Privacy & Cookies
Privacy Notice pursuant to Art. 13 of Regulation (EU) No. 679/2016 (“GDPR”)
ASJA di Giaquinto Serafina (hereinafter “ASJA”) protects the confidentiality of personal data and ensures their necessary protection against any event that may put them at risk of breach. As provided by the European Union Regulation No. 679/2016 (“GDPR”), and in particular Art. 13, the following information is provided to the user (“Data Subject”) regarding the processing of their personal data as required by law.
SECTION I
Who we are and what data we process (Art. 13, 1st paragraph lett. a, Art. 15, lett. b GDPR)
ASJA, represented by its legal representative p.t., with registered office in Sarno (SA), Corso Amendola n. 30, acts as Data Controller and can be contacted at
| Data Category | Example of Data Types |
| Personal data | first name, last name, physical address, nationality, province and municipality of residence, landline and/or mobile phone, fax, tax code, email address(es) |
| Banking data | IBAN and banking/postal data (excluding credit card number) |
| Internet traffic data | logs, originating IP address. |
ASJA does not require the Data Subject to provide so-called “special” data, meaning, as provided by GDPR (Art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, health data, or data concerning a person’s sex life or sexual orientation. Should the requested service require the processing of such data, the Data Subject will receive a specific notice beforehand and be asked to give explicit consent.
The Data Controller also acts as Data Protection Officer and can be contacted for any information and requests:
Email: privacy
Phone: 081.3086015
SECTION II
For what purposes do we need the Data Subject’s data (Art. 13, 1st paragraph GDPR)
The data is needed by the Controller to process registration requests and the contract for the purchased Service/Product, to manage and respond to contact requests from the Data Subject, provide assistance, and comply with legal and regulatory obligations applicable to the Controller’s activity. ASJA never resells the Data Subject’s personal data to third parties nor uses it for undeclared purposes.
In particular, the Data Subject’s data will be processed for:
- registration and requests for contact and/or informational material
The processing of the Data Subject’s personal data is carried out to perform preliminary and subsequent activities related to registration requests, information and contact requests, and/or the sending of informational material, as well as to fulfil any other resulting obligations.
Legal basis: performance of activities related to registration, information and contact requests, and/or sending informational material and compliance with legal obligations. - management of the contractual relationship
The processing of the Data Subject’s personal data is carried out to perform preliminary and subsequent activities related to the purchase of a Service and/or Product, management of the related order, provision of the Service and/or production and/or shipment of the purchased Product, invoicing and payment management, handling complaints and/or support requests, and provision of assistance, fraud prevention, as well as fulfilment of any other obligations arising from the contract.
Legal basis: performance of obligations related to the contractual relationship and compliance with legal requirements. - promotional activities on Services/Products similar to those purchased by the Data Subject (Recital 47 GDPR)
The Data Controller may use the contact data provided by the Data Subject for direct sales of its own Services/Products, limited to Services/Products similar to those purchased, unless the Data Subject explicitly objects. - promotional activities on Services/Products different from those purchased by the Data Subject
The Data Subject’s personal data may also be processed for commercial promotion, market research, and surveys regarding Services/Products offered by the Controller, but only if the Data Subject has given consent and does not object.
This processing may occur automatically via:
- SMS
- telephone contact
and may be carried out:
- if the Data Subject has not revoked their consent for data use;
- if, in case of processing via telephone operator, the Data Subject is not registered in the D.P.R. n. 178/2010 opt-out list;
- IT security
The Controller, in accordance with Recital 49 GDPR, processes the Data Subject’s personal data related to internet traffic, via its suppliers (third parties and/or recipients), to the extent strictly necessary and proportionate to ensure network and information security, i.e., the capacity of a network or information system to resist, at a certain level of security, unexpected events or unlawful acts compromising the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data.
The Controller will promptly inform Data Subjects if a particular risk of data breach arises, subject to obligations under Art. 33 GDPR regarding notifications of personal data breaches.
