1. WHO IS THE CONTROLLER
When you use the Site, access our services or purchase VIVAAWORLD products, VIVAAWORLD is the controller of the processing of your personal data. The types of personal data we collect and the purposes for which we process such data are described in detail below.
For any clarification, question, or requirement related to your privacy, or to exercise your rights under the European personal data processing legislation (the General Data Protection Regulation - EU Reg. No. 2016/679, hereinafter “GDPR”) (see point 6) you may contact us at any time by sending a request to Customer Care (selecting the “Privacy” option). If you wish, you may also contact us or our Data Protection Officers (DPOs) directly; to do so you may use the contact details indicated below.
2. WHAT DATA DO WE PROCESS
3. WHY DO WE PROCESS YOUR DATA AND ON WHAT LEGAL BASIS
3.1 PURPOSES RELATED TO THE ONLINE SALE OF PRODUCTS
We process your personal data for the online sale of VIVAAWORLD products and the relative activities connected thereto. In particular, to: enter into and perform a contract for the purchase on the Site of one or more products, for payment, product shipping, any management of the right of withdrawal, return, and the legal warranty. This processing is necessary to perform a contract to which you are party (purchase and sale agreement). You must provide your personal data; otherwise you will not be able to make a purchase on the Site or manage any requests you may have regarding the right of withdrawal, return, and legal warranty, or to receive the dedicated customer service; customer care. Processing is necessary to perform a contract to which you are party (provision of customer care). You must provide your personal data; otherwise you will be unable to receive the customer care you requested; the fulfillment of the legal obligations relating to the sales activity (such as, for example, issuing and storing the invoice). This processing is necessary to fulfill a legal obligation to which we are subject. It is thus mandatory that you provide your personal data; otherwise you will be unable to make a purchase on the Site; register on the Site (“My Account”), or use the services that are reserved for registered users (for example: Wish List, My Orders, Quick Buy, etc.). This processing is necessary to perform a contract to which you are party (registration on the Site and the relative provision of services). It is mandatory that you provide your personal data; otherwise you will be unable to register on the Site and use the registered user services; prevention and suppression of fraud and abusive behaviors (including by third parties) that conflict with the current standards, the applicable contractual provisions, and the rules of correctness and good faith. The lawfulness of this processing is based on our legitimate interests to perform security activities and controls for the purpose of preventing and protecting against fraudulent activities and abusive behaviors. Upon your request, we will be able to provide you with detailed information about the aforementioned legitimate interest and the corresponding so-called balancing test we have undertaken to ensure that your rights and interests are not outweighed by our legitimate interests; the use of the following services offered through the Site and linked to the online sale (not available in all countries): (i) delivery of products purchased online at VIVAAWORLD stores (“pick up in store”); (ii) return of products purchased online at VIVAAWORLD stores (“return in store”); and (iii) online sale of products at VIVAAWORLD stores (“click from store”). This processing is necessary to perform a contract to which you are party (provision of the corresponding service). It is mandatory that you provide your personal data; otherwise, you will be unable to use the service.
3.2 PURPOSES RELATED TO PERFORMING OTHER SERVICES YOU HAVE REQUESTED
Through the Site, you may reserve a product online at VIVAAWORLD stores (“click & reserve”, not available in all countries), as well as, upon your consent, find the VIVAAWORLD store closest to you by using your geographic position (“Store Locator”). You may also contact VIVAAWORLD to get more information about the world of VIVAAWORLD and its products.
VIVAAWORLD processes the personal data you provide when you use these services on the Site and enter the corresponding areas of the Site. The processing is based on the performance of a contractual obligation between the parties or on precontractual measures adopted upon your request. It is mandatory that you provide your personal data; otherwise, you would be prevented from using the requested service.
3.3 MARKETING PURPOSES
With your consent, VIVAAWORLD uses your personal data for marketing purposes. Indeed VIVAAWORLD may send you promotions, commercial or advertising communications about its products, services, and events. The marketing activities may also include market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including using aggregated anonymous data. The processing of your data for marketing purposes is based on your voluntary consent, and providing your data for such purposes is optional. Regardless of whether you have consented to such processing for marketing purposes, you will be able to purchase our products online.
