REASONS FOR THE PRIVACY STATEMENT
This privacy statement contains important information about the personal data provided and describes how such data is used. Where applicable, it also explains the processing methods of the data provided by the data subject or collected during the purchase of services and/or products directly from the Company or from related companies, or during other contacts with the Company. This information is complementary to any other statements received in such other circumstances.
This document contains important information on the following points:
- PERSONAL DATA PROCESSING
- PERSONAL DATA COLLECTED
- PURPOSES OF PERSONAL DATA PROCESSING
- DISCLOSURE OF PERSONAL DATA
- PROTECTION OF THE PRIVACY OF MINORS
- ARCHIVING, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA
- SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
- RIGHTS OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
- STORAGE OF DATA
- POLICY ON COOKIES AND SIMILAR PROCESSES
- LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
- DATA CONTROLLER – COMPANY CONTACTS
- UPDATES OF THIS STATEMENT -COMMUNICATIONS
By communicating personal data and agreeing to the management of the same by the Company, the data subject confirms that he/she has read and understood this Privacy Statement and accepts that the Company collects, uses, archives, transmits and discloses the personal data collected with the consent granted. Except in the case in which he/she is already registered, the Company will ask the data subject to provide his/her consent (for example, by ticking a box), where it deems it appropriate to safeguard its rights or where required by current legislation.
1. PROCESSING OF PERSONAL DATA
2. PERSONAL DATA COLLECTED:
Source of the data
The Company only collects personal data from the data subject if the data subject voluntarily provides such information, for example:
in the case of websites that distribute and/or provide Company services: by making a request through the website or as a “guest”; by opening an account or modifying it; by searching the website; by contacting the Company to send a comment or a request; by subscribing to e-mail newsletters and updates regarding the latest products and services, events or promotions; or by asking to receive confirmation of a request;
in the case of purchasing services and/ or products directly from the Company: by conversing informally during phone calls with our customer department, interacting with the same or purchasing services;
in the case of the Company’s customer service: by requesting assistance, special services or post-purchase assistance;
in the case of e-mails, text messages and other electronic messages: by exchanging communications between the Company and the data subject.
If the data subject provides the Company with the personal data of third parties (for example, family members, other customers or potential customers), the same should ensure that such third parties are informed and have authorized the use of their data as described in this Privacy Statement.
Types of Data
The Company may collect and use different types of personal data according to the specific purposes pursued and described below:
- personal information, such as name, surname, gender, age / date of birth, country of origin and other personal data that current legislation permits the collection of;
- contact information, such as address, email address, telephone number, mobile phone number, fax number and other contact information that current legislation permits the collection of;
- payment information, such as payment instrument (credit or debit card), if applicable, and passport number, if required for tax reasons or in relation to anti-money laundering legislation;
- information relative to sales, such as data, products or services provided, amount, total sale, VAT number, claims, refunds or other sales information that current legislation permits the collection of;
- habits and profiles, such as purchase data (purchase history), information on activities and initiatives related to the management of customer relations (date and categories of such actions implemented or to be implemented and the results thereof), habits and purchase preferences (wish-list, preferred categories of services), other information (information on jobs, education, hobbies and lifestyle) that current legislation permits the collection of;
- family information, such as marital status, date of anniversary, number of children, information about children, and other family information that current legislation permits the collection of.
3. PURPOSES OF PERSONAL DATA PROCESSING
Depending on the specific circumstances in which the interaction between the data subject and the Company took place, personal data could be used for the following purposes.
The personal data provided by the data subject or collected at the moment of purchasing products and / or services, whether or not made as a registered data subject, i.e. basic personal data, contact information, data concerning the individual order, tax data, details of the payment, sales information and any other data strictly necessary for the sale of the products, will be used to:
- manage, administer and process merchandise purchases, sales and after-sales services, such as administrative activities, accounting, guarantees, refunds, where applicable, fraud prevention and communication with the data subject, also by email, for any problem related to management of the purchase or subsequent requests related to the sale;
- comply with obligations imposed by EU laws, regulations or legislation (including anti-money laundering legislation) and to make a legal claim or construct a defence against such.
