Privacy & Security
IBROSHOP has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for this Web site: ibroshop.com
which process the personal data of users who visit and use them. The policy concerns the procedures, timing and nature of the information that data controllers must give users when they connect to web pages, regardless of the purpose of the connection.
The Data Controller is IBROSHOP Spa, Vicolo Frassino 1, 38062 Arco, Italy
Place of data processing and authorised personnel
Data processing relating to the services on these websites takes place at the premises of the Internet service providers used to make and host the site and at the Data Controller’s premises.
Data is processed only by authorised personnel, including for any maintenance and administration of the processing systems.
Types of processed data
Navigation and technically essential data
During the course of normal operation, the computer systems and software procedures used to operate this website collect personal data, the transmission of which is an intrinsic part of using Internet communication protocols. Such information is not collected to be associated with identified parties, but could, by its very nature, make it possible to identify users when processed and associated with data held by third parties.
This data category includes IP addresses or the domain names of the computers used by users who connect to the website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to place the request with the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. This data is only used to obtain anonymous statistical data relating to use of the website and to check that it is operating correctly, and is immediately deleted after processing. The data could be used to determine responsibility in the event of hypothetical IT offences against the website.
We use your IP address to help diagnose problems with our server and to administer our Web site.
Data provided voluntarily by the user
Data relating to identified or identifiable persons may also be processed, on the basis of additional information submitted by the party concerned: for example, by filling in data collection forms; or through the optional, explicit and voluntary sending of e-mail to the addresses appearing on this site, involving the sender’s address subsequently being acquired, which is necessary to reply to requests, and any other personal data included in the communication.
Data processed to manage shop orders includes personal details, addresses, purchase notes, recommendations and notes.
Our site's registration form requires users to give us contact information (like their name, email, and postal address).
Contact information from the registration forms is used to get in touch with the customer when necessary.
Users may opt-out of receiving future mailings; see the choice opt-out section below.
Our site uses an order form for customers to request information, products, and services. We collect contact information (like their email address), and financial information (like their account or credit card numbers).
Contact information from the order forms is used to get in touch with the visitor when necessary and will never be given to third parties. You will thus never be included in mailing lists or promotional activities carried out by third parties.
Users may opt-out of receiving our future mailings; see the choice/opt-out section below.
Financial information that is collected is used to bill the user for products and services and is stored on our servers with special multiple security measures.
Profiling data regarding the interested party’s shopping habits or choices is not directly collected. It is still possible that this information may be collected by independent or separate parties through links or the inclusion of third-party elements. Refer to the Cookies section.
Like other websites, this website saves cookies in the browser of the user’s computer to transmit personal information and to enhance the user experience. Cookies are small text files that are sent to the user’s terminal equipment (usually the browser) by visited websites, where they are stored, sometimes for a long time, to be then resent to the same websites on the user’s next visit. As explained below, it is possible to choose to accept cookies or not and which cookies to accept, bearing in mind that refusing to use them may affect the ability to complete certain transactions on the website or the accuracy and suitability of certain customizable content or the ability to recognise the user from one visit to the next. Where no choice is made in this regard, the predefined settings will be applied and all cookies will be activated. However, relevant decisions may be notified or changed at any time.
In particular, “session” cookies are used, which are not stored permanently on the user’s computer and are deleted on closing the browser, use of which is strictly limited to the transmission of session identifiers (consisting of numbers randomly generated by the server), which are necessary to enable secure and efficient browsing of the site and which avoid the use of other IT techniques that would potentially jeopardise the confidentiality of users’ browsing and do not allow the collection of personal data that could identify the user. Analytics cookies are also used, which help understand how visitors interact with the site’s content, by collecting information (geographical and web location, technology used, language, landing page, pages visited, exit page, time spent on the site, etc.) and generating website usage statistics, without personally identifying individual visitors. All these are technical cookies, which, as consent is not required, operate on an opt-out basis. Technical cookies are not shared with third parties, as they are necessary or useful for the functioning of the site. They are therefore only processed by authorised qualified persons, data processors or system administrators.
