SECTION 1 - INFORMATION WE COLLECT
(I) Information We collect automatically
The information systems and software procedures relied upon to operate this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment. These data are necessary to use web-based services and are also processed in order to extract statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.) and check functioning of the services.
We may collect, through third parties (including Google Analytics), your location, information about which browser you are using, which pages of our Website you are visiting, Ip address, number of click. This is statistical information on service usage (most visited pages, visitors by time/date, geographical areas of origin, etc.).
(II) Information you provide to Us
When you purchase something from our store, as part of the buying and selling process, We collect the personal information you give us, including through our online forms, such as your full name, address and email address.
We have no accesso to your payment information including credit card details, bank account numbers. All payments are handled by external service providers, namely PayPal Holdings, Google Pay and Stripe, Inc.
SECTION 2 – HOW WE WILL USE YOUR DATA? PURPOSES OF DATA PROCESSING
We may process user’s personal data for the following purposes:
- Process you order through our Website
We will process your personal data when you use our Website and submit an order with us. We will also process your personal data to provide you with the services we offer (including tours, events), to answers your queries and provide assistance with the use of our website and with our services.
- Promotions and Direct Marketing
With your consent, we will process your personal data for our marketing purposes including e-mail you special offers on products and services we think you might like. We will process your data both by automated means (i.e. sending e-mail, text messages, newsletter with our best deals, instant messaging applications, etc.) or manual processing (i.e. mails, telephone). We may also process your data for marketing research and analysis. We may use profiling cookies and tracking pixels in order to collect and record information necessary to improve our marketing campaigns. We will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.
With your consent, we may disclose your personal data to our partner companies for their marketing purposes. Our partner companies may process your persona data and provide you with information about their services and/or products both with by automated means (i.e. e-mail, text messages, newsletter, instant messaging applications, etc.) or manual processing (i.e. mails, telephone). This processing may include marketing research and analysis. You are free to give us your consent to share your personal data or refuse it. Here below we list the categories of data recipients that may receive your data for marketing purposes. This list will be updated from time to time.
Recipient name or category
via Stefanardo da Vimercate 28, 20128 Milano, Italia
SECTION 3 - LEGAL BASIS FOR PROCESSING
- Taking steps at the request of the data subject prior to entering into a contract and for the performance of a contract, including provision of services.
In this circumstance, the data is necessary in the context of entering into a contract with you and for the performance of a service. We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept until you intend to use our services and will be deleted thereafter, unless we need to keep the data longer for legal reasons. If you do not accept and agree to such processing, we will not able to provide the requested services and information, including processing your orders, join our tours and events, respond to your queries and perform all those activities which are strictly related to our service’s performance.
- Legittimate interest
Through Google Analytics, We reserve the right to monitor the use of the Website by users, to record information such as mouse moves and clicks, page scrolling, browser information (type, version, screen size, etc.), basic information about the user (country, language, time zone), to improve the quality of the site and services. We may use your e-mail address obtained through the online forms and in the context of the sale of our services, to send you electronic communications concerning the direct marketing of our products or services and as long similar to those you showed an interest for. You will have the right, at any time and free of charge, to oppose this processing of your data for direct marketing purposes by sending us an e-mail at email@example.com ; firstname.lastname@example.org or by clicking the cancellation link (“unsubscribe”) found at the bottom of each e-mail received. We might also share your data with companies and firms providing assistance and consulting services in accounting, administrative, fiscal, law, tax and financial matters.
- Legal obligation and lawful request: disclosure of data.
In some circumstances, we may be required to process certain personal data for legal reasons or complying with legal obligations, regulations, laws, a government authorities orders, including for tax and accounting purposes. We may disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. SP & Big Apple may disclose your personal information if we are required by law to do so or if you violate our Terms of Service. Sp & Big Apple is subjected to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or the Department of Transportation.
SEZIONE 4 - DISCLOSURE OF DATA AND TYPE OF DATA RECIPIENTS
- Hosting and cloud providers.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. For more information on how Shopify processes your personal data please click on the following link https://www.shopify.com/legal/privacy
- Marketing and data analytics service providers.
These third-party service providers will act as data processors. Disclosure is necessary for our marketing activities.
- Suppliers and service providers which will assist Us in the organization and execution of our tours and events (i.e. hotels, transport services operators).
These third-party service providers will act as data controllers. Disclosure is necessary to provide you with our services. We take steps to protect your personal data by requiring these third parties to enter into a contract with us that provides that the recipient will provide the same level of protection as the Principles of Data Privacy Shield.
- Companies and firms providing assistance and consulting services in accounting, administrative, fiscal, law, tax and financial matters.
These third-party service providers will act as data controllers. Disclosure is necessary for us to comply with legal requirements and for our legitimate interest. We take steps to protect your personal data by requiring these third parties to enter into a contract with us that provides that the recipient will provide the same level of protection as the Principles of Data Privacy Shield.
- Partner companies.
These third-party companies will act as data controllers. Disclosure is not mandatory, and it is dependent upon your free consent. We take steps to protect your personal data by requiring these third parties to enter into a contract with us that provides that the recipient will provide the same level of protection as the Principles of Data Privacy Shield.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us such payment gateways and suppliers in order to obtain the service requested.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
There is the possibility of limiting the use and disclosure of personal data by sending an email at email@example.com. Furthermore, there is the possibility, under certain conditions, to invoke binding arbitration sending an email to firstname.lastname@example.org or to email@example.com
The organization is liable in case of onward transfers to third parties unless the transfer is for specified purposes. Third providers are also obligated to provide the same level of privacy protection that we use.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 – DATA SUBJECTS RIGHTS
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Upon request, we shall provide a copy of the personal data undergoing processing. For any further copies requested by you, we may charge a reasonable fee based on administrative costs.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if you withdraw your consent.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to complain with a Data Protection Authority about the collection and use of your personal data.
If you make a request, we have one month to respond to you. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org or email@example.com
Or write to us:
Nightlife Tours by The New York Nightlife
[Re: Privacy Compliance Officer]
2440 29 Street Queens New York US 11102
SECTION 8 - EU-U.S. PRIVACY SHIELD FRAMEWORK AND SWISS-U.S. PRIVACY SHIELD FRAMEWORK
- b) In compliance with the Privacy Shield Principles, SP & Big Apple commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SP & Big Apple at:
The New York Nightlife
firstname.lastname@example.org or email@example.com
- c) SP & Big Apple cooperates with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and complies with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
SECTION 9 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 10 - COOKIES
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
collect Google.com - facebook.com - Marketing and tracking
tr facebook.com - facebook.com- Marketing and tracking
fr facebook.com - Marketing e tracking
impression.php/# facebook.com - facebook.com- Marketing e and tracking
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.