The provision of personal data for the aforementioned purposes is mandatory and refusal would make it impossible to complete the purchase. Except where otherwise required to comply with local regulations in force, the processing of data for these purposes, as needed to fulfil contractual and legal obligations, may be made without requesting the consent of the data subject.
For the specific purposes for which the data were voluntarily provided
Personal data provided by the data subject or collected when a specific service is requested by the same (for example, by registering the account on the website, handling complaints or requesting information), namely personal information, contact information and data strictly necessary to follow up the request, will be used to:
- provide the requested services (for example, carry out the account registration processes, manage authentication on the website and the data subject’s accounts, assist the same and manage any complaints and wish-lists and answer a question or contact request, if necessary submitted by the data subject);
- manage subscriptions to the newsletter where the data subject is not registered.
Personal data must be provided for the aforementioned purposes and refusal would make it impossible to complete the request. Except where otherwise required to comply with local regulations in force, the processing of data for these purposes may be conducted without requesting the consent of the data subject inasmuch as necessary to carry out the request.
For the purposes of managing relationships with customers if the data subject registers on the website
The personal data provided by the data subject by filling in the Company’s forms or collected at the time of ordering the goods or interacting with the Company, namely personal and contact information and data concerning the person’s habits and profile and details of his/her family, will be entered in the centralized system to:
- offer promotions, discounts and other personalized services and send newsletters, other marketing and commercial communications on the Company’s products and services (organized by the Company), surveys and research, market analysis, or other initiatives for the data subjects or customers registered on other sites of society (“marketing“). The Company may use conventional contact means (ordinary mail and telephone) and / or digital and automated (e-mail, SMS, MMS, telephone and other digital channels, for example social media) and may send the person concerned such communications on the basis of his/her profile, if such person has granted his/her consent to profiling;
- to analyse the user’s contacts with the Company, interests, preferences and purchasing habits, and create individual or aggregated profiles based on them, to see how to provide a better service, also to offer a better sales experience with other companies connected to the same company (“profiling“). The Company may also use personal data to create groups and perform statistical and market analyses aimed at identifying services of interest to customers of its brands and at improving its services (including the website). The data collected on the website will be combined with any information obtained by the Company through interactions with staff present at the various stores of the Company. The processing of personal data for profiling is carried out in compliance with the guarantees and parameters established by current legislation.
The entering of data in the centralized system is optional and free of charge (being based on the consent that the data subject may choose to grant) and will only take place where personal data are provided for both marketing and profiling purposes or only for one of the two. The data subject may cancel his/her registration or withdraw consent at any time (see point 8 below). In any case, refusal to provide personal data for one or both of these purposes does not prevent the data subject from using the Company’s services or making purchases, but the Company will not be able to inform him/her of the marketing initiatives and events described above and will not be able to offer him/her a more personalized shopping experience through knowledge of his/her interests.
4. DISCLOSURE OF PERSONAL DATA
The Company shares the personal data of the data subject with its subsidiary companies, its distributors and affiliates, including those located in other countries, and with other companies providing services on its behalf (as detailed below), under its direction or that of third parties. These companies and organizations will only receive the personal data needed to perform the services and will not be authorized to use them for any other purpose.
Communication of personal data to data processors
The personal data of the data subject may be shared with third parties to monitor and analyse the activity of a possible future website, host contents of any future website, to provide technical and organizational services functional to the aforementioned purposes, maintain the customer database, provide marketing assistance and manage emails, market analysis, surveys, awards, initiatives or promotions. Such third parties may have access to the personal data of the data subject or store them or process them in order to provide such services on behalf of the Company in Italy or in the country in which the data subject is located or abroad. The Company’s service providers are not authorized to use personal data for purposes other than providing the contracted services.
