top of page

Privacy Policy

Information pursuant to art. 13 of Regulation (EU) no. 679/2016 ("GDPR")

 

Photofuture Sas (hereinafter "Photofuture") protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of infringement.

As required by the European Union Regulation n. 679/2016 ("GDPR"), and in particular to the art. 13, below we provide the user ("Interested") with the information required by law relating to the processing of their personal data.

 

SECTION I

Who we are and what data we process (Article 13, paragraph 1, letter a, Article 15, letter b GDPR)

Photofuture Sas, in the person of its legal representative pt, based in Cagliari (CA), Viale Armando Diaz, 45, operates as Data Controller and can be contacted at the address privacy@photofuture.eu and collects and/or receives the information concern the interested party, such as:

 

 

Categoria di dati           _cc781905- 5cde-3194-bb3b-136bad5cf58d_         _cc781905-5cde-3194-bb3b -136bad5cf58d_     Example of data types

 

Dati anagrafici          _cc781905-5cde- 3194-bb3b-136bad5cf58d_                 _cc781905-5cde-3194-bb3b-136bad5cf58d, physical address, province and municipality_ , landline and/or mobile phone, fax, fiscal code, e-mail address(es).

Dati di traffico telematico          Log, originating IP address.

 

Photofuture Sas does not require the interested party to provide so-called "particular" data, or, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sex life or sexual orientation of the person. In the event that the service requested from Photofuture Sas imposes the processing of such data, the interested party will receive specific information in advance and will be asked to give specific consent.

 

SECTION II

For what purposes do we need the data of the interested party (art. 13, 1st paragraph GDPR)

The data are used by the Data Controller to process the registration request and the contract for the supply of the selected Service and/or the purchased Product, manage and execute the contact requests sent by the interested party, provide assistance, fulfill legal and regulatory obligations which the Data Controller is required according to the activity exercised. In no case does Photofuture Sas resell the personal data of the interested party to third parties or use them for undeclared purposes.

In particular, the data of the interested party will be processed for:

a) registration in the personal data and requests for contact and/or information material

The processing of personal data of the interested party takes place to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and/or sending of informative material, as well as for the fulfillment of any other obligation arising.

The legal basis of these treatments is the fulfillment of the services inherent in the request for registration, information and contact and/or sending of informative material and compliance with legal obligations.

b) promotional activities on Services/Products similar to those purchased by the interested party (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact details communicated by the interested party, for the purpose of direct sales of its own Services/Products, limited to the case in which they are Services/Products similar to those covered by the sale, unless the interested party explicitly objects.

c) commercial promotion activities on Services/Products other than those purchased by the interested party

The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to Services/Products that the Data Controller offers only if the interested party has authorized the treatment and does not oppose it.

This treatment can take place, in an automated way, in the following ways:

- email;

- sms;

- telephone contact

and can be done:

1. if the interested party has not revoked his consent for the use of the data;

2. if, in the event that the processing takes place through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in Presidential Decree n. 178/2010;

The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

d) computer security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to guarantee the security of networks and information, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.

The Data Controller will promptly inform the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.

The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments related to the purpose of protecting the company assets and security of the offices and systems of Photofuture Sas.

e) profiling

The personal data of the interested party may also be processed for profiling purposes (such as analysis of the transmitted data and of the selected Services/Products, proposing advertising messages and/or commercial proposals in line with the choices expressed by the users themselves) exclusively in the event that the interested party has given explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

f) fraud prevention (recital 47 and art. 22 GDPR)

  • the personal data of the interested party, with the exception of particular (Art 9 GDPR) or judicial data (Art 10 GDPR) will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a check in a automated and prior to the negotiation of Services/Products;

  • passing these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express his opinion, obtain an explanation or contest the decision by giving reasons to the Customer Assistance service or by contacting privacy@photofuture.eu

  • personal data collected solely for anti-fraud purposes, unlike the data necessary for the correct execution of the requested service, will be immediately canceled at the end of the control phases.

h) the protection of minors

The Services/Products offered by the Data Controller are reserved for subjects who are legally capable, on the basis of the relevant national legislation, of concluding contractual obligations.

The Data Controller, in order to prevent illegitimate access to its services, implements prevention measures to protect its legitimate interest, such as checking the tax code and/or other checks, when necessary for specific Services/Products, the correctness of the data identification documents issued by the competent authorities.

