Privacy policy

Annex 2
TO TERMS OF USE
Privacy & Cookie Policy

 

This Annex is a part of the general Terms of Use (the “Terms”) for our website at odissi-studio.com.  Capitalized terms used and not otherwise defined in this Annex are defined in the main body of the Terms.

 

Privacy Policy

This policy applies to the processing of personal data of users (“Users”) processed through the Website, including in connection with e-commerce services performed there (“Services”). By using the Services, the User will make purchases from HIMCo, whose full address is provided below and in the general conditions of sale. 

 

Data Controller

Through this document, HIMCo, whose principal place of business is 545 West 25th Street (4th Floor), New York, NY 10001, as the controller of the processing of personal data (“Controller”), intends to convey the information referred to in Articles. 13 et seq. of EU Regulation 2016/679 (the “Regulation”) in relation to the processing of personal data through the Website.  Such personal data may be processed as described herein either by Controller or by Controller’s affiliate, Him Co Industry S.p.A., an Italian company with registered office in Viale dell’Industria n. 27, Fossò, 30030 Venezia (VE).

 

  1. Type of Data Processed and Types of Processing
  2. a) Navigation Data: The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of Internet communication protocols. Though this information is not collected in order to identify Users, such information by its nature could, through processing and associating data held by third parties, allow Users to be identified. This category of data includes IP addresses or domain names of computers used by Users connected to the Website, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment. These data are used to obtain anonymous statistical information on the use of the Website and to check its proper functioning. They typically also include browsing cookies, which are necessary for the proper technical operation of the Website, as they enable content to be displayed optimally on each User device, especially following the first access, as they remain stored in cash memory of your system.

 

  1. b) Data Provided Voluntarily by the User to Purchase a Product on the Website or Use a Service: The sale of a product through the Website or the use of Services involves the processing of User data, with the sole purpose of completing such sale (e., fulfilling its contractual [and administrative?] obligation to process the order and payment, send the product purchased etc.) or providing such Services. The data processed are: name, e-mail address, domicile and other data which may be useful to conclude and execute the sales. Data included in special categories (as described in Article 9(1) of the Regulation, “Special Categories”) are excluded.

 

  1. c) Data Provided Voluntarily by the User to Receive Promotional Communications: If the User subscribes to a newsletter Service or agrees to receive commercial communications from the Controller, the data will be processed for the purpose of sending such communications by e-mail or postal mail, to the addresses provided by the User. The data processed are: name, e-mail address, domicile, and other data which may be useful to address the promotional communication. Data included in Special Categories are excluded.

 

  1. d) Cookies: Cookies are small text files that can be used by websites to make the user experience more efficient. We store cookies on the User’s device only if (i) such cookies are necessary for the operation of the Website or (ii) in the case of other cookies, we have obtained the User’s permission to do so.  For more information on the types of cookies we use and your choices with respect to such use, please see the cookies preferences page on the Website.  The User can qualify, modify or withdraw User’s consent to cookies at any time through the cookies preferences page.

 

  1. Purpose and Legal Basis for Processing

The data of the Users collected will be processed for the following purposes and on the following legal bases:

- Website Operation: To pursue Controller’s legitimate interest in promoting the security of the Website and of the information exchanged on it (i.e., the ability of the Website to withstand unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted) and the security of Services offered or made accessible. The legal basis for this processing is Article 6(1)(f) of the Regulation.

 

- Provision of Services: To provide the Services offered through the Website, for example, to allow the User to purchase a product, etc. The legal basis this processing Article 6(1)(b) of the Regulation, i.e., the processing necessary for the execution of the contract of which the User is a party.

 

- Sending of Advertising/Marketing Communications:  With the User’s consent (following the procedures on the Website), to provide instructional videos or product use information, invitations to events organized by the Controller or promotional communications, including marketing research. The legal basis for this processing is Article 6(a) of the Regulation, i.e., the User’s consent.

 

- Third-Party Cookies:  With the User’s consent (following the procedures on the Website, accepting “Advertising” cookies), the placement of marketing and direct targeting cookies, including third-party cookies, which enable Controller to send commercial messages likely to be of interest to User based on User’s browsing history. Third-party cookies are those sent by Controller’s trusted third-party partners. These cookies may be set on the Website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. They do not directly store personal data but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, your advertising will be less targeted. The legal basis for the processing is Article 6(a) of the Regulation, i.e., the User’s consent.

  1. Duration of Processing and Storage of Data

Personal data will be processed for so long as necessary to achieve the stated objectives (see Article 2 above) and thereafter retained for the purposes of legal compliance and defense for up to ten years.

