Information for the User on the use of the Site
Alessandra Colombo S.r.l. (Tax Code and VAT number 11665200967), with registered office in Viale Regina Giovanna 9, 20129 Milan, is the owner of the e-commerce platform at the URL www.alessandramilano.it (hereinafter, the Platform or the Site), dedicated to the footwear business of the brand Alessandra Milano.
To proceed with the purchase of the Platform’s Products, Users must provide certain personal data. Such data will be processed by Alessandra Colombo S.r.l. as the Data Controller, with the strictly related purpose of finalising the sale, arranging the delivery of the footwear and managing the accounting, administrative and fiscal aspects of the orders and related transactions.
The processing of Users’ personal data, which is completed through each purchase made on the Platform, is compliant with EU Regulation 2016/679 (herein, the “GDPR”) and with Decree No. 101/2018, as well as with principles of lawfulness, correctness, transparency, limitation, minimization, accuracy, limitation to preservation, integrity and confidentiality, accountability.
Alessandra Colombo S.r.l., as Data Controller of the processed personal data, hereby provides you with information related to the processing of Users' personal data when using the the Site and the services provided, undertaking to guarantee to Users the right to privacy and the right to protection of their personal data.
Alessandra Colombo S.r.l. reserves the use of the Platform and the services integrated therein to adult Users only. When accessing the Site for the first time, each User must, under her or his own responsibility, confirm that she or he is 18+ in order to continue browsing.
At the request of the interested parties, the Data Controller will immediately delete all personal data collected accidentally with respect to non-members or to those under the age of 18.
1. Processed data, purpose of processing of data and conditions of lawfulness
1.1 The Data Controller processes the following personal data from the User whilst using the Site:
- a. personal and identification data (including: name; surname; tax code or VAT number; details of an identification document; date of birth; residential address; delivery address; sex, etc.); indirizzo di residenza; indirizzo di consegna; sesso, etc.);
- b. contact details (i.e. telephone number; fax number; e-mail; etc.);
- c. accounting data and data relating to payment methods (i.e. credit/debit card number; CVC code; bank details; etc.);
- d. cookies stored in the navigation browser;
- e. data of social media profiles in case of access to the Site through the user's personal account on social networks – including the name, surname, nickname, gender and the ability to access limited sections of the profile.
1.2 Personal data will be processed by the Data Controller for the following purposes:
- a. to allow Users to register and create a personal account on the Platform (so-called registration);
- b. to respond to any requests for support and assistance coming from the Users;
- c. to satisfy purchase requests, for other contractual purposes and/or in relation to the execution of pre-contractual measures, as well as to fulfil any legal obligation relating to such purposes (i.e. the issuing of invoices, management of accounting and returns, etc.);
- d. in order to send to the User - through the use of traditional communications means (paper mail; telephone calls; etc.) and automated computer systems (e-mail, sms, chat, mms, etc.) - marketing, commercial and promotional communications, newsletters, advertising material, and in order to allow market research and/or surveys (so-called marketing) to be carried out.
1.3 The activities referred to at article 1.2 are carried out on the following legal grounds: for the purposes referred to at letter a), b) and c), the legal grounds are based on article 6 para. 1 letter b) and c) of the GDPR; for the purposes referred to at letter d), the legal grounds are based on the user's consent, pursuant to article 6 para. 1 letter a) of the GDPR.
2. Optional or mandatory requirements to provide data and obtain consent, including its consequences
The provision of data referred to at article 1.1. letter a), b) and c) is mandatory for the purposes referred to at article 1.2 letter a), b) and c). Any refusal to provide such data will make it impossible to use the Platform and/or purchase the Products and/or pursue the aforementioned activities. If the user chooses to access the Site through a social network account, it will also be mandatory to provide the data referred to at article 1.1. letter e).
The provision of data referred to at article 1.1 letter a) and b) is optional for the purposes referred to at article 1.2 letter d). Any refusal of consent will not have detrimental consequences for the purposes of article 1.2 letter a), b) and c), whilst it will not be possible to carry out the activities referred to at article 1.2. letter d).
3. Data recipients
For the purposes indicated at article 1, the Data Controller may communicate the Users' data to the following subjects:
Employees, collaborators or consultants of the Data Controller (i.e.: accountants, lawyers, auditors, social media managers, etc.);
collaborators or subjects operating in the logistics, transport and/ shipping sector, appointed by the Owner to make shipments and deliveries, as well as to handle any returns of orders and/or replacements of Products purchased on the Platform, on behalf of the Owner.
companies operating in the e-payments sector;
IT consultants and technicians;
Marketing, communication and market research consultants;
credit and insurance institutions;
judicial authorities, judicial operators and police forces;
supervisory and financial authorities; any individual who may acquire, in whole or in part, the Owner or be merged with the latter.