Legal basis: compliance with legal obligations and legitimate interest of the Controller to protect corporate assets and ASJA’s facilities and systems. - profiling
The Data Subject’s personal data may be processed for profiling purposes (e.g., analysis of transmitted data and chosen Services/Products, proposing advertising messages and/or commercial offers aligned with the Data Subject’s preferences) only if the Data Subject has given explicit informed consent. Legal basis: consent provided by the Data Subject, revocable at any time (see Section III). - fraud prevention (Recital 47 and Art. 22 GDPR)
- personal data of the Data Subject, excluding special data (Art. 9 GDPR) or judicial data (Art. 10 GDPR), will be processed to allow checks for monitoring and prevention of fraudulent payments by automated software systems before Service/Product negotiation;
- failure of such checks will prevent the transaction; the Data Subject may express their opinion, obtain explanations, or contest the decision via Customer Support or at
This email address is being protected from spambots. You need JavaScript enabled to view it. ; - data collected solely for anti-fraud purposes will be immediately deleted after the verification process, unlike data needed for proper service provision.
- protection of minors
Services/Products offered by the Controller are reserved for legally capable persons under applicable national law.
To prevent unauthorised access, the Controller implements measures such as verifying tax codes or other checks when necessary for specific Services/Products and ensuring the accuracy of identity document data issued by competent authorities.
Communication to third parties and categories of recipients (Art. 13, 1st paragraph GDPR)
Communication of the Data Subject’s personal data mainly occurs with third parties and/or recipients whose activities are necessary for performing the contractual relationship and to comply with certain legal obligations, such as:
| Recipient Categories | Purpose |
| ASJA supplier companies | Administrative, accounting, and contractual obligations |
| Third-party suppliers * | Provision of services (assistance, maintenance, delivery/shipping of products, additional services, network and electronic communication service providers) related to the requested service |
| Credit institutions and digital payment providers, banks/postal institutions | Management of collections, payments, and refunds related to the contractual service |
| External professionals/consultants and consulting firms | Compliance with legal obligations, exercise of rights, protection of contractual rights, debt recovery |
| Financial authorities, public bodies, judicial authorities, supervisory and control authorities | Compliance with legal obligations, protection of rights; lists and registers kept by public authorities or similar entities based on specific legislation in relation to the contractual service |
| Formally delegated or legally authorised persons | Legal representatives, administrators, guardians, etc. |
* The Controller requires third-party suppliers and data processors to implement security measures equivalent to those adopted for the Data Subject, limiting the processor’s scope to activities related to the requested service.
The Controller does not transfer your personal data to countries where GDPR is not applicable (non-EU countries) except as specifically indicated, in which case you will be informed in advance and your consent will be requested if necessary.
Legal basis: performance of contractual obligations, compliance with legal obligations, and legitimate interest of ASJA to process data necessary for these purposes.
SECTION III
What happens if the Data Subject does not provide the necessary personal data for the requested service? (Art. 13, 2nd paragraph, lett. e GDPR)
Collection and processing of personal data is necessary to provide the requested service and/or Product. If the Data Subject does not provide the personal data explicitly required in the order or registration form, the Controller cannot process the requests related to the requested services and/or the associated contract and Services/Products, nor the obligations arising from them.
What happens if the Data Subject does not give consent for processing personal data for commercial promotion of Services/Products different from those purchased?
If the Data Subject does not provide consent for such purposes, the processing will not occur for these purposes, without affecting the provision of requested services or Services/Products for which consent has already been given.
If the Data Subject has given consent and subsequently revokes or objects to commercial promotion, their data will no longer be processed for such activities, without any consequences or adverse effects for the Data Subject or the requested services.
How we process the Data Subject’s data (Art. 32 GDPR)
The Controller ensures appropriate security measures to preserve the confidentiality, integrity, and availability of the Data Subject’s personal data and requires equivalent security measures from third-party suppliers and processors.
Where we process the Data Subject’s data
The Data Subject’s personal data is stored in paper, computer, and electronic archives located in countries where GDPR applies (EU countries).
