PRIVACY POLICY

PREORDER/AVAILABLE
 

• Collectible Cards
  • Dragon Ball TCG
  • One Piece TCG
  • Pokemon TCG
  • Yu-Gi-Oh TCG
  • Gundam TCG
  • Digimon TCG
  • Force of Will TCG
  • Ultraman TCG
  • Magic TCG
  • Metazoo TCG
• Funko Pop
  • Pokemon
  • One Piece 
  • Dragon Ball
  • Naruto
  • Demon Slayer
  • Comic Cover
• Action Figure
  • dragon Ball 
  • Naruto 
  • Street Fighter
  • One Piece 
• Accessories 
• INFO
  • Who I Am
  • Contacts
  • Pre-order Rule

INFORMATION

LEGAL NOTICE

CONTACTS

©2023-2025 ONYGAMESTORE di BIOSA ONOFRIO 
VIA VALLARSA 2c
19123 LA SPEZIA - ITALIA
VAT: 01560090118

WHO WE ARE

• Privacy Policy
• Terms and Conditions
• Contacts
• Cookie Policy
• Shipping

Privacy Policy
 

FOLLOW US ON

Privacy Policy

Information on the processing of personal data pursuant to Article 13 of EU Regulation 679/2016 (GDPR)

Data Controller

Pursuant to Regulation (EU) 2016/679 GDPR (hereinafter "Regulation"), this page describes the methods of processing personal data of users who consult this website. This information does not concern other sites, pages, or online services accessible via hyperlinks that may be published on the site.

Following the consultation of the site, data relating to identified or identifiable natural persons may be processed. The data controller is ONYGAMESTORE di Biosa Onofrio, VAT number 01560090118 based in Via Vallarsa, 2 – 19123 La Spezia (SP), Tel. 3207112159,e-mail: onygamestore@gmail.com

The regulatory provisions mentioned in the title govern the confidentiality of personal data and impose a series of obligations on those who process information related to other subjects. Among the requirements to be met is the obligation to adequately inform the individual to whom the data refers (Data Subject) about the use made of the related data so that consent to their processing is freely given and unequivocal.

Where required by law, user consent will be requested before proceeding with the processing of their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to the Data Controller and the subsequent processing for the purposes specified in the privacy policy is in compliance with the applicable regulations on personal data processing, for example, the user can provide personal data of third parties only after duly informing them and obtaining their consent to the processing.

Personal data that is collected automatically. Browsing data and Cookies

The cookies used on the Site are solely intended to contribute to the functioning of the Site by performing computer authentications or session monitoring and storing technical information to improve navigation within the Site, for example, to allow navigation between pages and access to the reserved area of the Site.

The Data Controller informs that only technical cookies necessary for browsing within the Site are operational on the Site.

Personal data provided by the user

• Personal information: for example, first name, last name, State/Region, street and house number, postal code, city/province;
• contact information: for example, email address, phone numbers;
• financial information: for example, credit card information or more generally banking information for purchases;
• order information: details related to purchases;
• additional order information optionally entered by the user in the "Order Notes" field

Nature of data provision

The provision of certain personal data by the user is mandatory to allow the Data Controller to manage communications, requests received from the user, or to recontact the user to follow up on their request. This type of data is marked with an asterisk symbol [*] and in this case, the provision is mandatory to allow the Data Controller to process the request, which otherwise cannot be fulfilled. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide it will not have any consequences for the user.

Methods of withdrawing consent 

If the User has given consent to the Processing of their Personal Data for one or more purposes for which it was requested, they may at any time revoke it totally and/or partially without affecting the lawfulness of the Processing based on the consent given before the revocation. The User may contact the Data Controller at any time using the contact channels provided in the paragraph below” THE RIGHTS EXERCISABLE BY THE USER ”.

Purposes and legal bases of processing

·         Process/forward orders and contact the User for any issues related to such orders. The processing is necessary for the execution of pre-contractual measures adopted at the request of the data subject and for the execution of a contract with the data subject. Type of data processed: Personal information, Contact information, Order information.

