Pursuant to art. 13 of European Regulation (EU) 2016/679 (hereinafter GDPR) and with regard to the personal data that THESHHHOP S.R.L. will be provided under the assignment, we inform you as follows:
The processing of personal data refers to any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. Data Controller, Data Processor and Personal Data Protection Officer

The Data Controller is the company THESHHHOP S.r.l. (VAT no. 02868410420) with registered office in Senigallia, Via Abbagnano 17 (hereinafter also “THESHHHOP”).
Any communication/request concerning any aspect of data management and processing should be addressed to the following addresses:
PEC certified email: theshhhop@pec.it, email: info@theshhhop.com

2. Purposes of the data processing

Personal data collected for the following purposes and using the following services: see list here
For the complete list of the types of data collected and the explicit consent to each of them, where required, please refer to the cookie policy of the Data Processor that can be accessed here. The policy details which data are functional to the requested service and therefore do not require explicit consent (group A), and which instead require consent (group B):
A) Without your express consent (article 24, letter a), b), c) of the Privacy Code and art. 6 letter b), e) of the GDPR), for the following Service Purposes:
- Fulfil contractual obligations with the Data Controller.
- Fulfil pre-contractual, contractual and tax obligations deriving from existing relationships with you.
- Fulfil the obligations established by law, a regulation, other European legislation or an order of the Authority (such as anti-money laundering).
- Exercise the rights of the Data Controller, for example the right to defend itself in court.
B) Only with your specific, distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
- Send you by email, post and/or text and/or telephone calls newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller, and measurement of the degree of satisfaction with the quality of the services.
- Send commercial and/or promotional communications of third parties by email, post and/or text messages and/or telephone calls.
Please note that if you are already our customer, we may send you commercial communications relating to services and products of the Data Controller similar to those already used, unless you do not consent (art. 130, para. 4 of the Privacy Code).
The Data Controller shall process personal data for the time necessary to fulfil the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of the data for Marketing Purposes.

Legal basis of the processing

The Data Controller lawfully processes your personal data where the processing:
- Is necessary for the performance of the requested service.
- Is necessary to fulfil a legal obligation incumbent on the professional.
- Is based on consent.

Consequences of failure to provide personal data

The provision of data for the purposes referred to in art. 2.A) is mandatory. Without them we cannot guarantee the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided. In this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).

Data retention

In compliance with the principles of lawfulness, limitation of the purposes and data minimisation, pursuant to art. 5 GDPR 2016/679 your personal data, processed for the above purposes, shall be kept for the period necessary for the performance of the service, and subsequently for the time in which the professional is subject to preservation obligations for tax purposes or for other purposes envisaged by law or regulation.
You may always, at any time, request the interruption of the Processing or the deletion and/or limitation of the Data.
The processing will be carried out automatically and/or manually, with methods and tools in compliance with security measures pursuant to art. 32 of the GDPR 2016/679 and Annex B of the Privacy Code (art. 33-36 of the Code), by specially appointed persons, in compliance with the provisions of art. 29 of the GDPR 2016/679.
For a precise, detailed description of the storage times of each individual category of data, please refer to the Cookie Policy.

Disclosure of the data

The processing of the data you provide us, or otherwise acquired as part of our business, will only be performed by persons previously appointed by the Data Controller, such as its employees or partners or contractors or companies that it works with for the sole purpose of providing you with the requested service.
Your data may also be disclosed to third parties exclusively for technical and operational purposes strictly related to the purposes set out above, and in particular to the following categories of parties:
a) bodies, professionals, companies or other entities entrusted by us with the processing for the fulfilment of administrative, accounting and management obligations connected with the ordinary performance of our business, as well as for payment collections.
b) public authorities and administrations for the purposes associated with the fulfilment of legal obligations.
c) banks, financial institutions or other entities to whom the transfer of said data is necessary for the performance of our company's business in relation to our fulfilment of contractual obligations to you.
Without the need for express consent (pursuant to art. 24 letter a), b), d) of the Privacy Code and art. 6 letter b) and c) of the GDPR), the Data Controller may disclose your data for the purposes referred to in art. 2.A) to regulators, judicial authorities, insurance companies for the provision of insurance services related to the provision requested, as well as to those to whom the disclosure is mandatory by law for the fulfilment of the aforementioned purposes. These parties will process the data in their capacity as independent Data Controllers.
Your information will not be disseminated.

Profiling and Dissemination of the data

Your personal data are not subject to dissemination or to any fully automated decision-making process, including profiling.
Rights of the Data Subject
Under the GDPR you have the right to:
- Request access to your personal data and information relating to them; the correction of inaccurate data or the completion of incomplete data; the erasure of personal data concerning you (under the conditions specified in art. 17, paragraph 1 of the GDPR and in compliance with the exceptions envisaged in paragraph 3 of the same article).
- The restriction of the processing of your personal data (in the event of the occurrence of one of the cases indicated in art. 18, paragraph 1 of the GDPR).
- In the cases where the legal basis of the processing is the contract or consent and such processing is done by automated means, request and obtain your personal data in a structured format legible by an automatic device, also in order to transfer such data to another data controller (the right to the portability of personal data).
- Withdraw your consent at any time, limited to the cases in which the processing is based on your consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data (for example data that reveal your racial origin, your political opinions, your religious beliefs, your state of health or sexual preferences). However, any processing based on consent carried out prior to the withdrawal of said consent is considered lawful.
- Lodge a complaint with a supervisory authority (Personal Data Protection Authority – www.garanteprivacy.it).


Consent will be collected and stored by viewing and signing the cookie policy in all its parts and for each purpose and category of data.