you can contact the Shopify Host provider (https://it.shopify.com)

Duration of processing.

As required by art. 5, co. 1, lett. e) of the GDPR, the Data is kept for the necessary time in order to process it in relation to the performance of the service requested by the User, or for the time required by the purposes described in this document, including legal, fiscal and tax related.

In particular:

- The data collected for the purposes relating to the execution of a contract between the Owner and the User are retained until the contract is fully executed.

- Data collected for purposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied.

- The data collected based on the User's consent may be kept until such consent is withdrawn.

- The data collected may be stored for fiscal or administrative obligations, for regulatory obligations regarding product warranty, for contractual obligations regarding additional after-sales services, within the time limits dictated by the current legislation of the Italian Republic.

- The Data may be kept by the Data Controller for a longer period in compliance with additional or different obligations with respect to the aforementioned.

Purpose of processing the collected Data.

The Data Controller may use the information collected and therefore also personal data to provide its services, which may include: offering products or services for sale, processing payments, shipping and order fulfilment, updates on products, services and offers.

The User Data is collected to allow the site and the Data Controller to provide their services, as well as for the following purposes: Contacting the User, Managing addresses and sending email messages, possible registration process and access to confidential areas, possible subscription to the newsletter, purchase procedure and related "Cart" and similar, interaction with external platforms, comment on contents, RSS feed management and statistics, legal, fiscal and tax obligations.

In particular, with a non-exhaustive list:

- to follow up on the specific requests addressed to the Data Controller by the User through the Website and its communication tools (contact forms, information request forms, order forms and similar) or to requests addressed to the Data Controller by the User at its headquarters or outside it;

- for any subscription to the newsletter and the consequent receipt of various information concerning the sector in which the Data Controller operates.

- for communications of an informative or commercial nature relating to the services of the same Data Controller, following the request for information via e-mail messages or filling out the contact form and other communication tools.

- for the registration procedure aimed at the purchase of products and services or, in cases where registration is not required, in any case for the "Cart" procedure where to enter the data relating to the User, the delivery of the goods and the profiles tax billing or similar;

- for other purposes or related to those indicated above and, in any case, falling within the scope of the Website's activities or within the Company's business activity.

- to fulfil any legal, fiscal, tax or other obligations imposed on the Data Controller.

Among other things, the data will be processed for the specific purposes as indicated below by way of example:

- for purposes related to the Contract, especially to execute the Contract stipulated between the Owner and the User.

- to contact the User in relation to the Contract and for the management of the aforementioned.

- for the management of requests for legal guarantees, product compliance, assistance, requests for withdrawal, management of the Contract.

The User's personal data can be used by the Data Controller for the defence of their rights in court or legitimate interests or it can be used in the stages leading to the possible establishment of a trial, or for the protection from abuse in the use of services by the User.

The User must be aware that the Data Controller may be required to disclose the Data at the request of the authorities.

Lawfulness of data processing and sharing of personal information.

The data processing carried out by the Data Controller is legitimate pursuant to Article 6 of the GDPR (EU Reg. 2016/679) as it is necessary for the execution of a contract of which the interested party (the User) is a party and / or for the execution of pre-contractual measures adopted at the request of the same, also for the fulfilment of legal, fiscal and tax obligations to which the Data Controller is subject, or as the processing is necessary for the protection of rights or for the pursuit of legitimate interests of the Data Controller of the treatment or of third parties.

If the User resides in the European Union, he has the right to oppose the processing based exclusively on the automated decision-making process (which includes profiling), when this decision-making process has a legal effect on him or otherwise significantly affects him. .

The Data Controller undertakes the responsibility not to use fully automated decision-making processes.

The Data Controller shares the information collected, even in the case of personal data, with its service providers to provide its services and fulfil its obligations and contracts.

The Data Controller uses Shopify to manage its online store.

More information on how Shopify uses personal information can be found here: https://www.shopify.com/legal/privacy.

The Data Controller shares or may share personal information to comply with applicable laws and regulations, to respond to a legal request or to protect their rights.

