Pursuant to EU Regulation No. 679/2016 (“GDPR”) on the protection of individuals with regard to the processing of personal data,the processing of information concerning the data subject will be based on the principles of correctness, lawfulness and transparency, so as to ensure the security and confidentiality of the data.
We invite you to carefully read the Information Notice below so that the Customer and/or User of the Site may be aware of and may consciously express their consent to the use of their Data, enabling us to provide a high level of service in full respect of the rights of the persons concerned.
This Site and any services offered through the Site are reserved for individuals who are 18 years of age or older. The Data Controller does not collect personal data relating to subjects under the age of 18. At the request of the interested parties, the Data Controller will promptly delete all personal data involuntarily collected and relating to subjects under the age of 18.
Type of personal data processed.
The Controller collects data from the following parties:
- the purchasers of the Products and services offered by the Controller.
- the recipients/beneficiaries of the Products and services offered by the Controller.
- the interested interested in the Company’s Products and services.
- users who browse and/or have registered with the www.damianigroup.com website (who have, for example, created a user account).
The following categories of personal data may be collected concerning individuals, which may vary depending on the products and services purchased, the information provided during the purchasing experience (online or at Damiani Group boutiques) and the existing relationship with the Owner:
- Contact information -first and last name, e-mail address.
- Personal information -date of birth, gender, marital status, product measurement, etc.
- Information relating to one’s purchasing preferences, consumption habits, personal tastes, etc.
- Order and purchase information -billing and shipping address, social security number, purchaser ID, telephone contact, payment information such as credit card information, and any other necessary information (in accordance with applicable laws and regulations).
- Website usage – information about how you use the Site, open or forward our communications, including information collected through cookies (see our specific Cookies Policy).
- Special data -information about your health status necessary for the proper organisation of events or initiatives of the Data Controller (e.g. allergies and food intolerances).
Purpose and legal basis of processing
The Data of Users/Customers will be lawfully processed by the Controller pursuant to Article 6 of the Regulations for the following purposes:
- site navigation, in relation to the possibility of collecting technically necessary User Data, such as e.g. IP address, while browsing the site. This User Data will be used by the Data Controller for the exclusive purpose of providing the services offered and ascertaining the identity of the User (also by validating the e-mail address), thus avoiding possible fraud or abuse.
- access and registration to the site, the Company will process contact data to allow registration to the store and the use of services reserved for registered users, including the possibility of purchasing the Products offered in the “online shop” section.
- contractual obligations and supply of products and services, in order to execute requests for the purchase of products offered in the “e-commerce” section of the Site, according to the General Terms and Conditions of Sale, which are accepted by the User when registering on the Site, as well as for the activation of insurance coverage on the Products, when foreseen according to the type of Products, and to fulfil subsequent reports and requests, including any requests for repair/servicing of the Products.
- administrative-accounting purposes in the case of purchases, e.to carry out activities of an organisational, administrative, financial and accounting nature, functional to the management of the contractual relationship.
- legal obligations, i.e. to comply with obligations laid down by law, an authority, a regulation or European legislation with which the Data Controller is required to comply. participation in events and initiatives organised or sponsored by the Data Controller.
For the above purposes, the provision of data is mandatory. Failure to provide Contact Data will make it impossible for the User to navigate on the Site, register on the Site and use the services offered by the Controller.
The relevant legal basis for processing is the performance of a contractual relationship requested by the User/Customer (pursuant to Article 6(1)(b) of the Regulations) or the fulfilment of legal obligations (pursuant to Article 6(1)(c) of the Regulations).
The possible processing of special categories of personal data, i.e. information on the state of health necessary for the proper organisation of events or initiatives of the Data Controller (e.g. allergies and food intolerances), may take place subject to the specific consent of the Data Subject, in the manner and for the purposes prescribed by the applicable legislation.
- Marketing (sending of newsletters, advertising material and commercial communications, “customer satisfaction” activities, market research and statistics), with the voluntary and facultative consent of the User/Customer, the Contact Data and any Other Personal Data provided may also be processed by the Controller for marketing and newsletter purposes (sending of advertising material, direct sales, commercial communications, sending newsletters containing information in relation to news relevant to the sector relating to the Site’s activities), or so that the Data Controller may contact the User by post, e-mail, telephone (landline or mobile, with automated calling systems or through the intervention of an operator), SMS/MMS to present the User with the Data Controller’s products and services, communicate invitations, promotions and commercial opportunities.
- Profiling, with the voluntary and facultativeconsent of the User/Customer, Personal Data, (i.e. Contact Data, Personal Information, Information relating to their purchasing preferences, consumption habits, personal tastes, Data relating to orders and purchases) may be processed by the Controller in order to:
- to carry out analyses and assessments of interests, preferences and purchasing habits (profiling) based on purchases made at the online site or at boutiques belonging to the Damiani Group;
- to offer personalised sales services consistent with the personal profile identified.
- Communication of data to the Controller’s Partners for Marketing purposes, with the User/Customer’s voluntary and facultative consent, the User/Customer’s contact data may be communicated by the Controller to companies belonging to the same Group as the Controller (details of the aforesaid companies can be viewed by clicking on the following link http://investorrelations.damiani.com/ITA/page/il_gruppo/organigramma_societario.php), as well as to goods and services companies belonging to the finance and “luxury” sector (by way of example, in the fashion, travel, car/boat sector) with which the Controller may establish co-marketing relations (collectively, the “Controller’s Partners“). The Controller’s Partners, as autonomous data controllers, will process the User’s personal data for their own marketing purposes and may contact the User by traditional means (post, telephone call with operator) or automated means (e-mail, SMS/MMS).
The provision of Personal Data for the purposes of marketing, profiling, and communication of data to Partners for marketing purposes is optional and, in case of lack of consent, the possibility to register on the Site, make purchases and subscribe to the services offered will not be affected in any way.
The relevant legal basis for the processing is the possible specific consent, freely expressed by the User/Customer, for the execution of each of the aforesaid marketing, profiling, and communication of the data to the Partners for marketing purposes (pursuant to Article 6(1)(a) of the Regulation).
In the event that consent is not given, the Data Controller will limit itself to carrying out statistical analysis activities on an anonymous basis regarding information related to product sales and the provision of services.
In the event of consent, the User may revoke it at any time by making a request to the Data Controller in the manner indicated in the paragraph “Rights of the interested parties”.
The User/Customer may also easily object to further sending of promotional communications and email newsletters by clicking on the appropriate link for revoking consent, which is present in each promotional email and newsletter. Once consent has been withdrawn, the Controller will send the User an email message confirming that consent has been withdrawn.
Data processing methods
The Data Controller shall process the Personal Data of Users/Customers by means of manual and computerized tools, with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of such data. The data spontaneously provided are collected with electronic instruments directly by the Data Controller or through subjects appointed as “Authorised Data Processors” or through third parties expressly appointed as Data Processors, also through computerised Customer Relationship Management (CRM) systems. CRM is used by the Controller both to improve the management of customer data from an administrative and IT point of view and to offer qualitatively higher quality services and, if you give your consent, for both direct and profiled marketing purposes.
The Personal Data of the Users/Customers will be kept for the time strictly necessary to fulfil the purposes for which they have been collected, and until the consent is revoked by the User, and in any case such retention period will be in compliance with the Applicable Regulations.
In particular, Contact and Registration Data and Data relating to orders and purchases will be kept for the period of time necessary to fulfil contractual obligations arising with the User/Customer, to comply with tax and insurance obligations (where applicable) and to protect the interests of both the Users/Customers and the Data Controller in civil proceedings.
The Personal Data of persons interested or potentially interested in the Company’s Products and services who have given their consent for marketing purposes will be kept for a period of time that is congruous and proportional to the purpose in accordance with the Applicable Regulations as well as with the provisions of the Italian Data Protection Authority in force, and in any case for a period not exceeding 2 years. The Data Controller recalls the data subject’s right to withdraw consent at any time.
Customers’ Personal Data acquired for marketing and profiling purposes shall be kept for an appropriate and proportional period of time in relation to the purpose in accordance with Applicable Law and with the provisions of the Italian Data Protection Authority in force, and in any case for no longer than 7 years. The Data Controller recalls the data subject’s right to revoke consent at any time.
Scope of communication and dissemination of data
The User/Customer’s Personal Data may be disclosed to the Controller’s employees and/or collaborators. These subjects, who are formally appointed by the Data Controller as “authorised processors”, will process the data of the User/Customer exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Regulations.
The Personal Data of Users/Customers may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “Processors”, such as: suppliers of IT and logistic services functional to the operation of the Site, suppliers of outsourcing or cloud computing services, professionals and consultants, insurance and brokerage companies, business and operating partners. Users have the right to obtain an updated list of the Data Processors appointed by the Data Controller, by making a request to the Data Controller at the addresses indicated below.
Finally, they may be transmitted, in accordance with the law, to the police and to judicial and administrative authorities, for the detection and prosecution of crimes, the prevention and protection against threats to public safety, to enable the Controller to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
Transfer of Data
In the event that the Data Controller should communicate Personal Data to third party Managers or Companies, on behalf of the Data Controller and by virtue of specific contractual obligations, in countries outside the EU, the transfer shall be limited to the Data strictly necessary, bound to the purposes for which the same have been collected and adopting in any case every suitable measure to guarantee an adequate level of Data protection, in the utmost compliance with the Applicable Regulations.
Contact details of the Data Protection Officer (“DPO”)
The Data Protection Officer appointed by the Data Controller may be contacted at the following addresses: Piazza D.G. Damiani no. 1 – 15048 Valenza (AL), Italy, e-mail [email protected].
Rights of the Data Subject
The data subject’s right to request the exercise of the rights provided for in Article 15 of the EU Regulation 2016/679, as well as the rights provided for in Articles 16, 17, 18, 20 and 21 of the same Regulation regarding rectification, erasure, restriction and objection to processing, in the manner established by Article 12 of the Regulation, remains unaffected. In particular, by contacting the Company at the address below, the interested party may request
- to obtain confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to his or her personal data pursuant to Article 15 of the Regulation and to obtain, without undue delay, communication in intelligible form of such data and of their origin, as well as of the recipients or categories of recipients to whom the personal data are or will be communicated
- to obtain, without undue delay, the rectification or integration of personal data concerning him/her pursuant to Article 16 of the Regulation
- to obtain the immediate deletion of his/her personal data if his/her consent is withdrawn, if they are no longer necessary for the purposes for which they were collected or otherwise processed or if the legal basis for the processing has ceased to exist, if they have been processed unlawfully or if such an obligation is imposed by law or by the judicial authorities, pursuant to Article 17 of the Regulation
- to obtain the restriction of the processing of data concerning him/her if the data subject contests the accuracy of the data or objects to their processing or if the latter proves to be unlawful or, although Damiani no longer needs the data for processing purposes, the personal data are in any case necessary for the establishment, exercise or defence of a legal claim, pursuant to Article 18 of the Regulation
- to benefit from the right to data portability, understood as the right to obtain from Damiani in a structured, commonly used and machine-readable format the personal data concerning him/her, as well as to transmit such data to another data controller without hindrance, pursuant to Article 20 of the Regulation
- to object, in accordance with Article 21 of the Regulation, in whole or in part and for legitimate reasons, to the processing of personal data concerning him/her, unless there are legitimate reasons for Damiani to continue the processing
The interested party may at any time, easily and free of charge, exercise his rights vis-à-vis the Data Controller by sending a communication to Damiani S.p.A. – P.za D.G. Damiani n.1, 15048 VALENZA (AL), Italy, e-mail [email protected]
It should be noted that any rectification or cancellation or limitation of processing carried out at your request, unless this proves impossible or involves a disproportionate effort, will also be communicated by the Company to each of the recipients to whom the data were transmitted. The Company may inform the data subject of these recipients if the data subject so requests.
Should the Company fail to provide the data subject with a response within the timeframe provided for by the regulations or should the response appear to be inadequate, or should the data subject consider that the processing that concerns him/her violates the Regulations or the Code, he/she may lodge an appeal or complaint with the Garante per la protezionedeidatiPersonali (Garante per la protezionedeidatiPersonali, Piazza di Monte Citorio n. 121 – 00186 Roma – Italia; E-mail: [email protected]).
The Data Controller is not responsible for updating all the links displayed in this Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.