How long the Data Subject’s data is stored? (Art. 13, 2nd paragraph, lett. a GDPR)
Unless the Data Subject explicitly requests removal, personal data will be kept as long as necessary for the legitimate purposes for which it was collected.
In particular, data will be retained for the duration of their registration and no longer than a maximum of 12 (twelve) months of inactivity, or if within that period no Services and/or Products are associated with the registration.
For data provided for commercial promotion of services different from those already purchased with initial consent, data will be retained for 24 months unless consent is revoked.
For profiling purposes, data will be retained for 12 months unless consent is revoked.
If a user provides unnecessary or unsolicited personal data to ASJA, ASJA will not be considered the controller of such data and will delete them immediately.
Regardless of the Data Subject’s decision to remove data, personal data will be retained according to applicable laws/regulations to fulfil specific service obligations (e.g., email, domain registration, SEO services).
Data will also be retained for fulfilling obligations (e.g., tax and accounting) even after contract termination (Art. 2220 c.c.); only necessary data will be kept for these purposes.
If contractual or registration-related rights are exercised in court, personal data necessary for these purposes will be processed only for the duration necessary.
What are the rights of the Data Subject? (Arts. 15–20 GDPR)
The Data Subject has the right to obtain from the Controller the following:
- confirmation whether personal data concerning them is being processed and, if so, access to the data and the following information:
- the purposes of processing;
- the categories of personal data;
- the recipients or categories of recipients to whom personal data has been or will be disclosed, particularly if recipients are in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine such period;
- the right to request rectification or erasure of personal data or restriction of processing concerning them or to object to processing;
- the right to lodge a complaint with a supervisory authority;
- where data is not collected directly from the Data Subject, all available information on its source;
- the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved, and the significance and expected consequences of such processing for the Data Subject.
- adequate safeguards provided by the third country (non-EU) or international organisation for transferred data
- the right to obtain a copy of the personal data processed, provided this does not affect the rights and freedoms of others; additional copies may incur a reasonable administrative fee.
- the right to obtain rectification of inaccurate personal data without undue delay
- the right to obtain erasure of personal data without undue delay if grounds exist under Art. 17 GDPR (e.g., data no longer necessary, unlawful processing), subject to legal conditions; or if processing is not justified by another legitimate reason;
- the right to obtain restriction of processing in the cases provided by Art. 18 GDPR, e.g., when accuracy is contested, for the period necessary for the Controller to verify; the Data Subject must be informed when the restriction ends.
- the right to be informed of recipients of any corrections, deletions, or restrictions unless impossible or disproportionate.
- the right to receive personal data in a structured, commonly used, machine-readable format and to transmit such data to another controller without hindrance (Art. 20 GDPR), and the right to request direct transfer between controllers, if technically feasible.
For further information or to submit a request, contact the Controller at
How and when can the Data Subject object to the processing of their personal data? (Art. 21 GDPR)
For reasons related to the Data Subject’s particular situation, they may object at any time to the processing of their personal data if based on legitimate interest or for commercial promotion by contacting the Controller at
The Data Subject has the right to delete their personal data if there is no overriding legitimate reason for the Controller and, in any case, if they objected to commercial promotion.
To whom can the Data Subject lodge a complaint? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the Data Subject may lodge a complaint with the competent supervisory authority in Italy (Italian Data Protection Authority) or with the authority responsible in the Member State where the GDPR breach occurred.
Any updates to this Privacy Notice will be communicated promptly and by appropriate means and also when the Controller processes the Data Subject’s data for purposes beyond those indicated herein, following the Data Subject’s consent where required.
SECTION IV
This Section provides the Data Subject with specific information regarding the processing of personal data for each of the Services listed below, in addition to that provided in previous Sections.
SALES SERVICES
Communication to third parties and categories of recipients
For the provision of sales services, personal data strictly related to the service will be communicated to third parties (Registration Authorities and related accredited entities) located in countries where GDPR does not apply (non-EU countries), and only if an adequacy decision on data protection by the European Commission exists.
