E-commerce Privacy notice
1. WHO IS THE DATA CONTROLLER?
PDU Italia S.r.l. with registered office in Rome, Via Giovanni Nicotera no. 29, Tax and VAT number: 16288441005, N. REA RM-1647013, (below, “PDU“), is the controller of Users personal data (“Users”) who visit, purchase and sign in to www.pdumusic.com (“Site”), making online orders and asking help about them.
Site’s services are reserved to Users over 18 years.
According to Regulation (EU) 2016/679 (“Regulation“), PDU provides Users with the following information.
2. FOR WHAT PURPOSES ARE THE DATA PROCESSED?
Personal data collected by the Site and/or provided by the Users are used to
A. allow PDU to fulfill their obligations under the law;
B. allow Users to create a PDU Store account and make purchases on the Site, as well as allow PDU to process payments, deliver products and handle possible returns, comply with legal and administrative obligations about accounting and finance (included possible communications with you).
C. allow PDU to manage the support requests coming from Users in the manner indicated in the “Contacts” page, which includes filling out the dedicated form, sending an email at email@example.com and/or calling, and to match those requests to Users PDU Store account;
D. allow PDU to contact Users for commercial purposes (including for example sending to the Users birthday-related communications, communications regarding PDU activities related to the Site and to products and services available through the Site) as well as for market research and surveys (together “commercial communications”) also by remote communication techniques (for ex. email and other means of communication);
E. allow PDU to personalise commercial communications set out in point D according to Users interests and preferences;
F. differentiate commercial communications on the basis of minimum segmentation criteria (for example young/mature).
3. WHAT KIND OF DATA IS PROCESSED?
When Users browse the Site their usage data are collected (they include, among others, IP address) and, if Users sign in and/or make purchases on the Site, we process some identification data, including name and surname, login details (in case of registration) and email address. We can also collect the tax code (if User ask for invoice) and the payment information and settings, as well as further information (for example, purchased goods, purchase frequency, prices). For commercial purposes and only with Users consent, we will process information about their preferences for products, artists and musical tastes, revealed by the usage of the Site.
If Users ask for support in one of the manner indicated in the “Contacts” page, we may process their name and surname, email address, telephone number and the additional information needed to give the Users the appropriate assistance.
4. ON WHAT BASIS PERSONAL DATA ARE PROCESSED?
Without prejudice to personal data processing for the purposes set out at paragraph 2 letter A, compliance with PDU legal obligations (for example tax-related), the User’s provision of personal data for the purposes of paragraph 2 letter B (creation of PDU Store account and/or products purchase on the Site) shall be carried out on the basis of a contract with the User and/or of the execution of pre-contractual measures. Processing Users personal data is necessary for the performance of the contract and pre-contractual measures taken at the User request, and also to deliver or collect products, to manage the support requests and the possible returns operations and to comply with the related administrative, tax and accounting obligations. Any refusal to provide data for the aforementioned purpose will result in the impossibility for PDU to perform the pre-contractual and contractual measures requested by the User.
Users provision of personal data for the purposes set out at paragraph 2 letter C (User assistance) shall be carried out on the basis of PDU legitimate interest to handle support requests made by the Users and to match them to their PDU Store account in order to provide an enjoyable shopping experience. The processing of User personal data for those purposes is needed to allow PDU to answer the requests about the User account. Any refusal to provide data for the aforementioned purpose will result in the impossibility for PDU to provide User assistance through the designated contacts.
Users provision of personal data for the purpose set out at paragraph 2 letter D (PDU commercial communications) is elective and PDU may process personal data for this purpose only under Users consent. In case the Users do not consent to the processing of their personal data, during a purchase made without access/registration to the Site, they will have the possibility to give their consent during future purchases, if interested. If a User doesn’t give the consent for processing personal data for the aforementioned purpose, PDU will not be able to contact the User for commercial communications as well as the User will not receive this kind of communications. Users consent for the purpose set out at the aforementioned paragraph can be withdrawn at any time. To avoid any doubt, the lack of consent for processing of personal data for this purpose, during a purchase made without access/registration to the Site, does not affect the validity of any consent previously given.
The lack of this consent will have no impact on PDU services provision in connection with the purposes set out in paragraph 2 letter B and PDU will be able, in any case, to contact directly the User, if necessary, for purposes of contractual nature or based on PDU legitimate interest.
Notwithstanding the foregoing, PDU will be able to use, in any case, the email address provided by the Users during the registration (or during the purchase without registration and access) to the Site, in order to send them commercial communications related to products and services similar to those purchased on the Site. Users have the right to object to this processing at any time, also through the unsubscribe link available in every email sent to them for this purpose.
