Privacy Policy – According to Regulation (EU) 2016/679 of the European Parliament

According to Article 13 of Regulation (EU) 2016/679 about the protection and processing of personal data (GDPR)

Thank you for your interest in my work. I, Veronica Fossa, recognize that privacy is essential. We have drafted this policy and notice following the requirements of the General Data Protection Regulations (“GDPR”).

I want to ensure that you––my readers and customers––feel as safe as possible regarding your privacy. This privacy notice explains when and where I collect your data on veronicafossa.com––a.k.a the Site––and how I look after your personal data. It also sets out your privacy rights and explains how the law and my approach to privacy and personal data protects you.

This privacy notice supplements any other privacy notices that I may provide to you when I collect your data. Consider reading it alongside those notices. You won’t find any complicated legal terms or long passages of unreadable text. I don’t want to trick you into agreeing to something you might later regret.

1 Parties

1.1. This Privacy Policy describes how I, Veronica Fossa, Via S. G. Barbarigo 45 36010 Zanè Vicenza (Italy) – P. IVA IT04221560248 – veronica@veronicafossa.com ( “I,” or “me”) collect, use, store, share and protect your information related to the services I offer. This includes, but it’s not limited to, services I provide at or by using the domain veronicafossa.com (collectively, the “Service”).

1.2. This Privacy Policy applies when you (“you,” “Visitor,” or “Customer”) access, visit or use any portion of the Service. For the purposes of this Privacy Policy, a “Visitor” is a person who visits the website, and a “Customer” is a person who purchases services and products from me.

1.3. This Privacy Policy is part of and is governed by the terms and conditions outlined in the Terms and Conditions.

1.4. By using the Website, you consent to this policy. 

2 Definitions

2.1. Service

Service is the https://www.veronicafossa.com/ website operated by Veronica Fossa.

2.2. Personal Data

Personal Data means data about a living individual who can be identified from those data. They might also be other information that I possess or I likely come to have.

2.3. Usage Data

Usage Data is data collected automatically either generated by the Service or the Service infrastructure itself (for example, the duration of a page visit).

2.4. Cookies

Cookies are small pieces of data stored on your device (computer or mobile device).

2.5. Data Controller

Data Controller is the natural or legal person who (either alone or jointly or in common with other people) determines how your personal information is processed.

2.5.1 Who’s responsible for your information at my company

I am the Data Controller of your Personal Data. You can contact me about how I collect or process your data by email at veronica@veronicafossa.com.

2.6. Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

I may use various Service Providers to process your data more effectively.

2.7. Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

3 Information Collection and Use

I’ll collect, process, and store personal data only if it’s directly provided to me by you. You may do this as the user of this Service, by enquiring about our goods or services, becoming a customer or supplier, or potential supplier.

3.1. The Types of Data I collect

3.1.1. Personal Data

I may ask you to provide personally identifiable information to contact or identify you (“Personal Data”). Here’s some type of data I may ask you:

  • Identity Data is forenames, last name, maiden name, date of birth, gender, marital status, and username or similar identifier.
  • Contact Data: invoicing, purchase order, home or work address, email address and telephone numbers, personal or job title and position.
  • Financial Data is your bank account and payment card details.
  • Special Category is health or medical data, details about your race, religion, sex, and political opinions.
  • Transaction Data is your payments for the products and services or payments that I have made to you.
  • Technical Data is internet protocol (IP) address, browser type, version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access this Website.
  • Profile and Usage Data is your inquiries, purchase information, feedback and survey responses, and how you use our website, products, and services.
  • Marketing Data is your marketing communications details or preference. I may contact you with my newsletter, marketing or promotional materials, and other information. You may opt-out anytime by unsubscribing through any link I provide in any email you receive.

3.1.2. Usage Data

I may also collect information on how you access and use my Service (“Usage Data”) that includes:

  • Browser type
  • Browser version
  • The pages of my Service that you visit
  • The time and date of your visit
  • The time spent on those pages
  • Unique device identifiers 
  • Other diagnostic data.

