Privacy policy

With this Privacy Policy, made pursuant to Article 13 of the Regulation (EU) 2016/679 ("GDPR" or "Regulations"), we wish to inform you about the ways in which your Personal Data (i.e. any information that can directly or indirectly identify you) will be processed when you visit and/or purchase on the website www.veobabys.com (hereinafter, the "Site"). This policy, together with the Cookie Policy and the Terms of Use and General Terms and Conditions., sets out the basis on which Users' personal data will be processed.

Personal Data Controller

The Data Controller of the personal data collected through the Site is: EPM STUDIO SRLS, ("Seller" or just "VEO") with registered office in ALTAMURA (BA) Via Arnaldo da Brescia n.9, Cap 70022, P.Iva 08721020728 n. R.E.A.: BA-645548 (henceforth 'Data Controller' or just 'Owner"), e-mail address: info@veobabys.com

Methods of Processing of Personal Data

We take into the utmost consideration the right to privacy and protection of personal data of our Users, which will be processed lawfully.

The Personal Data provided or acquired will be subject to Processing based on the principles of fairness, lawfulness, transparency and protection of confidentiality in accordance with current regulations, through appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data. The security measures taken include SSL certificate and HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.

The Processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes.

Personal data processed

When the User visits the Site, contacts us (by e-mail, by phone, by mail, etc.), subscribes to the newsletter or sends an order, we process some of his/her Personal Data, either autonomously or through third parties.

We list the categories of Personal Data processed:

  1. Identification, contact and access data: first and last name, tax code (optional), email address, shipping address, telephone number, as well as any other Personal Data voluntarily disclosed by the User.
  2. Purchase Data: the data that relates to purchases made;
  3. Browsing Data: related to the connection, IP addresses, domain names and other parameters related to the browser and operating system used;
  4. Usage Data: information generated by visiting the Site or making purchases on it: log data, data relating to registrations made, interaction and transaction processes, performance indicators, data relating to navigation flows and use of features;
  5. Billing data: if the User requests the issuance of an invoice.

Purpose of the Processing and Legal Basis

The Data Controller will process Users' Personal Data, as listed above, for the performance of its economic and commercial activities, for the specific purposes set out below.


  1. Purposes inherent to the Contract and Legal Obligations
  • Navigation on the Site;
    •
  • Activities necessary for the conclusion of the contract for the purchase of products sold by the Site and its execution;
    •
  • Processing of orders;
    •
  • Assistance and customer care activities as well as to respond to requests, complaints, reports and objections from Users via email to the Controller's addresses or through other communication channels;
    •
  • Handling of Users' requests via remote communication tools, such as email, chat, telephone, SMS, chatbots, banners, notification systems and other remote communication tools on the Site;
    •
  • Fulfilling obligations arising from applicable laws, regulations or EU legislation (e.g., tax and accounting obligations) or managing and responding to requests from relevant administrative, tax and judicial authorities;
    •
  • Administrative, accounting and tax activities such as activities related to the contract concluded through the Site, such as, but not limited to, the issuance of receipts and/or invoices, the keeping of accounting records;
    •
  • Responding to requests to exercise the rights recognized to Users by the contract concluded with the Controller, by the law in relation to such contract or by the GDPR, and consequent activities.
    •

    For these purposes, the Legal Basis is the need to execute pre-contractual and contractual obligations to which the User is a party (art. 6.1.b) of the GDPR) or the fulfillment of legal obligations to which the Controller is subject (art. 6.1.c) of the GDPR).

    Therefore, their processing is necessary to enable the conclusion and execution of the contract through the Site or to respond to pre-contractual requests made by the User in relation to the Site. Failure to provide the data, therefore, will result in the impossibility for the User to conclude a contract through the Site and/or to receive a response to the requests made.


    1. Analysis and statistical and other non-consent-based purposes
  • To carry out statistical analysis with respect to the use of the Site, navigation, product research, to improve the Site and the offer of products sold through it;
    •
  • To ensure compliance with the Data Controller's contractual rights, i.e., to demonstrate that it has fulfilled its obligations arising from its contract with the data subject or imposed by law, to prevent and/or suppress fraudulent or harmful actions;
    •
  • To remind the User who has undertaken the purchase process that he or she has placed a product in his or her shopping cart.
    •

    The legal basis for this processing is legitimate interest (Art. 6.1.f) of the Regulations). Sometimes the Legal Basis consists of legitimate interest (Art. 6.1.f in conjunction with Recital 47 of the Regulations), for sending transactional email communications (e.g. abandoned shopping cart).


