Privacy Policy of the Website www.blupura.com

[published on September 18, 2023]

Table of Contents

Personal Data Protection Information

For Blupura, the security of your personal data is very important. Therefore, we pay the utmost attention in collecting and managing the personal data that you provide or that we automatically acquire during your visit to the website www.blupura.com and subdomain https://ecommerce.blupura.com/ (the “Website“), adopting specific measures to ensure their security, confidentiality, and integrity, in accordance with Regulation (EU) 2016/679 (the “Regulation“) and any applicable local data protection laws.

Whenever, in the sections dedicated to the Website’s services, it is necessary to provide your personal data, you will be provided with additional information to allow you to evaluate whether to proceed with providing your personal data for the specified purposes.

  1. 1. Data Controller

The Data Controller of your personal data is Blupura S.r.l., with registered office in Italy, at Cadriano di Granarolo dell’Emilia (BO), Via Gandolfi n. 6, VAT number 02362310423 (hereinafter, “Blupura” or the “Controller“).

To exercise your rights and for any communication regarding your personal data, the Controller can be reached at the following address: info@blupura.com.

  1. 2. Purpose and Legal Basis of Processing

The acquisition and processing of your personal data will take place exclusively in compliance with the principles of lawfulness provided by the regulations, for the following purposes:

(i) ensuring correct navigation within the areas of the Website, due to the necessary nature of this processing to allow navigation on the Website and compliance with legal obligations;
(ii) processing your purchase requests for Blupura products or the use of services offered by the Website, due to the necessary nature of this processing to execute contractual and/or pre-contractual measures requested by you;
(iii) responding to your contact requests due to the necessary nature of this processing to execute contractual and/or pre-contractual measures requested by you;
(iv) sending you commercial communications via email regarding products and services similar to those you have purchased or events held by the Controller, unless you expressly refuse to receive such communications (“Soft Spam”);
(v) conducting marketing activities, based on your explicit consent if given;

The provision of your personal data as indicated in points (i), (ii), and (iii) is optional, but the failure to provide them may make it impossible to perform the requested services. For these cases, consent for the processing of personal data for the purposes described will not be requested as such processing falls within the provision of Article 6, para. 1, letter b) of the Regulation.

The processing of your personal data for the purpose referred to in point (iv) constitutes legitimate processing under the current applicable data protection legislation, which does not require your consent. You can object to the processing for this purpose at the time of purchase or in subsequent communications following the purchase of products and services from the Controller by writing to the contacts indicated in Article 1 of this information notice, as well as using the link found at the bottom of each email communication.

For the purposes referred to in point (v), any summary information on the processing of your personal data and specific requests for consent will be progressively reported or displayed on the pages of the Website prepared for these specific services.

We may also process your personal data to comply with a legal obligation to which we are subject or, finally, to pursue a legitimate interest of ours or of third parties, including possible defensive purposes, in compliance with the conditions and limits provided by current legislation.

  1. 3. Types of Personal Data Processed

During the consultation of the pages of the Website, your personal data will be automatically acquired, or you will be asked to provide additional data for certain services.

  1. 3.1 Data Automatically Acquired by the Website
  2. 3.1.1. Browsing Data

The IT systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are used solely to obtain anonymous statistical information on the use of the Website and to ensure its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website; except for this possibility, the data on web contacts are currently kept for the time strictly necessary.

  1. 3.2 Data Voluntarily Provided by You
  2. To allow you to use the different services offered by the Website, we will ask you, depending on the specific service, to provide some of your personal data, such as personal details, contact data (like phone contacts, email accounts, domicile or residence address). The provision of such data is entirely voluntary, but in some cases, the failure to provide them will not allow us to provide the related service.

4. Processing Methods

The processing of your personal data will be based on the principles of fairness, lawfulness, transparency, and protection of your rights and privacy. All processing carried out within the scope of the Website will be carried out with electronic or telematic tools, in addition to paper and/or manual tools.
Specific technical and organizational measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access, in full compliance with the provisions of Article 32 of the Regulation.
The data will be processed with logic related to the purposes for which they were collected and in compliance with current security regulations, for the aforementioned purposes or specified from time to time in additional information presented to the user.

5. Communication of Your Personal Data and Categories of Recipients

Some of your data may be disclosed by the Controller to specifically authorized individuals or Data Processors: among these subjects are, for example, the Controller’s technological partners in the organization and management of the contractual relationship and direct marketing campaigns, including the management of address databases and email sending, or other service providers of the Controller, whose services are functional to the execution of the requested service.

The list of Data Processors appointed by the Controller is available at the Controller’s premises and can be requested by email to the addresses indicated above.

The data will also be processed by the Controller’s appointed staff members belonging to the marketing, commercial, administration, system administration and webmaster, legal, communication, and human resources areas depending on the need and purpose to be achieved from time to time and in line with the consents and requests of the data subject.

Your data may be transferred abroad, to countries within the European Union or considered safe by the European Commission, or to countries outside the European Union not included in the list of safe countries: in this last case, we would first enter into specific agreements with the individual subjects who would process the data in non-EU territories, containing the standard guarantee clauses indicated by the European Commission in the decision of February 5, 2010.

    1. 6. Exercising Data Subject’s Rights
  1. Under Articles 15 et seq. of the Regulation, you have the right to request, at any time, access to your personal data, their rectification or deletion, the restriction of processing in the cases provided for by Article 18 of the Regulation, to obtain the data concerning you in a structured, commonly used, and machine-readable format, in the cases provided for by Article 20 of the Regulation.
  2. At any time, you may revoke, under Article 7 of the Regulation, the consent given, and lodge a complaint with the competent supervisory authority under Article 77 of the Regulation (Data Protection Authority), if you believe that the processing of your data is contrary to the current regulations.
  3. Furthermore, you can make a request to object to the processing of your data under Article 21 of the Regulation, in which you provide evidence of the reasons that justify the objection: Blupura will reserve the right to evaluate the request, which will be rejected if there are compelling legitimate grounds, prevailing over the interests, rights, and freedoms of the data subject, to proceed with the processing.