The Host provider Shopify uses limited automated decision making to prevent fraud. Services that include elements of automated decision making may include:

Temporary denial of the list of IP addresses associated with repeated failed transactions. This deny list can persist for a limited number of hours.

Temporary deny list of credit cards associated with deny list IP addresses. This deny list can persist for a limited number of days.

Sharing of personal data to third parties.

In addition to what is indicated above in relation to the hosting of the Data Controller's website, the Data Controller may send or otherwise share the personal data collected to third parties in fulfilment of its contractual, legal, fiscal or tax obligations. or for the defence in court or outside the court of their rights or legitimate interests.

In particular, personal data, as long as it is necessary, is sent by the Data Controller to third parties who, on its behalf, take care of the billing and the keeping of accounting and tax books. These subjects are appointed by the Data Controller in the capacity of Data Processors of the personal data that will be sent to them by the Data Controller.

In particular, personal data, if it is necessary, is sent by the Data Controller to third parties who handle the shipment and delivery of goods to Users.

Data processing security

The personal data provided by Users may be stored by the Data Controller at their headquarters both in IT or digital format and in analogue format.

The Data Controller may also use hosting or cloud services to store personal data in electronic or digital format.

The Data Controller adopts all security measures considered necessary, taking into account the nature of the personal data, the scope of application, the context and purposes of the processing as well as the risks for the rights and freedom of individuals, in order to guarantee the protection of the Users' personal data in their possession from unauthorized processing or disclosure, from loss or destruction and in order to guarantee its availability and resilience or the ability to promptly restore it.

Details on the processing of Personal Data

The data can be collected specifically for the following purposes and using the following services:

Mailing List or Newsletter

By registering with the mailing list or newsletter, the User's email address is automatically added to a list of contacts to which email messages and other communication may be transmitted, including information of a commercial and promotional nature in relation to this website and to the activity carried out by the Data Controller. The User's email address or their telephone number could also be added to this list because of accessing or registering on the Data Controller's website or after making a purchase. Personal data collected: Email, Name and Surname, Address, Date of birth, Residence, Telephone number. At the request of the data subject, the Data Controller will delete their name and e-mail address from this mailing list.

Address management and email sending

These services allow the management of a database of email, telephone, or contacts of any other nature, used to communicate with the User.

These services may also allow the collection of data relating to the date and time the messages are displayed by the User, as well as to the User's interaction with them, such as information on clicks on links inserted in messages. Personal data that may be collected: Email, Name and Surname, Address, Date of birth, Residence, Telephone number. At the request of the data subject, the Data Controller will delete their name and e-mail address from this mailing list.

Contact form

The User, by filling in the contact form with his / her Data (both through the Data Controller’s website and in paper format at their  headquarters or outside it), consents to the use of the data necessary to respond to orders, requests for information, quotes, or requests for any other purpose advanced by it. Personal data collected: Email, Name and Surname, Address, Date of birth, Residence, Telephone number, Data useful for billing purposes, for tax purposes, for the purposes of shipments or deliveries.

Information on the data collected or that can be collected

When the User visits the Data Controller's website, certain information is collected on their device, their interaction with the Site and the information necessary to process purchases. The Data Controller may also collect additional information if contacted for assistance or redelivery.

Further examples of personal information that is or may be collected: web browser version, IP address, time zone, cookie information, which sites or products you view, search terms and how you interact with the site.

Source of collection: Automatically collected when you access our site using cookies, log files, web beacons, tags, or pixels. It is possible to disclose it for commercial purposes, an operation possibly carried out by the Host provider Shopify.

Order Information

Examples of personal information collected: email, telephone number, name and surname, billing information and address, residential address, shipping address, payment information (including credit card numbers, e-mail address and telephone number).

Purpose of collection: information necessary to fulfil the contract, process payment information, organize shipment and provide invoices or order confirmation, communicate with the User, examine orders for potential risks or fraud.