    1. Purposes of Direct Marketing and Profiling
  • With the User's consent, we will send commercial emails to show him/her updates, news, offers and promotions, market research, including through automated processing tools such as emails and newsletters;
  • With User's consent, we will process his/her Personal Data to attribute to him particular characteristics, preferences, and send him, also through tools of automated treatments such as "retargeting" or through inclusion in clusters of subjects with common characteristics, personalized and diversified commercial communications, based on his profile.

    • For this purpose, the processing, including the final decision about the promotional communication to be sent or displayed to the user based on the cluster(s) they belong to, is done in an automated way, without human intervention, based on algorithms whose parameters have been previously set.

    The legal basis is the express consent of the User to the processing of personal data for this purpose (Art. 6.1.a) of the Regulations. The provision of data for this purpose is optional. In case of non-consent, revocation of the same or exercise of the right to object, the User's ability to make purchases on the Site will not be affected in any way.

    1. Soft-spam

    To send to the User's email address issued as part of the purchase of products through the Site, commercial communications to propose the direct sale of similar products. This activity does not require the acquisition of the prior express consent of the interested party as it is exercised on the legal basis of Article 130, paragraph 4, of the Privacy Code (Legislative Decree No. 196 of June 30, 2003), which expressly allows it, provided that the User does not refuse such use, initially or on the occasion of subsequent communications.

    Modification of choices and withdrawal of consent

    If consent is given, the User may at any time revoke the consent given and/or oppose to the processing of personal data for generic marketing and profiling purposes through the modalities indicated in the 'Rights of Data Subjects' section later in this policy.

    In case of revocation of consent, the processing performed on the basis of the consent given prior to its revocation will still be considered legitimate. In case of revocation of consent and/or opposition to the processing of your data for the purpose of generic marketing, your data will no longer be processed for that purpose and will only be retained by the Data Controller in the circumstance that there is another legal basis that legitimizes its processing (e.g., contractual performance; legal obligation; legitimate interest).

    Time of storage.


    The Controller will process Users' personal data for as long as necessary to achieve the purposes for which such data were collected, as defined in this policy. However, for each of the stated purposes, the personal data collected will be retained for the time specified below:

    1. For the purposes inherent to the Contract, the Data Controller will process the User's data for the time strictly necessary to carry out the individual processing activities, it being understood that, once this period has expired, the Data Controller may retain the data for the purposes and for the maximum retention periods set forth in the other sections of this notice, if relevant and/or, in any case, in the cases established by the GDPR and/or the law.
    2. For tax, administration, accounting, and legal purposes, until the expiration of the legal deadlines stipulated for carrying out each fulfillment and/or for the retention periods stipulated by law.
    3. For purposes based on the legitimate interest of the Controller, the Controller will process the User's data for as long as is strictly necessary for the satisfaction of such interest, unless, in the face of disputes and/or complaints, the Controller needs to retain the personal data in order to carry out defense activities (subsection k) for the next 10 years (of prescription) or, in the case of litigation, further retention is determined by the duration of the litigation or by specific requests of the authority. The User can obtain more information about the legitimate interest pursued by contacting the Data Controller.
    4. For the purpose of marketing and profiling, as long as consent is not revoked and in any case for a period of 5 years from when consent was given or renewed by the User.

    After these retention periods, the Personal Data will be deleted and the User will no longer be able to exercise the rights of access, deletion, rectification and portability of the Data.

    Communication and Dissemination of Data

    In addition to the Data Controller, in some cases, the Data may be accessed by:

    1. third parties who perform ancillary and instrumental tasks with respect to the Holder's activity and who process Personal Data on behalf of the Holder, such as: payment services, lawyers, accountants, system administrators, logistics companies, companies offering logistics management services, newsletter services, manufacturers for product repair;
    2. public or private entities that can access the Data in compliance with the law, regulations and measures issued by the competent authorities;
    3. potential buyers of the Holder company and entities resulting from the merger or any other form of transformation.

    These recipients, as the case may be, process Users' Personal Data in their capacity as data processors, data controllers or autonomous controllers. The User may request the updated list of Data Processors referred to in Article 28 GDPR.

    Place of Processing and transfer of Data abroad

    The processing of the Data takes place essentially in Italy and in the countries of the European Union. Some third party tools may process the Data of the users of this website in countries outside the European Economic Area (the "Third Countries").

    Data transfer to Third Countries may also occur through the use of external tools that enable certain services (e.g. statistical analysis, newsletters, remarketing, advertising, use of social buttons).