Requests should be addressed in writing to the Controller at the following address: info@Blupura.it.

  1. 7. Cookies

For more information https://www.blupura.com/en/cookie-policy/

8. Retention of Personal Data

Blupura will process your personal data for the period strictly necessary to achieve the purposes outlined in Article 2 of this information notice, in line with the principles of necessity and proportionality of processing.

Without prejudice to the retention obligations imposed by legal or regulatory provisions, your personal data will be processed in compliance with the retention rules indicated below.

For the purpose referred to in point (i), your personal data will be processed for the period strictly necessary and within the session duration limits, subject to the specific rules laid down regarding cookies.

Personal data processed for the purposes referred to in points (ii) and (iii), falling within the scope of Article 6, para. 1, letter b) of the Regulation, will be retained for:

(a) the period of 10 (ten) years from the termination of the contract; or, if the data subject does not conclude a contract with the Controller following the initiation of a pre-contractual negotiation;
(b) the period of 24 (twenty-four) months from the start of the negotiation.

For the purpose referred to in point (iv), your personal data will be retained until you object to the processing, by writing to the contacts referred to in Article 1 of this information notice or through the link found at the bottom of each email sent.

For the purposes referred to in point (v), your personal data will be processed, as a general rule and subject to the principle of proportional data retention for the purpose of processing, until you revoke your consent. If you withdraw from a pre-contractual negotiation without revoking such consent, the data may be processed even after your withdrawal.

  1. 9. Changes to This Policy

From time to time, we may make changes to this information notice, for example, to comply with new legal requirements or to meet technical requirements or new services provided by the Website or Blupura.

The updated information notice will be published on the Website: therefore, we invite you to periodically consult this page.

Video Surveillance Activity Information

[INFVIS-24 – published on May 10, 2024]

This information notice is provided under the applicable data protection legislation, with particular reference to Reg. no. 679/2016/EU (the “Regulation”).

1. Data Controller

The Data Controller is Blupura S.r.l., with registered office in Cadriano di Granarolo dell’Emilia (BO), Via Gandolfi n. 6, VAT number 02362310423 (the “Controller”).
The Controller can be reached at the following address: info@blupura.com.

2. Purpose and Legal Basis of Processing

We inform you that at the Controller’s operational headquarters in Recanati (MC), Z.I. Squartabue, Via Volponi, 11, a video surveillance system is active in accordance with the Provisions on Video Surveillance issued by the Data Protection Authority [1712680], as well as based on the Union Agreement stipulated with the trade unions under Article 4 Law 300/1970 on April 16, 2024, for the purpose of installing and using video surveillance systems. The recorded images are processed solely to protect and enhance the security of people and company assets, adopt measures to prevent, impede, or otherwise deter criminal acts within the premises, and safeguard the integrity of the Controller’s real and personal property.

3. Processing Methods and Scope of Data Communication and Transfer

The processing involves the images of those who enter the video-surveilled area, appropriately signposted with the so-called “minimum information”.
The cameras are fixed and can be panned, automatically or manually. The areas covered include external areas such as pedestrian access paths; internal areas such as parking areas and other premises appropriately signposted with the so-called “minimum information”. The images are recorded and stored on electronic media, such as a digital video recorder (DVR/NVR) programmed with continuous, overlapping, and self-erasing recording; the video recorder is housed inside a locked cabinet.
The recorded images can be viewed for the specified purposes for a maximum period of 7 days from the detection, before being overwritten. The recording system marks the date, time, minutes, and seconds. In any case, at the end of the retention period, the recorded images will be automatically overwritten or otherwise deleted from the relevant electronic media. The recording of images is carried out without intercepting environmental communications and conversations.

4. Categories of Data Recipients

The processed data will not be disclosed to third parties. However, the following categories of recipients may become aware of your data, in relation to the previously stated purposes: (i) our employees, provided they have been designated as acting under the authority of the Data Controller, under Article 29 of the aforementioned Regulation, or as System Administrators; and (ii) third parties designated as Data Processors.
The Controller does not intend to transfer images to third countries.

5. Rights of Data Subjects

The data subject has the right to request from the Controller: (i) access to the images concerning them, to verify the purpose, methods, and logic of the processing; (ii) restriction of the processing of the images in case of its unlawfulness or if the personal data are necessary for the data subject to establish, exercise, or defend a legal claim [Article 18, para. 1, letters b) and c)]; (iii) the right to object at any time, for reasons related to their particular situation, to the processing of images concerning them under Article 6, para. 1, letters e) and f); (iv) the blocking and deletion of recorded images concerning them if they are processed in violation of the law (Article 17, letter d), Reg. no. 679/2016, “right to be forgotten”); (v) concerning personal data processed by automated means, the right to data portability.
However, regarding the recorded images, the right to update, rectify, or integrate personal data is not concretely exercisable due to the intrinsic nature of the collected data, as these are real-time images concerning an objective fact.
To exercise their rights and for any communication regarding the protection of their personal data, please contact the Controller at the following email address: info@blupura.com.

6. Data Retention Period

The recorded images are automatically deleted 7 days after detection. However, retention obligations imposed by legal or regulatory provisions, or justified following an order from the public authority or the need to protect a subjective right or a legitimate interest of the Controller, are safeguarded.