With your consent, VIVAAWORLD uses the data collected in its stores and online, through this or other sites, or through VIVAAWORLD accounts on social media, to collect information relating to your preferences, habits, lifestyle, as well as details about what you have purchased. The data is used to create group and/or individual profiles (“profiling”) which allow us to send you personalized communications that are in line with your interests, or to conduct market research and statistical analyses, including with aggregated anonymous data. The processing of your data is based on your voluntary consent, and providing your data is optional. Regardless of whether you have consented to such processing, you will be able to purchase our products online.
With your consent, VIVAAWORLD shares your personal data with companies in the VIVAAWORLD, and others operating in the beauty, lifestyle, food, or sports sector. These companies will process your data for their own marketing purposes, i.e. to send you promotions, commercial or advertising communications about their products, services, events, including market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including with anonymous data, organized in aggregate form. Such processing of your data is based on your voluntary consent; providing your data is optional. Regardless of whether you have consented to such processing, you will be able to purchase our products online.
To send you marketing communications or personalized offers, methods such as email, newsletters, operator-assisted telephone calls, SMS, MMS, chat, instant messaging, social networks and traditional mail are used, including invitations to organized events from VIVAAWORLD or in which VIVAAWORLD participates. You may unsubscribe from marketing communications in the corresponding section of your personal account or by clicking the respective link, which appears at the bottom of every commercial communication.
3.4 OTHER PURPOSES
4. WHO WILL PROCESS YOUR DATA
Duly informed personnel (employees and associates) of VIVAAWORLD, as well as third parties (service providers and/or business partners) who were appropriately selected by us and offer a suitable guarantee of compliance with personal data processing rules, may have access to your personal data. These third parties may conduct their activities as “data processors” (thus under our direct responsibility). For example, we may use the following categories of third party service providers who are our data processors: Internet providers, companies specialized in IT and electronic services, customer care service companies, companies that perform marketing activities, companies specialized in market research and data processing, physical stores. Additionally, we use a third party service provider, dropshippingshop (acting as our data processor) to operate the Site and provide marketing and customer care support. Some third party service providers act as “independent data controllers” (for example, we may use third party couriers and shippers, bank operators, independent professionals, or consulting, legal or tax assistance firms, on this basis).
Your personal data may also be disclosed to third parties, including in the following cases:
(i) when disclosure is required by the applicable laws and regulations for legitimate third party recipients of communications, such as public entities and authorities that process your data as independent controllers for the respective institutional purposes;
(ii) in case of extraordinary operations (for example mergers, acquisitions, disposal of business, etc.);
(iii) when you provide your consent to the companies of the VIVAAWORLD for independent marketing purposes.
You may request an updated list of the parties to whom we disclose your data by contacting us using the contact details indicatedbelow.
Some of the parties indicated above (including various entities constituting VIVAAWORLD) may also be established outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guaranty an adequate level of protection of personal data according to the standards established by the GDPR. VIVAAWORLD has adopted the necessary precautions to ensure a lawful transfer of data (in particular, through the use of the Standard Contractual Clauses approved by the European Commission). You may request information about the transfer of your personal data abroad at any time by contacting us using the contact details indicatedbelow.
5. HOW LONG DO WE RETAIN YOUR DATA
We retain your personal data for a limited period of time, which is strictly related to the purpose for which it was collected, and in conformity with the applicable legal or regulatory obligations. At the end of the established retention period, your personal data will be deleted, or in any case irreversibly anonymized, unless VIVAAWORLD is required to retain the data for an additional period of time to comply with legal or regulatory obligations, or to exercise or defend a right in a judicial proceeding. The retention period differs according to the purpose of the processing, in particular: for the online sale of products and the relative activities connected thereto (point 3.1), your personal data will be retained for the entire duration of the contractual relationship and for 10 (ten) years after the termination thereof, except for registration on the Site (“My Account”) and the use of confidential services for registered users (for example: Wish List, My Orders, Quick Buy, etc.), in relation to which your personal data will be retained until you request the deletion of your account; when VIVAAWORLD processes your data for personalized marketing or profiling purposes, your data is retained for a period of 7 (seven) years from the time you provide your consent for the aforementioned purposes, following an evaluation of the impact on data protection conducted by VIVAAWORLD, with the participation of its Data Protection Officer; for general marketing activities, your data is retained by VIVAAWORLD until deletion is requested, consent revoked, or processing opposed; VIVAAWORLD furthermore wishes to protect your data and ensure that you wish to continue to receive its communications. Therefore, it deletes your data when 4 (four) years have elapsed since your last interaction with the VIVAAWORLD sphere, for example through purchases made at VIVAAWORLD stores or the Site, participation in VIVAAWORLD events or newsletters; to comply with legal obligations relating to personal data processing matters (point 3.4), your personal data will be processed by each controller, as concerns their specific area of authority, for the period needed to manage your request to exercise the rights recognized under the GDPR or to meet the legal obligation to which the data controller is subject. The data necessary to demonstrate compliance with the legal obligations to which the controller is subject shall be retained for 10 (ten) years; in case of a legal or administrative dispute, your data shall be retained for the time needed for VIVAAWORLD or a third party to seek legal protection of a right, or within the limits imposed by the legal or administrative authority.
