PRIVACY NOTICE
EROSE SRL, with its registered office located at Via Zandonai 10, 30174, Venice, Italy, is committed to protecting the online privacy of users who access the website www.venicemart.com.
This document is intended to help you understand how your personal data will be processed when using the website and to provide you with all necessary information so that you may give informed and explicit consent to the data processing activities carried out.
In general, the processing of any personal information or data you provide to the Data Controllers or that is otherwise collected via the website will be carried out in accordance with internationally recognized principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality. Processing will be for the purpose of providing the services offered on the website, selling products, and operating an informational service, including a newsletter.
1. Data Controller
EROSE SRL is the Data Controller with respect to all personal data processed through this website.
2. Personal Data Processed
As a result of navigating the Site, the Data Controllers will process your Personal Data, which may include depending on how you choose to use the Services an identifier such as your name and surname, identification number, online identifier, or one or more elements characteristic of your physical, physiological, cultural, or social identity that can render you identified or identifiable.
Among the Personal Data collected by this Application, either directly or through third parties, are: Cookies, Usage Data, Email, and Passwords. Additional types of Personal Data may be specified in other sections of this Privacy Notice or provided contextually at the time the data is collected. Personal Data may be freely provided by the user or collected automatically during the use of the Application. Unless otherwise specified, the use of Cookies or other tracking tools by this Application or by the third-party services it uses is intended to identify users and record their preferences strictly for the purpose of providing the requested service.
Failure to provide certain Personal Data may make it impossible for the Application to provide its services. Users are responsible for any third-party Personal Data obtained, published, or shared through this Application and confirm that they have the right to disclose such data, holding the Data Controller harmless from any liability to third parties.
The specific categories of Personal Data processed include:
a. Name, Contact Information, and Other Personal Details
In various sections of the Site, particularly when creating a personal account or subscribing to the newsletter, you may be asked to provide personal details such as email address, password, full name, date of birth, and gender.
b. Special Categories of Personal Data
Some sections of the Site include open fields where you may provide information to the Data Controllers that could contain Personal Data. Since these fields are open, you may (intentionally or unintentionally) disclose certain categories of sensitive Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, data concerning health, or data regarding a person's sex life or sexual orientation.
The Data Controllers strongly encourage you not to provide such Personal Data unless strictly necessary.
In any case, these special categories of Personal Data may only be processed with your explicit consent and in compliance with applicable data protection laws in force at the time.
The Data Controllers therefore emphasize the importance of providing your explicit consent to the processing of such special categories of Personal Data if you choose to share them.
c. Voluntarily Provided Data
As noted above, certain sections of the Site allow you to enter text messages or information that may be visible to the Data Controllers and could contain Personal Data of other individuals.
In such cases, you act as an independent Data Controller, assuming all legal obligations and responsibilities related to the processing of such data. Accordingly, you hereby agree to fully indemnify and hold harmless the Data Controllers from any claims, demands, damages, or liabilities arising from the processing of Personal Data through your use of the Site's functions, in violation of applicable data protection laws, brought by third parties whose Personal Data has been processed.
Furthermore, if you provide or otherwise process Personal Data of third parties through your use of the Site, you hereby warrant and assume full responsibility that such processing is based on the consent of the relevant third party or another valid legal basis that authorizes the processing of such information.
d. Browsing Data
The computer systems and software procedures responsible for operating the platform automatically collect certain Personal Data during their normal functioning, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its nature, could potentially allow identification of users through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server's response (successful, error, etc.), and other parameters related to the user's operating system and computing environment.
Such data is used solely for the purpose of obtaining anonymous statistical information about Site usage and to ensure its proper functioning, to identify anomalies and/or abuses, and is deleted immediately after processing.
These data may be used to ascertain liability in the event of alleged cybercrimes affecting the platform or third parties.
e. Payment Information
Payment management services enable this Application to process payments via credit card, bank transfer, or other methods. Payment data is acquired directly by the relevant payment processor. Some services may also send scheduled communications to the User, such as invoices or payment-related alerts.
f. Address Management and Email Communications
These services allow for the management of a database containing email contacts, phone contacts, or contacts of any other type, used to communicate with the User. These services may also enable the collection of data relating to the date and time the messages are viewed by the User, as well as the User's interactions with the messages, such as information about clicks on links contained within the messages.
g. Interaction with Social Media and External Platforms
These services enable interactions with social networks or other external platforms directly from the pages of the Application. Any interactions and information collected by this Application are, in all cases, subject to the User's privacy settings related to each social network. In the event that a social network interaction service is installed, it is possible that the service collects traffic data related to the pages where it is installed, even if Users do not actively use the service.
h. Facebook Like Button and Social Widgets (Facebook, Inc.)