Legal basis: performance of contractual obligations, compliance with laws and regulations, and legitimate interest of ASJA to process data for these purposes.
EXCHANGES AND RETURNS SERVICE
Who we are (Art. 13, 1st paragraph lett. a, Art. 15, lett. b, Art. 26 GDPR)
If the Data Subject has chosen to purchase one or more Services/Products, ASJA di Serafina Giaquinto, with registered office in Sarno (SA), Corso Amendola 30, represented by its legal representative p.t., acts as data controller and can be contacted at
The Controller confirms that for these Services/Products, all information provided on data processing in previous Sections remains valid.
The Controller is also the Data Protection Officer , who can be contacted at
SECTION V
Updates to the Privacy Notice
The Controller reserves the right to update this Privacy Notice at any time, by posting it on the website or notifying the Data Subject by appropriate means. Users are therefore advised to check the website regularly to stay informed of any updates.
Ecco la traduzione in **inglese britannico**, mantenendo intatti tutti i tag HTML come richiesto: ---
SALES SERVICES
Communication to Third Parties and Categories of Recipients
Within the scope of providing the sales service, personal data, for purposes strictly related to the provision of the service, will be communicated to third parties (Registration Authorities and related accredited entities) based in countries where the GDPR is not applied (non-EU countries), and in any case for which an adequacy decision on the level of data protection by the European Commission is in force.
The legal basis for such processing is the performance of obligations related to the established relationship, compliance with legal and regulatory requirements, and ASJA’s legitimate interest in carrying out processing necessary for these purposes.
EXCHANGE AND RETURN SERVICE
Who We Are (Art. 13, 1st paragraph letter a, Art. 15 letter b, Art. 26 GDPR)
If the Data Subject has chosen to purchase one or more Services/Products, ASJA di Serafina Giaquinto, based in Sarno (SA), Corso Amendola 30, represented by its current legal representative, acts as the Data Controller and can be contacted at
The Data Controller has established that, for these Services/Products, all information regarding the processing of personal data provided to the Data Subject and presented in the previous Sections of this Policy remains valid.
The Data Controller is also the Data Protection Officer and can be contacted for any information and request:
Email:
Phone: 081/19726430
For each of the following services, in addition to the information reported in the previous Sections, the Controller provides the Data Subject with the following details:
Online Sale of Women’s Clothing
What Data We Process (Art. 13, 1st paragraph letter a, Art. 15 letter b GDPR)
| Data Category | Examples of Data Types |
| Personal Identification Data | Registration data and documents of the applicant |
| Internet / Email Traffic Data | Email communication logs |
How Long the Data is Retained (Art. 13, 2nd paragraph, letter a GDPR)
In accordance with current sector regulations, the personal data listed below will be retained for the period indicated:
| Data Type | Duration |
| Registration data and documents of the applicant | As specified in Section III |
| Internet / Email Traffic Data | 12 months |
Other Services
What Data We Process (Art. 13, 1st paragraph letter a, Art. 15 letter b GDPR)
| Data Category | Examples of Data Types |
| Personal Identification Data | Registration data and documents of the applicant |
| Internet / Email Traffic Data | Email communication logs |
How Long the Data is Retained (Art. 13, 2nd paragraph, letter a GDPR)
In accordance with current sector regulations, the personal data listed below will be retained for the period indicated:
| Data Type | Duration |
| Registration data and documents of the applicant | As specified in Section III |
| Internet / Email Traffic Data | 12 months |
SECTION V
Last updated: 23/12/2025
This section aims to describe how the website is managed in relation to services that use Cookies.
It specifically formalises and describes third-party services that use Cookies and that may collect, use, and share data in accordance with their specified Terms of Use.
Cookies are small data files generated and used by the browser. Their purpose is to assist the Controller in providing services based on the purposes described. Some purposes for setting Cookies may also require the User’s consent.
Types of Cookies
Technical Cookies
Technical cookies are essential for the proper functioning of our website and are used to allow users normal navigation and access to advanced services available on our site.