For more information about the retention of your personal data, contact us using the contact details indicated below.
6. WHAT ARE YOUR RIGHTS
You may contact VIVAAWORLD or the respective Data Protection Officers at any time, using the contact details specified below, to exercise your rights pursuant to the GDPR, and particular: to obtain confirmation of whether or not your personal data is being processed and, if it is, to obtain access to or a copy of such personal data (”right of access”); correction of your personal data, i.e. to obtain the correction, modification, or updating of any data that is inaccurate or no longer correct, as well as to supplement incomplete personal data, including by providing a supplementary declaration (“right of rectification”); to revoke your consent (“right to revoke consent”): you may revoke the consent you have given to process your personal data at any time, including in relation to any activity whatsoever with a marketing purpose, including profiling. To that end, we remind you that marketing activities are considered to be the sending of commercial and advertising communications, the completion of market research and surveys to determine level of satisfaction, and the personalization of commercial offers based on your interests. Once your request has been received, we will cease the processing of your personal data that was based on such consent, while different instances of processing, or processing based on other requirements, will continue to be performed in full compliance with the current provisions; to request the deletion of your personal data when such data, in particular, (i) is no longer necessary for the purposes for which it was collected or processed, or (ii) was unlawfully processed, or (iii) must be deleted to perform a legal obligation, or, lastly, (iv) you have opposed such processing (see below “right to object”) and there is no prevailing legitimate reason that would allow us to nevertheless proceed with the processing (“right to erasure” or “right to be forgotten”); to obtain a limitation on the processing of your personal data, i.e. that we retain such data, but without being able to use it, save for any requests or exceptions prescribed by law. This right may only be exercised when, in particular (i) you object to the accuracy of the personal data, for the period needed for the controller to verify the accuracy of such personal data, or (ii) the processing of data is unlawful and you ask us to limit its use, instead of deleting it, or (iii) even though the controller no longer needs it for processing purposes, you require the personal data to assess, exercise, or defend a right in a legal proceeding, or (iv) you have opposed its processing (see below “right to object”), while awaiting a verification as to any legitimate grounds of the controller that prevail over those of the data subject (right to restriction); to request your data or transfer it to a party other than the controller (“right to data portability”). You may ask to receive the data we process based on your consent or based on a contract entered with you, in a form that is structured, commonly used, and readable on an automatic device. If you so desire, where technically possible, we may, upon your request, transfer your data directly to a third party you indicate; submit a claim to one of the competent supervisory authorities on compliance with the personal data protection standards, if you believe that your data was unlawfully processed (“right to submit a claim”). In Italy, a claim may be filed with the Personal Data Protection Authority.
Furthermore, as a data subject, you also have the “right to object”, i.e.: object at any time, for reasons related to your specific situation, to the processing of your personal data for the purpose of a legitimate interest of the controller or for marketing purposes, including profiling. We shall refrain from further processing your personal data, unless we can demonstrate that there are compelling, legitimate reasons to proceed with the processing that prevail over the interests, rights, and freedoms of the data subject, or to assess, exercise, or defend a right in judicial proceedings.
