Privacy policy

Privacy Policy of ddlabmilano.com

This Application collects some Personal Data of its Users.

This document can be printed using the print command available in the settings of any browser.

Data Controller
ddLab by Donatella Pedicino

Owner's email address: info@ddlabmilano.com

Types of Data collected


Among the Personal Data collected by this Application, independently or through third parties, there are: Usage Data; Tracking Tools; email; name; surname; phone number; tax code; date of birth; city; device information; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); username; password; payment information; purchase history; billing address; number of Users; session statistics; latitude (city); longitude (city); browser information.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or through specific informational texts displayed before the data collection itself. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide them, this Application may not be able to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data without it affecting the availability or functioning of the Service. Users who have doubts about which Data are mandatory are encouraged to contact the Owner. The possible use of Cookies - or other tracking tools - by this Application or by third-party service providers used by this Application is for the purpose of providing the Service required by the User, as well as for other purposes described in this document and in the Cookie Policy.

Methods and Place of Data Processing
Processing Methods The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data. Processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons involved in the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Place
The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located. For further information, please contact the Data Controller. The User's Personal Data may be transferred to a country other than their own. To obtain more information about the processing location, the User can refer to the section containing details about Personal Data processing.

Storage Period
Unless otherwise specified in this document, Personal Data is processed and stored for as long as required for the purpose they were collected for and may be stored for a longer period due to legal obligations or with the User's consent.

Purposes of Data Processing
User Data is collected to allow the Owner to provide the Service, fulfill legal obligations, respond to requests or enforcement actions, protect their rights and interests (or those of Users or third parties), detect malicious or fraudulent activities, as well as for the following purposes: Displaying content from external platforms, Statistics, Contacting the User, Advertising, Payment management, Interaction with social networks and external platforms, and Tag Management. For detailed information on the purposes of processing and the Personal Data processed for each purpose, Users can refer to the "Details on Personal Data processing" section.

Details on Personal Data Processing

Personal Data is collected for the following purposes and using the following services:

Contacting the User
Mailing list or newsletter (this Application)
By registering for the mailing list or newsletter, the User's email address is automatically added to a list of contacts to whom email messages containing information, including commercial and promotional information related to this Application, may be transmitted. The User's email address may also be added to this list as a result of registering for this Application or after making a purchase.

Personal Data processed: city; surname; date of birth; email; name; phone number; Tracking Tools.

Contact form (this Application)
By filling in the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind of request as indicated by the form's header.

Personal Data processed: city; surname; email; name; phone number; company name; Tracking Tools.

Payment Management
Unless otherwise specified, this Application processes all payments with credit card, debit card, or other means provided by our processor Shopify and its payment manager Shopify Payments. You can read more about how Shopify uses your personal information here: Shopify Privacy Policy.

Alternatively, there may be external payment service providers present. In general, unless otherwise specified, Users are asked to provide payment details and personal information directly to these payment service providers.

PayPal
PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

Personal Data processed: surname; purchase history; Usage Data; email; billing address; payment information; device information; name; phone number; password; Tracking Tools; username; various types of Data as specified in the service's privacy policy.

Processing Location: Refer to PayPal's privacy policy – Privacy Policy

Interaction with Social Networks and External Platforms
This type of service allows interactions with social networks or other external platforms directly from the pages of this Application. The interactions and information obtained through this Application are always subject to the User's privacy settings for each social network or platform. This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out from these services to ensure that the data processed on this Application is not linked to the User's profile.

Advertising
This type of service allows the use of User Data for commercial communication purposes. These communications are displayed on this Application in the form of banners and other advertising formats, also related to the User's interests. This does not mean that all Personal Data is used for this purpose. Data and usage conditions are indicated below. Some of the services listed below may use Tracking Tools to identify the User or use behavioral retargeting techniques, displaying personalized advertisements based on the User's interests and behavior, also detected outside of this Application. For more information, it is recommended to check the privacy policies of the respective services. Services of this kind generally offer the possibility to opt out of such tracking. In addition to any opt-out feature provided by any of the services listed in this document, Users can learn more about disabling interest-based advertising in the specific section "How to disable interest-based advertising" in this document.

As described earlier, we may use your personal information to provide you with targeted advertising or marketing communications that we believe may interest you. For example:

We use Google Analytics 4 to understand how our customers use the Site. You can read more about how Google uses your personal information here: Google Privacy Policy. You can also opt out of Google Analytics here: Google Analytics Opt-out. For more information on how targeted advertising works, you can visit the educational page of the Network Advertising Initiative (NAI) at Understanding Online Advertising.