Session cookies may be installed to allow access and stay within the restricted area as an authenticated user.
Technical cookies include "session cookies," which are stored only for the duration of the browsing session until the browser is closed, and "persistent cookies," which are saved on the user's device until they expire or are deleted by the user. Our website uses the following technical cookies:
- Navigation or session technical cookies, used to manage normal navigation and user authentication
- Functional technical cookies, used to store user-selected customisations, such as language
- Analytics technical cookies, used to understand how users interact with the website to evaluate and improve functionality
Third-Party Cookies
Third-party cookies may be installed, including analytics and profiling cookies from Google Analytics, Google DoubleClick, Criteo, Rocket Fuel, YouTube, Yahoo, Bing, and Facebook. These cookies are sent by the websites of these third parties external to our website.
Third-party analytics cookies are used to gather information about user behaviour on the site in an anonymised form to monitor performance and improve usability. Third-party profiling cookies are used to create user profiles to deliver advertising in line with user preferences.
The use of these cookies is governed by the rules set by the third parties themselves; Users are therefore encouraged to read the privacy policies and instructions to manage or disable cookies published on the following web pages:
Technical and Aggregated Statistics Cookies
Activities strictly necessary for operation
This website uses Cookies to save the user's session and to perform other activities strictly necessary for the operation of the site, for example regarding traffic distribution.
Activities for saving preferences, optimisation, and statistics
This website uses Cookies to save navigation preferences and optimise your browsing experience.
These Cookies include, for example, those for setting language and currency or for statistical management by the website owner.
Other types of Cookies or third-party tools that may use them
Some of the services listed below collect statistics in aggregate form and may not require the User's consent or may be managed directly by the Controller – depending on the description – without the use of third parties.
Statistics for Data Collection
The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to track User behaviour.
Google Analytics with anonymised IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data collected in anonymised form to track and examine the use of this Application, compile reports, and share them with other services developed by Google.
As a website, we comply with the requirements of Google Analytics advertising features.
Google may use Personal Data to contextualise and personalise ads on its advertising network.
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy – Opt Out
For further details on how Google uses and collects data, see How Google uses data when you use partner websites or apps.
Advertising
These services allow the use of User Data for commercial communication purposes in various advertising formats, such as banners, also based on the User’s interests.
This does not mean that all Personal Data is used for this purpose. Data and usage conditions are indicated below.
Some of the services listed below may use Cookies to identify the User or use behavioural retargeting techniques, i.e., showing personalised ads based on User interests and behaviour, also detected outside this Application.
For more information, please check the privacy policies of the respective services.
Google AdSense (Google)
Google AdSense is an advertising service provided by Google Inc. This service uses the “DoubleClick” Cookie, which tracks the use of this Application and User behaviour regarding ads, products, and services offered.
As a website, we comply with the contractual constraints and the EU user consent rules of Google.
The User can choose at any time to not use the DoubleClick Cookie by disabling it: https://support.google.com/ads/answer/2662922?hl=it.
Personal data collected: Advertising Cookies and Usage Data.
Processing location: USA – Privacy Policy
DoubleClick for Publishers (Google Inc.)
DoubleClick for Publishers is an advertising service provided by Google Inc. through which the Controller can run advertising campaigns jointly with external advertising networks with which the Controller, unless otherwise specified in this document, has no direct relationship.
Users who do not wish to be tracked by these advertising networks can use Youronlinechoices. For understanding how Google uses data, please consult the Google partner policy.
This service uses the “DoubleClick” Cookie, which tracks the use of this Application and the User's behaviour regarding ads, products, and services offered.
The User can choose at any time to not use the DoubleClick Cookie by disabling it:
https://support.google.com/ads/answer/2662922?hl=it
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy
Advertising Technology Providers for AdSense and DoubleClick
Advertising technology providers (including Google, other advertising networks, and other vendors) use your users' data to display personalised ads or provide conversion information.
For AdSense and DoubleClick programs, we provide a list of advertising technology providers with whom data may be shared.