Personal data may be disclosed, in whole or in part, to individual recipients, limited to what is necessary to fulfil the specific purposes for which the communication will be necessary to perform the contractual services or legal obligations; all communication will take place in compliance with the principles established by article 5 of the GDPR.
4. Methods of processing personal data and retention period
Personal data are processed according to the principles established by EU Regulation 2016/679 (lawfulness, correctness and transparency; determination; adequacy, relevance and limitation; accuracy; security). Personal data are processed using paper, IT and telematics methods and tools, adopting organizational and technical measures appropriate to the risks associated with the specific processing and suitable to guarantee, as far as possible, the security and confidentiality of the data. The Data Controller may still retain the data to fulfil regulatory obligations, or to exercise or defend one's right in court.
5. Period of retention of personal data
Except for longer retention periods prescribed by law, personal data provided by Users will be kept for the time strictly necessary to pursue the primary purposes described in this policy or, in any event, for the time necessary to protect the interests of the Owner and Users.
6. Data transfer
Personal data provided by Users will be processed in Italy and in countries of the European Union which guarantee an adequate standard of protection of personal information. Should the transfer of Users' personal data to countries outside the EU become necessary, the Data Controller will ensure an adequate level of protection of personal information, in compliance with the provisions of the GDPR, pursuant to article 45 of the same Regulation; alternatively, the Data Controller undertakes to apply all data protection measures through the standard clauses approved pursuant to article 46 para. 2 of the GDPR. In the latter case, the Data Controller will provide Users with specific information.
7. User rights
Pursuant to article 13 para. 2 and 15-21 EU Regulation 679/2016, Users, as interested parties in the processing of personal data, can exercise the following rights: Right of access: the interested party has the right to obtain from the Data Controller confirmation of the processing of her or his personal data and access to such information, pursuant to article 15 of the GDPR; Right of rectification: the interested party has the right to promptly obtain from the Data Controller the correction of inaccurate personal data concerning her or him, pursuant to article 16 of the GDPR; Right to cancellation and right to revoke consent: the interested party has the right to obtain from the Data Controller the cancellation of personal data concerning her or him and the Data Controller is obliged to delete personal data without undue delay where the reasons referred to in article 17 of the GDPR apply. The interested party also has the right to revoke consent at any time, without thereby compromising the lawfulness of the processing based on the consent given before the revocation; Right to limitation of processing of data: the interested party has the right to obtain from the Data Controller a limit to the processing of data, where the reasons referred to in article 18 of the GDPR apply; Right to data portability: the interested party has the right to receive the personal data which concerns her or him and that she or he has provided to the Data Controller. This should be provided in a structured format commonly used and should be readable by an automatic device. The interested party also has the right to transfer such data to another data controller without interference from the Data Controller, to whom the personal data have been provided under the conditions established in article 20 of the GDPR; The right to object to the processing of date: the interested party has the right to object, at any time, to the processing of her or his personal data, pursuant to article 21 GDPR.
The above rights may be exercised against the Data Controller, by sending a written communication to the following address: firstname.lastname@example.org
Article 77 GDPR also recognizes the User’s right to lodge a complaint with a Supervisory Authority if she or he deems that the processing of data concerning her or him violates normal standards of reference. In Italy, the Supervisory Authority is the Guarantor for the protection of personal data. . For more information, please visit the following sites: https://www.garanteprivacy.it/regolazioneue/diritti-degli-interessati https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_it. A complaint can be made by sending an email to the following email address: email@example.com.
8. Minors under 18
The Site and its services are not intended for children under the age of 18; therefore, the Data Controller does not intentionally process personal data of subjects with an age below this threshold. However, the Owner is aware of the impossibility of preventing in advance access to the Site and its use by minors under 18. Therefore, the latter reserves the right to verify the age of Users and to deny them access to services when under 18 years old. These subjects will be able to access the Site’s services only if and to the extent that the consent to the processing of their personal data is given or authorized by the holder of a parental responsibility, following verification of the same. By accepting this information, the User declares to be at least 18 years old.
For more information on legislation on the processing of personal data, please visit: https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016R0679