The Facebook "Like" button and social widgets are services provided by Facebook, Inc. for interacting with the Facebook social network. Personal Data collected: Cookies and Usage Data. Data processing location: United States – Privacy Policy.
i. Google Analytics (Google LLC)
Google Analytics is a web analytics service provided by Google LLC. Google uses the collected Personal Data to track and examine usage of this Application, prepare reports, and share them with other Google services. Google may use the Personal Data to contextualize and personalize the ads in its advertising network. Personal Data collected: Cookies and Usage Data. Data processing location: United States – Privacy Policy - Opt Out.
j. Google Ads Conversion Tracking (Google LLC)
Google Ads Conversion Tracking is an analytics service that connects data from Google Ads with actions performed on this Application. Personal Data collected: Cookies and Usage Data. Data processing location: United States – Privacy Policy.
k. Displaying Content from External Platforms
These services allow content hosted on external platforms to be displayed on the Application's pages and interacted with. These services may collect traffic data for the pages on which they are installed, even if the User does not actively use them.
3. Purposes of Processing
The Data Controllers will use your Personal Data, collected through the Platform, for the following purposes:
- Purchase and Delivery of Products and Services: We use your personal data to receive and manage orders, provide products and services; to verify your identity and assist you in case you lose or forget your login/password details for your personal account on the platform; to purchase a fidelity card; to send you newsletters you have requested as a Service by subscribing; to allow you to save your favorite items and to provide any service you request.
- Marketing and Remarketing: We use your personal data to show you interest-based advertising related to features, products, and services that may be of interest to you; to send you promotional communications via email, SMS, push notifications, telephone, banners, instant messaging, and through the official social media pages of the Data Controllers, relating to products and/or services, including those offered by third parties.
- Soft Spam: Processing for this purpose is based on the Data Controllers' legitimate interest in sending you marketing communications via email concerning products and services similar to those you have already purchased through the Site. You may opt out of receiving these communications at any time, without any consequences (other than no longer receiving further communications of this kind from the Data Controllers).
- Compliance: To fulfill legal obligations requiring the Data Controllers to collect and/or further process certain types of personal data.
- Abuse/Fraud: To prevent or detect any abuse in the use of the platform or any fraudulent activity, thereby allowing the Data Controllers to protect their rights in legal proceedings.
4. Legal Basis for Processing and Whether Data Provision is Mandatory or Optional
The legal bases relied upon by the Data Controllers to process your Personal Data for the purposes listed in Section 3 above are:
- Purchase, Delivery, and Provision of Services and Products: Processing for this purpose is necessary to provide you with the Services and products and, therefore, to perform the contract entered into with you. Providing your Personal Data to the Data Controllers for this purpose is not mandatory; however, if you do not provide such data, it will not be possible to supply you with any Service. The same applies to the newsletter Service, which originates from your specific request by submitting an email address and which you may revoke at any time by following the instructions set forth in Paragraph 7 of this Privacy Notice.
- Marketing and Remarketing: Processing for this purpose is based on your consent. You are not required to give your consent to the Data Controllers for this purpose, and you are free to withdraw it at any time without any consequences (other than no longer receiving marketing communications from the Data Controllers). You may revoke any previously given consent by following the instructions set forth in Paragraph 7 of this Privacy Notice.
- Soft Spam: Processing for this purpose is based on the Data Controllers' legitimate interest in sending you marketing communications via email regarding products and services similar to those you have already purchased through the Site. You may opt out of receiving these communications at any time, without any consequences (other than no longer receiving further communications of this kind from the Data Controllers).
- Compliance: Processing for this purpose is necessary for the Data Controllers to fulfill any legal obligations. When you provide Personal Data to the Data Controllers, such data will be processed in accordance with applicable law, which may require its retention and disclosure to Authorities for accounting, tax, or other legal purposes.
