(Lastupdate: 08/08/2022 - v. 1.3)

What is this document? Pursuant to art. 13 Reg. UE n. 679/2016 ("GDPR"), this privacy policy explains how Ledworks S.r.l. (“Ledworks” or “We” or “Us”) collects, stores, uses, transfers and discloses personal data from our users (“Users” or “You”) who browse the pages of our website https://twinkly.com (“Site“).
For the purpose of this privacy policy, “Personal Data” means any information relating to an identified or identifiable individual (“Personal Data”).
  1. Data Controller and contact details; Joint Controller
    The data controller of the processing of personal data is Ledworks S.r.l. VAT IT09521280967 with registered office in Via Tortona 37 - 20144 - Milano.
    If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us via e-mail using the following details: privacy@ledworks.io

    With regard exclusively to data processing regarding the management of sales and transactions carried out in the context of our e-commerce (f.e. order management, sales and delivery of products, returns and warranty management and other activities necessary to sell products through our e-commerce), we and Triboo Digitale S.r.l. VAT IT02912880966 with registered office in Viale Sarca 336 - 20126 - Milano (“Triboo”) are jointly responsible as joint controllers. With respect to the joint processes, we and Triboo jointly determine the purposes and means of processing.

    In an agreement on joint controller ship pursuant to Article 26 GDPR, we and Triboo have determined how the respective tasks and responsibilities in the processing of personal data are structured and who fulfils which data protection obligations. In particular, it was determined how an appropriate level of security and your rights as a data subject can be ensured, how the information duties under data protection law can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled.

    Please notice that with regard to any other processing different from those listed in the previous paragraphs, we are the sole data controller.
  2. Purposes of processing, Legal Basis, Personal Data and Retention period
    We process Personal Data for the following purposes, as specified here in below. The following table also shows the legal basis which justifies the processing and the period of data retention.
    Purposes