    Sometimes the use of such tools may imply the transfer of personal data of users visiting this website to a third country, such as the United States, for which there is no European Commission adequacy decision.

    Should there be a need to transfer data to Third Countries, the Data Controller undertakes to ensure that the country to which the data will be sent guarantees an adequate level of protection, as provided for in Article 45 GDPR; such transfer will be governed on the basis of the standard data protection contractual clauses approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.

    Cookies

    This Website uses cookies. Cookies are small text files that can be installed by websites on users' devices to make the browsing experience more efficient and to personalize content and ads, provide social network features, and analyze traffic. To learn more, read the Cookie Policy.

    Personal Data Processing Tools

    CONTACT FORM

    By completing the contact form, the User consents to the processing of the personal data entered therein and their use to respond to requests for information. The personal data being processed are those requested by the form and any other personal data that the User may enter in the body of the message.

    NEWSLETTER AND DIRECT MARKETING

    The newsletter service allows the Data Controller to email users commercial communications, promotions, updates on new products and the like. The management of email addresses is done through a database containing the user's email address, which is added to the list of users subscribed to the newsletter, when the user subscribes to the newsletter by consenting to the sending of commercial communications, or makes a purchase (in the case of soft-spam). In either case, the user will be able to unsubscribe from the Newsletter service using the relevant button within the emails. After his or her unsubscribe request, the user's data will be deleted from the database of the software used by the Site to send the newsletter. The Personal Data processed by this service are: first name, last name, email address, shipping address, billing address, Tax Code (optional), Payment Information, Phone Number. However, the software used by the Site to send the newsletter may also process Data related to the date and time the message was viewed or clicks on links included in the body of the message. This Site uses the following email delivery service:

    Klaviyo (Klaviyo Inc.).
    Klaviyo is an address management and email messaging service provided by Klaviyo Inc. In order to take advantage of the service provided by Klaviyo, generally the Owner shares information regarding Users (who make purchases), such as delivery data and purchase history. For more information regarding the extent of such sharing check the guidance below under the heading "Personal Data Processed". Personal Data Processed: name and email. Place of processing: United States - Privacy Policy- Opt out.

    LoopMe (LoopMe Ltd)

    LoopMe is an advertising service provided by LoopMe Ltd. Personal Data Processed: Usage Data; Tracking Tools. Place of processing: United Kingdom -. Privacy Policy. - Opt out.

    VIADS ADVERTISING (VIADS ADVERTISING S.L.)

    VIADS ADVERTISING is an advertising service provided by VIADS ADVERTISING S.L. Personal Data Processed: Usage Data; Tracking Tools. Place of processing: Spain - Privacy Policy.

    Viralize (Viralize Srl)

    Viralize is an advertising service provided by Viralize Srl. Personal Data Processed: Usage Data; Tracking Tools. Place of processing: Italy - Privacy Policy - Opt Out.


    SOCIAL BUTTONS

    The User can use social buttons to visit the social pages of the Site, through the following social tools, which however collect personal data of users such as traffic data on the pages visited and on which they are installed. The Site provides the following social buttons:

    Instagram (Meta Platforms Ireland Limited) The Instagram button is an interaction service with the social network Instagram, provided by Meta Platforms Ireland Limited. Personal Data collected: Cookies, Usage Data and other data as per the relevant privacy policy. Place of processing: IRELAND - UNITED STATES -. Privacy Policy

    Facebook (Meta Platforms Ireland Limited) The Facebook social button and widgets are services for interaction with the social network Facebook, provided by Meta Platforms Ireland Limited. Personal Data Collected: Cookies and Usage Data. Place of processing: IRELAND - UNITED STATES Privacy Policy

    TikTok (TikTok Technology Limited). The TikTok social button and widgets are services for interaction with the TikTok social network, provided by TikTok Technology Limited. Personal data collected: Cookies and Usage data. Place of processing: IRELAND -. Privacy Policy

    Place of processing: IRELAND - Privacy Policy.

    Pinterest (Pinterest, Inc.) The Pinterest social button and widgets are services for interaction with the Pinterest social network, provided by Pinterest, Inc. Personal Data Collected: Cookies and Usage Data. Place of processing: UNITED STATES Privacy Policy

    STATISTICS

    Statistical services allow the Data Controller to monitor and analyze traffic data and are used to track User behavior. This Site uses the following third-party services:

    Google Analytics (Google Ireland Limited)

    Google Analytics is an analytics service provided by Google Ireland Limited. Google uses the Personal Data collected for the purpose of tracking and examining the use of this Site, compiling reports and sharing them with other services developed by Google. Google may use Personal Data to contextualize and personalize ads in its advertising network. Google may also transfer this information to third parties where required to do so by law or where such third parties process this information on Google's behalf. IP address anonymization is enabled on this site. The IP address transmitted by your browser for purposes related to Google Analytics will not be merged with other data already held by Google.

