Mod. IS01-18 

Information on the processing of personal data. 
(Articles 13 and 14 EUROPEAN REGULATION N. 679/2016) 

Introduction.
The following information is intended for all those who visit and interact with this e-commerce site of the company SANDFOX, the so-called web store (“e-shop”), where it is possible to purchase online products. The e-shop is managed on behalf of SANDFOX which deals with the management of sales and transactions carried out in the context of the SANDFOX e-shop (for example: order management, sales and delivery of products, returns and warranties management and other activities necessary for the sale of products through the e-shop) as external manager for the treatment formally appointed and empowered by the same writing company.
It should be noted that the company SANDFOX, have entered into a contract with which they have defined their respective responsibilities regarding the compliance with the obligations deriving from the European Regulations; adequate information on the essential content of the contract will be accessible to you by contacting the Data Controller whose references are indicated below. 

Dear Navigator, 
the writer SANDFOX, with registered office in Deutzer Freiheit 72 50679 Köln-Deutz / Germany, as “Data Controller” informs you, pursuant to the articles 13 and 14 of the European Regulation n. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below: 

1. Object of the Treatment
The Data Controller informs you that personal data, such as name, surname, company name, address, telephone number, e-mail address, bank and / or payment details, etc., hereinafter referred to as “personal data” or even simply “data”, related to you, acquired verbally directly or through third parties in the past, such as those that will be collected in the future, will be processed in full compliance with the EU Regulation. The Data Controller carries out the processing in a lawful manner specifically for the performance of a contract of which you are a part or for the execution of the pre-contractual measures (eg preparation of an offer, etc.) requested by you (art. 6 of the EU Regulation).

Data processing means any operation or set of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination and destruction of the data. 

2. Legal basis and purpose of processing
Legal basis: EU Regulation no. 679/2016 
A) without your express consent (Article 6 letters b), c) and e) of the EU Regulation), for the following purposes: 
– in order to manage access to e-shop services and facilitate the purchase of products online and to allow your registration to the e-shop and the eventual conclusion of the purchase contract through the e-shop;
– fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence; 
– allow you to access the e-shop, even as an unregistered user, and to browse the e-shop; 
– allow them to register on the Website, creating an account, and to use the services reserved for registered users, including, in particular, the possibility of purchasing through the e-shop; – allow you to access the e-shop and browse the e-shop as a logged in user; 
– maintain and manage your account; 
– store in your account data and information, such as, by way of example, your personal data, the history of your orders and any returns, your preferred delivery and / or billing addresses;
– allow it to put the products in the cart and to conclude the purchase contract through the e-shop. 
– to execute the obligations arising from the purchase contract concluded through the e-shop, such as, by way of example, the delivery of products sold; 
– to allow the fulfillment of the obligations arising from your purchase contract concluded through the e-shop, such as, by way of example, the payment, even online, of the products purchased; 
– for general assistance and customer care activities and therefore to respond to requests for information from users or to respond to complaints, reports and complaints;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering); 
– exercise the rights of the Data Controller, for example the right of defense in court; 
– for the keeping of the general accounts; 
– for management purposes (invoicing, possible document management, etc.); 
– for credit management; 
– for statistical analysis and quality control; 
– for insurance operations; 
– for technical assistance. 
In particular, your data will be processed for purposes related to the implementation of the following obligations, related to legislative or contractual obligations:
– Technical and functional access to the site no data is kept after closing the browser; 
– Advanced navigation purposes or personalized content management; 
– Statistics and analysis of navigation and users. 

B) Only subject to your specific and distinct consent (Article 7 of the EU Regulation), for the following commercial and / or marketing and / or profiling purposes: 
– sending by e-mail, post and / or text messages and / or contacts telephone newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and / or detection of the degree of satisfaction on the quality of what was done on your request;
– sending by e-mail, mail and / or sms and / or telephone contacts of commercial and / or promotional communications of third parties (for example, business partners). 

3. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, blocking. Your personal data are subjected to both paper and electronic and / or automated processing (however suitable to guarantee the security and confidentiality of data). 