- Abuse/Fraud: Information collected for this purpose will be used exclusively to prevent and/or detect any fraudulent activity or abuse in the use of the Site and thereby allow the Data Controllers to protect their rights in legal proceedings.
5. Recipients of Personal Data
Your Personal Data may be shared with the following recipients ("Recipients"):
- Individuals or entities acting as data processors (internal or external), such as persons, companies, or professional firms providing assistance and consulting in accounting, administrative, legal, tax, or financial matters;
- Operators of websites within the platform;
- Third parties with whom it is necessary to interact for the provision of the Services;
- Parties engaged to provide technical maintenance (including maintenance of network equipment and electronic communication networks);
- Individuals authorized by the Data Controllers to process Personal Data as necessary to perform activities strictly related to the provision of the Services, who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Data Controllers);
- Public authorities, agencies, or other parties to whom data must be disclosed for Compliance or Abuse/Fraud purposes, or by order of the authorities.
6. Data Retention
Personal Data processed for the purpose of Purchase, Delivery, and Provision of Services and Products will be retained by the Data Controllers for the time strictly necessary for this purpose (e.g., for shipping the purchased product). However, since such Personal Data is processed to provide you with the Services, the Data Controllers may retain it for a longer period, particularly as may be necessary to protect the Data Controllers' interests against possible claims related to the Services.
Personal Data processed for Marketing and Remarketing purposes will be retained by the Data Controllers until you withdraw your consent. We will remind you of the consents you have given us every 24 months. Once you have withdrawn your consent, the Data Controllers will no longer use your Personal Data for these purposes, but may still retain it, particularly as may be necessary to protect the Data Controllers' interests against possible claims based on such processing activities.
Personal Data processed for Soft Spam purposes will be retained by the Data Controllers until you object to such processing using the link found at the bottom of each Soft Spam email.
Personal Data processed for Compliance purposes will be retained by the Data Controllers for the period required by specific legal obligations or applicable law.
Personal Data processed for the purpose of preventing Abuse/Fraud will be retained by the Data Controllers for the time strictly necessary for this purpose and, therefore, until the Data Controllers are required to retain it to protect themselves in legal proceedings or to communicate such data to the competent Authorities.
7. Your Rights
You have the right to request from the Data Controllers, at any time:
- Access to your Personal Data (or a copy of such Personal Data), as well as additional information about the processing activities in progress;
- Rectification or updating of your Personal Data processed by the Data Controllers, where it may be incomplete or outdated;
- Erasure of your Personal Data from the Data Controllers' databases;
- Restriction of the processing of your Personal Data by the Data Controllers;
- Obtaining your Personal Data in a structured, commonly used, and machine-readable format.
You may also:
- Object to the processing of your Personal Data by the Data Controllers (e.g., Soft Spam);
- Withdraw your consent for Marketing and Remarketing purposes.
Please note that most of the Personal Data you have provided to the Data Controllers can be modified at any time by accessing your personal account created on the Site, where possible.
At the time of requesting Services, you may have selected through which communication channels you wish to be contacted for Marketing purposes (i.e., telephone, SMS, email, postal mail, push notifications, social media). You may withdraw your consent for Marketing concerning any of these communication channels through your personal account on the Site by deselecting the relevant options. You may also withdraw consent for Marketing communications sent via email and stop receiving Soft Spam by using the relevant link at the bottom of each email received. The same method can be used to unsubscribe from the newsletter, if you previously requested it as a Service.
In addition to the above, you may exercise your rights by writing to the Data Controllers at the following address: info@the-erose.com
In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (in Italy, the Garante per la Protezione dei Dati Personali) if you believe that the processing of your Personal Data violates applicable law.
8. Amendments
This Privacy Notice is effective as of May 1, 2025. The Data Controllers reserve the right to modify or simply update its content, in whole or in part, including as a result of changes to applicable regulations. The Data Controllers will inform you of such changes as soon as they are introduced, and they will be binding once published on the Site. The Data Controllers therefore invite you to regularly visit this section to ensure you are aware of the most recent and updated version of the Privacy Notice, so that you are always informed about what data is collected and how it is used by the Data Controllers.