top of page

Privacy Policy

-About Us

CHO Srl, with its registered office at Largo Augusto, 8 - 20122 MILANO - Italy – CF and VAT No. 12617060962, represented by the legal representative, appointed Data Controller, hereinafter referred to as Controller, informs that, pursuant to Art. 13 of Legislative Decree 30.6.2003 No. 196 and Art. 13 of EU Regulation No. 2016/679, the collected data will be processed in the manner and for the purposes indicated below.

 

-Types of Data Collected

 

Our Personal Data Protection Policy governs the use and storage of the provided data. The Controller is responsible for the personal data provided to us.

 

-Purpose of Data Collection

The purposes of data collection are as follows:

User data is collected to allow the Controller to provide the product sales service through the website spiritoreale.it, fulfill legal obligations, respond to requests or executive actions, protect its rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, and for the following purposes: statistics, access to accounts on third-party services, viewing content from external platforms, tag management, contacting the User, interaction with support and feedback platforms, management of support and contact requests, interaction with live chat platforms, advertising, registration and authentication, payment management, platform and hosting services, and heat mapping and session recording.

 

-Data Provided Voluntarily by the User

 

By registering for the mailing list or newsletter, the User’s email address is automatically added to a list of contacts that may receive communications containing information, including commercial and promotional information, related to CHO Srl brands. The User’s email address may also be added to this list as a result of registering on this site or after making a purchase.

 

-Data Processing

 

The personal data required during registration and necessary for order processing are collected by CHO Srl and processed on electronic and/or telematic media to meet the obligations arising from the contract concluded with the Customer. In addition to the Controller, in some cases, other parties involved in activities aimed at fulfilling contractual obligations (internal staff, third-party technical service providers, carriers, transporters, and shippers, hosting providers, IT companies, communication agencies) may also have access to the data, appointed, if necessary, as Data Processors by the Controller. The updated list of Data Processors can always be requested from the Data Controller and will not be transferred to third parties in any way. CHO Srl ensures its customers that the regulations on personal data processing, governed by the privacy code of Legislative Decree No. 196 of 30.06.03, are respected.

 

-Navigation Data

 

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified subjects, but by its very nature could, through processing and associations with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, web contact data does not persist for more than seven days.

 

-Cookies

 

No cookies are used to transmit personal information, nor are so-called persistent cookies of any kind used, such as user tracking systems. The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable safe and efficient site exploration. The session cookies used on this site avoid the use of other potentially prejudicial computer techniques for the confidentiality of user navigation and do not allow the acquisition of personal identification data of the user. Refer to the cookie policy for more information.

 

-Voluntary Provision of Data

 

Except for navigation data, the user is free to provide personal data in the request forms or otherwise indicated in contacts with the site to receive informative material or other communications. Failure to provide personal data may make it impossible to obtain the requested service. It should be noted that in some cases, not related to the ordinary management of this site, the Data Protection Authority may request information pursuant to Art. 157 of the Personal Data Protection Code, for the purpose of controlling personal data processing. In these cases, the response is mandatory.

 

-Storage Location

 

Processing related to the web services offered by this site takes place at the company’s headquarters and possibly at the offices of external Data Processors and is handled by data processing appointees responsible for managing the requested services, marketing activities (if requested by the user), data storage activities, and occasional maintenance operations.

 

-Processing Methods

 

Specific security measures are observed to prevent data loss, illegal or incorrect uses, and unauthorized access.

 

-Retention Time

 

No data is stored on the company’s web structures, as all data collected via the web related to specific user requests are sent directly to the Data Controller who retains them for the time necessary to fulfill the specific request.

 

-Rights of Data Subjects

 

Data subjects have the right to obtain confirmation of the existence or otherwise of their data at any time, to know their content and origin, to verify their accuracy, and to request their integration and updating. Data subjects have the right to request the deletion, anonymization, or blocking of data processed in violation of the law, as well as to oppose their processing for legitimate reasons at any time.

 

-Exercise of Rights

 

Data subjects may exercise their rights at any time by sending an email to CHO@pec.net.

bottom of page