Dear Customer,

this document reports and lists the methods of data processing that LEB S.r.l. collects and processes while browsing its website and for the online sale of its products.

1. Data controller

LEB S.r.l., headquartered in Foggia (FG), at Viale Virgilio, 13/H - ZIP code 71122, C.F. and P.IVA: 04246830717, registered with the Register of Companies of Foggia, REA FG - 312668 (hereinafter, the"Company"), is the data controller, in the figure of the owner (or, in any case, the person who will have the representation of the Company, even if the company name is changed).

As the owner of the processing of personal data collected during the navigation of the various sections and subsections of the website www.leb.world and the sale of its products, the Company undertakes to ensure compliance with the regulations on privacy, as amended by the European Union Regulation no. 679/2016 (hereinafter, "GDPR"), providing its customers with all relevant information both on how the aforementioned data is collected, stored and used and on the rights of each user.

For any information and/or further clarification, it is possible to contact the Company, as the owner of the processing and protection of the aforementioned data, by writing to:[insert e-mail address].

2. Personal data processed, purpose and legal basis for processing
  1. Personal data processed

In order to sell and/or advertise its products, as described within its website, the Company collects and stores the following data:

  • the data and information provided by customers of its website(www.leb.world) and its subdomains and/or domains in any way connected, present and future, generated by access to the site. The computer systems and software procedures set up by the Company acquire the information sent to the customer's browser and, in particular: (i) the IP address, (ii) the type of operating system and browser used, (iii) the settings, date and time of use as well as (iv) the location (understood as geo-location of the customer) and the language used;
  • the geographic area in which the device from which the data covered by this policy is communicated is used and/or the different mobile devices, from time to time used by the customer;
  • personal data (first name, last name, e-mail address and contact details) provided by customers of its website who provide them for (a) Make acquisitions on our website, (b) receive updates on our activities, and (c) to receive promotional communications and invitations to events;
  • additional personal data (customer's first and last name or company name, company name, telephone numbers, billing address, VAT number as well as any other useful and/or necessary data required by the applicable regulations from time to time) provided by customers to the Company and necessary to complete any fiscal and administrative compliance, as required by the applicable regulations;
  • information voluntarily submitted by customers such as, but not limited to, questions to the Company's customer support, survey responses, and/or other optional information.
  1. Purpose and legal basis of processing

Personal data requested by the Company are collected and processed for the following purposes:

  1. For the sale of products through our website;
  2. for accounting, tax, administrative purposes as well as for the fulfillment of legal obligations or in the event that the processing of the aforementioned data is necessary to give effect to requests made by the judicial authorities and/or public authorities within the framework of judicial and/or administrative proceedings and for which there is an obligation to communicate the aforementioned data;
  3. in the presence of specific consent from the customer for periodic sending, by e-mail, of newsletters/s and/or advertising material.

Additional data (such as, but not limited to, domain names, IP addresses, and/or browser types), collected through the Company's website, are and/or will be used to track traffic statistics and for the needs of monitoring how services are used by the relevant authorities and are and/or will not, in any way, be accompanied by any additional personal information and that is not strictly necessary for the purposes specified therein.

3. Nature of conferral

The provision of data by the customer for the purposes set forth in Article 2(B), items. 1) and 2) above is absolutely necessary for the purpose of the purchase of the Company's products, and any refusal by the customer to provide his or her information will result in the inability of the Company to properly complete the sale, without giving rise to any type of breach of contract on the part of the Company.

The provision of data by the user for the purposes mentioned in Article 2(B)(3) above is optional and its use is conditional on the customer's explicit consent. Any refusal by the customer to grant consent does not impact the ability to complete the purchase and/or browse the site and has no effect other than to exclude the sending of newsletters/s and/or advertising material.

4. Methods of Data Processing.

The data collected will be processed through the use of automated electronic, computer and telematic tools and/or through manual processing with logic strictly related to the purposes for which the personal data were collected ensuring, in any case, the security of the same.

The aforementioned data will be stored on computer media, in compliance with the security measures and protection of security guarantees suggested by the GDPR.

The processing of personal data is carried out by means of the operations specified in Article 4 of Leg. June 30, 2003, no. 196 (Privacy Code) and Article 4, no. 2, of the GDPR namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

All data are stored using a server farm of the Company which is located in a state-of-the-art data center (Google Server), highly secure and in any case in line with legal requirements. In order to prevent the misuse of such data, the Company takes some specific security measures such as, for example, storing confidential data in an encrypted format.