    Personal Data

    Legal Basis

    Data Retention

    1. Management of sales and transactions carried out through our e-commerce
      (Joint controllership)
    ✓ Full name
    ✓ Account details
    ✓ Payment details
    ✓ Contact details
    ✓ Shipping address
    ✓ Billing address
    ✓ Order details
    Performance of pre contractual and contractual provisions [Art. 6, 1, lett. b) GDPR] Until the expiry of the data retention period, as provided by the applicable law, and according to Articles 2946 et seq. of the Italian Civil Code.
    1. Newsletter
      (Sole controllership by Ledworks)
    ✓ Contact details (e-mail) Consent [Art. 6, 1, lett. a) GDPR] Until withdrawal of consent
    1. Send materials for marketing purposes (by mail, SMS or instant messaging services)
      (Sole controllership by Ledworks)
    ✓ Contact details (email, phone number) Consent [Art. 6, 1, lett. a) GDPR] Until withdrawal of consent
    1. Management of requests when you contact our Customer Care for assistance
      (Sole controllership by Ledworks)
    ✓ Anagraphic information (Name and surname)
    ✓ Contact details(email)
    Performance of pre contractual and contractual provisions [Art. 6, 1, lett. b) GDPR] Until the fulfilment of your request;
    1. Allow us to fulfil all formalities required by law
      (Joint controllership for laws applicable to processing sub A), otherwise sole controllership by Ledworks)
    ✓Anagraphic information (Name and surname)
    ✓Home address
    ✓Contact details (email)
    Legal obligation [Art. 6, 1, lett. c) GDPR] Until the expiry of the data retention period, as provided by the applicable law.
    1. Improve the website by analysing how Users navigate and/or use the Website
      (Sole controllership by Ledworks)
    ✓IP Address
    ✓online ID
    ✓Device information
    Legitimate interest
    [Art.6, 1, lett. f) GDPR] 
    Not applicable (aggregate or anonymous data).
    1. Detecting or preventing fraudulent activity and exercising our rights in court
      (Joint controllership for cases related to processing sub A), otherwise sole controllership by Ledworks)
    ✓Personal information
    ✓Contact details (email)
    ✓IP Address
    ✓domain names of the computers utilised by users accessing the site
    ✓URIAddress (Uniform Resource Identifier) of booking request and the time when the request is made.
    Legitimate interest
    [Art.6, 1, lett. f) GDPR] 
    10years
  3. Nature of the provision of Personal Data and consequences of a refusal to provide
    The provision of Personal Data for the purpose set out in par. 2.A) is necessary and a refusal by the User simplies the impossibility for us to perform our contractual obligations and provide the Users with the functionalities, services and the information requested as specified above.
    The provision of Personal Data for the purposes referred to in par. 2.B)-2.C) is optional and any refusal by theUsers will not have any consequences on the performance of the services or the features and provision of information requested through the Site.
    The provision of Personal Data for the purpose set out in par. 2.D) is necessary to fulfil legal obligations.
    The provision of Personal Data for the purposes referred to in par. 2.E) is automatic and implicit in Internet transmission protocols.
  4. Social plug-ins
    It is possible to access the App through social network plug-ins (eg. Facebook, Apple, Google, etc.). If You access our Site through a similar plug-in, the internet browser connects directly to the social network servers and the plug-in is displayed on the screen thanks to the connection with the browser. The plug-in communicates to the social network server the pages viewed by the Users. Further information on the collection and use of data by social networks in general, as well as on the rights and methods available to protect the privacy of the data subject in this context, are present in the social network’s page concerning data protection.
  5. Recipients Where necessary, we transmit yourPersonal Data to:
    • Ledworks’ or Triboo employees and consultants who are responsible for data processing;
    • Third parties we or Triboo use to provide our services. These subjects (which include banking operators, hosting and cloud service providers, couriers; companies that carry out marketing activities) may process Personal Data as data controllers or external data processors. Any data processors have been adequately selected and offer a guarantee of compliance with the rules on the processing of personal data;
    • Police and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow Ledworks or Triboo to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
    The updated list of designated data processors may be provided upon request of Users using the channels listed at paragraph 9.
  6. International data transfers
    We may transfer your personal data to recipients who may be located outside the European Economic Area (EEA). When We transfer your personal data from the EEA to third countries, i.e. countries outside the EEA, We only do so on the basis of appropriate safeguards or if otherwise authorized by applicable law.
  7. Data Security
    We protect your personal data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration. To this end We use firewalls and data encryption, for example, as well as physical access restrictions for our data center and authorization controls for data access.
  8. Data Retention
    We take measures to delete yourPersonal Data or keep it in a form that does not permit identifying You when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.

    With reference to the purpose set out in par. 2.B)-2.C), You can object at any time without stating reasons by sending a message to privacy@ledworks.io or by using the unsubscribe link in the email newsletter.
  9. Your rights
    At any time, You can exercise the rights referred to in Article 15 et seq. GDPR for access, rectification, transformation, blocking, cancellation, limitation of processing, in the manner established by Article 12 GDPR.

    Users may exercise their rights granted by the GDPR, by contacting, (only in relation to processing according to which we act as joint controllers with Triboo) regardless, Triboo, (i) by sending a registered letter with advice of receipt to the registered office of Triboo (Viale Sarca 336 Edificio 16, 20126 Milan) or (ii) by sending a registered e-mail to triboospa@legalmail.it or (iii) by contacting Triboo Group appointed Data Protection Officer (DPO), Shibumi S.r.l. in the person of Lapo Curini Galletti at lapo.curinigalletti@triboo.it or Ledworks (in this case also for the processing according to which it acts as sole controller) (i) by sending a written notification to Ledworks S.r.l. Tortona Street 37 - 20144 - Milan, Italy, or (ii) by sending an e-mail to the address privacy@ledworks.io.

    Triboo shall proceed to comply only with your requests relating to the processing referred to in paragraph 2 A) (and those related to them), while Ledworks shall proceed to comply with the requests of Users relating to all the other processing listed in paragraph 2.
    • In the event of failure to promptly reply or an inadequate response from the Ledworks, or if You believe there is a violation of the data protection regulation, You can appeal to theItalian Data Protection Authority at the following coordinates: www.gpdp.it e-mail: garante@gpdp.it, Telephone switchboard: (+39) 06.6967711
  10. Changes to Privacy Policy
    We reserve the right to make changes to this Privacy Policy. In this case You will be promptly informed when You use the Site again.