4. Data retention times and other information.
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than the legal terms from the termination of the relationship for the purposes of the existing relationship (ie: data necessary for the execution of the contract of purchase until the delivery of the product or, in case of non-delivery, until the termination of the contract). 
With reference to the personal data processed for the purpose of marketing or processing for purposes of profiling, the same will be retained in accordance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until the withdrawal of the specific consent by the interested party.
Specifically, the Data Controller will process data for no more than 2 years from data collection for Marketing Purposes and one year for data collected for profiling purposes. 
The personal data you provide will be treated “in a lawful manner, according to correctness and transparency” protecting your privacy and your rights. 
It is expected that a periodic check will be carried out annually on the data processed and on the possibility of being able to cancel them if no longer necessary for the intended purposes. 

5. Access to data
Your data may be made accessible for the purposes referred to in paragraphs 2.A) and 2.B):
– to shareholders, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
users and related lawsuits for specific market research. The data collected and processed can also be communicated, in Italy and abroad, to subcontractors, suppliers, for the management of information systems, to transporters, shippers and customs agents).
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal. 

6. Data communication
Without the need for express consent (Article 6 letter b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in paragraph 2.A) to organizations supervisory authorities, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes indicated above. 
These subjects will process the data in their capacity as independent data controllers. 
During and after browsing your data may be disclosed to third parties, in particular to:
– Google: Advertising Service, Target Advertising, Analytics / Measurement, Content Customization, Optimization; 
– Google AdWords: Advertising Service, Target Advertising, Analytics / Measurement, Content Customization, Optimization; 
– Google Analytics: Target advertising, Analytics / Measurement, Optimization. 

Your information will not be disseminated. 

7. Data transfer
Personal data are stored on devices located at the headquarters of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move data even in non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the contractual clauses and standard verifications envisaged by the European Commission.
Regardless of the data present on their devices, and for any data present at the provider, the Data Controller has put in place adequate technical and organizational measures to guarantee a suitable level of security, in full compliance with the provisions of art. 32 of the EU Regulation. 
Navigation: your browsing data may also be transferred, limited to the purposes indicated above, in the following states: – EU countries, – United States. 
Cookie management: in case you have doubts or concerns about the use of cookies you can always intervene to prevent the setting and reading, for example by changing the privacy settings in your browser in order to block certain types.
Since each browser, and often different versions of the same browser, also differ significantly from each other if you prefer to act independently through the preferences of your browser can find detailed information on the procedure required in the guide of your browser. 

8. Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in paragraph 2.A) is mandatory. In their absence, we cannot guarantee the Services as indicated in 2.A) (example: failure to communicate data will therefore make it impossible for the user to conclude this contract and therefore to purchase through the e-shop).

The provision of data for the purposes referred to in paragraph 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material and / or anything else related to the Services offered by the Data Controller. 
However, you will continue to be entitled to the Services referred to in point 2.A). 

9. Rights of the interested party
In his capacity as an interested party, he has the rights set forth in art. 15 of the EU Regulation below and precisely:
1. has the right to obtain from the Data Controller confirmation that it is or is not undergoing treatment of personal data concerning him and in this case, to obtain access to personal data and the following information: 
a) the purposes of the processing ; 
b) the categories of personal data in question; 
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; 
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; 
f) the right to lodge a complaint with a supervisory authority (the Guarantor for the protection of personal data); 
g) if the data are not collected from the data subject, all information available on their origin; 
h) the existence of an automated decision-making process, including profiling pursuant to art. 22, paragraphs 1 and 4 of the EU Regulation, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the data subject.
2. If your personal data are transferred to a third country or to an international organization, you have the right to be informed of the existence of adequate guarantees pursuant to art. 46 of the EU Regulation concerning the transfer. 
3. The Data Controller will provide you with a copy of your personal data being processed in case you request it. 
If you request further copies, the Data Controller may charge you a reasonable fee based on administrative costs. If you submit the request by electronic means, and unless otherwise specified, the information will be provided in a commonly used electronic format. 
4. The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others.
Furthermore, where applicable, you can enjoy the rights referred to in articles 16 to 22 of the EU Regulation and precisely: 
– the right to rectify personal data; 
– the right to be forgotten (right to cancel); 
– the right to limit processing; 
– the right to data portability; 
– the right to object; 
– the right of complaint to the Guarantor Authority. 
You also have the right to revoke at any time any consent already given without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation. 