3.1.3. Location Data

I may use and store information about your location if you give me permission to do so (“Location Data”). I use this data to provide features of our Service, to improve and customize my Service.

You can enable or disable location services when you use my Service at any time through your device settings.

3.1.4. Tracking Cookies Data

I use cookies and similar tracking technologies to track the activity on my Service and hold certain information.

Cookies are files with a small amount of data, which may include a unique anonymous identifier. A website sends cookies to your browser and stores it on your device. Tracking technologies are also beacons, tags, and scripts to collect and track information and improve and analyze our Service.

Through your browser, you can refuse all cookies or indicate when you receive a cookie. However, if you do not accept cookies, you may not be able to use some parts of my Service.

Here are examples of Cookies I use:

  • Session Cookies to operate my Service.
  • Preference Cookies to remember your preferences and various settings.
  • Security Cookies for security purposes.

4 Use of Data

4.1. How I collect your personal data

Here are the methods that I use to collect your data:

  • Direct interactions with me in person, by post, phone, or email. You may give me your Identity, Contact, and Financial Information.
  • Automated technologies or interactions with my website by using the web inquiry form. You may provide me Identity, Contact, and Financial Information.
  • Third parties or publicly available sources (I may use third parties in processing Identity, Contact, and Financial categories of personal data).

4.2. Data accuracy

The data I hold about you must be accurate and up to date. If your data changes, please let me know so that we can update my records.

4.3. How I use your information

I may hold and process personal data that you provide to us following the GDPR.

4.4. How I use your data

Here’s how I use your information:

  • To provide my services to you, communicate with you, and meet my contractual commitments to you. This may include Identity, Contact, Financial and Transactional data.
  • To notify you about any changes to our business, such as improvements to my Website or service/product changes that may affect my service or relationship with you. This may include Identity and Contact data.
  • If you are an existing customer, I may contact you with information about goods and services similar to those that were the subject of a previous sale. This may include Identity and Contact data.
  • If you are an existing customer, I may contact you to provide customer support.
  • If you’ve agreed to receive such information, provide information on other parties’ products or services that I feel may be of interest to you. This may include Identity, Contact, and Marketing data.
  • Where I need to comply with a legal obligation. This may include Identity, Contact, and Transactional data.
  • Where it’s necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights don’t override those interests. This may include all types of data.
  • Gather analysis or valuable information so that we can improve my Service.
  • Monitor the usage of my Service.
  • Detect, prevent, and address technical issues.
  • Where you have consented to receive my newsletters to provide that to you. This may include Identity and Contact data.

I send my newsletter through the Mailchimp platform. Mailchimp Privacy Policy can be viewed at https://mailchimp.com/legal/privacy/.

5 Legal basis for processing personal data under general data regulation (GDPR)

European Economic Area (EEA) is my legal basis for collecting and using the personal information described in this Privacy Policy under the provisions of Article 32 of the GDPR.

I may process your Personal Data because:

  • I need to perform a contract with you
  • You have given me permission to do so
  • The processing is in my legitimate interests, and it’s not overridden by your rights
  • For payment processing purposes
  • To comply with the law

6 How long I retain your data

The length of time that I retain and store data depends on the purpose for which it was collected. I’ll only store data for as long as is required to fulfill that purpose or to satisfy legal requirements.

I’ll retain your Personal Data only for as long as is necessary for the purposes of this Privacy Policy. According to the law, I should keep data about my customers and suppliers for at least six years. The type of data includes Contact, Identity, Financial and Transaction Data.

I’ll also retain Usage Data for internal analysis purposes. I generally keep it for a shorter time, except when used to strengthen the security or improve my service’s functionality. I am legally obligated to retain this data for more extended periods.

If you have requested marketing materials, I’ll retain your data until you don’t want it anymore.

7 How I transfer your data

I may transfer your information, including Personal Data, to computers outside your state, province, country, or other governmental jurisdiction where the data protection laws may differ.

If you’re located outside Italy and choose to provide information to me, I may transfer the data, including Personal Data, to Italy and process it there.

Your consent to this Privacy Policy by submitting this information.

