Privacy Policy
Information on the processing of personal data
pursuant to Articles 13 and 14 of Regulation (EU) 2016/679
Before you provide us with your personal data, in accordance with the provisions of the European Regulation on the
protection of personal data 2016/679 (hereinafter “Regulation” or “GDPR”), Legislative Decree 30 June 2003, no. 196
as amended by Legislative Decree 10 August 2018, no. 101, which aims to protect the fundamental rights and
freedoms of individuals, particularly the right to the protection of personal data, it is important that you review a
series of information aimed at ensuring that the processing of your personal data 1 is carried out in compliance with
your fundamental rights and freedoms.
1. Introduction 1
2. Purpose of processing and legal basis 1
3. Personal data processed, processing methods, and sources of collection 1
4. Nature of providing personal data and consequences of refusal 2
5. Communication and dissemination of personal data 2
6. Cookies and other technologies 2
7. Retention periods of personal data 2
8. Rights of the data subject 2
9. Data Controller 3
10. Websites and third-party services 3
1. Introduction
BAZR S.p.A. (hereinafter, the “Data Controller” 2 or the “Controller” or “we”) cares about the protection of your
personal data and wishes to offer you the best possible browsing experience.
This privacy policy describes how we collect, use, store, or otherwise process (collectively “processing”) your personal
data as a user 3 through the Bazr | The new live shopping revolution (bazrlive.com) website and the pages linked to it
(hereinafter, also, the “Platform”).
2. Purpose of processing and legal basis
Below you will find more details regarding the purposes for which we process your personal data.
PURPOSE LEGAL BASIS
A) Responding to any request you
send through the “Contacts”
section.
The processing carried out for these purposes is necessary for the
performance of a service in your favor. The Controller has identified the legal
basis for the processing in the provisions of Article 6(b) of the GDPR.
B)
Compliance with legal
obligations to which we are
subject.
The processing carried out for this purpose is necessary for compliance with
legal obligations. The Controller has identified the legal basis for the
processing in the provisions of Article 6(c) of the GDPR.
3. Personal data processed, processing methods, and sources of collectionThe processing of your personal data is carried out using electronic or otherwise automated means and transmitted
through telematic networks. The Controller adopts appropriate technical and organizational measures to ensure a
level of security suitable for the type of data processed.
Below you will find more details regarding the personal data processed.
A) Responding to any request you send Necessary data
1 For the purposes of this policy, for “personal data” means any information relating to an identified or identifiable natural person (Article 4, number 1, GDPR).
2 For the purposes of this policy, the term “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Article 4, number 7, GDPR).
3 For the purposes of this policy, for “user” means the subject who has landed on the Platform, whom we will also refer to using expressions such as “you”, “your/your”.
through the “Contacts” section.
Data given by you Email address and information contained within the communication sent.
B) Legal obligations Necessary data
Data given by you Information necessary to comply with the legal obligations to which the Controller is subject.
4. Nature of providing personal data and consequences of refusal
Providing your personal data is essential for the pursuit of the purposes referred to in paragraph 2, letters A) and B).
Failure, partial, or incorrect provision of such personal data will result in the inability to access the Platform and use its
functionalities.
5. Communication and dissemination of personal data
Your personal data will be processed by authorized personnel and by entities designated as Data Processors 4 pursuant
to Article 28 of the GDPR, in order to carry out the processing activities necessary to pursue the purposes detailed in
paragraph 2 of this privacy policy. These are third-party suppliers directly appointed and instructed by the Controller,
and their list is constantly updated and available upon your request by sending us a communication to the email
address [email protected].
We inform you that your personal data is processed within the territory of the European Union. However, if it
becomes necessary to transfer your personal data outside the European Union, the Controller will adopt all
appropriate and necessary contractual measures to ensure an adequate level of protection of your personal data in
accordance with the provisions of this privacy policy and in compliance with Chapter V of the GDPR.
Your data will not be disseminated in any case.
6. Cookies and other technologies
For more information regarding the processing of your personal data collected through cookies and similar
technologies, please refer to our Cookie Policy, accessible at the following link and always available in the footer of
the website.
7. Retention periods of personal data
Your personal data will be retained for the period strictly necessary to achieve the purposes outlined in paragraph 2 of
this privacy policy, subject to any additional retention periods imposed by legal obligations.
