Last Updated: [01/12/2021]
This document can be printed using the print command in any browser settings.
1. Data Controller
LADY SHOES SRL, CORSO ATELLANO 51/53, 81030 SANT'ARPINO (CE) - IT, Italy, , email: firstname.lastname@example.org, is the data controller of user/visitor data collected through the Site ( “ Owner ” or “ Elisalanci ”).
Owner's e-mail address: email@example.com
2. Types of Data collected
The personal data of users/visitors that the Data Controller collects through the Site include:
- Personal data (name, surname, company name, date of birth, tax code, VAT number);
- Your contact details (email address, telephone number, physical shipping address and billing address); And
- Any responses from users/visitors to the questions provided and feedback requested by the Site through forms and online surveys (hereinafter, " Personal Data ").
The Personal Data listed above are collected by the Site at the moment:
- registration on the Site, for users who register now for the first time on the Site (" User "); or
- the purchase of one or more of the products offered for sale through the Site, for users not registered on the Site (" Guest ").
Unless otherwise specified within the Site, all Personal Data requested are to be considered mandatory. It is therefore understood that failure to provide the Personal Data marked as mandatory prevents registration on the Site or the use of the services offered therein; failure to provide Personal Data that may be marked as optional does not prevent registration on the Site or use of the services offered therein, but could in any case make their use less immediate and less user friendly .
3. Purposes and legal bases of the processing of Personal Data
Purpose of the treatment
The Personal Data of Users/Guests will be processed by the Data Controller according to principles of necessity, data minimisation, lawfulness, correctness, proportionality and transparency for the following purposes:
(a) provide the Site, allow access and registration to the Site, as well as the use of the services offered through the Site, or the purchase of products online and order management and any other service that may be offered in the future through the Site of which the User/Guest requests the performance, as well as to improve the Site and the services offered therein;
(b) ensure the User/Guest the assistance service (by filling in the appropriate form provided on the Site or by contacting the Owner directly) during registration on the Site and/or use of the Site and the services offered therein, and also to resolve any reports of malfunctions and/or disputes;
(c) fulfill legal obligations, respond to requests from the competent Authorities, protect one's rights and interests, identify any malicious or fraudulent activity;
(d) provide the User/Guest, via the e-mail address indicated when registering on the Site or making a purchase through the Site, commercial information and newsletters relating to products and services similar to those already purchased/requested by the User /guests;
(e) send advertising material to the User and carry out promotional, marketing and/or direct sales activities for products and/or services sold and/or provided by the Owner;
(f) to send the User commercial and promotional communications relating to products and/or services of selected third parties (ie companies of the Group to which the Owner belongs, parent companies, subsidiaries and/or associates, companies affiliated with the Owner and partners third parties), with whom the Data Controller maintains legal relationships (without in this case there being communication of Personal Data to third parties);
(g) carry out profiling activities in relation to the User of the Site, i.e. evaluate his preferences, consumption habits and tastes, also by means of an invitation to participate in market research, for the subsequent sending of profiled marketing communications.
Legal basis of treatment
The processing purposes indicated above (see section "Purposes of processing", letters from (a) to (g)) are processed by the Data Controller on the following legal bases:
(a) execution of the contract with the User/Guest and legitimate interest of the Owner;
(b) execution of the contract or pre-contractual measures at the request of the User/Guest and legitimate interest of the Owner
(c) fulfillment of a legal obligation to which the Data Controller is subject and/or legitimate interest of the Data Controller;
(d) legitimate interest of the Owner, unless opposed by the User/Guest;
(e) express consent of the User;
(f) express consent of the User; And
(g) express consent of the User.
With reference to the purpose referred to in point (d) above , the User/Guest may oppose the receipt of such communications at any time by clicking on the link at the bottom of the relative e-mail or by contacting the Owner at the e-mail address indicated to art. 1 above .
The contact methods aimed at direct marketing activities, on behalf of third parties and profiling as in points (e), (f) and (g) above , may be either automated (via e-mail, text messages, push notifications , other mass messaging tools, etc.) and of the traditional type (telephone calls with an operator and postal items). In any case, the User may revoke his consent, even partially, for example by consenting only to traditional contact methods.
If the User allows the profiling indicated in point (g) above , it will presuppose an automated activity in order to place the User in a category of subjects with homogeneous characteristics (in terms of purchase preferences, product of interest and shopping areas) on the basis of your previous shopping experiences, the market analyzes in which you may have participated, your demographic class and your activities on the Site.
Third Party Websites and Applications
The User is reminded that the Site may incorporate or in any case interact with applications and websites of third parties (" Third Party Websites and Applications " ), to make available to Users/Guests some of the ancillary services offered through the Site. The Sites Third Party Web and Applications are governed by their respective terms and conditions of use and privacy policies. The use by Users/Guests of Third Party Websites and Applications will therefore be governed by and subject to the terms and conditions of use and privacy policies of such third parties, to which reference is made.
4. Processing methods; Recipients of Personal Data; Place and period of retention of Personal Data
Methods of treatment
The Data Controller adopts the appropriate security measures pursuant to art. 32 GDPR, aimed at preventing unauthorized access, disclosure, modification or destruction of the Personal Data of Users/Guests.