To ensure full respect of the rights described above, and that our users’ data is not unlawfully accessed or violated by third parties, prior to accepting a request from you to exercise one of the rights indicated, we may ask you for certain information to confirm your identity or clarify the request made.
8. WEB PUSH NOTIFICATION
VIVAAWORLD uses some of your personal data to send you personalized notifications about products and commercial news (so-called “web push notification”) on your device, upon your express consent. In order to be able to send you these notices, we use technologies similar to cookies (in particular, “HTLM5 Local Storage”), which archive information in your device’s Local Storage area. Some of your personal data is also stored on servers, located in the European Union, which are used to manage the “web push notification”. Communications are personalized based on how you navigate and use the Site and, in particular on the products you have viewed, purchased, or placed in your cart, or on the data you entered on the Site registration form or when purchasing products on the Site (in particular, your name, to personalize communications sent to you and your date of birth to offer you special birthday promotions and discounts). The categories of personal data that are used for this purpose are:
products that are purchased, viewed, or placed in your cart;
date of birth;
gender (male or female); language used to navigate and version of the Site used (country);
information about the device and browser you used;
date and time when you gave consent to receive web push notifications;
date My Account created;
date of last visit to Site.
You may revoke your consent to receiving personalized commercial communications at any time by following the instructions below, depending on your browser.
Chrome: Settings > Show Advanced Settings > Privacy – Content Settings > Notifications - Manage exceptions > Enter www.vivaaworld.com and select “Block”
: Options > Content > Notifications – Choose > www.vivaaworld.com – “Block” Safari: Preferences > Notifications > From here select “Refuse”.
may also revoke your consent to receiving these notices from the communications you receive, by following the instructions below.
Desktop: Right-click on notifications > disable notifications from www.vivaaworld.com
Mobile: Access the notification center > Site parameters > Notifications > Block notifications from www.vivaaworld.com
In any case, the service and your corresponding personal data in the possession of VIVAAWORLD will be deleted after 365 (three hundred sixty-five) days from the date of your last visit to the Site.
9. DATA SECURITY
We adopt specific technical and organizational security measures to safeguard the confidentiality of Site users’ personal data, which are aimed at preventing the unlawful or fraudulent use of their personal data.
We remind you to take suitable precautions when using the Site, such as, for example, keeping your access credentials strictly private, and changing them periodically.
10. CONTACT DETAILS OF THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER
When you interact with the Site, use our services or purchase our products VIVAAWORLD (along with its affiliated entities worldwide) is responsible for the processing of your personal data, as described herein. VIVAAWORLD’s. You can contact us at any time using the following email address: email@example.com. Our Data Protection Officer may be contacted at the following email address: firstname.lastname@example.org. Alternatively, for any clarification, question, or requirement related to your privacy, or to exercise your rights recognized under the GDPR (see point 6) you may contact us by sending a request to our Customer Care, selecting “Privacy”. If you so wish, you may also contact us and our Data Protection Officers (DPOs) directly; to do so, you may use the contact details noted above.
11. CALIFORNIA PRIVACY RIGHTS
Effective as of January 1st, 2020
Last Update: July 20th, 2020
“Personal information”, as used in this California Privacy Rights section means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
NOTICE AT COLLECTION: The following lists describe the personal information we collect and the purposes for which we will use it.
INFORMATION WE COLLECT
identifiers, such as first and last name, postal address, email address, internet protocol address, or other similar identifiers; customer records information, such as telephone number, payment card details, physical characteristics or description, and, for event planning and management, your driver’s license number or other identity information or documents; characteristics of protected classifications under California or federal law, such as gender, age, national origin, and, for event planning and management, health information such as food intolerances; commercial information, such as products or services purchased, obtained, or considered and other purchasing or consuming histories or tendencies; internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with our Website, advertisements, or social media; audio, electronic, visual, thermal, olfactory, or similar information; professional or employment-related information; geolocation data; an inferences drawn from any of the information identified above to create a profile about your preferences, characteristics, predispositions, behavior, attitudes, and aptitudes.
