Policy for the processing of personal data of 4Order users

POLICY FOR THE PROCESSING OF PERSONAL DATA OF CUSTOMERS Pursuant to Articles 13 and 14 of EU Regulation 2016/679 - GDPR Protecting your privacy is a priority for us. This policy covers all users who use the site 4order.co.uk and the 4order application (collectively, the “Sites”). As the “owner” of the processing, we handle your personal data, except when otherwise specified. We encourage you to review this privacy policy to understand how we collect, use, and protect your personal data, i.e., any information about you or that identifies you. The information rendered does not pertain to other sites, pages or online services that can be reached through hypertext links that may be posted on the site, but refer to resources outside the domain.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Labware SpA headquartered in Via Enzo Ferrari, 3 - Zona Ind.le A, 62012 Civitanova Marche (MC), C.F and P.IVA 01424730438 informs that for the establishment and management of the relationship, it is the Holder of the data qualified as personal in accordance with EU Regulation 2016/679. For any information inherent to the processing of personal data, including the list of Data Processors, please contact the Data Controller via: Mail: Via Enzo Ferrari, 3 - Zona Ind.le A, 62012 Civitanova Marche (MC), Italy E-mail: privacy@labware.it  

2. CATEGORIES OF PERSONAL DATA

Personal Data processed by the Data Controller include, but are not limited to: first name, last name, date of birth, delivery address, telephone number, e-mail address, etc. In particular, we collect data when you visit or place an order through our Sites, including websites or apps where you find the services of partners (“Partners”) with whom we work to offer you our services. Your information may be collected in the following ways:

• When you create an account or change your profile settings, we collect your name, contact information, phone number, e-mail address, and delivery address;
• When you use our Sites to place an order (according to our terms and conditions), we collect information such as the items purchased, your location (longitude and latitude), and any notes you enter to facilitate delivery. Our payment service providers also collect data necessary for the transaction, including debit or credit card numbers;
• When participating in market research or surveys, or when posting messages and comments;
• When you contact us or contact one of our partners about an order you have placed;
• We may also collect health-related data only if you provide it voluntarily and with your consent, such as to notify us of allergies.

The Data Controller will process the aforementioned data in accordance with the principles of lawfulness, correctness and transparency, assuming that they refer to you or to third parties who have expressly authorized you to confer them on the basis of a suitable legal basis legitimizing the processing of the data in question. With respect to such hypotheses, you stand as autonomous data controller, assuming all the obligations and responsibilities of the law. Information generated when you use our Sites Preferences and demographic information To continually improve our services and provide a more effective experience, we collect information related to how our Sites are used. This data helps us understand in aggregate how features are used, including general information such as interests expressed, browsing patterns, and demographics provided.

• Usage information

Through cookies, similar technologies, and your browsing on our Sites (both before and after creating an account), we collect data about your online behavior. This includes information about how you interact with our services and the dates of your first and last access.

• Device information

We also collect data about the devices you use to access our Sites, such as device type, operating system and its version, IP address, and other unique identifiers. If you access via cell phone, we may collect additional information, such as phone carrier, location (accurate or approximate) The collection of this data occurs automatically, unless you choose to maintain anonymity through your device settings.

• Required information

In some cases, the provision of data is necessary. If you choose not to provide it, you may not be able to use our Sites or services and we may be forced to terminate our contract with you by giving you prior notice.  

3. PURPOSE OF PROCESSING

Personal data, are processed by the Data Controller as part of its business:

1. Without your consent expressed for the following purposes:

• Provision of services and execution of contracts

The provision of Personal Data is necessary to provide the requested services and fulfill contractual and pre-contractual obligations:

• Help her create and manage her account;
• Deliver orders placed by you;
• Receive payments and make refunds;
• Provide customer support to help you with any complaints or requests related to the delivery of your order;
• Ensure compliance with our contractual conditions governing our relationship with you and with our internal policies and procedures;
• Send you account and service updates, order confirmations, and updates on our customer terms and conditions.