Information on user assistance

Examples of personal information collected: email, telephone number, first and last name, billing address, shipping address, payment information (including credit card numbers, e-mail address and telephone number)

Purpose of collection: to provide assistance to Users.

Minors

The koryyork.com/ website is not intended for persons under the age of 18. The Data Controller does not intentionally collect Personal Information from Users under the age of 18 through the website or in any other way. If you are the parent or guardian and you believe that a minor has provided us with personal information, you have the right to contact us at the addresses indicated below to request its deletion.

Targeted advertising

It is possible that the information collected, even where it is personal data, will be used for sending targeted advertisements or marketing communications that the Data Controller deems may be of interest to the User.

This use will be limited by the Data Controller to interested parties who have placed orders or have subscribed to any Newsletter. At the request of the data subject, the Data Controller will delete their name and e-mail address from this particular mailing list.

By certifying the website of the Data Controller on the platform of the Spotify hosting service provider (https://www.shopify.com) the following may be possible:

Google Analytics could be used to understand how Users use the website. Further information on how Google uses personal information can be found here: https://policies.google.com/privacy?hl=it. You can also deactivate Google Analytics here: https://tools.google.com/ dlpage / gaoptout.

Information on the use of the Site, purchases and the interaction of Users with advertisements on other websites with their advertising partners may be shared, collecting and sharing some of this information with advertising partners and in some cases through the use of cookies or other similar technologies. For more information on how targeted advertising works, you can visit the educational page of the Network Advertising Initiative ("NAI") at http://www.networkadvertising.org/understanding-online-advertising/how-does-it- work.

It is possible to disable targeted advertising:

  • FACEBOOK - https://www.facebook.com/settings/?tab=ads
  • GOOGLE - https://www.google.com/settings/ads/anonymous
  • BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

It is also possible to deactivate some of these services by visiting the deactivation portal of the Digital Advertising Alliance at: http://optout.aboutads.info/.

Payment management

The payment management services can allow the Data Controller, as well as third parties to process payments by credit card, bank transfer or other tools, through their websites.

The data used for payment is acquired directly by the manager of the requested payment service without being processed in any way by the Data Controller, except for the data relating to a bank transfer.

Some of these services may allow the scheduled sending of messages to the User, such as emails containing invoices or notifications regarding payment.

Among the payment services and payment management made available on the website, the Data Controller includes the following:

PayPal https://www.paypal.com/it/home

Gpay https://pay.google.com/intl/it_it/about/banks/

ShopPay https://help.shopify.com/it/manual/payments/accelerated-checkouts/shop-pay

Cookies

A cookie is a small amount of information that is downloaded to the user's computer or device when they visit our website. The Hosting service provider where the Data Controller’s website (Shopify - https://it.shopify.com) is located, uses a series of different cookies, including functional, performance, advertising, and social media cookies or of content. Cookies improve the browsing experience by allowing the website to remember the actions and preferences of those who use or access them. This means that you do not have to re-enter this information every time you return to the site or navigate from page to page. Cookies also provide information on how people use the website, for example if it is their first time visiting or if they are a frequent visitor.

The Hosting service provider on which the Data Controller's website is certified (Shopify - https://it.shopify.com) can use the following cookies to optimize the browsing experience on the Data Controller's website:

Cookies Necessary for the Functioning of the Store

Name

Function

_ab

Used in connection with access to admin.

_secure_session_id

Used in connection with navigation through a storefront.

cart

Used in connection with shopping cart.

cart_sig

Used in connection with checkout.

cart_ts

Used in connection with checkout.

checkout_token

Used in connection with checkout.

secret

Used in connection with checkout.

secure_customer_sig

Used in connection with customer login.

storefront_digest

Used in connection with customer login.

_shopify_u

Used to facilitate updating customer account information.

Reporting and Analytics

Name

Function

_tracking_consent

Tracking preferences.

_landing_page

Track landing pages

_orig_referrer

Track landing pages

_s

Shopify analytics.

_shopify_fs

Shopify analytics.

_shopify_s

Shopify analytics.

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

_shopify_y

Shopify analytics.

_y

Shopify analytics.

