PRIVACY POLICY
1. General
1.1 Information regarding the collection of personal data
This website is operated by Olly Services S.r.l. (referred to in this privacy policy as "Olly", "we", "us" or "our") and as such, Olly is the data controller, not ESA. Personal data collected on this website are not shared with the European Space Agency.
In the following we inform website visitors and customers (referred to in this privacy policy as “you”) about the collection of personal data when using our website. Personal data means any data that relates to an identified or identifiable natural person/individual e.g. name, address, e-mail addresses, user behaviour.
The responsible party, pursuant to Article 4 para. 7 of the EU General Data Protection Regulation (GDPR), is Olly Services S.r.l., with headquarters in Via Frascati 31, Monte Porzio Catone, Italy, main telephone number +39.06.9420204, www.ollyservices.com .
The use of our website functions is fundamentally possible without the processing of personal data. Please refer to the corresponding remarks below concerning the (personal) data transmitted technically to us by you. If we use contracted service providers for the individual functions of our offer or if we wish to use your data for advertising purposes, we shall inform you in detail below regarding the respective procedures. Finally, we also name the criteria of storage duration established.
1.2. Purposes and legal basis of the processing
Unless otherwise stated or specified, the purpose of our data processing activities is the pursuit of our own business purposes.
We use different legal bases for the data processing.
• If you give us consent for certain processing operations of personal data, the legal basis is Article 6 I lit. a of the GDPR hereinafter also referred to as "consent").
• If the processing of personal data is necessary for the initiation or performance of a contract whose (potential) contracting party is the data subject, e.g. if you inquire about products and/or order goods with us and the data processing is necessary for the delivery of the goods, Article 6 I lit. b of the GDPR is the legal basis (hereinafter also referred to as "contract performance").
•If the processing of personal data is required to fulfil a legal obligation, e.g. for the fulfilment of tax filing obligations, Article 6 I lit. c of the GDPR is the legal basis.
• The processing of personal data may, according to Article 6 I lit. f of the GDPR, be permitted under data protection law if it is necessary for the protection of a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate (hereinafter also referred to as "balance of interests"). We consider the performance of our business in the interest of safeguarding the jobs of our employees and of the well being of shareholders as our fundamental legitimate interest. This is also covered by the legitimate interests of companies expressly described by the European legislator. Therefore, a legitimate interest can be assumed if the data subject and the company are in a customer relationship (Recital 47 sentence 2 of the GDPR) or personal data are processed for direct marketing purposes.
1.3. Your rights
You have the following rights regarding us with respect to the personal data concerning you:
• Right to information
• Right to rectification or deletion
• Right to restriction of processing
• Right to object to the processing
• Right to data portability
You also have the right to complain to us about the processing of your personal data by means of a data protection supervisory authority. Your rights are regulated in Chapter 3 of the GDPR.
1.4. Opposition to or revocation of the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation will affect the legitimacy of the processing of your personal data after you have notified us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which is described by us in each case in the following description of functions. In the event of such a revocation, we shall ask you to explain the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will examine the situation and will either discontinue or adapt the data processing or inform you of our compelling legitimate reasons with which we continue the processing.
Of course, you are entitled to object to the processing of your personal data for advertising and data analysis purposes at any time. Concerning your objection to advertising, you can contact us using the details shown in section 1.
1.5. Recipients and categories of recipients of your personal data
Information about our customers is important to us and helps us optimise the services we offer. We only pass on the information we receive to third parties in the extent described below:
• Associated companies: Olly Services S.r.l. forwards personal data (and user data) to associated companies and their subsidiaries for the purposes of order processing. These companies are either subject to this privacy policy, or follow guidelines which provide at least as much protection as this privacy policy.
• Service providers: We engage other companies and individuals to fulfil certain tasks for us. Examples include: Parcel delivery, sending letters or emails, processing payments (credit card, direct debits, invoices), maintenance of our customer lists, analysis of our databases, advertising activity and customer service. These service providers have access to the personal information they need to fulfil their tasks. However, they may not use this for other purposes. Furthermore, they are obligated to handle the information in accordance with this privacy policy and the current data protection legislation.
• Service providers outside the EU/EEA: We cannot rule out that our subcontractors use other service providers in third countries. Pursuant to Article 28 para. 4 of the GDPR we obligate all service providers to adhere to adequate and appropriate guarantees in accordance with Article 44 ff. of the GDPR (transfer to third countries).
• Protection of Olly Services S.r.l. and third parties We pass on customer account and personal data about customers if we are legally obligated to do so, or if this is required to implement our general terms and conditions of business or other agreements, or to protect our rights as well as the rights of our customers and third parties. This includes the exchange of data with companies who specialise in the prevention and minimisation of the effects of misuse of credit cards and fraud. We explicitly state that in this regard, the data is not passed on for commercial use, which contradicts the terms of this privacy policy.
1.6. Criteria for the storage of personal data
The data collected in relation to e-commerce activities will be kept for the time necessary to follow up on the specific requests of the user, to achieve the purposes for which they are processed (principle of limitation, Article 5 of the GDPR), and for no more than a 24 month period. The billing data will be kept for the time necessary to achieve this purpose, or up to the time required by the relevant legislation.
For data collected for promotion and marketing purposes, this will be kept until the consent of the interested party is revoked, or for a period not exceeding 2 years.
The data collected for profiling purposes will be kept until the consent is revoked, otherwise up to 12 months.
The Data Controller may need to keep the data for a longer period to comply with legal obligations, order of an authority, or to protect their own rights, even in court.
After the indicated retention period, the data will be deleted.
1.7. Changes to the privacy policy
For legal and/or company organisational reasons, changes or adjustments to our privacy policy may be required in the future, even at short notice. Please note the current version of our privacy policy.