• Administrative and management purposes and for compliance with national and EU regulatory requirements

Processing of Personal Data to comply with regulatory requirements is mandatory and consent is not required. Processing is obligatory, for example, when it is prescribed by anti-money laundering, tax, accounting, anti-corruption regulations or by orders and requests of the Supervisory and Control Authority, to which the Controller is subject.

• Holder's defense

The processing of Personal Data is necessary to pursue a legitimate interest of the Data Controller, namely:

• to ascertain, exercise or defend a right in court or whenever judicial authorities exercise their jurisdictional functions;
• Verify your identity, detect, investigate, report, and attempt to prevent fraud and any other form of abuse of our Sites, including unauthorized access, misuse of our services and products, or illegal activities on our Sites.

I.d) Improve our service The processing of Personal Data is necessary to pursue a legitimate interest of the Data Controller, namely:

• Analyze the traffic on our Sites and how users visit them to improve the quality of our Sites, content, and service offerings;
• Ensure the operation, integrity, and security of our Sites, including resolving software and operational issues;
• Personalize and tailor our content, services, and marketing communications. It is in our and your interest to make it easier and faster for you to find the products and services we think you might like.
• Ask for her feedback, such as your evaluation of the order. It is up to you to decide whether to leave feedback. Feedback is anonymous unless you choose to provide and make your name public.
• Send you surveys or invite you to participate in our market research. It is in our interest to ask you for feedback on how we can improve our products or services.
• Produce aggregate statistics on your feedback or ratings for our customer analyses and share them with our Partners. It is in our interest to improve our services and enable our Partners to improve theirs.
• Show you advertisements when you browse our Sites and apps, if you have agreed to the use of cookies on our Sites, and measure their performance. It is in our interest to promote our business and personalize our content and services so that we can show you what we think you might like.
• Improve our customer service

1. Personal Data will be processed with your consent expressed for the following purposes:

II.a) Direct Marketing Send you and measure the performance of our marketing communications, including those about products and services we think you might like. It is in our interest to inform you about great products, services, restaurants, and stores that we think you might like, and where required, we will ask for your consent.  

4. LEGAL BASIS.

The legal basis for the processing of personal data for the purposes referred to in 3. section I.a) above is the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request, therefore the performance of pre-contractual and contractual obligations with respect to legal relationships established and/or constituted with you (Art.6 paragraph 1, lett. b), GDPR). The legal basis for the processing of personal data for the purposes referred to in point 3. section I.b) above is the fulfillment of a legal obligation to which the Data Controller is subject (Art.6 paragraph 1, lett. c), GDPR), while for the purposes referred to in point 3. section I.c), I.d) above is the pursuit of the legitimate interest of the Data Controller (Art.6 paragraph 1, lett. f), GDPR). The legal basis for the processing of personal data for the purpose referred to in 3. section II.a) above is the data subject's express consent to the processing of his or her personal data for one or more specific purposes (Art.6 paragraph 1(a), GDPR).

1.  COOKIE

For more information about the types of cookies and similar technologies we use, the reasons, and respective ways to control them see our Cookie Policy.  

6. RECIPIENTS

Without prejudice to communications performed in fulfillment of legal and contractual obligations, all data collected and processed may be shared, exclusively for the purposes specified above, with the following categories of authorized persons and/or internal and external managers identified in writing and to whom specific written instructions about data processing have been provided:

• Our Partners and Delivery Officers. We share the minimum amount of information needed to process your order. Delivery people can only see your name, delivery address, items ordered, and whether you have added delivery notes;
• Authorized in-house personnel – employees and associates of the Controller, in their capacity as persons authorized to process personal data, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
• Data Processors - persons, companies, professional firms or other third parties with whom the Data Controller has relationships necessary to carry out its activities for the purposes indicated above or by legal obligation, to whom specific mandate has been entrusted and for the time necessary to achieve the purposes for which the data were collected, who typically act as Data Processors of Labware SpA. By way of example, the Data Controller may need to communicate the data to the following categories: subjects who provide professional consulting services and fiscal, legal and judicial assistance; subjects who provide services for the management of the computer system;
• Third-party recipients-Judicial or supervisory authorities, administrations, public agencies and bodies (by way of example but not limited to: Internal Revenue Agency, Law Enforcement, Judicial Authority, Territorial Authorities, Ministries and their collaborators/auxiliaries), insurance and banking companies.