10. How to exercise rights You
may exercise your rights at any time by sending:
– a registered letter with return receipt to the writer (see the address indicated on the letterhead); 
– an e-mail to the address info@sandfoxgear.de

11. Minors
The information provided by the Data Controller and the subject of the relationship with you does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the interested party. 

12. Personal data not obtained from the interested party
It may happen that the writer is not the Data Controller to which you have given your personal data, but appears to be co-owner of the treatment or responsible for external processing and therefore your data have come to the writer secondly due to of a contract that regulates the parties. In this case it is specified that the writer will do everything possible to make sure that you have been informed and gave consent to the processing. You can ask the writer at any time about the source of acquisition of your data. 

13. Owner and responsible
Below we provide you with some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards our customers is a fundamental part of our business. 
Data controller. The Data Controller of his personal data is SANDFOX on behalf of the legal representative, responsible to him for the legitimate and correct use of his personal data and who can contact for any information or request at the following addresses: telephone +49 (0) 221 99 555 708, e-mail: info@sandfoxgear.de
Appointees. The updated list of persons in charge of processing is kept at the headquarters of the Data Controller. 14. Cookies

Cookies are text files that are automatically saved on the user’s computer while browsing. Their purpose is to make the experience of using the website more complete as they act as tools for storing user preferences. 
This site uses cookies owners and third parties described below, their presence is subject to the functionality provided for the website during the design phase: 

Technical cookies
Technical cookies are essential for the proper functioning of certain areas of the Website. For this reason, technical cookies are always used on the Site regardless of user preferences. In particular, the Site uses: PHPSESSID (duration browsing session); it contains information on the browser session and allows users to access the Site. 

Confidential area cookies
In the case of a reserved area, a cookie is generated that can remember the user’s username and password. 
In this way this information will not have to be reinserted on every subsequent visit. 

Mobile browsing cookies
With the aim of making experiential navigation even on the latest generation of devices, this website is equipped with a cookie that can detect and store the access device used. Based on the information collected, the most appropriate site version will be presented. E 

-shop order recovery cookies
In the event that an e-commerce area is present, the system stores the user’s interaction with the purchase area, generating a cookie capable of recovering the orders placed. 

Third-party cookies – Google Analytics
This website uses third-party cookies belonging to Google Inc. for the collection of users’ browsing data. The data collected in this way are used solely for the purpose of generating statistical reports within the analysis tool Google Analytics. 

A demographic profiling of users can also be performed, extracting statistically relevant data including age, sex, interest categories. 
More information on the processing of data by Google Inc. can be found at http://www.google.com/analytics/learn/privacy.html
To disable Google Analytics for display advertising or to customize the types of ads displayed, you can access the addresshttps://www.google.com/settings/ads
To completely disable the collection of statistical data by Google Analytics, you can install the browser add-on, which can be downloaded from https://tools.google.com/ dlpage / gaoptout /

Other active third-party cookies can be: AddThis ( http://www.addthis.com/privacy ), Bing ( https://privacy.microsoft.com/it-it/privacystatement ), CloudFlare ( https : //www.cloudflare.com/it-it/privacypolicy/ ), Facebook ( https://www.facebook.com/policies/cookies/ ), Feedaty ( https://www.feedaty.com/privacy ), HotJar ( https://www.hotjar.com/privacy ), Linkedin (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy ), ShareThis ( https://www.sharethis.com/privacy/ ), TrustedShop ( https : //www.trustedshops.it/legal-notice-privacy.html ), Twitter ( https://help.twitter.com/it/rules-and-policies/twitter-cookies ), Yotpo ( https: // www .yotpo.com / privacy-policy / ), Zendesk ( https://www.zendesk.com/company/customers-partners/cookie-policy/ ) 

To discover all the cookies active on this site you can use the service available at ‘ http://www.cookie-checker.com/ address or similar services.

Please note that all data collected with cookies on this site will never be provided to third parties other than Google Inc. or its certified partners.