2. Data processing for individual types of use
2.1. Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us to display our website and to ensure stability and security:
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• The amount of data transmitted
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and by means of which the location which sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the Internet offer more user friendly and effective. The legal basis of the data processing is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
2.2. Contact
When you contact us by email or by means of a contact form, the information you provide (your email address, your name and telephone number if applicable) shall be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required, or limit the processing if there are statutory retention requirements.
Should you be our customer have questions or complaints about your order, the legal basis of the data processing is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance"). If you are not a customer of ours, the legal basis is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
2.3. More features and offers of our website
In addition to the purely informative use of our website, we offer various services that can be used if you are interested. To do so, you will generally need to provide other personal information that we use to provide the service and for which the aforementioned data processing principles apply.
In part, we use external service providers to process your data. These were carefully selected and commissioned by us and are bound by our instructions.
Furthermore, we can pass on your personal data to third parties, if the participation in offers, competitions, contracts or similar services are offered by us together with partners. You will receive further information on entering your personal data or in the description of the offer.
2.4. Use of cookies
This website uses the following types of cookies, the scope and operation of which are explained below:
• Transient cookies
• Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser setting according to your wishes and for example decline the acceptance of third party cookies or all cookies. We inform you that you may not be able to use all features of this site.
We also use cookies to identify you on follow up visits if you have an account with us or to evaluate the effectiveness of marketing activities, e.g. if you are directed to us via a website from a special partner or via a special advertisement. These cookies are stored for up to 30 days.
The Flash cookies are not detected by your browser, but rather by your Flash plug-in. Furthermore, we use HTML5 storage objects which are stored on your end device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not wish any processing of the Flash cookies, you must install a corresponding add-on, e.g. “Better Privacy" for Mozilla Firefox or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.
2.5. Use of our webshop
If you wish to order in our online shop, for the conclusion of the contract it is necessary for you to provide obligatory information: first and last name, address, email address, purchased product(s), size and colour where relevant, credit card details if chosen as payment methods. This data is needed for processing your order and is marked with an asterisk. Further details are voluntary. We process the data provided by you to handle your order. For this purpose we can pass on your payment data to our own bank. The legal basis for this is Article 6 para.1 S.1 lit. b of the GDPR ("Contract performance").
You may voluntarily create a customer account that will allow us to store your data for further purchases, your past and current order information and your interaction with Olly Services S.r.l.:
• Your above mentioned customer data and obligatory information.
• Overview of your completed and current orders at esaspaceshop.com with details of order number, brand, article name, profile, dimension/size, colour, order date, delivery date, delivery status, details, etc.
• Your last login data with date, day and time are displayed.
• Costs of your order, billing address, delivery address, order history, information regarding scheduling and status, etc.
When you create an account under "My Account", the data you provide will be stored. All other data, including your user account, can always be deleted in the customer area. The legal basis for the use is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
We may also process the information you provide to inform you of other interesting products from our range or to send you emails with technical information. Due to trade and tax regulations, we are obligated to save your address, payment and order data for a period of ten years. However, we impose restrictions on processing, i.e. your data shall only be used to comply with legal obligations.
The ordering process is encrypted to prevent unauthorised access to your personal data by third parties, especially financial data.
2.5.b. Collection of Personal Financial Information by a Payment Service.
In some cases, we may use an unaffiliated payment service to enable you to purchase a product or make payments on a third-party payment service provider website (“Payment Service”). If you wish to purchase a product or make a payment using a Payment Service, you will be directed to a page operated by that Payment Service. Any information that you provide to a Payment Service will be subject to the applicable Payment Service's privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, any Payment Service's use of information collected through any Payment Service.
2.6. Use of social media
Social Media Information and Content. If you access or log into a Service through a social media service or connect a Service to a social media service, the information we collect may also include your user ID and/or user name associated with that social media service, any information or content you have permitted the social media service to share with us, such as your profile picture, email address or friends lists, and any information you have made public in connection with that social media service. When you access the Services through social media services or when you connect a Service to social media services, you are authorizing Olly Services S.r.l. to collect, store, and use such information and content in accordance with this Privacy Policy.
We currently use the following social media plug-ins: Facebook, Twitter, Pinterest, Instagram, YouTube. We use the so-called two-click solution. That means, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in is recognised by the respective logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online service. In addition, the data specified in this policy shall be transmitted. In the case of Facebook, according to the respective providers in Italy, the IP address is made anonymous immediately after collection. By activating the plug-in, personal data is transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). As the plug-in provider carries out the data collection in particular by means of cookies, we recommend that you delete all cookies before clicking on the greyed-out box by means of the security settings of your browser.
We have no influence on the collected data and data processing operations, nor are we aware of the full extent of data collection, the purpose of the processing, or the retention periods. We also have no information regarding the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as user profiles and uses them for purposes of advertising, market research and/or needs based design of the website. Such an evaluation is performed in particular (also for non-logged in users) for the display of needs based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. By means of the plug-ins we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 para.1 S.1 lit. f of the GDPR ("Balance of interests").
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected by us shall be assigned directly to your existing account with the plug-in provider. If you press the activated button and for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being mapped to your profile with the plug-in provider.
For more information on the purpose and extent of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers shown below. There you will also find further information about your rights and the configuration options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the data collection:
http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc., Privacy information: https://help.instagram.com/155833707900388
YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC. Information on privacy and compliance with the EU-US Privacy Shield: https://policies.google.com/privacy?hl=de&gl=de
Pinterest Inc., 651 Brannan Street, San Francisco, California 94107, USA; Privacy Information https://policy.pinterest.com/en/privacy-policy
3. Contacts
If you have additional questions regarding this privacy policy, please contact us at: bulkorders@esaspaceshop.com .