Specifically, in relation to:
the purpose referred to in letter A), paragraph 2 of this privacy policy, the Controller will retain your personal
data for the time strictly necessary to respond to the request you submitted;
the purpose referred to in letter B), paragraph 2 of this privacy policy, your personal data will be retained in
accordance with applicable regulations, for a period not exceeding that necessary to achieve the purposes for
which they are processed.
Subsequently, your personal data will be securely deleted or irreversibly anonymized. In any case, the Controller will
take care to use your data for the purposes referred to in paragraph 2 for a time appropriate to the interest you have
shown in the initiatives presented.
8. Rights of the data subject
In relation to the processing of personal data, you have the right to exercise the rights provided for in Articles 15 to 22
of the GDPR. In particular, you have the right, where applicable and under the conditions and in the manner provided
by the GDPR, to exercise:
– the right of access, i.e., the right to request access to your personal data and information regarding the
purpose of the processing, the categories of personal data processed, the recipients or categories of
recipients to whom the personal data are or may be disclosed, where possible, the retention period of the
personal data, or the criteria used to determine such period, the existence of the right to rectification and/or
erasure of personal data, restriction of processing and objection to processing, the right to lodge a complaint
with a supervisory authority, the origin of the data, the existence of automated decision-making. If the data
subject exercises this right, the Controller will provide an electronic copy of the personal data (Art. 15);
For the purposes of this policy, the term “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Article 4, number 8, GDPR).
– the right to rectification of personal data, where they are incomplete or inaccurate (Art. 16);
– the right to erasure of personal data, where one of the following conditions applies: (i) the personal data are
no longer necessary for the purposes for which they were collected, (ii) withdrawal of consent – where this is
the legal basis for the processing, (iii) objection to processing without an overriding legitimate interest of the
Controller, (iv) unlawful processing of personal data, and (v) obligation to erase to comply with a legal
obligation under European Union or national law (Art. 17);
– the right to restriction of processing of personal data when: (i) the accuracy of the personal data is
contested, for the time necessary for the Controller to verify such accuracy, (ii) the processing is unlawful
and, instead of erasure, restriction of processing is requested, (iii) when the Controller no longer needs to
process the personal data but the data subject needs them for the establishment, exercise, or defense of
legal claims, and (iv) the data subject has objected to processing pending verification of whether the
Controller legitimate grounds override those of the data subject (Art. 18);
– the right to data portability, i.e., to receive in a commonly used, machine-readable, and interoperable
format the personal data, also for the purpose of transmitting them to another data controller, where the
processing is based on consent or is carried out by automated means (Art. 20);
– the right to object to the processing of personal data, where such processing is carried out pursuant to Art.
6(1)(e) (performance of a task carried out in the public interest) or Art. 6(1)(f) (legitimate interest of the
Controller) of the GDPR unless the Controller can demonstrate compelling legitimate grounds for the
processing that override the interests, rights, and freedoms of the data subject or for the establishment,
exercise, or defense of legal claims (Art. 21).
If you believe that the processing of your personal data is in violation of the GDPR, you also have the right to lodge a
complaint with the Supervisory Authority pursuant to Art. 77 of the GDPR, following the instructions published on the
official website of the Italian Data Protection Authority (www.garanteprivacy.it).
Your requests to exercise your rights should be sent to the email address [email protected].
9. Data Controller
The Data Controller is BAZR S.p.A., VAT: 17122741006, with registered office at Viale Bruno Buozzi 64 – 00197 Rome
(RM). The Controller can be contacted at the following email address: [email protected].
10. Websites and third-party services
While using the Platform, you may encounter links to third-party websites and services. This privacy policy does not
refer to any processing of personal data carried out by such third parties. The Controller has no control over and is not
responsible for the processing of personal data possibly carried out by third parties through their websites and/or
services. For more information on the processing carried out by third parties, please refer to their privacy policies.
Last update: September 2024
We are constantly committed to improving the level of protection of your personal data and respecting your privacy, therefore we
may modify, supplement, or update this privacy policy from time to time. We will notify you of changes to the privacy policy via pop-
up on the Platform and, in any case, you can always consult the privacy policy in the privacy section of the Platform or visit the Bazr
| The new live shopping revolution (bazrlive.com) website to ensure you are always updated on all processing activities and our
compliance with applicable data protection legislation.