Data provided for commercial communications, opinion surveys and market research will be kept until the User withdraws consent for such use or for up to two years, whichever is shorter.

 

  1. Processing and Transfer of Data

Processing may be carried out both on paper and by electronic means, only by persons expressly appointed for this purpose.

The data will be processed with logic and through forms of organization of the data strictly related to the obligations, tasks or purposes mentioned above. The Controller uses technical and organizational measures to protect the data in his possession from manipulation, loss, destruction and against access by unauthorized persons.  We use commercially reasonable efforts to improve our security measures as the technology improves.

The Controller may also transfer Users’ personal data to its service providers, such as Shopify, Klaviyo, Google Analytics, Facebook, Instagram, GIC and Microsoft Business Central, for the purposes of providing or improving the Services through the Website.

The Controller undertakes not to communicate, assign or transfer a User’s personal data to third parties (other than relevant service providers) without the express consent of the User, but may disclose and communicate such data if required to do so by law or at the official request of a court or administrative authority.

  1. Nature and Function of Data Collection

The User’s provision of the data referred to in Section 1(a) above is mandatory, because it is necessary to enable access to and navigation of the Website, referring to internet communication protocols, etc.

The User’s provision of the data referred to in Section 1(b) above is optional. In case of refusal, however, the User will not be able to purchase on the Website.

The User’s provision of the data referred to in Section 1(c) above is optional.

The User’s provision of the data referred to in Section 1(d) above is also optional.  

The User may revoke his or her consent at any time and without giving reasons.

The easiest way to do this is to click on the “Unsubscribe” link, which is found in each newsletter or communication received.  Alternatively, the User can send the unsubscribe request by email to the Controller at customerservice@odissi-studio.com.

  1. Scope of Communication and Dissemination

The User’s personal data will be processed by persons authorized to carry out these tasks, duly appointed as data processors or persons in charge of processing, equipped with security measures to protect the confidentiality of the User to whom the data refer and to avoid giving unnecessary access to third parties or unauthorized personnel.

If and to the extent necessary for the relevant purpose referred to in Section 2, the data collected may be communicated to public or private entities (insurers, auditing and certification companies, etc.) or to the competent authorities for the purposes of prevention, detection or repression of crime, in accordance with applicable laws and regulations.

With specific regard to the e-commerce platform, the Controller shall process the personal data of Users for purposes related to sales, including each step involving the Website (navigation on the Website, use of the Website in accordance with the Terms, registration, administrative activity, legal obligations), delivery, returns and customer care.

An updated list of all the processors is available upon request to Controller at the following e-mail address: customerservice@odissi-studio.com.  

Users’ data in Controller’s custody is stored on a server accessible only to Controller and its authorized service providers, which may be located within or without the E.U.

  1. Users’ Rights

Users are entitled to know their rights, consisting essentially in the right to receive information about the processing of their personal data, to access their data, to the rectification of inaccuracies or gaps, updating, erasure or blocking. Furthermore, the User will also have the right to obtain a copy of User’s data, to limit or oppose the processing of the data, the right to data portability and the right to lodge a complaint with the competent control authorities under the conditions and within the limits indicated in Article 13 of the Regulation.

Each data subject is guaranteed the following rights as per Articles 14 et seq. of the Regulation:

  • Right to information;
  • Right of access;
  • Right to rectification of inaccuracies;
  • Right of erasure (right to be forgotten);
  • Right of limitation of processing;
  • Right to data portability;
  • Right of opposition.

 

The User can then: know which of such User’s personal data are in the possession of the Controller, their origin and how they are used; request their updating or rectification of inaccuracies or gaps therein; and, in the cases provided for by current regulations, require the data’s erasure, limit the data’s processing or oppose such processing.

Any User may, if desired, request a copy of such User’s personal data held by the Controller, in a format readable by electronic devices and, where technically possible, the Controller may transfer the data directly to a third party designated by the User.

If the User believes that such User’s personal data has been processed unlawfully, the User may lodge a complaint with one of the competent supervisory authorities for compliance with the rules on the protection of personal data. For data subjects in Italy, the complaint can be submitted to the Guarantor for the Protection of Personal Data (http://www.garanteprivacy.it/).

 

  1. Exercise of Rights

To exercise the rights described in Section 7 above, a User may send an email to Controller at customerservice@odissi-studio.com, indicating in the subject line “Privacy - exercise of rights”.

 

Last revised October 1, 2024