IINFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA.
Before you provide us with your personal data, in accordance with the General Data Protection Regulation (EC) 2016/679 (hereafter the “Regulation” or “GDPR”), pursuant to Legislative Decree no. 196 of 30 June 2003, as updated by Leg. Decree no. 101 of 10 August 2018, the objective of which is to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data, it is important that you read the information provided herein aimed at guaranteeing that the processing of your person data is carried out in accordance with your fundamental rights and freedoms.
Fabbrica d’Armi Pietro Beretta S.p.A. (hereinafter, "Beretta" or "we" or “Data Controller”) is committed to protecting your personal data and strives to provide you with the best possible experience so that you can enjoy our service today and in the future. The following privacy Information Notice (hereinafter the Information Notice”), provided pursuant to art. 13 of the Regulation, describes how we collect, use, store or otherwise process (jointly "process") the personal data of Customers2 on the Beretta e-commerce website estore.beretta.com (hereinafter “Beretta E-store” or “Platform”)
2.Data Controller 2
3.Data Protection Officer (DPO) 2
4.Purpose of the processing and legal basis 2
5.Personal data processed and methods of processing personal data. 3
6.Processing of anonymised data 4
7.Nature of the conferral of personal data and consequences of refusals 4
9.Communication and dissemination of personal data 4
11.Personal data retention period 5
12.Data subject rights 5
13.Third party websites and services 5
14.Corporate aspects 5
The Beretta E-store allows you to purchase exclusive Beretta products and services. More specifically, the completion of the My Beretta Community registration process is not a mandatory step when purchasing its products and services on the website. Therefore, you may opt to choose to purchase products and/or services as an unregistered user (“Guest”).
However, in this case, you will not be able to take advantage of the following features and:
- track your orders on the Platform and view your previous purchases;
- save articles and products in the wishlist for future purchases;
- save your name and address and shipping information for future purchases.
For further details regarding the terms and conditions of sale, please read our Terms & Conditions.
The data controller is Fabbrica d’Armi Pietro Beretta S.p.A. (Tax Code and VAT no. IT01541040174), with registered office in Gardone Val Trompia (BS), via Pietro Beretta, 18. The Data Controller can be contacted at the following email: firstname.lastname@example.org.
Data Protection Officer (DPO)
Beretta has designated a Data Protection Officer (DPO) who can be contacted at the following email address: email@example.com
Purpose of the processing and legal basis
Please find below more details about the purposes for which we process your personal information.
· Scope and purpose:
A. Purchase and deliveries of products and services: we use your personal information to receive and manage your orders, manage shipping and delivery processes, and provide your order status information
B. Compliance with all legal obligations
C. Sending of information and promotional communications to improve your platform experience (Direct Marketing)
D. Troubleshooting, technical support, and Platform support
E. Prevent threats to the integrity, availability and confidentiality of personal data, combat spam and other malware and, more generally, detect, prevent, and mitigate security risks (Information security)
F. Prevention of fraud and, more generally, access to the Platform by persons intending to compromise its security (Fraud prevention)
· Legal Basis:
A. The processing carried out for this purpose is mandatory to execute the contractual obligations. The Data Controller has identified the legal basis of the processing pursuant to art.6 (b) of the Regulation.
B. The processing carried out for this purpose is mandatory to execute the contractual obligations required of Beretta. The Data Controller has identified the legal basis of the processing pursuant to art.6 (c) of the Regulation.
C. The processing carried out for these purposes is performed pursuant to your prior, specific and informed consent granted to the Data Controller for each of the listed purposes, in accordance with Article 6(a) of the Regulation. In any case, you are entitled to withdraw your consent at any time by sending an email to firstname.lastname@example.org
D. The processing carried out for these purposes is necessary for the purposes of the legitimate interest of the Data Controller, in accordance with Article 6 (f) of the Regulation.
Personal data processed and methods of processing personal data.
The processing of personal data is carried out using electronic or automated means and personal data is transmitted via electronic network systems. The Data Controller implements all appropriate technical and organisational measures to guarantee an adequate level of security in relation to the type of data being processed.
Below are further details on the personal data undergoing processing.
If you decide to purchase services and/or products by logging in as a member and user of the My Beretta Community5, please read the privacy Information Notice which can be found at the following link. This will give you more information on how your personal data is processed as a My Beretta Community member.
- Purchase and deliveries of products and services
- Mandatory: Name, surname, country, email address, telephone number, shipping address and, if different, billing address
- Mandatory: Name, surname, country, email address, telephone number, shipping address and, if different, billing address
With specific regard to the processing of personal data carried out for marketing purposes, the conferral of personal data is entirely optional and the processing is subject to you granting your specific and informed consent to the processing of yout personal data for the purposes described in paragraph 4, (c). In any case, you are entitled to withdraw your consent at any time by sending an email to email@example.com
- Your Conferred data: Name, surname, country, email address, telephone number, shipping address and, if different, billing address
- Data collected and processed by the Platform: Details of orders placed on the Beretta E-Store as well as products placed in the shopping cart
- Information security & Fraud prevention
As you use the Platform, we may automatically collect certain information as detailed in the table below.
- Personal Data we collect: Technical information (for example: Platform page response times, download errors, browsing time on certain platform pages, information on interactions with certain Platform pages, such as scrolling, clicking, etc.); The IP address of the user and details on the operating system of the device used to access the Platform
- Reason why we collect: We collect this information to ensure your use of the Beretta E-Store is secure and protected against fraud, as well as to provide you with technical support or assistance concerning any other issues you may be experiencing. In addition, the processing of these data allows us to block access to the Beretta E-Store of subjects who threaten the security of the same and pose threats to the integrity, availability and confidentiality of personal data, combat spam and other malware and, more generally, detect, prevent, and mitigate security risks.
