Information in accordance with Articles 12 and 13 of EU Reg. 2016/679 (GDPR)
In accordance with art. 13 of the "European Regulation 2016/679 (hereinafter "GDPR"), the Individual Company Pucciarini Francesca, with registered office in Via della Cerqua 3, 06134 Perugia, Italy - VAT number 03725440543 fiscal code PCCFNC91R41G478I, in its quality of Controller of the Treatment of personal data, conferred to use the services available through the website, including the purchase of Products ( including but not limited to: candles and design objects) subject to the definitions provided in the GDPR is required to inform you of the following.
(A). - How the site works.
The https://www.trama.design/ website, through the system provided by Wix.com, allows you to purchase and receive a wide range of Products at the address you have provided.
In order to use these services, you must access the site by clicking on the following link: https://www.trama.design/.
You can log in as a guest or register for a personal, non-transferable account (free of charge). You can cancel your account at any time. Purchases can be made either as a guest or by completing the registration process.
During registration, you will choose your access credentials, including your password, which only you will know. You can then access the services from your mobile device or desktop by entering your personal authentication credentials in the fields provided. Please keep your credentials with the utmost care.
Either by registering or by logging in as a guest, you can choose the products and place your order, which will be followed by a confirmation e-mail.
(B). - Reference standards and legal grounds for processing.
Processing operations, which we will explain to you in detail below, have their legal basis in Art. 6(a) and (b) and Art. 9(a) of the GDPR;
(C). - Nature of the data subject to processing.
Only after your consent, where applicable, the following categories of personal data will or may be processed for the indicated purposes:
Personal data: first and last name, e-mail, password, telephone number, delivery address, billing information and IP address;
(D). - Nature of data provision, data sources.
The provision of your personal data is not mandatory but, in some cases necessary, and therefore obligatory, in order to allow you to make use of the services and purchase functions.
The providing of certain data (name and surname, e-mail, password, telephone number, delivery address and IP address) is necessary, and therefore mandatory, in order to activate and carry out some services. You are always free to refrain from providing your personal data, but in such a case it may be impossible for the Controller to fulfil your requests, respond to your needs, or allow all the functions available on the trama.design website to be used fully.
(E). -Purposes for the Processing.
The Data Controller, in addition to processing operations required in relation to legal obligations, regulations, or arising from orders by the Authority, will carry out the necessary operations for the following purposes:
Processing of purchase orders formulated through the Site and related order management activities (providing e-commerce services, sales and after-sales customer support, communication with the client on the order status, receiving your requests for information on purchased products, payment management, reporting, shipping and delivery);
sending newsletters, only with your consent, for the promotion of products and services similar or comparable to those you have purchased;
sending commercial communications on products and services of the Site and/or the Controller and/or third parties, special offers, promotions and news, coupons, market research, with automated systems (so-called "marketing purposes”);
analysis of preferences and consumer habits and the processing of the Purchaser's personal preferences and interests through automated systems and the transmission of tailored offers through the Site (so-called "profiling" purposes);
The Data Controller, through external Managers specifically designated pursuant to Article 28 of the GDPR, will carry out the technical processing essential to enable you to access the services.
(F). - Methods of data processing, storage and security.
Your data may be processed by electronic means and will be stored by the Data Controller, in compliance with all the security measures provided for by law, for the time necessary to pursue the above-mentioned purposes and, in particular, the contractual obligations undertaken, and in any case no longer than two years from the last interaction.
In case of purchase, we will keep your data for the purpose of fulfilling legal obligations and to assert and defend a legal claim for a period of 10 years.
After this period of time has elapsed, or after you have cancelled your data, we will remove any data no longer required.
We would also like to inform you that our company is hosted by the Wix.com platform, which enables us to sell our products and services. Your data may be stored via Wix.com's data memory, databases and general applications, and stored on secure servers protected by firewalls.
The relevant security policies are reviewed by auditors appointed by Wix.com, in accordance with the policies set out in ISO/IEC 27001:2013, Information Security Management Systems, Tier III.
All direct payment gateways offered by Wix.com and used by the company also adhere to the standards set by PCI-DSS as administered by the PCI Security Standards Council to ensure the secure handling of payment information by the shop.
(G). - Navigation data.
The software used to operate the site and the computer systems acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with third parties data, allow users to be identified.
This category of data includes: IP addresses or other device identifiers used by users who connect to the site; the URI (Uniform Resource Identifier) addresses of the resources requested; the time of the request; the method used to submit the request to the server; the file size obtained in response; the numerical code indicating the status of the response given by the server (successful, error, etc.); other parameters relating to the user's operating system and computer environment.
This data is only used to obtain anonymous statistical information on the use of the site and to check that it is functioning correctly. They are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical cyber crimes to the detriment of the site. Except for this possibility, at present, data on web contacts do not persist for more than 7 days.
Authentication data will be encrypted as soon as they are used for the first time and the Data Controller will not be able to know them in any way.