You can disable targeted advertising through:

Additionally, you can disable some of these services by visiting the Digital Advertising Alliance opt-out portal at About Ads Opt Out.

Pinterest Ads (Pinterest, Inc)
Pinterest Ads is an advertising service provided by Pinterest, Inc., through which the Owner can run advertising campaigns on the Pinterest advertising network.

Users can opt out of behavioral advertising features through their device settings or Pinterest customization settings.

Personal Data processed: email; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); device information; Tracking Tools.

Processing Location: United States – Privacy Policy – Opt out.

Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to track User behavior.

Google Analytics with anonymized IP (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports, and sharing them with other Google services. Google may use Personal Data to contextualize and personalize the ads of its advertising network. This Google Analytics integration anonymizes your IP address. Anonymization works by shortening the IP address within EU member states or other countries participating in the European Economic Area agreement before transmission to Google's servers. Only in exceptional cases will the full IP address be sent to Google servers and shortened within the United States.

Personal Data processed: Usage Data; Tracking Tools.

Processing Location: Ireland – Privacy Policy – Opt Out.

Google Analytics (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports, and sharing them with other Google services. Google may use Personal Data to contextualize and personalize the ads of its advertising network.

Personal Data processed: Usage Data; Tracking Tools.

Processing Location: Ireland – Privacy Policy – Opt Out.

Facebook Ads Conversion Tracking (Facebook Pixel) (Meta Platforms Ireland Limited)
Facebook Ads Conversion Tracking (Facebook Pixel) is a statistics service provided by Meta Platforms Ireland Limited that connects data from the Meta ad network with actions performed within this Application. The Facebook pixel tracks conversions that can be attributed to Facebook, Instagram, and Audience Network ads.

Personal Data processed: Usage Data; Tracking Tools.

Processing Location: Ireland – Privacy Policy.

Meta Events Manager (Meta Platforms Ireland Limited)
Meta Events Manager is a statistics service provided by Meta Platforms Ireland Limited. By integrating the Meta pixel, Meta Events Manager can provide the Owner with information about traffic and interactions on this Application.

Personal Data processed: Usage Data; Tracking Tools.

Processing Location: Ireland – Privacy Policy.

Google Analytics 4 (Google Ireland Limited)
Google Analytics is a statistics service provided by Google Ireland Limited (“Google”). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports, and sharing them with other Google services. Google may use Personal Data to contextualize and personalize the ads of its advertising network. In Google Analytics 4, IP addresses are used at the time of collection and then deleted before the data is recorded in any data center or server. For more information, you can consult Google's official documentation.

Personal Data processed: city; Usage Data; browser information; device information; latitude (city); longitude (city); number of Users; session statistics; Tracking Tools.

Processing Location: Ireland – Privacy Policy – Opt Out.

Pinterest Conversion Tag (Pinterest, Inc)
Pinterest Conversion Tag is a statistics service provided by Pinterest, Inc., which connects data from the Pinterest ad network with actions performed within this Application. Users can opt out of behavioral advertising features through their device settings, Pinterest customization settings, or by visiting the AdChoices opt-out page.

Personal Data processed: Usage Data; device information; Tracking Tools.

Processing Location: United States – Privacy Policy – Opt Out.

 

 Information on how to disable interest-based advertising

In addition to any opt-out function provided by any of the services listed in this document, Users can learn more about how to disable interest-based advertising in the relevant section of the Cookie Policy.

Further information on the processing of personal data

  • Sale of goods and services online Personal Data collected is used for the provision of services to the User or for the sale of products, including payment and possible delivery. Personal Data collected to finalize the payment may include those related to credit card, bank account used for the transfer, or other payment instruments provided. Payment data collected by this Application depends on the payment system used.

Cookies A cookie is a small amount of information that is downloaded to your computer or device when you visit our Site. We use various types of cookies, including functional, performance, advertising cookies, and social media or content cookies. Cookies enhance your browsing experience by allowing the website to remember your actions and preferences (such as login and region selection). This means you do not have to re-enter this information every time you return to the site or move from one page to another. Cookies also provide information on how people use the website, such as whether it is their first visit or if they are frequent visitors.

We use the following cookies to optimize your experience on our Site and provide our services.