Processing of anonymised data
Anonymous data refers to information that is altered by a specific processing method in such a way as to make it impossible to relate it to an identified or identifiable natural person. Therefore, the Regulation does not apply to the processing of such information.
We may use anonymous or aggregated data for various purposes, for instance to better understand the needs and behaviours of the user base, to improve our Platform, conduct business intelligence and marketing activities, and detect security threats.
Except for this section, none of the other provisions of this Information Notice apply to anonymous and/or aggregated data.
Nature of the conferral of personal data and consequences of refusals
The conferral of the personal data defined as necessary is essential in order to pursue the purposes illustrated in paragraph 4 points (A) and B).
Failure, partial or inaccurate conferral of the aforementioned personal data may make it impossible to complete the purchase of products and/or services on the Beretta E-Store.
However, the conferral of personal data for the purposes described in points C) and D) of paragraph 4 of this Information Notice, is optional and any refusal shall only mean that the Data Controller is unable to pursue such purposes and shall not, in any manner, affect your ability to purchase products and/or services on the Beretta E-Store.
You can manage your cookie preferences at any moment in time at the following link.
Communication and dissemination of personal data
Personal data shall be processed by persons authorised to carry out such processing and by designated data processors6 pursuant to Art. 28 of the GDPR, in order to carry out the processing activities necessary to pursue the purposes illustrated in paragraph 4 of this Information Notice. The latter are direct collaborators of Beretta and their list is constantly updated and available by sending a request to firstname.lastname@example.org
All personal data are processed within the territory of the European Union and, if necessary, for technical or operational reasons, Beretta reserves the right to transfer such personal data to third countries outside the European Union, pursuant to the existence of an "adequacy decision" or on the basis of appropriate safeguards, or in the cases specifically provided for in the Regulation.
No personal data shall be subject to dissemination.
The Platform is not intended for use by subjects under 16 years of age, and we do not intentionally collect their personal data. However, despite Beretta’s efforts to control and prevent the registration of persons under the age of 16, it is not possible to guarantee the complete absence of such persons.
If a user under the age of 16 has provided personal information without the prior consent of the holders of parental responsibilities, the latter shall kindly request, at any moment in time, the erasure of the personal data provided by the minor by sending an email to the following address: email@example.com
Personal data retention period
Personal data are retained for the period of time strictly necessary to pursue the purposes illustrated in paragraph 4 of this Information Notice, except where longer retention periods are required by law.
In particular, as regards to:
- the purposes referred to in point 4 (a) of this Information Notice, personal data shall be retained for the period of time strictly necessary for the correct processing of your orders and related shipment operations;
- the purposes referred to in point 4 (b) of this Information Notice, the Data Controller shall retain the personal data for the period of time strictly necessary for Beretta to fulfil its statutory obligations;
- the purposes referred to in point 4 (c) of this Information Notice, the Data Controller shall retain the personal data for no longer than 24 (twenty-four) months. After this retention period, the data will be deleted in a secure manner or rendered irreversibly anonymous.
- the purposes referred to in points 4 D), E) and F) of this Information Notice, the personal data shall be retained in accordance with the provisions of the applicable regulations, and for no longer than is strictly necessary for the purposes for which such data were collected.
Data subject rights
Pursuant to arts. 15, 16, 17, 18, 20 and 21 of Regulation (EU) 2016/679 (GDPR), the Data Controller also informs you of how and when you are allowed to exercise the data subject rights envisaged by the Regulation to obtain:
- access your personal data;
- rectification of personal data;
- erasure of personal data, for the cases envisaged by the GDPR;
- restriction of processing, under the conditions envisaged by the Regulation;
- portability of personal data;
- the right to object to the processing of personal data.
Moreover, you are entitled to lodge claims with the Supervisory Authority for the Protection of Personal Data.
All requests to exercise your rights shall be sent to the Data Controller at firstname.lastname@example.org
Third party websites and services
In the event where Beretta should be subject to any acquisition or merger with another company, should transfer some or all of its assets to a third party, or in the event of bankruptcy or dissolution of corporate business, the personal data in its possession may be transferred to an acquiring undertaking or a third party, also in relation to or in connection with the prior due diligence envisaged for such business transactions, subject to the limits and guarantees set forth by the applicable laws in force. In any case, you shall be promptly informed of any such corporate events so that you can decide whether or not to continue using the Platform.
Last update: [12/10/2022]
We are constantly striving to improve the level of protection of your personal data and respect for the privacy of our Customer, which means that we may amend, supplement or update this privacy Information Notice from time to time. We shall notify you of any amendments made to the privacy Information Notice by email to the address you provided. In any case, feel free to access the Information Notice in the privacy section of the Platform or visit the website [https://www.beretta.com/] to ensure that you are always up to date with all processing developments and our compliance with applicable legislation on the protection of personal data.
3 For the purposes of this Information Notice, “My Beretta Community” means the web area that allows Beretta customers and product enthusiasts who can access specific exclusive and dedicated services.
4 For the purposes of this Information Notice, the term “Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data (art. 4 no. 7 GDPR).
6 For the purposes of this Information Notice, the term “Data Processor” means the natural or legal person, public authority, agency or other body which who process Personal Data on behalf of the Data Controller (art. 4 (8) of the GDPR).