(H). - Cookies.
(I). - Data recipients and data transfers abroad.
They may become aware of the personal data, referred to in this statement, in their capacity as Data Processors or Persons in Charge of Processing:
inside the Company, qualified personnel, each within the limits of his or her competence and duties and on the basis of assigned tasks and instructions;
outside the Company, third parties, also specifically designated as Data Processors or persons in charge of the processing - which the Data Controller uses for various services and exclusively to perform such services - each within the limits of their own competences and duties and on the basis of assigned tasks and instructions.
The Data Controller, for ordinary management, accounting and administrative activities, may communicate your personal data, after obtaining your consent in the manner required by law, where applicable, and in compliance with security measures, to third party service providers for the sole purpose of performing the service you have requested.
The list of the subjects to whom the data may be communicated is available at the Data Controller headquarters.
The Data Controller does not transfer personal data abroad on its own initiative. However, some third party service providers have their servers physically located abroad. In such cases, the transfer of data abroad will take place exclusively within the scope of and in compliance with Article 44 et seq. of the GDPR.
Under no circumstances may your personal data be disseminated.
(L). - Rights of the data subject.
Articles 15 to 22 of the GDPR grant data subjects the exercise of specific rights. Article 15 of the GDPR grants data subjects the right to access and obtain a copy of their personal data. The right to obtain a copy of the data must not infringe the rights and freedoms of others.
You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed and to be informed of the purposes and categories of data processed, the third parties to whom the data are disclosed and whether the data are transferred to a non-EU country with adequate safeguards. You also have the right to know the storage time of your personal data and the right to request the rectification of inaccurate data and the integration of incomplete data, the cancellation (right to be forgotten) under the conditions indicated in Article 17 of the GDPR, the restriction of processing, the revocation of consent, the portability of data and the right to object, at any time and without providing justification, to the data treatment for direct marketing purposes.
Rights may be exercised by email to firstname.lastname@example.org, or by regular mail to the following address: Pucciarini Francesca, Via della Cerqua 3, 06134 Perugia Italy. If you believe that the processing of your personal data violates the provisions of the GDPR or internal regulations on the protection of personal data, you have the right to lodge a complaint with the Italian Data Protection Authority and/or to take legal action.
The complete list of Data Processors is available at the offices of the Data Controller. This mandatory information is subject to updating, depending on any changes in the applicable legal provisions.
In IT, cookies are categorised as “technical” or “session” cookies, “persistent” or “profiling” cookies and “third party cookies”.
Cookies are a text-only string of information stored in small files that sites you visit, or third party sites connected to them, send to the terminal they use for connection, where they are stored and then retransmitted to the same sites the next time you visit the site. Users sometimes have a large number of cookies stored in their browser that stay for a long time, they are used, for example, for authentication purposes, to monitor sessions and remember specific settings for users who connect to the server that hosts the site they intend to view, etc.
Although generally used to assess how a website is used, how efficient it is and to make using and browsing a website simpler, and not linked to personal data, cookies can be configured to tailor the browsing experience of a particular website by linking the cookies with the user’s preferences or their personal information.
As cookies allow you to use some website functions, we recommend not disabling them. If you do block, disable or not accept cookies, you won’t be able to identify yourself on the www.trama.design website and some web pages may not display properly.
Technical or session cookies.
Session cookies, archived in the temporary memory and erased when the browser is closed, are used solely for the purposes of “sending a communication on an electronic communication network, or sending the information strictly necessary for the provider of a service explicitly asked by the member or user to deliver said service”. They make using the website efficient by keeping track of the information users view on its pages so users are not asked for the same information twice and/or information released by the user’s browser during the same browsing session.
These cookies can be further separated out into navigation or session cookies, which ensure users can view and use the website properly (for example, allowing you to make a purchase or provide authentication information to access reserved areas); analytics cookies, similar to technical cookies when used by the site manager to collect information in aggregate form about the number of users and how they browse the site; functional cookies, which allow users to browse using a series of pre-selected criteria (for example language and items added to cart) in order to improve the site experience.
Using technical or session cookies does not require the user’s prior consent, provided that the data controller issues the mandatory information contained in this notice, pursuant to Art. 13 of the personal data protection code, which the site manager, if only these cookies are used, may display in what it considers the most appropriate way.
Technical or session cookies used by www.trama.design prevent users from having to enter the same information more than once during their visit, e.g. username and password, analyse how the supplier’s services and content is used to create the best browsing experience and optimise the services offered.
Below is the list of cookies classified as essential used by Wix and placed on www.trama.design
XSRF-TOKEN Used for security reasons. Duration: Session; type: Essential.
hs Used for security reasons. Duration: Session; type: Essential.
SVSession Used in connection with user login Duration: 2 years; type: Essential.
SSR-caching Used to indicate the system from which the site was rendered. Duration: 1 minute; type: Essential.