Dissemination of personal data
The Company may also disclose the personal data of the data subject to third parties (i) where this is provided for by EU or Member State legislation; (ii) in the case of legal proceedings; (iii) in response to a request from law enforcement agencies based on legitimate grounds; or (iv) to protect the rights, privacy, security or property of the Company or the public.
In addition, to the extent permitted by law, the Company may disclose personal data to third parties in case of complaints related to the use of the website, where deemed necessary to investigate, prevent or take measures regarding illegal activities, suspected fraud or in the event that the Company, at its sole discretion, considers that the use of the website by the data subject is incompatible with the terms of the website itself.
5. PROTECTION OF THE PRIVACY OF MINORS
6. ARCHIVING, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA
The personal data is collected by the Company using hard copy and electronic means. Personal data are entered in the centralized database and made secure by the Company located in Italy and managed by the Data Processors and by the marketing team in Italy.
Access to personal data will be allowed only to authorized personnel of the Company, depending on the actual need to know such information and using access control instruments at various levels. Such staff are committed to comply with the obligations of confidentiality and have been specifically designated as data processors, as required by current legislation.
In particular, where the data subject has given consent to the processing of personal data, such data may be read, modified and updated by Company personnel. The staff present have received special training and are obliged to comply with the confidentiality obligations. The Company may avail of them to collect, use and disclose data as instructed.
If the Company needs to transfer personal data abroad in order to pursue the purposes set out in this Privacy Statement, even where personal data legislation differs from that applicable in the country where the user is located, the same will adopt measures to ensure that such communication takes place in compliance with European data protection standards or other local standards used in the country where the data are collected, so that the data of the data subject remain secure and confidential.
7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company has implemented appropriate measures to protect the data subject’s personal data from accidental loss and from unauthorized access, use, modification and disclosure. The Company recommends that data subjects should (i) periodically update their software to protect the transmission of data on networks (for example, anti-virus software) and check that the provider of electronic communication services has adopted appropriate means for the security of data transmission, data on networks (for example, firewalls and anti-spam filters); (ii) keep confidential and not communicate to anyone the user name and password to access the account; and (iii) change the password periodically.
In the unlikely event that the Company believes that the security of the personal data of the data subject in its possession or under its control has been or may have been compromised, the same will inform the data subject of the incident as per the procedures established by current legislation, using the methods envisaged therein (by providing the Company with his/her email address, the data subject agrees to receive such communications in electronic format through such email address).
8. RIGHTS OF ACCESS TO PERSONAL DATA – MANAGEMENT OF CHOICES
At any time and free of charge, the data subject may access his/her data, receive his/her personal electronic data in a structured and commonly used mechanically readable format and transmit them to another data controller (data portability), and have them rectified, updated, modified or erased (subject to any applicable exceptions). The data subject may update the data provided to the Company by contacting the same at the address provided below. Requests to erase data are conditional to any applicable legal and ethical reporting or document retention obligations imposed on the Company.
Wherever the data subject considers that there is a problem with the way the personal data is managed, he/she has the right to lodge a complaint with the personal data protection authority of the country in question or of any other country in the EU or the European Economic Area.
To exercise these rights, the data subject may send a request, contacting the Company by sending an email to email@example.com or a letter by ordinary mail to the address of the Company’s registered office. When contacting the Company, the data subject must make sure to include his/her name, email address, postal address and / or telephone number (s) to be sure that the same can correctly handle their request.
Accuracy – Updating of personal data
In order to allow the Company to better serve the data subject, the latter is invited to check and update his/her personal data on a regular basis. The data subject may contact the Company for assistance in updating personal data.
Management of choices related to direct marketing and profiling
Wherever the data subject does not wish to give his/her consent to the use of personal data, marketing and / or profiling, or wishes to manage his/her preferences as regards advertising, he/she may send a mere request to the Company indicated below or manage their choices relative to the account accordingly. The same procedure applies wherever the data subject should wish to withdraw his/her consent to profiling.
