As provided for in the European Union Regulation no. 679/2016 (hereinafter “GDPR”) and in particular art. 13, below we provide you with the information required by law relating to the processing of your personal data. Note for minors: We do not knowingly process data from children under the age of 14, however if you are 14 or under, please obtain permission from your parent/guardian before providing any personal information. The website www.vestil.it (hereinafter the "Site") is owned and managed by Vestil srl, with headquarters in Turin, Piazza Statuto 9, (hereinafter referred to as "Vestil"). Vestil respects the applicable laws regarding protection of data and constantly works to improve the protection of its customers. This information on the protection of personal data informs you about the processing of your personal data in relation to the website www.vestil.it, how to manage them and how the services are made available through the Site by Vestil srl.
1. DATA CONTROLLER
The data controller of personal data is pursuant to art. 26 GDPR –
European Privacy Regulation:
- Vestil srl, with headquarters in Turin, Piazza Statuto 9, VAT number 11043100012; email: firstname.lastname@example.org .
To contact the data controller you can write to: email@example.com
2. WHAT ARE PERSONAL DATA?
Personal data is information that refers to an identified or identifiable natural person, such as name, surname, gender, e-mail address, telephone number, date of birth, postal address.
3. WHAT PERSONAL DATA ARE PROCESSED?
3.1 Data entered by the user
If you create your personal user account, fill in the registration fields on the Site or give us your consent, we process the personal data provided in this way, in particular the data as defined in section 2.
3.2 Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses or domain names of the computers used by the Users, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data will be recorded in anonymous and aggregate form and will be used, always in aggregate form, for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and will be deleted, always in aggregate form, immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
4. WHEN DO WE PROCESS YOUR DATA?
We process your personal data when you create your personal user account, when you order products via our website or when you subscribe to our newsletter. Unless otherwise specified in the following provisions, the legal basis for this data processing is Article 6 paragraph 1 b) and a) GDPR (execution of a contract and consent).
5. PURPOSE OF DATA PROCESSING
To make purchases on our site you must create a personal account (hereinafter "user account"). You can store your personal information in your user account, and facilitate shopping in our online store. To create a personal user account we need your details, name and surname and, as appropriate, address and telephone number. Additionally, users must provide their email address and a password of their choice. The email address provided by users also serves as the login data for the user account. Furthermore, users can store their personal data within the user account and thus conveniently purchase in the online shop. The information can be updated at any time in the personal area of the user account ("User Profile"). Upon registration, the User will be asked to enter personal data, some of which - from time to time expressly identified as such - will be mandatory and indispensable to provide for the purposes of registration (e.g. the e-mail address at which receive the Newsletter). The other data may or may not be provided, at the User's discretion, and failure to provide them is in no way prejudicial to the purposes of registration, but may allow only partial use of the Services. Of course, the user can delete his user account at any time and without giving reasons. The easiest way to do this is to send an email to firstname.lastname@example.org. The legal basis for this data processing is Article 6 paragraph 1 b) GDPR (performance of a contract).
5.2. Order processing in our online shop
When ordering products in our online shop, the processing of your personal data is intended to enable and optimize order processing, including payment and delivery. When payment is made by credit card, we receive the payment ID and the last four digits of the credit card number from our payment service provider. We need this for the authentication and allocation of your order and therefore for your security. The personal data necessary for payment are collected directly by the payment service provider.
The legal basis for the aforementioned data processing is Article. 6 paragraph 1 b) GDPR (execution of a contract) and Art. 6 paragraph 1 f) GDPR (legitimate interest, based on our interest in offering you a secure payment option by credit card). Among other things, we also check all previous orders placed from your customer account. The system also checks whether the delivery address is different from the billing address, whether it is a new delivery address or whether the order needs to be delivered to an intermediate center. After choosing the payment service provider, you will be asked for the data necessary to use these services.
This payment information is forwarded directly to the respective payment service provider and is not stored by Vestil. We save your billing and delivery address data in your user account so that you no longer need to enter it the next time you make a purchase. This data can be changed at any time in the future.
The personal data processed in the context of orders will be deleted at the latest after the statutory warranty periods have expired, unless this conflicts with statutory retention obligations.
We offer all users of our community the opportunity to receive our newsletter. To activate it, the user can register with his e-mail address on the appropriate page. The user can revoke his consent at any time and without giving reasons. The easiest way to do this is to click on the "Unsubscribe" link, found in every newsletter.
The Newsletter may also contain advertising banners, insertions and advertising offers both from the Company and from third parties. The legal basis for this process is Article 6, paragraph 1 a) GDPR (consent).