I’ll make sure that your data is treated securely and under this Privacy Policy. No transfer of your Personal Data will occur to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.

8.Who has access to your information 

8.1. Legal Requirements

I may disclose your data to third parties, such as:

  • Regulatory bodies, to comply with the law and assist fraud protection and minimize credit risk (identity, contact, and transactional data).
  • My Suppliers, third parties involved in fulfilling my services to you (identity, contact, and transactional data).
  • Third-party marketing services may contact you about their goods or services (identity, contact, and marketing data).
  • To protect and defend my service’s rights or property, prevent or investigate possible wrongdoing, protect your personal safety or the public, and against legal liability.

I don’t reveal information about identifiable individuals to my advertisers. However, I may provide them with Aggregated Data about my Service visitors and customers.

If you don’t want me to share your data with third parties, you may withhold your consent when you provide your details on the submission form. You can also write to me at the address detailed above or send me an email at veronica@veronicafossa.com.

9 How I make sure your data is secure 

The security of your data is important to me. However, no transmission method over the Internet or method of electronic storage is 100% secure. Although I’ll do my best to protect your personal data, I can’t guarantee your data security while you’re transmitting it to my site. Any such transmission is at your own risk.

Security measures should prevent your data from accidental loss or disclosure. Once I’ve received your personal data, I’ll use strict procedures and security features to prevent unauthorized access.

If I’ve given you (or if you’ve chosen) a password to access certain parts of my site, you’re responsible for keeping this password confidential. You should choose a password that isn’t easy for someone to guess.

If there’s a data breach that results in loss or damage to you, I’ll notify Garante Della Privacy.

10 Your rights as a data subject 

If you reside in the European Economic Area (EEA), you have certain data protection rights. You may exercise the rights listed in this section, established by Articles 15 to 21 of the GDPR. In particular: 

  • Management of your dataRight to access your personal data – article 15 of the GDPR. This right is commonly known as the ‘data subject access request.’ You may receive a copy of the personal data I hold about you. You won’t need to pay a fee to access your personal data unless I can justifiably demonstrate that the request is repetitive or excessive. I’ll respond to all legitimate data access requests within one month. Still, I may need to obtain further information from you to confirm your identity and the request’s legitimacy.
  • Request update of the personal data – article 16 of the GDPR. You may have any incomplete or inaccurate data corrected.
  • Erasure of your personal data – article 17 of the GDPR. You may ask me to delete personal data where there’s no justifiable reason for me continuing to retain and process it. I may not always be able to delete the data, such as an ongoing contractual relationship between you and me or if I’m legally required to maintain the data.
  • Restrict the processing of your personal data – article 18 of the GDPR. You may ask me to change how I process your personal data. For example, you may want to vary the basis on which I contact you.
  • Request the transfer of your personal data to you or a third party – article 20 of the GDPR. I’ll provide you, or a third party you have chosen, your personal data in a structured, machine-readable format.
  • Object to processing of your personal data – article 21 of the GDPR.
  • Withdraw consent. Where I’m relying on consent to process your personal data, you may withdraw that consent. If you withdraw your consent, I may not be able to provide certain products or services to you. I’ll advise you if this is the case at the time you withdraw your consent.
  • Right to lodge a complaint with the Italian Data Protection Authority– Garante per la Protezione dei dati Personal, Piazza Venezia no. 11, 00187, Rome (Italy).

You can exercise these rights by emailing me at veronica@veronicafossa.com. I may ask you to verify your identity before responding to such requests. I shall examine your request and inform you no later than one month after I’ve received your email.

You may exercise your rights as a data subject free of charge under Article 12 of the GDPR. However, if your request is manifestly unfounded or excessive, especially if you request it repeatedly, I may charge you a reasonable fee that considers the administrative costs of dealing with your request or refuse to act on your request.

11 The service providers I use

I may employ third party companies and individuals to facilitate my Service (“Service Providers”), provide it on my behalf, perform it, or assist me in monitoring and analyzing how you use it.

I’ve given access to your Personal Data only to perform these tasks on my behalf. They are obligated not to disclose or use it for any other purpose.