    The use of Google Analytics may in some cases involve the transfer of personal data of users visiting this website to a third country, such as the United States, for which there is no adequacy decision by the European Commission.

    At the following link https://tools.google.com/dlpage/gaoptout?hl=it the browser add-on for deactivating Google Analytics is made available by Google. Personal Data Collected: Cookies, IP Address, Usage Data and the other personal data defined in the Google privacy policy..
    Place of processing: IRELAND and in some cases UNITED STATES -. Privacy Policy (https://policies.google.com/privacy?hl=it)

    Hotjar (Hotjar Ltd.)
    Hotjar is a statistics service provided by Hotjar Ltd that also allows you to identify the areas of this Site with which you interact the most. Personal Data Processed: Usage Data; Tracking Tools. Place of processing: Malta -. Privacy Policy. - Opt Out.


    Lucky Orange (Lucky Orange, LLC)

    Lucky Orange is a statistics service provided by Lucky Orange, LLC that also allows you to identify the areas of this Site that you interact with the most. Personal Data Processed: clicks; Usage Data; page scrolling interactions; mouse movements; location relative to scrolling; Tracking Tools. Place of processing: United States - Privacy Policy..


    REMARKETING

    These services allow this Site to communicate, optimize and deliver advertisements based on the User's past use of this Website. This activity is done through tracking of Usage Data and the use of Cookies. This Website uses the following services:

    Facebook Remarketing (Meta Platforms Ireland Limited).
    Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Meta Platforms Ireland Limited ('Meta'), which links this Site's activity with Meta's advertising network. This Site makes use of the Facebook Pixel tool in order to measure conversions. Thanks to the Facebook Pixel you can understand the actions that people perform on the Website. The Data that is collected can be used to make sure that ads are shown to the right people; create audience groups to target ads to; and take advantage of additional advertising tools on the platform on which you advertise.
    The information collected is anonymous to the operators of this Site and cannot be used to identify an individual user. However, the information is saved and analyzed by Facebook, which could link the action back to an individual profile and use this information for internal Facebook advertising purposes, as outlined by Facebook's privacy policy. This will allow Facebook to show advertisements on both Facebook and third-party sites. The Site Owner has no control over how this data is used. For more information on how users can protect their privacy, please refer to the Privacy Policy of Facebook. Place of processing: IRELAND and UNITED STATES.

    Google ADS (Google Ireland Limited)
    Google ADS is a service provided by Google Ireland Limited that links this Web Site with Google's advertising network. This Web Site makes use of the Remarketing functionality of Google Analytics combined with the multi-device adaptation capability of Google ADS. This functionality makes it possible to connect target groups for promotional campaigns created by the Marketing function of Google Analytics with the adaptability to different Google ADS devices. This makes it possible to show advertisements based on the user's personal interests, identified through an analysis of the user's web behavior, whether on a mobile device or other devices. You can permanently disable targeting and remarketing features by disabling the "personalized advertising" feature in your Google account. To do so, simply follow the opt out link. Personal Data Collected: Cookies and Usage Data. Place of processing: Ireland -. Privacy Policy. - Opt out.

    Facebook Pixel (Meta Platforms Ireland Limited)
    This site uses the Facebook Pixel, a Facebook conversion tracking tool provided by Meta Platforms, Inc. This analyzes conversions attributable to sponsorships on social Facebook by using and analyzing certain Personal Data of the user. Personal Data collected: Cookies; Usage Data. Place of processing: Ireland and in some cases UNITED STATES -. Privacy Policy..

    Tik Tok Remarketing
    This site uses Tik Tok Remarketing which is a Tik Tok conversion tracking tool provided by TikTok Inc. or TikTok Technology Limited. Personal Data Processed: Usage Data; unique device identifiers for advertising (Google Advertiser ID or IDFA identifier, for example); device information; Tracking Tools. Place of processing: Ireland - Privacy Policy..


    PAYMENT PROCESSING.

