What is this document?
Pursuant to art. 13 Reg. UE n. 679/2016 ("GDPR"), this privacy policy explains how Ledworks S.r.l. (“Ledworks” or “We” or “Us”) collects, stores, uses, transfers and discloses personal data from our users (“Users” or “You”) who browse our website, https://twinkly.com (“Site”).
For the purpose of this privacy policy, “Personal Data” means any information relating to an identified or identifiable individual.
1. Data Controller, Contact Details, and Joint Controller
The data controller of your personal data is Ledworks S.r.l., VAT IT09521280967, with registered office in Via Primo Maggio 1 – 35035 Mestrino (PD), Italy.
2. Joint Controller
With regard exclusively to data processing regarding the management of sales, transactions carried out and assistance provided within the scope of our e-commerce (f.e. order management, sales and delivery of products, customer care, returns and warranty management and other activities necessary to sell products through our e-commerce), we and Calicantus S.r.l., with registered office in Via L. Mazzon, 3030020 Quarto d'Altino (VE), Italy, VAT No. IT03757590272 (“Calicantus”) are jointly responsible as joint controllers. With respect to the joint processes, we and Calicantus jointly determine the purposes and means of processing.
In an agreement on joint controllership pursuant to Article 26 GDPR, we and Calicantus have determined how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations. In particular, it was determined how an appropriate level of security and your rights as a data subject can be ensured, how the information duties under data protection law can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled.
Please notice that with regard to any other processing different from those listed in the previous paragraphs, Ledworks is the sole data controller.
The joint controllers can be contacted at the following addresses:
- Ledworks S.r.l.: by email at privacy@ledworks.io
- Calicantus S.r.l.: by email at privacy@calicant.us
3. Purposes of Processing, Legal Basis, Personal Data, and Retention Period
We process Personal Data for the following purposes. The table below shows the legal basis and the retention period for each purpose.
| Purposes | Personal Data | Legal Basis | Data Retention |
|---|---|---|---|
| Creation and management of account | Full name, Credentials | Performance of pre-contractual and contractual provisions [Art. 6, 1, lett. b) GDPR] | Until deletion of the user account |
| Management of sales and transactions through our e-commerce (Joint controllership) | Full name, Account details, Payment details, Contact details, Shipping address, Billing address, Order details | Performance of pre-contractual and contractual provisions [Art. 6, 1, lett. b) GDPR] | Until the expiry of the data retention period, as provided by the applicable law, and according to Articles 2946 et seq. of the Italian Civil Code. |
| Newsletter (Sole controllership by Ledworks) | Contact details (e-mail) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent |
| Send materials for marketing purposes (by mail, SMS or instant messaging services) (Sole controllership by Ledworks) | Contact details (email, phone number) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent |
| Management of requests when you contact our Customer Care for assistance (Sole controllership by Ledworks) | Anagraphic information (Name and surname), Contact details (email) | Performance of pre-contractual and contractual provisions [Art. 6, 1, lett. b) GDPR] | Until the fulfillment of your request |
| Allow us to fulfill all formalities required by law (Joint controllership for laws applicable to processing sub B), otherwise sole controllership by Ledworks) | Anagraphic information (Name and surname), Home address, Contact details (email) | Legal obligation [Art. 6, 1, lett. c) GDPR] | Until the expiry of the data retention period, as provided by the applicable law. |
| Improve the website by analysing how Users navigate and/or use the Website (Sole controllership by Ledworks) | IP Address, online ID, Device information | Legitimate interest [Art. 6, 1, lett. f) GDPR] | Not applicable (aggregate or anonymous data). |
| Detecting or preventing fraudulent activity and exercising our rights in court (Joint controllership for cases related to processing sub B), otherwise sole controllership by Ledworks) | Personal information, Contact details (email), IP Address, domain names of the computers utilised by users accessing the site, URI Address (Uniform Resource Identifier) of booking request and the time when the request is made. | Legitimate interest [Art. 6, 1, lett. f) GDPR] | 10 years |
4. Nature of the Provision of Personal Data and Consequences of Refusal
The provision of Personal Data for the purpose set out in par. 2.A), 2.B) and 2.E) is necessary and a refusal by the Users implies the impossibility for us to perform our contractual obligations and provide the Users with the functionalities, services and the information requested as specified above.