 

The length of time a cookie remains on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies that can be used are persistent and expire between 30 minutes and two years from the date they are downloaded to the device.

It is possible to control and manage cookies in various ways. Removing or blocking cookies can adversely affect the browsing experience and parts of the website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether to accept cookies using the browser controls, often found in the browser's "Tools" or "Preferences" menu. For more information on how to change your browser settings or how to block, manage or filter cookies, you can find your browser help file or through sites such as www.allaboutcookies.org.

Additionally, blocking cookies may not completely prevent the way information is shared with third parties.

As there is no consistent industry understanding of how to respond to "Do Not Track" signals, Host service provider Shopify (https://it.shopify.com) does not alter its data collection and practices of use when it detects this signal from the browser.

Further information provided by the Host service provider Shopify (https://it.shopify.com): if a user of the website selects "No thanks" and denies his consent or ignores the banner by continuing to browse, he remains able to browse the website provided to the Data Controller by Shopify but with cookies and tracking subject to 'downgrade'. The Cookie Policy Accept or Reject banner offers those visitors the ability to enable full cookies, as the default behaviour is automatic cookie downgrade for all users in the EU.

The provision of browsing data by Users, for the above purposes, depends on the degree of privacy that the User has enabled or disabled through their browser. In some cases, disabling could affect the navigation on the Data Controller’s website. For certain modules of the Data Controller's website, the provision of navigation data and / or the use of technical cookies is mandatory for the proper functioning of the website. The provision of some data is necessary in any case for the structure of the Website and its procedures.

Browsing and hosting data

The computer systems and software procedures used to operate the website provided to the Data Controller by the Host provider Shopify (https://it.shopify.com), during their normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols. However, this data is not in the Data Controller’s possession, who does not have access to them even for consultation. Instead, they are stored on the servers of the Host provider Shopify (https://it.shopify.com). This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow Users to be identified. Users may exercise their rights in this regard by contacting the Host provider Shopify (https://it.shopify.com).

System log and maintenance

For needs related to operation and maintenance, the website of the Data Controller may collect system logs, which are files that record the interactions and may also contain Personal Data, such as the User IP address.

Security measures adopted

The website of the Data Controller koryyork.com/ (certified on the platform of the Host provider Shopify https://it.shopify.com), is equipped with an SSL certificate and uses the HTTPS protocol. With the use of this protocol, the transactions and data that are transmitted on the websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.

Specific or additional information

At the request of the User, in addition to the information contained in this Privacy policy, the Data Controller may provide additional and contextual information regarding specific services, or the collection and processing of Personal Data.

Exercise of the rights of the interested party

Pursuant to art. 7 of Legislative Decree. 196/03 (Privacy Code) and articles from 15 to 22 of the European Regulation n.679 / 2016 the interested party (the User) has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form, to know their content and origin, to verify their accuracy. The interested party (the User) has the right to revoke his consent at any time and, upon simple request to the Data Controller, may request access to personal data, receive the personal data provided to the owner and transmit them to another Data Controller  without impediments (so-called Portability), obtain the updating, the limitation of the processing, the amendments to the data and the cancellation of those treated in deviation from the current legislation. The interested party (the User) has the right to oppose the processing of personal data concerning him and the processing for the purpose of sending advertising material, direct selling and carrying out market research for legitimate reasons. The requests of the interested party (of the User) can be made by means of the contact details indicated below. The interested party (the User) also always has the right to make a report and lodge a complaint with a competent data protection authority, pursuant to art. 77 of the GDPR.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this Privacy & Cookie policy at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of the last update indicated at the bottom.

CONTACT INFORMATION FOR THE DATA CONTROLLER

The Data Controller is the following subject, available at the following addresses:

Sole proprietorship of Semprini Andrea Owner and Legal representative with headquarters in Riccione (RN- Italy) in Via Torquato Tasso n.181 Italy

E-Mail for contact info@koryyork.com

Telephone (+39) 328.1561686.

Privacy & Cookie Policy updated November 2020