·         Fulfill tax and accounting obligations. Compliance with legal obligations. Type of data processed: Personal information, contact information, order information, financial information

·         Ship the purchased products to the place indicated by the interested party. The processing is necessary for the execution of a contract with the interested party. Type of data processed: Personal information, Contact and order information.

·         Respond to requests regarding products and quotes submitted through the "Contacts" section. In this case, the legal basis can be identified in the legitimate interest, responding to the requests of the interested party. Type of data processed: Personal information, Contact information, communications, order information, financial information.

·         Manage Your Reserved Area The processing is necessary for the execution of a contract with the data subject. Type of data processed: Personal information, authentication credentials, contact and order information.

Scope of communication of personal data

The personal data collected following the receipt of messages and contacts through the form and for the management of the online shop are processed by the internal staff authorized by the Data Controller, who acts based on specific instructions provided regarding the purposes and methods of the processing itself.

External parties may become aware of the data for purposes related to tax, accounting, contractual obligations, IT support, maintenance of this Site, third-party technical service providers, hosting providers, IT companies, delivery couriers).

Payment data is processed directly by payment service providers through specific gateways.

Regarding data related to online payment transactions (PayPal), ONYGAMESTORE by Biosa Onofrio will only process data received from the digital payment company, which consists of feedback information on the payment status (successful/rejected). All additional account-related information (e.g., PayPal) is stored by the company managing the respective service. Further information on the processing of personal data by the payment service provider is available in the privacy policy of PayPal.

The subjects belonging to the categories mentioned above operate, in some cases, in total autonomy as distinct Data Controllers, in other cases, as Data Processors specifically appointed by the Controller pursuant to Article 28 GDPR

The Data Controller may also disclose the user's personal data for purposes other than those mentioned above, such as:

• if provided for or permitted by applicable law, to meet legal requirements; to present, exercise, or defend in legal proceedings,
• at the request of competent authorities in the context of investigations.

Data Processing Methods

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data, taking into account the nature of the data and the risks associated with their processing.

Personal data is stored and processed through computer systems owned by the Data Controller and managed either by the Data Controller itself or by third-party technical service providers, with organizational methods and logic strictly related to the purposes indicated.

Personal data retention period

The Data Controller retains the personal data acquired for a period of time not exceeding the achievement of the purposes for which they are collected or subsequently processed, unless the consent is withdrawn by the data subject where provided, as well as for the period required by law for administrative purposes, management of any complaints/disputes or for criminal purposes.

Transfer of data to non-EU countries

 The Data Controller does not transfer personal data to third countries or international organizations. 

THE RIGHTS EXERCISABLE BY THE USER

Users can exercise certain rights regarding the Data processed by the Data Controller.

In particular, the User has the right to:

• revoke consent at any time. The User can revoke consent to the processing of their Personal Data previously given.
• object to the processing of their Data. The User can object to the processing of their Data when it is carried out on a legal basis other than consent. Further details on the right to object are indicated in the section below.
• access their Data. The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
• verify and request rectification. The User can verify the accuracy of their Data and request its update or correction.
• obtain the restriction of processing. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Controller will not process the Data for any purpose other than their storage.
• obtain the deletion or removal of their Personal Data. When certain conditions are met, the User can request the deletion of their Data by the Controller.
• receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller. This provision is applicable when the Data is processed by automated means and the processing is based on the User's consent, on a contract to which the User is a party, or on contractual measures related thereto.
• lodge a complaint. The User can lodge a complaint with the competent data protection supervisory authority or take legal action.

How to exercise rights

The exercise of these rights, which can be done through the contacts indicated in the Paragraph Data Controller, is free of charge and is not subject to formal constraints. In the event that you exercise any of the aforementioned rights, it will be the responsibility of the Data Controller to verify that you are entitled to exercise it and to respond to you, as a rule, within one month.

If you believe that the processing of Personal Data concerning you is in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Data Protection Authority, using the references available on the website www.garanteprivacy.it, or to take legal action in the appropriate judicial offices.

Subscribe to the Newsletter

FAST DELIVERY 24/48