    For order payment processing, this Site uses the following third-party tools:


    PayPal (PayPal Europe S.à.r.l. et Cie, S.C.A Inc.).
    PayPal is a payment service provided by PayPal Europe S.à.r.l. et Cie, S.C.A Inc. that allows the User to make online payments using their PayPal credentials. Personal Data collected: Cookies and various types of Data as specified by the privacy policy of the service. Place of processing: LUXEMBOURG -. Privacy Policy

    Stripe (Stripe Payment Europe Limited)
    Stripe is a payment service provided by Stripe Payments Europe, Ltd. that enables Users to make online payments using their Stripe credentials. Personal Data collected: Various types of Data as specified by the privacy policy of the service. Place of processing: USA - Privacy Policy.

    Payment in 3 installments through KLARNA.
    Payment in 3 installments through KLARNA is a payment service offered by KLARNA Bank AB, a fintech company that provides online financial services such as post-purchase payments. Personal Data Collected: Cookies and various types of Data as specified by the service's privacy policy. Place of processing: SWEDEN - Privacy Policy

    Apple Pay (Apple Payments Inc.)
    Apple Pay is a non-instant mobile payment tool created by Apple Inc. Personal Data Collected: Cookies and various types of Data as specified by the service's privacy policy. Place of processing: UNITED STATES - Privacy Policy

    Shop Pay (Shopify Inc.)
    Shop Pay is a fast payment service provided by Shopify Inc. that allows customers to save email address, credit card, and shipping and billing information. Cookies and various types of Data as specified by the service's privacy policy. Place of processing: CANADA - Privacy Policy

    Google Pay (Google LLC)
    Google Pay is a digital wallet system developed by Google LLC. Cookies and various types of Data as specified by the service's privacy policy. Place of processing: EUROPEAN ECONOMIC AREA - UNITED STATES -. Privacy Policy


    SECURITY MEASURES

    This Site uses security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Among the security measures taken are the SSL certificate and HTTPS protocol, to protect the Personal Data entered and prevent access by unauthorized third parties.

    Google reCAPTCHA (Google Ireland Limited).

    This Site makes use of the Google reCAPTCHA tool, a service provided by Google Ireland Limited that protects the Site from spam and misuse by robots. The service, in fact, allows to verify that the user is a person and not a robot, by showing him some queries based on text or images, or in some cases by means of a JavaScript element in the source text that analyzes the User's behavior and operations to exclude that he is a robot, without showing him queries. To get more information about the data collected by the application, please take a look at the relevant Privacy Policy e Terms of Service

    LIVE CHAT

    WhatsApp (Meta Platforms Ireland Limited)

    Live Chat via the 'Whatsapp' channel can be used by users to take advantage of support or customer care services, before, during and after purchase. The service is provided by Meta Platforms Ireland Limited and may use various technologies to collect and store information when using the services with which it is integrated, this may include the use of cookies and similar tracking technologies. Place of Processing: IRELAND - Privacy Policy.

    Rights of Data Subjects

    Data Subjects have the right to exercise the rights provided for in Articles 7, 15-22 of the Regulations.

    In particular, Users have the right to obtain: access, updating, rectification or, when interested, integration of data; cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; certification that the above operations have been brought to the attention, also as regards their content, of those to whom the data were communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate to the protected right.

    In addition, Users have the right to revoke their consent at any time, if the processing is based on their consent, to request data portability, i.e. to receive all personal data concerning them in a structured, commonly used and machine-readable format), to request the restriction of the processing of personal data and/or their deletion ("right to be forgotten"), as well as the right to object to the processing of personal data concerning them and to the processing for the purpose of sending advertising material, direct sales and for carrying out market research.

    Pursuant to the Applicable Regulations, the Data Controllers inform that Users have the right to obtain information on (i) the origin of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the Data Controllers and the persons in charge; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as managers or appointees.

    Data subjects may exercise their rights, by sending an appropriate communication to the Controller:

    Data subjects, if they believe that the processing concerning them violates the Regulation, also have the right to lodge a complaint with the Garante della Privacy as the supervisory authority for the protection of personal data (Garante per la protezione dei dati personali, based in Piazza Venezia n. 11 - 00187 - Rome (http://www.garanteprivacy.it/).

    Changes to this Privacy Policy

    The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking as reference the date of last modification indicated at the bottom. If you do not accept the changes made to this Privacy Policy, you must cease using this Website and may request the Data Controller to remove your Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the Personal Data collected up to that point. The Data Controller is not responsible for updating all links viewable in this Privacy Policy, so whenever a link is not working and/or updated, Users acknowledge and agree that they should always refer to the document and/or section of the websites referred to by that link.


    Privacy Policy updated as of May 2023