Lastly, the site includes cookies from third parties (which are independent and for which the Data Controller has no responsibility), which also perform profiling functions. For information about these, refer to the respective sites:
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy: this means is that you can disallow cookies from all sites except those that you trust. Another feature of some browsers is incognito browsing mode, meaning that any cookies created while in incognito mode are deleted after the browser is closed. Refer to the instructions for cookie management in your relevant browser. Disabling cookies some advanced functionality of our website could not be available.
Purposes of processing, communication and disclosure of data
The personal data collected is only used to perform the requested services (e-commerce) and is disclosed to third parties only when necessary for that purpose. Services include: browsing and simple use of the website and its content; registration and access to the restricted area; payments, customer care, support, advertising, recommendations; contact requests, antifraud evaluation, etc.
Some services involve more detailed information. In any case, no data derived from web services is disclosed or published without the prior approval of the party concerned. Finally, please note that in some cases (not subject to ordinary management) the Public Authorities may also request personal information, to which the Data Controller is obliged to respond.
Optional provision of data
Apart from what is required in terms of navigation and technically essential data, the user is free to provide personal data for specific requests regarding products and/or services. Without certain essential data it may be impossible to fullfill the request.
Legal basis and management of approval for processing
When necessary, outside the cases in which the legitimate interest of both the owner and third parties applies, and in any case upon reading the information (e.g. this policy), the interested party is required to consent to the processing and disclosure of their personal data for the purposes and within the limits described; failure to do so would prevent the Data Controller from processing the data in order to perform and provide the services requested by the interested party or proposed to them.
Personal data processing, understood as the collection, recording, organisation, storage, processing, modification, deletion and destruction or the combination of two or more of these operations, takes place using manual, computerised and online tools, as well as in an automated manner, using methods strictly related to the stated purposes and, in any case, in such a way as to ensure security and confidentiality and for the time strictly necessary to achieve the purposes for which it has been collected. Data is processed legally and accurately, is collected and recorded for specified, explicit and legitimate purposes, is accurate and, if necessary, updated, relevant, complete and not excessive with regard to the purposes of processing, in compliance with basic security measures and the rights and fundamental freedoms and the dignity of the party concerned, particularly with regard to confidentiality and personal identity. The data will be kept until the end of the legal prescription to defend oneself or to assert a right in court, after the purpose, for which the data has been collected, has been exhausted. E.g. Data retention for accounting and administrative purpose is 10 years; for profiling purpose is at least 26 months.
Transfer of Personal Data to Third Countries
In accordance EU Data Protection Regulation, data may be transferred to a recipient in a third country or to an international organisation outside the European Union (EU) or the European Economic Area (EEA)or the European Economic Area that guarantee an adequate level of personal data protection. In any case, data processing will take place in the manner provided for in this declaration and in the provisions of the law.
This site contains links to other sites or pixel or widgets from other sources. IBROSHOP is not responsible for the privacy practices or the content of such Web sites.
This site has security measures in place to protect the loss, misuse, and alteration of the information under our control. Verisign SSL Secure Servers guarantee that all personal data are transacted safely. Our Servers use multiple security measures, that guarantee the impossibility of external interference. Of course, as aforementioned, none of the customers personal data is disclosed to third parties which are not authorised or designated as processors.
Rights of data subjects
At any time the data subject (individual to whom personal data refers) may: exercise his / her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when envisaged towards the data controller, pursuant to art. from 15 to 22 of the GDPR; to propose a claim to the Control Authority (https://www.garanteprivacy.it/); and if the treatment is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.
You can send email to: email@example.com
Our site provides users the opportunity to opt-out of receiving promotional/marketing information from us.
This site gives users the option to change or modify at any time the information previously provided. In fact, individuals to whom personal data refers are entitled to obtain, at any time, confirmation of whether or not such data exists and to be informed of its content and origin, to check that it is accurate or to request that it be supplemented, updated or corrected.
Personal data processing is covered by EU Data Protection Regulation n.2016/679 (GDPR), and by the Italian Law in particular Legislative Decree No. 196 of 30 June 2003, as subsequently amended and supplemented, and Data Protection Control Authority measures.
Requests should be sent to the Data Protection Officer at firstname.lastname@example.org
If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, any requests should be sent to the Data Protection Officer at: email@example.com