Cookies necessary for store operation

  • _ab - Used in relation to admin access.
  • _secure_session_id - Used in relation to navigation through the store.
  • cart - Used in relation to the shopping cart.
  • cart_sig - Used in relation to payment.
  • cart_ts - Used in relation to payment.
  • checkout_token - Used in relation to payment.
  • secret - Used in relation to payment.
  • secure_customer_sig - Used in relation to customer access.
  • storefront_digest - Used in relation to customer access.
  • _shopify_u - Used to facilitate updating customer account information.

Reports and analytics

  • _tracking_consent - Tracking preferences
  • _landing_page - Tracks landing pages.
  • _orig_referrer - Tracks landing pages.
  • _s - Shopify analysis.
  • _shopify_s - Shopify analysis.
  • _shopify_sa_p - Shopify analysis related to marketing and referrals.
  • _shopify_sa_t - Shopify analysis related to marketing and referrals.
  • _shopify_y - Shopify analysis.
  • _y - Shopify analysis.

gtag.js and analytics.js set the following cookies:

Cookie name - default expiration time - description

  • _ga - 2 years - Used to distinguish users.
  • _gid - 24 hours - Used to distinguish users.
  • _gat - 1 minute - Used to limit request rate. If Google Analytics is implemented through Google Tag Manager, this cookie will be named dc_gtm.

Cookie duration The duration of a cookie on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing, while persistent cookies last until their expiration or deletion. Most cookies we use are persistent and expire between 30 minutes and two years from the date they are downloaded to your device.

Cookie control You can control and manage cookies in various ways. Please note that removing or blocking cookies may negatively impact your user experience, and some parts of our site may not be fully accessible. Most browsers automatically accept cookies, but you can choose whether to accept them through your browser controls, usually found in the "Tools" or "Preferences" menu of the browser. For more information on how to change your browser settings or how to block, manage, or filter cookies, consult your browser's help file or sites like www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent the sharing of information with third parties, such as our advertising partners. To exercise your rights or exclude certain uses of your information by such parties, follow the instructions in the "Further information for users" section below.

The time a cookie remains on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing, and persistent cookies last until they expire or are deleted. Most cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

Further information for users Legal basis for processing The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

  • The User has given consent for one or more specific purposes.
  • The processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
  • The processing is necessary to comply with a legal obligation to which the Data Controller is subject;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

It is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided for by a contract, or necessary to conclude a contract.

Further information on retention period Unless otherwise specified in this document, Personal Data are processed and stored for the time required by the purpose for which they were collected and may be stored for a longer period due to legal obligations or based on User consent.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Owner and the User will be retained until such contract has been fully performed.
  • Personal Data collected for purposes related to the legitimate interests of the Owner will be retained until such interests are satisfied. The User can obtain further information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.
  • When processing is based on User consent, the Owner may retain Personal Data longer until such consent is revoked. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for legal obligations or by order of an authority.

Once the retention period expires, Personal Data will be deleted. Therefore, at the end of this term, the right of access, deletion, rectification, and data portability cannot be exercised anymore.

User rights under the General Data Protection Regulation (GDPR) Users can exercise certain rights regarding their Data processed by the Owner.

In particular, within the limits set by law, Users have the right to:

  • Withdraw consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain erasure of their Personal Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted directly to another controller without any hindrance.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Users can obtain information regarding the legal basis of Data transfers outside foreign territories including towards any international organization governed by public international law or set up by two or more countries, such as UN, as well as regarding security measures taken by the Owner to protect their Data.

Do Not Track Please note that since there is no consistent industry understanding of how to respond to "Do Not Track" signals, we do not alter our data collection and use practices when we detect such a signal from your browser.

Information not contained in this policy More information regarding the processing of Personal Data may be requested at any time from the Owner using contact details.

Changes to this privacy policy The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and if possible on this Application as well as by sending a notice to Users through one of the contact details held. Therefore, please check this page frequently, referring to the last modified date indicated at the bottom.

If changes affect treatments whose legal basis is consent, the Owner will collect consent again from Users if required.

Contacts For further information about our privacy practices, if you have questions or wish to file a complaint, contact us via email at info@ddlabmilano.com or by mail using the details provided below:

ddLab di Donatella Pedicino, via Lario 17, citofono 56, 20159 Milano MI

Last update: 12/03/2024

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the competent data protection authority. You can contact your local data protection authority or our supervisory authority here: https://www.garanteprivacy.it/web/garante-privacy-en