PURPOSES FOR WHICH WE WILL USE SUCH PERSONAL INFORMATION
to enable you to make purchases; to provide you with customer service and the services on the Website (e.g., to allow you to request information about our products and their availability, request assistance, reserve an appointment at a store or send a gift); for purposes of marketing (e.g., to allow you to receive promotional newsletters, sales or advertising communications on events, promotional and sales initiatives of VIVAAWORLD, for market research and satisfaction surveys, and for statistical analyses with anonymous data that has been organized in an aggregate format); for event planning and management (e.g., management of guest lists, access control for events under invitation, and handling of press coverage); and to protect corporate assets in certain locations.
OTHER PERSONAL INFORMATION PRACTICES:
CATEGORIES OF PERSONAL INFORMATION COLLECTED: during the preceding 12 months, we have collected the following categories of personal information about you: identifiers, such as first and last name, postal address, email address, internet protocol address, or other similar identifiers; customer records information, such as telephone number, payment card details, physical characteristics or description, and, for event planning and management, your driver’s license number or other identity information or documents; characteristics of protected classifications under California or federal law, such as gender, age, national origin, and, for event planning and management, health information such as food intolerances; commercial information, such as products or services purchased, obtained, or considered and other purchasing or consuming histories or tendencies; internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with our Website, advertisements, or social media; audio, electronic, visual, thermal, olfactory or similar information; professional or employment-related information; geolocation data; and inferences drawn from any of the information identified above to create a profile about your preferences, characteristics, predispositions, behavior, attitudes, and aptitudes.
SOURCES OF INFORMATION COLLECTED: we collect your personal information from you directly (including from your device) and from our service providers.
PURPOSE OF COLLECTING YOUR INFORMATION: we collect your personal information for the following business or commercial purposes: to enable you to make purchases; to provide you with customer service and services of the Website; for purposes of marketing; for event planning and management; and only in certain locations, to protect corporate assets.
DISCLOSURE OF YOUR PERSONAL INFORMATION: the following chart details the categories of personal information we have disclosed to third parties for a business purpose during the preceding 12 months and the third parties to whom we have disclosed such personal information during this time:
Categories of Personal Information Disclosed During Preceding 12 Months Third Party to whom your Personal Information has been Disclosed During Preceding 12 Months Identifiers Advertising networks Service providers.
Subject to exceptions under applicable law, you may have certain choices regarding our use and disclosure of your personal information, as described below:
1. Access: you have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected about you during the past 12 months and details regarding our collection, use, and disclosure of such information.
2. Deletion: you have the right to request that we delete the personal information we have collected about you.
3. Opt-Out: you have the right to opt out of the sale of your personal information. See above under “DISCLOSURE OF YOUR PERSONAL INFORMATION; Selling your information”.
4. Non-Discrimination: you have the right to not receive discriminatory treatment by us for the exercise of any of your rights under the CCPA.
TO EXERCISE YOUR ACCESS OR DELETION RIGHTS DESCRIBED ABOVE, YOU CAN:
Write to Customer Care by using the web form accessible; or contact us at email@example.com.
VERIFYING YOUR REQUEST: if you exercise your access or deletion rights, we may require you to provide certain information (such as your name, email address, phone number and/or address) that we will match with data points we already have, in order to verify your identity to the degree of certainly required by the CCPA. We may ask for additional proof where necessary. If we are unable to verify your identity to the degree of certainty required by the CCPA through any reasonable method, we will state in a written response to you that we are unable to verify it, along with a reason as to why there is no reasonable method by which we can verify your identity.
AUTHORIZED AGENT: as a California resident, you may designate an authorized agent to act on your behalf to make a request under the CCPA by using the same channels for exercising your rights described above. If you designate an authorized agent, we may require you to (a) provide your authorized agent with signed permission to do so, (b) verify your own identity with us directly and (c) confirm with us directly that you have provided your authorized agent permission to submit the request.
YOUR PRIVACY RIGHTS UNDER THE CALIFORNIA “SHINE THE LIGHT” LAW: In addition, under California Civil Code Section 1798.83, if you are a California resident and your business relationship with us is primarily for personal, family or household purposes, you may request certain data regarding our disclosure, if any, of personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please send an e-mail message to our e-mail address above with “Request for California Privacy Information” in the subject line. You may make such a request up to once per calendar year. If applicable, we will provide you, by e-mail, a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses. Please note that not all personal information sharing is covered by Section 1798.83’s requirements.