Privacy policy
Information pursuant to art. 13 of EU Regulation 2016/679
This page describes how to manage the site in relation to the processing of personal data of users who consult it. This information (or “Privacy Policy”) is provided pursuant to art. 13 of EU Regulation 2016/679 (hereinafter, “GDPR”) to those who interact with the web services of the website.
The information is provided only for the website and not for other websites that may be consulted by the user via links.
1. Data Controller
The data controller is:
UpSurgeOn Srl (hereinafter, the “Website Owner”, or the “Data Controller”)
Via Cascina Venina, 7/U, 20057 Assago (MI)
VAT: 09723700960
website: www.upsurgeon.com
2. Personal data subject to processing
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses (internet addresses assigned to the user’s computer by the internet service provider), the domain names of the computers used by users who connect to the site, the browser (for example Firefox or Internet Explorer) , the date, time of the request and other parameters relating to the operating system and the user’s computer environment.
These data could be used to ascertain responsibility in case of hypothetical computer crimes against the site and are in any case canceled after processing within 6 (six) months.
Anonymous data is also collected and processed for the sole purpose of obtaining statistical information on the use of the site and to verify its correct functionality.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the e-mail.
3. Cookies
4. Purpose and legal basis of the processing
The personal data provided will be processed in compliance with the conditions of lawfulness pursuant to art. 6 of EU Reg. 2016/679, for the following purposes:
Nature of the data processing | Purposes | Legal Basis | Retention Period |
Registration Process | Enabling you to create an account and register to the website | The contractual necessity to provide the service to the registered users (Art. 6.1.b. GDPR). | In the event of receipt of a cancellation request or detecting account inactivity over more than [TBC], we will proceed to cancel the account and all the relating Data. |
Purchasing products | Your data will be used to process your purchase orders and related activities (shipment of goods, billing, payment processing). | The contractual necessity to provide the products requested (Art. 6.1.b. GDPR) | Your data will be kept for the time required in order to fulfill the contractual obligations as well as the obligations imposed by law (e.g. for tax matters). |
Browsing the website | Enabling you to browse the website, monitor and improve website operation, prevent fraud and abuse. | The contractual necessity to allow the users to access and use the website (Art. 6.1.b. GDPR).Data controller’s legitimate interest in ensuring the proper functioning of IT systems (Art. 6.1.f. of the GDPR) | Your Data will be processed for the time required in order to enable you to access and to browse the website. |
Request for contact, also through the LiveChat | Enabling you to request and obtain information and assistance, including via LiveChat. | The performance of pre-contractual measures at the request of the user (Art. 6.1.b. GDPR) | Your data will be retained for no longer than [TBC] after you have sent us your request for contact and/or information. |
Soft spam | Your contact details will be used to send you email communications relating to services which are similar to the Service you requested. Under art. 130, co 4, d.lgs. 196/2003, the Data controller will be able to use the email address which you provided in order to promote services similar to the Services you used or requested, unless you object said processing by sending an email to info@upsurgeon.com or by clicking on the specific link to object to the receipt of commercial communications from the Data controller. The registered users will also be able to opt out from said processing when they create their account, by selecting the specifically provided checkbox. [TBC]. | The legitimate interest of the Data controller. (Art. 6.1.f. GDPR and art. 130, co 4, d.lgs. 196/2003). | Your data will be retained until you opt out or object the legitimate interest of the processing. |
Direct marketing | Sending you commercial and/or promotional information as well as advertising material or engaging in direct selling of products, services or engaging in market research endeavours. For example, we may send you emails or use instant messaging or contact you by phone through an operator to illustrate commercial offers, initiatives and promotions relating to our products and services (including products and services other than those you requested). | Your consent (Art. 6.1.a GDPR). | Your Data will be retained until you withdraw your consent. |
Compliance with a legal obligation | Your Data may be used to comply with legal obligations. | Compliance with a legal obligation (Art. 6.1.c. GDPR). | Your Data will be retained for the time required to comply with the legal obligation at issue. |
Enforcement of rights | Your Data may be used to enforce a right of the Data Controller before or out of Court (i.e., for illicit uses of the website). | Legitimate interest of the Data Controller to enforce its rights (Art. 6.1.f. GDPR). | Your Data will be retained for the time required to enforce our rights. |
5. Any recipients and any categories of recipients of personal data
The data may be communicated to third parties, who act as supervisors as well as by persons appointed as persons authorized to process, in charge of managing the requested service. In particular, the data will be communicated to:
- subjects that provide services for the management of the information system and communication networks including e-mail and website management;
- third parties who collaborate with the Data Controller for direct marketing activities;
- studies or companies in the context of assistance and consultancy relationships;
- competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request.