This website uses common advertising technology providers. The complete list of providers, with links to their privacy policies, can be found here: https://support.google.com/adsense/answer/9012903?hl=it&ref_topic=7670012
Those used by this website (common use) are marked with an asterisk (*)
Interaction with Social Networks and External Platforms
These services allow interactions with social networks or other external platforms directly from the pages of this Application.
Interactions and information collected from this Application are in any case subject to the User's privacy settings on each social network.
If a social network interaction service is installed, it is possible that, even if Users do not use the service, it still collects traffic data regarding the pages where it is installed.
Facebook Like Button and Social Widgets (Facebook, Inc.)
The "Like" button and Facebook social widgets are social network interaction services provided by Facebook, Inc.
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy
Twitter Tweet Button and Social Widgets (Twitter, Inc.)
The Tweet button and Twitter social widgets are social network interaction services provided by Twitter, Inc.
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy
Displaying Content from External Platforms
These services allow the display of content hosted on external platforms directly from the pages of this Application and interaction with them.
If such a service is installed, it is possible that, even if Users do not use the service, it still collects traffic data regarding the pages where it is installed.
Google Fonts (Google Inc.)
Google Fonts is a font style display service managed by Google Inc. that allows this Application to integrate such content within its pages.
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy
Youtube Videos (Google Inc.)
Youtube is a video content display service managed by Google Inc. that allows this Application to integrate such content within its pages.
Personal data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy
Managing Cookies for All Other Possible Partners
https://www.youronlinechoices.com/it/le-tue-scelte
How Can I Manage Cookies in My Browser?
In addition to what is indicated in this document, the User can manage Cookie preferences directly in their browser and prevent – for example – third parties from installing them.
Through browser preferences, it is also possible to delete Cookies installed in the past, including any Cookie storing consent to the installation of Cookies by this website.
It is important to note that disabling all Cookies may compromise the operation of this site.
Information on how to manage Cookies in your browser can be found at the following addresses:
Data Controller
Web Master
Since the installation of Cookies and other tracking systems by third parties through the services used within this Application cannot be technically controlled by the Controller, any specific reference to Cookies and tracking systems installed by third parties is indicative.
For complete information, please consult the privacy policy of the relevant third-party services listed in this document.
Given the objective complexity of identifying Cookie-based technologies and their close integration with web functionality, the User is invited to contact the Controller should they wish to receive any further details regarding the use of Cookies and any use by third parties performed through this site.
Definitions and Legal References
Personal Data (or Data)
Personal data is any information relating to a natural person, identified or identifiable, directly or indirectly, by reference to any other information, including an identification number.
Usage Data
These are personal data collected automatically by the Application (or by third-party applications it uses), including: IP addresses or domain names of computers used by the User connecting to the Application, addresses in URI notation (Uniform Resource Identifier), request time, method used to submit the request to the server, file size received in response, numerical code indicating the server response status (success, error, etc.), country of origin, characteristics of the browser and operating system used by the visitor, various temporal aspects of the visit (e.g., time spent on each page) and details relating to the path followed within the Application, particularly regarding the sequence of pages visited and parameters related to the User's operating system and IT environment.
User
The individual using this Application, who must coincide with the Data Subject or be authorised by them, and whose Personal Data is processed.
Data Subject
The natural or legal person to whom the Personal Data relates.
Data Processor (or Processor)
The natural or legal person, public authority, or other entity, association or body appointed by the Controller to process Personal Data in accordance with this privacy policy.
Data Controller (or Controller)
The natural or legal person, public authority, or other entity, association or body responsible, also jointly with another controller, for decisions regarding the purposes, methods of processing of personal data and the tools used, including security measures, in relation to the operation and use of this Application.
Unless otherwise specified, the Data Controller is the owner of this Application.
This Application
The hardware or software tool through which Users’ Personal Data are collected.
Legal References
Notice to European Users: this privacy policy is drafted in compliance with the obligations under Art. 10 of Directive 95/46/EC and the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies.
This privacy policy exclusively concerns this Application.