5.4 Contact via contact form
If you send us requests for information using the contact form, we will process the information you provide, including your contact details, in order to process the request. In case of subsequent requests, this additional data will also be stored. The legal basis is Article 6.1 b) GDPR (contract fulfillment - the processing of your data is necessary for the fulfillment of the contract to respond to questions or requests) as well as Article 6 paragraph 1 f) GDPR (balancing of interests - based on our interest in processing requests from users of our website). As Data Controller, Vestil srl informs that the personal data of Users, subject to their consent, may be processed by Vestil for the following purposes: a) sending informative, promotional and advertising material relating to the Capri brands (by way of illustrative but not exhaustive: sending of newsletters, promotions, etc.); b) develop studies and statistical research; c) collect data and information in general and in particular on consumer orientations and preferences and process them using electronic tools in order to identify the products that may be of greatest interest to them, in such a way as to send them promotional communications expressly addressed to them products (so-called profiling).
6. METHOD AND PLACE OF PROCESSING
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The database is accessible only by authorized parties using methods that guarantee its protection and confidentiality, thanks to the adoption of security measures designed to prevent data loss, illicit or incorrect use and unauthorized access. Despite all the measures adopted to safeguard your information, we cannot guarantee, given the state of technology, that unauthorized access or abuse of the services by third parties can be excluded.
PLACE OF DATA PROCESSING
The processing connected to the Services of this Site takes place at the headquarters of the Data Controller and is handled only by the Data Controller's technical staff appointed for this purpose in the capacity of person in charge, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated. The personal data provided by Users who forward requests to join the Services are used for the sole purpose of carrying out the service or provision requested and are communicated to third parties only if this is necessary for this purpose. In its capacity as data controller, Vestil may proceed, directly or through any external data processors indicated on the Site, to save the Users' personal data in specific servers and to carry out all other processing operations through the personnel of the owner and manager - appointed for this purpose in the capacity of person in charge, or through any external persons in charge during maintenance operations.
7. DATA PROCESSING PERSONS
To operate our website, we commission external data processing service providers (e.g. order dispatch, newsletter software, data centers). If necessary, these service providers also process personal data. Service providers are carefully selected and monitored by us. The data is processed exclusively in accordance with our instructions and is furthermore bound by this data protection declaration. Only in the presence of express authorization from the User, Vestil proceeds to use his data for the same activities referred to in the previous point with the aid of automated tools without the intervention of an operator and/or for the other purposes authorized from time to time by the User. The updated list of all Data Processors is available at each of the Data Controller's offices and can be requested at the following e-mail address: email@example.com. This list can be subsequently integrated and/or updated as needed.
8. STORAGE PERIOD
Personal data will be kept only for the time necessary to achieve the purposes indicated here or as required by law (civil, fiscal and fiscal obligations in force). The data entered by you pursuant to section 3.1 will therefore be deleted at the latest 10 years after the expiry of any retention periods provided for by commercial and tax law. Automatically recorded data, as defined in section 3.2, will therefore be deleted or made anonymous after 24 months.
9. YOUR RIGHTS
As an interested party, pursuant to articles 15-21 of the GDPR you have the right to:
a) obtain confirmation of the processing of your personal data;
b) access your personal data and know its origin (when the data is not obtained from you directly), the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of your data or the useful criteria for determining it;
c) obtain the updating and rectification of your personal data so that they are always precise and accurate;
d) obtain cancellation, in the cases provided for by the art. 17 of the GDPR, of your personal data or request the limitation of processing;
e) obtain a copy of your personal data.
You can therefore find out what personal data we have about you, their origin and how they are used, request their updating, rectification or integration as well as, in the cases provided for by the provisions in force, their cancellation, limitation of processing or oppose to their treatment.
If you wish, you can request to receive the personal data we hold about you in a format readable by electronic devices and, where technically possible, we can transfer your data directly to a third party indicated by you.
Any requests will be processed at the latest within one month of receipt, except for the possibility of extending this deadline for a further two months, if necessary, taking into account the complexity and number of requests received by the Data Controller.
Cookies are small files recorded on your device. Cookies can be used to determine whether a connection has already been established between your device and our pages. Only the cookie stored on your device is identified. No personal data is stored in the "Cookies" folder.
12. WHO CAN YOU SUBMIT A COMPLAINT TO?
If you have general questions about the information we collect and how we use it, please contact us by email at firstname.lastname@example.org
If you are not satisfied with our response, you can contact the Data Protection Authority.
Piazza di Monte Citorio, 121 - 00186 Rome
Telephone: + 39-06-6967 71 / + 39-06-6967 72917