The treatment is carried out on paper and/or using IT and/or telematic tools, with organizational methods and with logics strictly related to the purposes indicated in art. 3 above .
Recipients of Personal Data
The processing of Personal Data of Users/Guests will be entrusted, in the individual operations, to the employees and/or collaborators of the Data Controller (administrative, commercial, marketing, legal, system administrators), duly authorized and appointed.
Any third parties delegated by the Data Controller to process the Personal Data of Users/Guests (e.g. third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), will be appointed as Data Processors pursuant to art. 28 GDPR. The updated list of Data Processors can always be requested from the Data Controller by contacting him at the e-mail address indicated in article 1 above .
The Personal Data of Users/Guests will not be disseminated or transferred outside the European Union.
Place and period of retention of Personal Data
The Personal Data of Users/Guests will be stored on the Owner's servers, all located in the EU.
The Personal Data of Users/Guests are processed by the Owner and kept for the time necessary for the purposes indicated in art. 3 above . In particular:
- for the purposes referred to in points (a), (d), (e), (f) and (g) of the art. 3 above , the Users ' Personal Data will be kept by the Data Controller (but not used as regards the purposes (d), (e), (f) and (g) in the event of opposition, or in the absence or subsequent withdrawal of consent ) until the User cancels his account. However, it is understood that the Data Controller may keep the Personal Data of Users to defend their rights in relation to disputes existing at the time of the request or on indication of the public authorities. The User can cancel his own account or by sending an express request for cancellation of Personal Data to the Owner (see article 1 above );
- for the purpose referred to in point (a) of the art. 3 above , the Personal Data of the Guests will be kept until the execution of the contract or pre-contractual measure in place is completed. For the purpose referred to in point (d) of the art. 3 above , the Personal Data of the Guests will be kept, except in the case of opposition, as long as the legitimate interest of the Owner persists. The Personal Data of the Guests will not be processed - and therefore stored - for the purposes referred to in points (e), (f) and (g) of the art. 3 above ;
- for the purposes referred to in point (b) of the art. 3 above, the Personal Data of the Users/Guests will be kept for the time strictly necessary to resolve the request for assistance, reporting and/or dispute and provide the Users/Guests with feedback. Even in this case, however, it is understood that the Data Controller may keep the Personal Data, within the limits of the law, to defend their rights in relation to existing disputes or on indication of the public authorities; And
- for the purpose referred to in point (c) of the art. 3 above , the Personal Data of Users/Guests they will be kept by the Data Controller as long as the need for processing persists to fulfill said legal obligations.
At the end of the retention period, the Personal Data will be deleted. Therefore, upon expiry of this term, the right of access, cancellation, rectification and the right to the portability of Personal Data can no longer be exercised.
5. User/Guest Rights
Users/Guests can exercise certain rights with reference to the Personal Data processed by the Owner.
In particular, the User/Guest has the right to:
- obtain information in relation to the purposes for which your Personal Data are processed, the period of processing and the subjects to whom the Personal Data are communicated (so-called right of access);
- obtain the rectification or integration of inaccurate Personal Data concerning him (so-called right of rectification);
- obtain the cancellation of Personal Data concerning him in the following cases (a) the Personal Data is no longer necessary for the purposes for which it was collected; (b) has withdrawn his consent to the processing of Personal Data if they are processed on the basis of his consent; (c) has opposed the processing of Personal Data concerning him in the event that they are processed for a legitimate interest of the Data Controller; or (d) the processing of your Personal Data does not comply with the law (so-called right of cancellation). However, we inform the User/Guest that the retention of his Personal Data by the Owner is lawful if it is necessary to allow him to fulfill a legal obligation or to ascertain, exercise or defend a right in court;
- obtain that the Personal Data concerning him is only kept without any other use being made of them in the event that (a) he contests the accuracy of his Personal Data, for the period necessary to allow us to verify the accuracy of such Personal data; (b) the processing is unlawful but you still oppose the cancellation of your Personal Data by the Data Controller; (c) the Personal Data is necessary for him to ascertain, exercise or defend a right in court; (d) has opposed the processing and is awaiting verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party (so-called right of limitation);
- receive the Personal Data concerning him in a commonly used format, readable by an automatic and interoperable device (so-called portability right).
- obtain the cessation of processing in cases where your Data is processed for the purpose of commercial communications/newsletters relating to products or services identical to those already purchased/provided by the Data Controller (so-called right of opposition); And
- withdraw your consent to the processing of Personal Data at any time, without prejudice to the lawfulness of the processing based on the consent before the withdrawal.
How to exercise your rights
To exercise the rights listed above, Users/Guests can direct a request to the contact details of the Owner indicated in article 1 above . Requests are filed free of charge and processed by the Data Controller as soon as possible. Finally, we remind you that the User/Guest has the right to contact the Guarantor for the protection of personal data, based in Piazza di Monte Citorio, 121 - 00186 Rome (RM), to assert his rights in relation to the processing of his Personal Data by the Owner.