11.1. Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. IP tracking by Analytics on this website has been anonymized, and data will be collected for 14 months.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

You can read Google Analytics Privacy Policy here.

11.2. MailChimp

I use MailChimp email marketing services to send mass communication emails to users. I track how users open these emails and what links they click to better serve you with services and information that you find relevant. 

 

When you “subscribe” to my mailing list, you agree to receive email advertisements and other information from me. I use a “double opt-in” feature before adding you to our email list. This means you must provide your contact information and then click the confirmation link in a follow-up email. You may still choose to opt-out of future email messages by clicking the “unsubscribe” button option in my emails and following MailChimp’s simple opt-out procedure. 

Mailchimp stores your data in the USA and has annually certified the agreement to EU/US and Swiss Safe Harbor Frameworks since 2007. For EU data protection legislation purposes, The Rocket Science Group LLC d/b/a Mailchimp is the controller of Personal Information on Mailchimp. Learn more about MailChimp’s privacy policies here.

11.3. Typeform

I use Typeform for the forms that appear on this Site. Typeform uses cookies to store data made available by your web browser. It collects usage data, device and application data, referral data, and other information. Learn more about Typeform’s policies here.

11.4. Calendly

I use Calendly, software provided by Calendly LLC., for scheduling appointments, meetings, and video calls. Calendly application and database servers are located with Amazon Cloud Services in the United States. Amazon Cloud Services has certified with the Department of Commerce that it adheres to the Privacy Shield Principles under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Learn about Calendly Privacy Policy here.

11.5. Third-Party Services for Payment Processing

I provide paid products and/or services within the Service. In that case, I use third-party services for payment processing (e.g., payment processors).

I won’t store or collect your payment card details. That information is provided directly to my third-party payment processors, whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to PCI-DSS standards as managed by the PCI Security Standards Council, a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

 

The payment processors I work with are PayPal and Stripe.

11.5.1. PayPal

I use PayPal (“PayPal”) to process payment transactions. When you make a purchase through PayPal, you’ll need to provide Personal Information with your payment information. This might include your credit card number, or you might choose to connect with your PayPal account. I don’t collect or store your payment information on this Site’s web server. PayPal collects the information you enter and stores that information on its website. Learn more about PayPal’s policy here.

11.5.2. Stripe 

I also use Stripe (“Stripe”) to process payment transactions. When you make a purchase through Stripe, you’ll need to provide personal information with your payment information. I don’t collect or store your payment information on this website’s server. Stripe collects the information you enter and stores that information on its website. Learn about Stripe’s policy here.

12 How I link to other sites

You may link to third party websites. If you click a third-party link and visit that site, you may give that site permission to collect and share specific data about you. Each website should have its own privacy policies, which you should check. I’m not responsible or liable for their policies, as I have no control over them.

13 Children’s privacy

My service doesn’t address anyone under the age of 18 (“Children”). I don’t knowingly collect personally identifiable information from anyone under the age of 18. If you’re a parent and know that your child has provided me with Personal Data, please contact me. If I become aware that I’ve collected Personal Data from children without verifying parental consent, I’ll remove that information from my servers.

14 Further information 

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations or to obtain consent for a specific processing purpose. 

For further terms, please refer to the national application of the EU GDPR directive. For additional information regarding Privacy, refer to The Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) www.garanteprivacy.it.

15 How to complain

I take complaints very seriously. If you’ve any reason to complain about how I handle your privacy, please contact me by email at veronica@veronicafossa.com to discuss your concerns. If you’re the letter writing type, send your envelope to Veronica Fossa, Via S.G.Barbarigo 45, 36010 Zanè (VI). 

If we don’t find any agreement, you may contact the office of Garante per la Protezione dei Dati Personali. Garante is the Italian supervisory authority for data protection issues. (www.garanteprivacy.it).

16 Changes to this policy

If I change this policy’s contents, those changes will become effective when I publish them on this website.

17 How to contact me

You can contact me by email at veronica@veronicafossa.com about queries, comments, or requests related to this Privacy Policy.

 

Version: November 17th, 2020