 

Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

The communication of personal data of the interested party takes place mainly towards third parties and/or recipients whose activity is necessary for the performance of the activities inherent to the established relationship and to respond to certain legal obligations, such as:

 

Categorie di destinatari           _cc781905- 5cde-3194-bb3b-136bad5cf58d_         _cc781905-5cde-3194-bb3b -136bad5cf58d_           _cc781905-5cde -3194-bb3b-136bad5cf58d_         _cc781905-5cde-3194-bb3b- 136bad5cf58d_         Purpose

 

Third party suppliers and companies of Photofuture Sas*       _cc781905-5cde-5rogabcf586 assistance,services maintenance, delivery/shipping of products, provision of additional services, suppliers of networks and electronic communication services) connected to the requested service

 

Professionisti/consulenti esterni e Società di        _cc781905-5cde-3194-bb3b- 136bad5cf58d_       Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery

consulting

 

Amministrazione finanziaria, Enti pubblici,        _cc781905-5cde-3194-bb3b- 136bad5cf58d_         Adempimento degli obblighi di legge, difesa dei diritti; lists and registers kept by public Authorities or similar entities on the basis of specific legislation, in relation to the contractual performance

Autorità Giudiziaria, Autorità di vigilanza e        _cc781905-5cde-3194-bb3b- 136bad5cf58d_       _cc781905-5cde-3194-bad5bcf3d

control

 

Subjects formally delegated or entitled

recognized juridical

 

Legal representatives, curators, guardians, etc.

 

* The Data Controller requires its third-party suppliers and Data Processors to comply with security measures equal to those adopted in relation to the Data Subject, restricting the scope of action of the Data Processor to processing connected to the requested service.

The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless otherwise specified, for which you will be informed in advance and, if necessary, your consent will be requested.

The legal basis of these treatments is the fulfillment of the services inherent to the established relationship, compliance with legal obligations and the legitimate interest of Photofuture Sas to carry out the treatments necessary for these purposes.

 

SECTION III

What happens in the event that the interested party does not provide his data identified as necessary for the purpose of carrying out the requested service? (Article 13, 2nd paragraph, letter e GDPR)

The collection and processing of personal data is necessary to follow up on the services requested as well as the provision of the Service and/or the supply of the requested Product. If the interested party does not provide the personal data expressly provided for as necessary in the order form or registration form, the Data Controller will not be able to proceed with the processing related to the management of the services requested and/or the contract and the Services/ Products connected to it, nor to the obligations that depend on them.

What happens if the interested party does not give consent to the processing of personal data for commercial promotion activities on Services/Products other than those purchased?

In the event that the interested party does not give his consent to the processing of personal data for these purposes, said processing will not take place for the same purposes, without this having effects on the provision of the services requested, nor for those for which he has already given their consent, if requested.

In the event that the interested party has given his consent and subsequently revokes it or opposes the treatment for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or prejudicial effects for the interested party and for the required performance.

How we process the data of the interested party (art. 32 GDPR)

The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of personal data of the interested party and imposes similar security measures on third party suppliers and Managers.

Where we process the data of the interested party

The personal data of the interested party are stored in paper, IT and telematic archives located in countries where the GDPR is applied (EU countries).

How long are the data of the interested party kept? (art. 13, 2nd paragraph, letter a GDPR)

Unless the latter explicitly expresses his will to remove them, the personal data of the interested party will be kept for as long as they are necessary with respect to the legitimate purposes for which they were collected.

In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave consent, these will be kept for 24 months, unless the consent given is revoked.

In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, always subject to revocation of the consent given.

It should also be added that, in the event that a user forwards unsolicited or unnecessary personal data to Photofuture Sas for the purpose of carrying out the requested service or the provision of a service closely connected to it, Photofuture Sas cannot be considered the owner of these data, and will cancel them as soon as possible.

Regardless of the interested party's determination to remove them, personal data will in any case be kept according to the terms established by current legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific obligations of some Services.

Also, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) which remain even after the termination of the contract (art. 2220 cc); for these purposes, the Data Controller will only keep the data necessary for the related prosecution.

Without prejudice to the cases in which the rights deriving from the contract and/or from the registration in the registry office have to be asserted, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time indispensable for the their pursuit.

What are the rights of the interested party? (articles 15 - 20 GDPR)

The interested party has the right to obtain from the data controller the following:

a) confirmation that personal data concerning him or her is being processed and, if so, to obtain access to personal data and the following information:

1. the purposes of the processing;

2. the categories of personal data in question;

3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations;

4. when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period;

5. the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment;

6. the right to lodge a complaint with a supervisory authority;

7. if the data are not collected from the interested party, all the information available on their origin;

8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

9. the adequate guarantees that the third country (non-EU) or an international organization provides for the protection of any data transferred

 

b) the right to obtain a copy of the personal data being processed, provided that this right does not harm the rights and freedoms of others; In case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

 

c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay

 

d) the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if the conditions established by law exist; and in any case if the processing is not justified by another equally legitimate reason;

 

e) the right to obtain from the data controller the limitation of the treatment, in the cases provided for by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, within a reasonable time, also of when the period of suspension has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;

 

f) the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the treatment carried out have been sent, unless this proves impossible or involves a disproportionate effort.

 

g) the right to receive personal data concerning him in a structured, commonly used and automatically readable format and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them , in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.

 

For any further information and in any case to send your request, you must contact the Data Controller at privacy@photofuture.eu. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any further information necessary for the purpose.