The updated list of data processors and persons in charge of the processing is available at the registered office of the Data Controller and can be consulted by making an informal request, also via email at the following email address: info@upsurgeon.com
5.1 Address management and mail sending
The following services allow us to manage a database of email contacts, telephone contacts or contacts of any other type, used to facilitate communication with you. These services may also allow us to collect data relating to the date and time of viewing of the messages by you, as well as your interaction with them, such as information on clicks on links inserted in messages.
Mailchimp
Mailchimp is an address management and email message sending service provided by Mailchimp Inc. Personal data collected: Name, Surname, phone, vat number, address, products purchased.
Place of processing: USA.
Privacy Policy
SPAM protection
These services analyze the traffic of this Site, which may potentially contain your Personal Data, in order to filter it from traffic (messages and contents) recognized as SPAM.
Akismet (Automattic Inc.)
Akismet is a SPAM protection service provided by Automattic Inc.
Personal data collected: Various types of data as specified in the privacy policy of the service.
Place of processing: USA
Privacy Policy
5.2 Embedded content from other websites
This site may include embedded content (e.g. videos, images, articles, etc.) from other websites. The content incorporated from other websites behaves in exactly the same way as if you had visited the other website.
These websites may collect data about you, use cookies, integrate additional third-party tracking and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Google Font (Google Inc.)
Google Fonts is a font style visualization service managed by Google Inc. that allows this Site to integrate such content within its pages.
Personal data collected: Cookies and usage data
Place of processing: USA
Privacy Policy
Google Maps (Google Inc.)
Google Maps is a map viewing service managed by Google Inc. that allows this Site to integrate such content within its pages.
Personal data collected: Cookies and usage data
Place of processing: USA
Privacy Policy
Video Vimeo (Vimeo, LLC)
Vimeo is a video content viewing service managed by Vimeo, LLC that allows this Application to integrate such content within its pages.
Personal data collected: Cookies and Usage data.
Place of processing: USA
Privacy Policy
Video Youtube (Google Inc.)
Youtube is a video content viewing service managed by Google Inc. that allows this Site to integrate such content within its pages.
Personal data collected: Cookies and Usage data.
Place of processing: USA
Privacy Policy
6. Transfer of personal data to a third country and / or an international organization
The personal data provided will be transferred to countries belonging to the European Union and countries outside the EU in order to comply with the aforementioned related purposes. The Data will only be transferred to countries which provide a level of protection adequate to the one set out by the EU applicable legal framework, or by means of the implementation of adequate safeguards to protect your Data, such as the Standard Contractual Clauses issued by the EU Commission with the implementing decision (UE) 2021/914 of June 4th 2021. In any case, the data transfer will comply with the recommendations (n.1/2020 and n.2/2020) issued by the European Data Protection Board (“EDPB”). The data subjects may obtain information about the guarantees for data transfer by writing an email to info@upsurgeon.com
7. Rights of the data subject
Pursuant to the articles 15 and ss. of EU Regulation 2016/679, the data subject has the right to ask the Data Controller: access to your personal data; the correction or cancellation of the same or the limitation of the processing that concern it; opposition to processing; data portability in the terms set forth in art. 20 cit. Without prejudice to any other administrative or judicial appeal, the data subject who considers that the treatment concerning him violates the GDPR, has the right to lodge a complaint with a supervisory authority, particularly in the Member State in which he habitually resides, works or places where the alleged violation occurred (art. 77 cit.).
To exercise the above rights, the data subjects may contact the Data Controller at the addresses indicated in point 1 of this information notice.
In addition, we want to inform you that you have the right to opt out from soft spam activities at any time by sending an email to info@upsurgeon.com.
UpSurgeOn uses an abandoned cart recovery system that collects the following data: email address, first name, last name, and phone number. Users have the right to request deletion of their data, which, in accordance with GDPR laws, will also be deleted from the abandoned cart recovery system.
8. Updates
This privacy policy may be modified and / or supplemente