7. STORAGE AND TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

Your Personal Data is stored on servers within the European Union. It is understood in any case that the Data Controller, if it becomes necessary, for technical or operational reasons, will have the right to transfer Personal Data to countries outside the European Union for which there are “adequacy” decisions of the European Commission, i.e. on the basis of appropriate safeguards or specific exemptions provided for in the Regulations. We attach great importance to keeping your Personal Information secure. We therefore take appropriate technical and organizational measures/industry standard technology to protect your data from unauthorized access and unlawful processing, accidental loss, destruction and damage. The security measures we use are designed to provide a level of security protection appropriate to the risk in processing your personal information. If you have chosen a password that allows you to access certain parts of the Services, you are responsible for keeping it confidential. We advise you not to share your password with anyone and to use a unique password for our Services. We will not be responsible for unauthorized transactions made using your name and password.  

8. PROCESSING METHODS AND RETENTION TIMES OF PERSONAL DATA

The processing of Personal Data will take place, in compliance with the provisions of the GDPR, by means of paper, computer and telematic tools, with logics strictly related to the purposes for which the personal data have been collected and, in any case, in such a way as to ensure their security and confidentiality in accordance with the provisions of Article 32 GDPR. Personal Data are kept, for a period of time not exceeding that necessary to achieve the purposes for which they are processed, subject to the retention periods provided for by law. In particular, Personal Data are generally retained for a time period of 10 years from the termination of the contractual relationship to which you are a party. Personal Data may, likewise, be processed for a longer term if an act interrupting and/or suspending the statute of limitations occurs that justifies the extension of data retention. Personal Data for Marketing purposes will be processed until the data subject makes a request to deactivate the service. More information regarding the period of retention of Personal Data and the criteria used to determine this period may be requested by writing to the Data Controller.  

9. RIGHTS OF THE DATA SUBJECT

In connection with the processing operations described in this policy statement, as a data subject you may, under the conditions set forth in the GDPR, exercise the rights enshrined in Articles 15 to 21 of the GDPR and in particular the following rights:

• Right of access - Right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data, including a copy thereof (Art. 15, GDPR);
• Right of rectification - Right to obtain, without undue delay, rectification of inaccurate personal data concerning you and/or supplementation of incomplete personal data (Art. 16, GDPR);
• Right to cancellation - Right to obtain, without undue delay, the deletion of personal data concerning you (Art.17, GDPR);
• Right to limitation of treatment - Right to obtain from the Controller the limitation of processing, in the cases provided for by the GDPR (Art. 18, GDPR);
• Right to data portability - The right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, in the cases provided for in the GDPR (Art. 20, GDPR);
• Right of opposition - Right to object, at any time on grounds relating to your particular situation, to the processing of personal data concerning you, unless there are legitimate grounds for the Controller to continue the processing (Art. 21, GDPR);
• Right to withdraw consent - right to revoke consent to the processing of your data at any time, without prejudice to the lawfulness of processing based on consent before revocation;
• Right to file a complaint to the Italian Data Protection Authority, Piazza di Montecitorio n.121, 00186, Rome (RM).

  The above rights may be exercised, vis-à-vis the Holder, by contacting the references indicated in point 1 above.  

10. PROVISION OF DATA

The provision of your personal data for the purposes referred to in point 3. section I) is mandatory. Any failure to provide, partial or inaccurate provision of your data and/or any express refusal to process it will make it impossible for the Data Controller to follow up on your requests, fulfill contractual obligations or a legal obligation to which the Data Controller is subject or requests by the competent Authorities. The provision of data for the purposes referred to in point 3. section II) is optional, with the consequence that you may decide not to provide your consent, or to revoke it at any time.