9. DATA STORAGE
Personal data will be kept for the duration of the commercial relationship and for all the time necessary to pursue the purposes described in this Privacy Statement (for example, if the data subject signs up for a newsletter, for the duration of such registration, or where he /she has a user account, until it is closed). After such period, the personal data of the data subject will be kept only to comply with legal and regulatory obligations (for example, for 10 years, for accounting purposes, for the duration of the mandatory storage obligation, in the case of tax purposes, etc.) or to allow the Company to retain evidence of their respective rights and obligations.
Personal data of the data subject which is processed will be kept until the account is closed or until consent to their processing for such purposes is withdrawn. Personal data relating to information on purchases which are processed for profiling and marketing purposes will be kept for a limited period, in line with the term allowed by current legislation, and will be permanently erased or anonymised at the end of such period.
10. POLICY ON COOKIES AND SIMILAR PROCESSES
As is customary on all websites, this website also utilises cookies, small text files that permit the storage of information regarding visitor preferences, to improve the functionality of the website, to simplify browsing by automating procedures (such as for the login and website language) and to analyse use of the website.
Session cookies are essential in order to distinguish between users connected to the website. They help to prevent a requested feature being provided to the wrong user, as well as for security purposes to stop cyber-attacks on the website. Session cookies do not contain personal data and last only for the current session, i.e. until the browser is closed. No consent is required for their utilisation.
Functionality cookies utilised by the website are strictly necessary for functioning of the website. In particular, they are connected to a specific functioning request by the user (such as Login), for which no consent is required.
Instructions for disabling cookies can be found on the following web pages:
Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Windows Internet Explorer https://windows.microsoft.com/it-IT/windows7/Block-enable-or-allow-cookies
Apple Safari https://support.apple.com/it-it/HT201265
Third party cookies
– Google (Analytics cookie): Google Analytics is a Google analysis tool that uses performance cookies to collect anonymous browsing data (truncated to the last octet and not cross-linked with those of other services) in order to examine the use of the site by users, compile reports on activities on the site and provide other information, including the number of visitors and pages visited. Google may also transfer this information to third parties where required by law or where such third parties process the above information on Google’s behalf. Google will not associate the IP address with any other data held by Google.
Data transmitted to Google are stored on Google’s servers in the United States.
For more information on the use of data and their processing by Google, check the privacy policies on the following website: https://www.google.com/intl/it/policies/privacy/ .
Further information on Google Analytics cookies can be found on the following page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
The User can selectively disable Google Analytics by installing the required component provided by Google on his/her browser (opt out). To disable the collection of data by Google Analytics, please see the link.
This type of service analyzes the traffic of this Application, potentially containing Users’ Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
Google reCAPTCHA (Google Inc.)
Google reCAPTCHA is a SPAM protection service provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
11. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
The personal data provided by the data subject may be communicated to: all subjects to whom the right of access to such data is recognized by virtue of regulatory provisions; to our collaborators, employees, as part of their duties; to all those natural and / or legal persons, public and / or private when communication is needed or functional to the performance of our business and in the manner and for the purposes illustrated above.
12. DATA CONTROLLER – DATA PROTECTION OFFICER – COMPANY CONTACTS
For the purposes of this Privacy Statement and the processing of data described herein, the term “Company” refers to BERNI SRL Viale Palmiro Togliatti 86, code 50059 VINCI locality Sovigliana (FI) Italy.
The data controller of the Company is BERNI SRL Viale Palmiro Togliatti 86, cap 50059 VINCI locality Sovigliana (FI) Italy.
For any comments or questions about this Privacy Statement and to talk to the local contact person in charge of handling data processing requests, you can also contact the Company’s customer service at: firstname.lastname@example.org – tel. 0571.5311.
The Company, at its discretion, reserves the right to change, modify, add or delete portions of this Privacy Statement at any time, updating the “last modified” date indicated below. It is the user’s responsibility to review the Privacy Statement from time to time to be aware of any changes made. In some cases, the Company may provide further communications regarding significant changes to this Privacy Statement by sending a newsletter. Following the changes, where foreseen by the current legislation, the data of the data subject will not be processed without his/her specific consent.