Users provision of personal data for the purpose set out at paragraph 2 letter E (profiling for direct marketing) is elective and PDU may process personal data for this purpose only under Users consent. In case the Users do not consent to the processing of their personal data, during a purchase made without registration to the Site, they will have the possibility to give their consent during future purchases, if interested. If a User doesn’t give the consent for processing personal data for the aforementioned purpose, PDU will not be able to send personalised commercial communications to the User. The lack of this consent will have no impact on PDU services provision in connection with the purposes set out in paragraph 2 letter B. To avoid any doubt, the lack of consent for processing of personal data for this purpose, during a purchase made without access/registration to the Site, does not affect the validity of any consent previously given.
Users provision of personal data for the purpose set out at paragraph 2 letter F (segmentation form direct marketing purposes) shall be carried out on the basis of PDU legitimate interest to send commercial communications presumably relevant for segments of Users that are large enough (after verifying that such processing does not prevail on Users fundamental rights and freedom). Users have the right to object to this processing at any time.
Users personal data may be processed also on the basis of PDU legitimate interest, for example as part of any corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities.
5. HOW DO WE PROCESS DATA?
In relation to the aforementioned purposes, data will be processed both through electronic means and paper records and, in any case, with means suitable to ensure privacy and security.
6. WHO CAN ACCESS THE DATA?
Personal data collected by the Site and/or communicated by the Users will be processed by authorised persons within PDU and they can be disclosed only for the indicated purposes. If necessary, data can be disclosed to the following entities:
IT service providers of PDU;
logistics service providers;
customer care service providers;
App and payment service providers;
judicial authorities, where required;
public authorities and supervisory authorities, where required.
Users personal data will not be disclosed.
As regards personal data disclosed to them, the aforementioned entities, depending on the case, can act as data processor (in this case they are provided with instructs by PDU) or as distinct data controller. In the latter case, personal data will be disclosed only with the consent of the data subjects, except where disclosure is required by law or needed or to pursue purposes for which the law does not required the consent of data subject.
7. CAN DATA BE TRANSFERRED ABROAD?
PDU reserves the right to transfer Users personal data to third countries. Data transfers outside the European Economic Area are subject to a special regime according to the Regulation, and they can take place only to countries that ensure an adequate level of data protection, approved by the European Commission, or where appropriate safeguards are in place (including standard contractual clauses adopted by the Commission), as long as data subjects have enforceable rights and effective legal remedies.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The collected personal data shall be kept, according to current regulations, for no longer than is necessary for the purposes for which the personal data are processed.
The criteria used to determine the period for which the personal data will be stored shall take into account the allowed processing period and the applicable regulations about limitations of rights and legitimate interests, where they are the legal basis for processing.
As regards commercial purposes, personal data will be kept for a period consistent with the Users interest in promotional activities to which communication they have consented. As regards commercial purposes, personal data will be kept for a period consistent with the Users interest in promotional activities to which communication they have consented. In any case, PDU will take any precaution to avoid a data usage for an indefinite period, proceeding periodically (maximum every 36 months) to verify the actual persistence of Users interest in the processing to which they have consented to.
At the end of the storage period, the data will be erased, rendered anonymous or aggregated in such a manner that the User is not or no longer identifiable.
9. WHICH ARE THE DATA SUBJECTS RIGHTS?
Users can address PDU, in every moment and free of charge, in order to:
obtain from PDU confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the information set out in article 15 of the Regulation;
obtain from PDU the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed;
obtain the erasure of their personal data where applies one of the grounds set out in article 17 of the Regulation;
obtain the restriction of processing where applies one of the grounds set out in article 18 of the Regulation;
object to processing of personal data concerning them, on grounds relating to their particular situation, where applicable;
receive the provided personal data concerning them in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller, where technically feasible, in the cases and within the limits set out in article 20 of the Regulation, where applicable.
Moreover, Users have the right to withdraw their consent (if given) at any time, without affect the lawfulness of processing based on consent before its withdrawal.
The requests for exercising the aforementioned rights must be sent to PDU via email at the address firstname.lastname@example.org.
Users have also the right to object to the sending of commercial communications at any time, using the unsubscribe procedure available in every email sent to them for those purposes.
Within the meaning of the Regulation, PDU shall not charge a fee to fulfill a subject access request, unless those requests are manifestly unfounded or excessive, in particular because of their repetitive character. If the Users request additional copies of their personal data or if the requests are manifestly excessive or unfounded, PDU may (i) charge a reasonable fee, taking into account the administrative costs of complying with the request; or (ii) refuse to act on the request. In those cases, PDU shall inform the User about the costs, before processing the request.
Before processing the requests, PDU may ask for additional information necessary to confirm the identity of the natural person making the request.
Without prejudice to any other administrative or judicial remedy, Users have the right to lodge a complaint with a supervisory authority (for Italy: Garante per la protezione dei dati personali), if they consider that the processing of personal data relating to them infringes the General Data Protection Regulation. Further information are available on the website https://www.garanteprivacy.it.
PDU encourage the Users to use the aforementioned contacts channels, before addressing to the Supervisory Authority, in order to settle amicably and rapidly any possible disputes regarding personal data protection.