_WixCIDX Used for system monitoring/debugging. Duration: 3 months; type: Essential.
_wix_browser_sess Used for system monitoring/debugging. Duration: Session; type: Essential.
consent-policy Used for cookie banner parameters. Duration: 12 months; type: Essential.
SMSession Used to identify logged in site members. Duration: Session; type: Essential.
TS* Used for security and anti-fraud reasons. Duration: Session; type: Essential.
bSession Used for system effectiveness measurement. Duration: 30 minutes; type: Essential.
fedops.logger.sessionId Used for stability/effectiveness measurement. Duration: 12 months; type: Essential.
WixLanguage Used on multilingual websites to save user language preference. Duration: 12 months; type: Functional.
Used for security reasons
Used for security reasons
Used in connection with user login
Used to indicate the system from which the site was rendered
Used for system monitoring/debugging
Used for system monitoring/debugging
Used for cookie banner parameters
Used to identify logged in site members
Used for security and anti-fraud reasons
Used for system effectiveness measurement
Used for stability/effectiveness measurement
Used on multilingual websites to save user language preference
Persistent or Profiling Cookies
Persistent or profiling cookies, on the other hand, aim to create a user profile, are stored on the user’s hard disk and are available when the browser is relaunched. They memorise users’ preferences for the current visit and subsequent visits and can be used for sending advertising messages online using the preferences shown by the user in question recorded during browsing sessions.
EU and Italian implementing legislation, in the event the site owner uses this type of cookies, requires users to be sufficiently informed on the use of these cookies and given the opportunity to make an informed decision whether to accept or decline the use of these cookies.
The provisions of Article 122 mentioned above of the personal data protection code should be considered as referring to this type of cookies. It expressly provides that “storing information in the terminal of a client or user or accessing information already stored is only permitted on condition that the client or user has given their express consent having been informed using the simplified procedure under Article 13, section 3”.
The site www.trama.design does not use this type of cookies.
Third-party cookies for marketing/retargeting
Third-party cookies are used by third parties and show users advertising banners that relate to the pages they have browsed on our website and other affiliated sites.
www.trama.design uses the following third-party cookies:
Google Analytics (Google)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the personal data collected to trace and examine how the application is used, compile a report and share this with other Google services.
The data collected by the Google Analytics service relates to, for example, how long the user spends on the site, approximate geographical location, the page users arrive on and leave from, where visitor traffic comes from, etc. Google uses this data to assess how the site is used, prepare activity reports for our site and provide additional services to us in connection with use of the site and the internet.
The data collected by means of these cookies is used in aggregate form. “Aggregate form” means that the cookies and the tracking systems are never linked to the person. They are linked to browsing, so no one will be able to link your name with the web pages or sites you visit.
In addition, important information such as your IP address is made “anonymous” to provide you with extra peace of mind, as described below.
On our website, Google Analytics has been given the code “gat._anonymizeIp();” to ensure that only an anonymous IP address is retrieved (referred to as IP masking).
Your IP address (the number assigned to your computer by your internet service provider) is abbreviated and therefore made anonymous – at our request – by Google within European Union Member States and in other countries that are members of the European Economic Area. This means that usage profiles created by Google Analytics are made “anonymous” and this makes it impossible to trace the profile back to the actual user. The full IP address is only transmitted to a Google server in special cases, where it is then abbreviated.
Your anonymised IP address sent by your browser as part of the Google Analytics process is not used together with other data already held by Google. Google may only send this data to third parties in line with legal provisions or when preparing data for third parties. Under no circumstances will Google group your personal data with other data collected by Google.
Google adheres to the principles on personal data detailed in the US Safe Harbor agreement and is on the Safe Harbor list, a programme of the US Department of Commerce.
By using our site you consent to the data retrieved by Google Analytics being processed, the methods of processing and the uses set out above.
Personal data collected: Usage cookies and data.
Place of handling: USA
YouTube (YouTube, LLC)
YouTube is a video viewing service managed by YouTube, LLC that allows this application to use video content on its pages. Personal data collected: Usage cookies and data.
Place of handling: USA
This plugin is used to share content from the site on the user's Facebook page.
Place of handling: USA
This plugin is used to share content from the site on the user's Pinterest profile.
Place of handling : USA
This plugin is used to share content from the site on the user's Twitter page.
Place of handling : USA
The standard settings on a lot of browsers automatically allow cookies, but they also give the option to manage the majority of cookies, including the option to accept them or not and the possibility of erasing them.
For more information on cookie management, look under the “Tools” (or similar) section of your browser.
You can set your browser to receive a notice before accepting cookies, where you can decide whether or not to accept cookies. You can even disable cookies completely.
How do I disable cookies?
The majority of browsers (Internet Explorer, Firefox, Chrome, etc) are configured to accept cookies. Cookies stored on your computer’s hard drive can still be erased and you can also disable cookies by following the instructions of the main browsers using the following links: