YOU ARE CURRENTLY BROWSING FROM United States BUT THIS IS Spain STORE.
This notice describes, pursuant to and for the purposes of Article 13 of EU Regulation 679/2016 (General Data Protection Regulation, hereinafter "GDPR"), the manner in which the Data Controller processes the personal data collected or provided by the User both when browsing patriziapepe.com (hereinafter the "Website"), regardless of whether goods are purchased, and during visits to our direct sales outlets.
This document supplements any information on the processing of personal data provided to our Users during different situations when interactions take place.
Data Controller
The Data Controller is Tessilform S.p.A., with registered office in Via Gobetti 7/9, Campi Bisenzio (FI) - 50013 - Italy. e-mail: privacy@patriziapepe.it
Data Protection Officer (DPO)
The designated DPO can be contacted by e-mail at dpo@patriziapepe.it.
Processing performed and purposes
WEBSITE NAVIGATION
Data processed. When browsing the Website, certain data may be acquired by means of cookies or other tracking technologies. This category of data may include the IP addresses or domain names of the devices used, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given to the server (successful, error, etc.) and other parameters concerning the User's operating system and computer environment.
For more details on the type of cookies or other tracking tools used, the purposes and the data retention time, please refer to the Cookie Policy.
WEBSITE REGISTRATION
Data processed. In the "Create Account" section, the User gives their name, surname, e-mail address, date of birth and gender. Not all fields are mandatory.
Purposes. Personal data is required to fulfil the registration request, which allows you to speed up the purchasing process, view the status of your orders, update your data, view your returns history and save your favourite items in your Wishlist permanently.
Processing is necessary to implement contractual measures adopted following the User's request (Art. 6(b) GDPR). Subject to express consent, we will also use the data for marketing and profiling purposes (see § below).
Data retention time. Data collected is retained until an express request for deletion is received from the User, but in any case no longer than five years after the last interaction with us, after which we will consider the customer "inactive". In such case, data will be permanently deleted or anonymised.
CUSTOMER CARD REGISTRATION
Data processed. Users can also register as our customer by filling in the Customer Card available at the sales outlets. We will ask you to provide identification and contact details and, optionally, further personal information to help us get to know you better. Please complete the customer form in full, ticking Yes or No to the required consents and including the date and your signature at the bottom. If the form is completed incorrectly or left incomplete, this may invalidate registration. We will keep track of the point of registration and, each time the User identifies themself as a registered customer, we will store their purchases and the sales outlets they use.
Purposes. Personal data is required in order to process your request for registration as our customer. Processing is necessary to implement contractual measures adopted following the User's request (Art. 6(b) GDPR). Subject to express consent, we will also use the data for marketing and profiling purposes (see below).
Retention time. Data collected is retained until an express request for deletion is received, but in any case no longer than five years after the last interaction with us, after which we will consider the customer "inactive". In such case, data will be permanently deleted or anonymised.
ORDER MANAGEMENT AND PURCHASING
Data processed.
Purposes. Fulfilling orders, carrying out shipments, registering payments, guaranteeing returns and refunds. The legal basis is the execution of contractual and pre-contractual measures taken at the request of the customer (Art. 6(b), GDPR) and the fulfilment of legal obligations of a fiscal, accounting, administrative nature (Art. 6(c), GDPR).
Data retention time. The data collected is retained by virtue of obligations relating to fiscal, administrative and accounting obligations for 10 years (as per Art. 2220, Civil Code).
CUSTOMER SERVICE
Data processed. Identification data, contact details and any other information that the User shares with us in their request may be acquired through the various customer support channels, or via e-mail, telephone, WhatsApp, social media networks or other messaging tools.
Purposes. In order to provide information on shipments, returns, payment methods, order status, etc., the legal basis is the execution of contractual and pre-contractual measures taken at the customer's request (Art. 6(b) GDPR).
Data retention time. The data will be processed for the time necessary to process the request and for the following 12 months.
SENDING PROMOTIONAL COMMUNICATIONS – MARKETING
Data processed. Following your subscription to our Newsletter, we will only process your e-mail address in the absence of further information. In the event of registration on the Website and/or the Customer Card being filled in, we will use the personal data that the User has provided during registration, as well as their purchase history and the shop they use.
Purposes. Sending news about goods, services, promotions and events promoted by the Company via e-mail, text message, telephone, WhatsApp, social media channels or other digital communication tools. We may also send you communications relating to the goods placed in your shopping bag on the Website. The legal basis is the express consent (Art. 6(a), GDPR) given by subscribing to our Newsletter or expressing a preference during registration.
Data retention time. Purchase data, used for marketing purposes, will be stored for 36 months. Consent to receive promotional communications shall be deemed valid until a revocation request is received. If you no longer wish to receive communications from us, you may click on the appropriate link at the bottom of any of our e-mails or write to our contacts (see "Rights of the data subject").
RETARGETING AND REMARKETING
The Website uses retargeting and remarketing technologies whereby, using cookies or other similar tracking methods, including third-party methods, Users who consent via cookie banners can display our advertising content on their social media networks or third-party websites. For further information, please consult our Cookie Policy.
PROFILING
Data processed. Both when you browse this Website and when you visit our direct sales outlets, we may collect information about your purchasing preferences and habits from your purchase history (e.g. type, quantity and price of products purchased, preferred categories, colours, sizes, style, materials) and/or from other information that you choose to share with us (e.g. profession, education, hobbies and lifestyle).
Purposes. For profiling purposes, to use e-mail, text message, telephone, WhatsApp, social channels or other digital communication tools to send personalised communications in line with interests, purchasing habits and proven preferences. The legal basis is express consent (Art. 6(a) GDPR).
Data retention time. Any data processed for this purpose will be retained for 36 months. Consent shall be deemed valid until a revocation request is received. If you no longer wish to receive our profiled communications, you may write to our contacts (see "Rights of the data subject").
SENDING COMMUNICATIONS CONCERNING ACTIVATED SERVICES AND SOFT SPAM
Data processed. Identification and contact data issued when registering for one of our services or for the purposes of participation in one of our initiatives.
Purposes. The aforementioned data may be used to send service communications (e.g. regarding the shop used), information regarding services requested or initiatives in which the User has participated, as well as e-mail communications regarding goods or services similar to those already purchased or used, namely so-called soft spam. The legal basis for the processing is the legitimate interest of the Data Controller (Art. 6(f) GDPR) or, in the case of soft spam, Art. 130(4) of the Privacy Code (Legislative Decree 196/2003, as subsequently amended and supplemented).
Data retention time. The data will be stored for the duration of the service or initiative or until the User requests to object to the processing (see "Rights of the data subject").
WORK WITH US – CAREERS
Data processed. By submitting an application for a job position through the job application form, personal data, contact details and any personal information, even of a special nature, contained in the uploaded CV or cover letter are collected.
Purposes. The legal basis is the execution of pre-contractual measures taken at the request of the data subject (Art. 6(b) GDPR). The processing of any "special" data is lawful based on the Data Protection Watchdog (Garante) Order of 5 June 2019, which supplements and amends General Authorisation No. 1/2016.
Data retention time. Data is retained for a maximum period of 24 months.
The full privacy policy can be found on the dedicated page.
WHISTLEBLOWING
For all information on the management of this process, please refer to the relevant section on the Website.
Provision of personal data
The compulsory or optional nature of disclosure of information is specified in each case – with reference to the individual information requested – by placing an appropriate symbol (*) next to the compulsory information. Any refusal to communicate the data marked as mandatory will make it impossible for the Controller to perform the contract or provide the available services. The provision of further data is, however, optional.
Processing procedures
The processing of personal data is carried out by the Data Controller using both paper and electronic methods, with the help of specially authorised internal staff trained in personal data protection. Appropriate security measures are taken in order to minimise the risks of destruction or loss of data (including if accidental), unauthorised access or processing that is not permitted or not in accordance with the collection purposes.
Disclosure of personal data
The User's personal data will not be disclosed to unspecified parties, however, it may be shared with:
As part of our marketing campaigns, we may make use of the functionalities made available by some digital platforms (e.g. Facebook -Meta, Google) which will simply process the data on our behalf and guarantee its confidentiality, including by means of special encryption systems (hashing).
With regard to payments made on our e-commerce, transaction data may be processed – as data controller – by online payment providers available during checkout (e.g. PayPal, ScalaPay, Amazon Pay etc.) or by payment intermediaries.
The complete and up-to-date list of data processors or persons involved in various capacities is available upon request.
Please note that data may also be made available to persons who are entitled to access it by virtue of provisions laid down by law, within the limits and for the purposes provided for by such provisions, as well as to banks, credit institutions, debt collection companies and insurance agencies.
Transfer of personal data
Any transfer of personal data to non-EU countries that may be necessary in order to fulfil the contract in place with the User or to guarantee the services offered (e.g. suppliers based in non-EU countries) shall be carried out in accordance with GDPR Articles 44, as subsequently amended and supplemented, while providing appropriate instruments to ensure adequate data protection guarantees.
Links to other websites or social media networks
This policy is provided only for the patriziapepe.com Website and not for other websites and social media platforms that can be reached by the User through links and social media buttons, the particular buttons depicting the icons of the main social media networks. Please note that the social media network acquires data relating to the User's visit; in order to prevent the data processed on this Website from being linked to your social media profile, you must log out of it. Users are aware that, depending on their social media account settings, the personal data contained in their profile may be visible to us in the event of ordinary interactions with our social media pages. For more information on data processing by these third parties, please refer to their respective privacy policies.
Rights of the data subject
Pursuant to GDPR Articles 15, as subsequently amended and supplemented, the User may exercise the following rights at any time:
Rights may be exercised by sending a request to the e-mail address privacy@patriziapepe.it or to the address of the Controller's registered office.
If the Data Subject discovers an alleged breach of data protection law, they may contact the Data Protection Officer (DPO) by writing to dpo@patriziapepe.it
Please note that the data subject may also lodge a complaint with the Data Protection Authority or take legal action.
Updates and modifications
In the future, the Data Controller may amend or simply update, in whole or in part, the Privacy Policy of the Website, also in view of any changes to laws or regulations governing this matter and protecting the data subject's rights. Changes and updates to the Privacy Policy shall be binding as soon as they are published online. We therefore invite you to regularly access this section to check the publication of the most recent and updated Privacy Policy.
Cookie Policy
This Website makes use of cookies and other tracking tools. We recommend that you read our Cookie Policy carefully to know all the details related to the types of tools used, and the purposes and methods of processing.
Last updated on 19/03/2024