The provision of Personal Data for the purposes referred to in par. 2.C) and 2.D) is optional and any refusal by the Users will not have any consequences on the performance of the services or the features and provision of information requested through the Site.
The provision of Personal Data for the purpose set out in par. 2.F) is necessary to fulfil legal obligations.
The provision of Personal Data for the purposes referred to in par. 2.G) is automatic and implicit in Internet transmission protocols.
5. Social Plug-ins
It is possible to access the reserved area of the Site through social network plug-ins (eg. Facebook, Apple, Google, etc.). If You access through a similar plug-in, the internet browser connects directly to the social network servers and the plug-in is displayed on the screen thanks to the connection with the browser. The plug-in communicates to the social network server the pages viewed by the Users. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the data subject in this context, are present in the social network’s page concerning data protection.
6. Recipients
When necessary, we transmit your Personal Data to:
- Ledworks’ or Calicantus employees and consultants responsible for data processing.
- Third parties we or Calicantus use to provide our services. These subjects (which include banking operators, hosting and cloud service providers, couriers, and marketing companies) may process Personal Data as data controllers or external data processors. All data processors have been selected to guarantee compliance with data processing rules.
- Police, judicial, and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, prevention of threats to public security, and to allow Ledworks or Calicantus to ascertain, exercise, or defend a right in court.
The updated list of designated data processors can be provided upon request.
7. International Data Transfers
We may transfer your personal data to recipients who may be located outside the European Economic Area (EEA). When We transfer your personal data from the EEA to third countries, i.e. countries outside the EEA, We only do so on the basis of appropriate safeguards or if otherwise authorized by applicable law.
8. Data Security
We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, unauthorized disclosure, and alteration. We use firewalls, data encryption, physical access restrictions for our data centers, and authorization controls for data access.
9. Data Retention
We take measures to delete your Personal Data or keep it in a form that does not permit identifying You when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.
- Data processed for the purposes indicated in points 2A, 2B, 2C, 2E, 2F, and 2G will be stored for no longer than is necessary to achieve the purposes for which it is processed and/or for the time specified;
- With reference to the purposes indicated in paragraphs 2.C and 2.D, the User may object at any time, without giving reasons, by sending a message to privacy@ledworks.io or by using the unsubscribe link in the newsletter.
10. Your Rights
At any time, You can exercise the rights referred to in Article 15 et seq. GDPR for access, rectification, transformation, blocking, cancellation, limitation of processing, in the manner established by Article 12 GDPR.
Users may exercise their rights granted by the GDPR, by contacting, (only in relation to processing according to which we act as joint controllers with Calicantus) regardless, Calicantus, (i) by sending a registered letter with advice of receipt to the registered office of Calicantus (Via L. Mazzon, 3030020 Quarto d'Altino (VE), Italy) or (ii) by sending a registered e-mail to calicantussrl@dadapec.com (iii) by contacting Calicantus appointed Data Protection Officer (DPO), in the person of Nicola Ghinello at nicola.ghinello@dpo-rpd.com or Ledworks (in this case also for the processing according to which it acts as sole controller) (i) by sending a written notification to Ledworks S.r.l., in Via Primo Maggio 1 – 35035 Mestrino (PD), Italy or (ii) by sending an e-mail to the address privacy@ledworks.io.
11. Complaints
In the event of failure to promptly reply or an inadequate response from the Ledworks, or if You believe there is a violation of the data protection regulation, You can appeal to the Italian Data Protection Authority at the following coordinates: www.gpdp.it e-mail: garante@gpdp.it, Telephone switchboard: (+39) 06.69677.1.
12. Changes to Privacy Policy
We reserve the right to make changes to this Privacy Policy. In this case, you will be promptly informed when you use the Site again.