How and when can the interested party object to the processing of their personal data? (Article 21 GDPR)

For reasons relating to the particular situation of the interested party, the same can oppose the processing of personal data at any time if it is based on legitimate interest or if it takes place for commercial promotion activities, by sending the request to the Data Controller at the address privacy@photofuture .eu.

The interested party has the right to have his personal data deleted if there is no legitimate reason prevailing on the part of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.

To whom can the interested party lodge a complaint? (Article 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party can lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or with the one that performs its duties and exercises its powers in the Member State where the violation of the GDPR occurred.

It will be communicated if the Data Controller processes the interested party's data for purposes other than those referred to in this Information before proceeding and following the manifestation of the relative consent of the interested party if necessary.

 

SECTION IV

COOKIES

Cookies used by Wix
Name - cookie - Purpose - Duration - Type of cookie


XSRF-TOKEN - Used for security reasons - Session - Essential

hs - Used for security reasons - Session - Essential

SVSession - Used in connection with user login - 12 months - Essential

SSR-caching - Used to indicate the system from which the site was rendered - 1 minute - Essential

_WixCIDX - Used for system monitoring/debugging - 3 months - Essential
_wix_browser_sess - Used for system monitoring/debugging - Session - Essential
consent-policy - Used for cookie banner parameters12 monthsEssential
SMSession - Used to identify logged in site members - Session - Essential
TS* - Used for security and anti-fraud purposes - Session - Essential
bSession - Used to measure system effectiveness - 30 minutes - Essential
fedops.logger.X - Used to measure stability/effectiveness - 12 months - Essential
WixLanguage - Used on multilingual websites to save the user's language preferences - 12 months - Functional

General information, deactivation and management of cookies

Cookies are data that are sent from the website and stored by the internet browser on the user's computer or other device (for example, tablet or mobile phone). Technical cookies and third-party cookies may be installed from our website or its sub-domains.

In any case, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of his internet browser. However, this deactivation may slow down or prevent access to some parts of the site.

The settings for managing or disabling cookies may vary depending on the internet browser used, therefore, for more information on how to perform these operations, we suggest that the User consult the manual of his device or the "Help" function or “Help” of your internet browser.

The following links explain how to access the cookie settings in the various browsers:


To refuse consent to be tracked by Google Analytics on all websites, visit this site: https://tools.google.com/dlpage/gaoptout?hl=it

 

Technical cookies

The use of technical cookies, i.e. cookies necessary for the transmission of communications on the electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site.

Session cookies may be installed in order to allow access and permanence in the reserved area of the portal as an authenticated user.

Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to use the advanced services available on our website. The technical cookies used are divided into session cookies, which are memorized exclusively for the duration of navigation until the browser is closed, and persistent cookies which are memorized in the user's device until they expire or are canceled by the user. same. Our site uses the following technical cookies:

  • Technical navigation or session cookies, used to manage normal navigation and user authentication;

  • Functional technical cookies, used to memorize customizations chosen by the user, such as, for example, the language;

  • Technical analytics cookies, used to learn how users use our website so that we can evaluate and improve its functioning.

 

Third party cookies

Third-party cookies may be installed: these are analytical and profiling cookies from Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook. These cookies are sent from the websites of the aforementioned third parties external to our site.

Third-party analytical cookies are used to detect information on user behavior on the site. The survey takes place anonymously, in order to monitor performance and improve the usability of the site. Third-party profiling cookies are used to create user profiles, in order to propose advertising messages in line with the choices expressed by the users themselves.

The use of these cookies is governed by the rules set up by the third parties themselves, therefore, Users are invited to read the privacy information and the indications for managing or disabling cookies published on the following web pages:

For Google Analytics cookies:

For Google Doubleclick cookies:

For Google Adwords cookies:

For Google Maps cookies:

For Google+ cookies:

For Criteo cookies:

For Facebook cookies:

For Messenger cookies:

For CrazyEgg cookies:

For Rocket Fuel cookies:

For YouTube cookies:

For Yahoo cookies:

For Bing cookies:

For Twitter cookies:

For Instagram cookies:

For Spotify cookies:

For Mailchimp cookies:

 

Profiling cookies

Profiling cookies can be installed by the Owner(s), using so-called web analytics software, which are used to prepare detailed and real-time analysis reports relating to information on: website visitors, search engines source research, keywords used, language used, most visited pages.

They can collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of visit, number of visits made.

Our company is hosted on the Wix.com platform. Your data may be stored through Wix.com's data storage, databases, and general applications. Your data is stored by them on secure servers protected by firewalls. All direct payment gateways offered by Wix.com and used by our company adhere to the standards set forth by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its suppliers.

If the interested party wishes to correct, modify or delete any personal information, please contact us at mail@photofuture.store.

© 2022 by Photofuture Sas

Cagliari - PI: IT03331260921

Sardinia - Italy

bottom of page