5. Access to Data

Data may be made accessible for the purposes indicated in Articles 1), 2), 3) and 4) above a:

  • internal staff of the Company, identified for this purpose and authorized to process according to specific instructions given in compliance with current regulations;
  • to third parties (e.g. professional firms and/or external consultants) who perform assistance and consulting activities on behalf of the Company, in their capacity as external data processors, only for the purposes strictly necessary for their use;
  • to third parties that will be involved by the Company for the proper execution of sales through its website (such as, but not limited to, couriers and/or forwarding agents);
  • to companies that perform services related and instrumental to the execution of the above purposes such as, but not limited to, credit card payment processing companies(Stripe).

The Company undertakes not to use or share, including for the future, personal data in a manner inconsistent with what is described in this privacy policy without informing the customer from time to time concerned, granting the customer the opportunity to explicitly refuse consent for activities other than those described and preventing the non-compliant use of the said data.

6. Duration of treatment.

The processing will have a duration not exceeding that necessary for the purposes for which the data were collected and, in any case, may vary in relation to the customer's choices with reference to the contractual agreements from time to time signed with the Company.

It is the customer's right at any time to request the interruption, limitation and/or deletion of data by sending a request to:[insert e-mail address]. In such a case, what is already stated in Article 3 above will apply.

7. Transfer of Data

The management and storage of personal data will take place on servers owned by the Company and/or by third-party companies specifically appointed by the Company and duly appointed as data processors of the aforementioned data. Said servers will be located outside the territory of the European Union.

The Company's current cloud provider is[insert cloud provider details]. The provider has already adapted to the privacy criteria imposed by the GDPR, as best inferred from the following website address:[insert relevant link].

The personal data provided customer to enable the sending (i) of commercial communications via electronic mail about products, initiatives and/or services offered by the Company and/or (ii) of newsletters containing insights are processed electronically through the use of software called "SendGrid". The "Sendgrid" service is provided by http://sendgrid.com/, whose privacy information is available at https://sendgrid.com/policies/tos/.

8. Rights of the data subject

Every customer, in his or her capacity as a "data subject," has the rights under Article 7 of the Privacy Code and Article 15 of the GDPR, namely, the rights to:

  • obtain confirmation of the existence or otherwise of personal data concerning him/her in the Company's archives, even if not yet recorded, and their communication in intelligible form;
  • Getting the indication: (a) of the origin of personal data; (b) of the purposes and methods of processing; (c) of the logic applied in the case of processing carried out with the aid of electronic instruments; (d) of the identification details of the owner, managers and designated representative in accordance with Article 5(2) of the Privacy Code and Article 3(1) of the GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the aforementioned data in their capacity as designated representatives in the territory of the Italian state, as managers or appointees;
  • obtain: (a) the updating, amendment, updating or, in case of specific interest, supplementation of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected and/or subsequently processed; (c) certification that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated and/or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected;
  • Oppose in whole or in part: a) for legitimate reasons, to the processing of personal data concerning the customer, even if relevant to the purpose of collection; b) to the processing of personal data concerning the customer for the purpose of sending advertising material and/or direct sales and/or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by means of electronic mail and/or through traditional marketing methods (i.e. by telephone and/or paper mail).

In this regard, the Company points out that the data subject's right to object, as set out above, for direct marketing purposes using automated methods also extends to traditional marketing. In any case, this is without prejudice to the possibility for the data subject to exercise the right to object even in part. Therefore, the data subject may opt to receive only communications (i) through traditional ways or (ii) only automated communications or (iii) neither type of communication.

Where applicable, the customer also has the rights set forth in Articles 16 to 21 of the GDPR(i.e. right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

9. Ways of exercising rights

As noted above, the customer has, at any time, the option to object to the processing of his or her data and/or request the deletion, modification or updating of all personal information held by the Company.

These powers may be exercised by the customer by sending a notice to the following e-mail address:[insert e-mail address].

10. Minors

The Company's website, as well as the services offered therein, are not intended for individuals under the age of 18. For this reason, the Company will not intentionally collect, use, or disclose personal data referring to individuals under the age of 18.

In the event that information about minors is unintentionally recorded, including as a result of misrepresentation on the part of customers, the Company will promptly delete it at the request of customers and/or, in any case, as soon as it becomes aware of the cause justifying its deletion.

In any case, the Company remains available for any further clarification and/or needs.