FREE SHIPPING – FREE RETURNS
CONTACT US +39 02 46716262 - +39 800 86 86 86 from Italy – WHATSAPP +39 3356380463

Privacy Policy for Users

Privacy Policy for Users

In compliance with the General Data Protection Regulation EU 679/2016 (“GDPR”) on the data protection of physical persons in regards to personal data processing which has replaced Legislative Decree 196/2003, the processing of personal data concerning the data subject shall comply to principles of correctness lawfulness transparency, in such a manner as to guarantee the security and confidentiality of the personal data.

 

We invite users to carefully read the information statement provided below so that users of the Website can be aware and conscientiously express their consent to use the Personal Data so that we can provide a high quality level service in full compliance with the data subject’s rights.

 

Data Controller

DAMIANI S.p.A. with head office located in Valenza (AL), Italy, Piazza D. G. Damiani No. 1, Tax ID and VAT number 01457570065 (hereinafter, “Data Controller”), owner of the website http://www.damiani.com/ (hereinafter, “Website”), as Data Controller of the personal data of users who browse and are registered to the Website (hereinafter, “Users”), hereby provides the following information statement pursuant to Article 13 of Legislative Decree 196/2003 (hereinafter, the “Privacy Code”) and pursuant to article 13 of the General Data Protection Regulation EU 679/2016 of 27 April 2016 (hereinafter, the “GDPR”) – both the GDPR and the Privacy Code are hereinafter referred to as “Applicable Regulations”) in relation to the data processing of Users’ personal data (“Personal Data”).

This Website and any services offered thereof through the Website are reserved for persons who are eighteen years of age. Therefore, the Data Controller does not gather personal information of persons who are less than 18 years of age. Upon request of the User, the Data Controller will promptly delete any personal data that is gathered involuntarily in relation to minors.

Type of Personal Data Processed.

The following categories of Personal Data concerning the Users may be gathered:

Contact data – information related to name, surname, address, telephone number, cell number or email address;

Other personal data – information that the User provides voluntarily by filling out the optional fields provided by the Data Controller for the purposes specified hereafter, such as date of birth, date of marriage, level of education or professional profile. If Personal Data is provided on behalf of a third party, the User must promptly ensure that the data subjects read this information statement;

Interest – information that Users provide in regards to their interests, including the Data Controller’s products that the Users are interested in;

Using the Website – information that Users provide in regards to their interests, including the Data Controller’s products that the Users are interested in;

 

Purposes and Legal Basis of Data Processing

Personal data of Users will be processed lawfully by the Data Controller pursuant to article 6 of the General Data Protection Regulation, for the following processing purposes:

  1. website browsing, in relation to the possibility to gather data from the User that is required from a technical standpoint, such as IP address while browsing the website. Said personal data of the User will be used by the Data Controller only to ascertain the identity of the User (even by validating the email address) while preventing any possible frauds or violations.
  2. obligations of the contract and the provision of the services in case of online purchases, to fulfil purchase requests of products offered in the “e-commerce” section of the Website, according to the General Conditions of Sales which are approved by the User when registering to the Website and to fulfil subsequent reports and requests by the User. The provision of contact data is mandatory in order to fulfil the contract obligations.
  3. administrative and accounting purposes in case of online purchases, or to conduct organisational, administrative, financial or accounting tasks that are functional to managing the contract. The provision of contact data of the User is in fact mandatory in order to fulfil the contract obligations.
  4. obligations of law, namely to fulfil obligations envisaged by law from authorities, a regulation or EU laws where the Data Controller is bound to fulfil them. The provision of User’s contact data is in fact mandatory.

Failure to provide the contact data will result in the inability for the User to browse the Website, register to the Website or use the services offered by the Data Controller of the Website.

The legal basis of the data processing lies in the execution of a contract requested by the User (pursuant to article 6, paragraph 1, letter (b) of the General Data Protection Regulation and article 24, paragraph 1, letter (b) of the Privacy Code) or the fulfilment of obligations of law (pursuant to article 6, paragraph 1, letter (c) of the General Data Protection Regulation.

Additional processing purposes: marketing purposes (to send newsletters, advertising materials or business communications).

With the free and optional consent by the User, the User’s contact data and any other personal data provided, may be processed by the Data Controller, even for marketing purposes and to send newsletters (including advertising materials, direct sales, business communications, newsletters containing information regarding major news on the sector related to the Website’s activities) and in order for the Data Controller to contact the User by post, email, telephone (landline or mobile, using calling automated systems or through an operator), by text message to inform the User of products and services of the Data Controller, to send invitations, deals or business opportunities.

The provision of Personal Data is optional and failure to provide a consent will not jeopardise the possibility to register to the Website in any way.

The respective legal basis of the processing lies in the possible consent given freely by the User to execute the above marketing purposes (pursuant to article 6, paragraph 1, letter (a) of the General Data Protection Regulation and article 24, paragraph 1, letter (b) of the Privacy Code).

 

In case of consent, the User may withdraw it at any time by providing a request to the Data Controller according to the methods outlined in the paragraph “Rights of the Data Subject”.

Moreover, the User may easily object to receiving additional promotional communications or newsletters via email, even by clicking on the provided link to cancel the consent which is present on each promotional email and newsletter. Once the consent is withdrawn, the Data Controller will send the User an email message confirming receipt of the withdrawal of the consent.

The Data Controller informs the User that after exercising a right to object to receiving promotional communications or newsletters via email, due to technical or operating reasons, it is possible for the User to continue to receive some additional messages. If the User continues to receive promotional messages or newsletters, please report the issue to the Data Controller using the contact details specified in the section “Rights of the Data Subject”.

 

Additional Processing Purposes: Profiling

The free, optional consent of the User, the User’s Personal Data (namely contact details, other personal data, the use of the website and information regarding services where Users have expressed their interest), may be processed by the Data Controller even for profiling purposes, namely to reconstruct the User’s preferences and customs so that the User can be offered coherent deals based on the identified profile.

The provision of Personal Data is optional and failure to provide a consent will not jeopardise the possibility to register to the Website in any way.

The respective legal basis of the processing lies in the possible consent given freely by the User to execute the above profiling purposes (pursuant to article 6, paragraph 1, letter (a) of the General Data Protection Regulation and article 24, paragraph 1, letter (b) of the Privacy Code).

In case of consent, the User may withdraw it at any time by providing a request to the Data Controller according to the methods outlined in the paragraph “Rights of the Data Subject”.

 

Additional disclosures: Disclosure of Personal Data to Partners of the Data Controller

With the free, optional consent of the User, the User’s contact details may be disclosed by the Data Controller to companies that are part of the same group of the Data Controller (details of said companies can be viewed by clicking on the following link http://investorrelations.damiani.com/ENG/page/the_group/organization_chart.php), as well as to companies of goods and services pertaining to the finance and “luxury” sector (by way of example, the fashion sector, travel, car, yachts) where the Data Controller may establish co-marketing relations (hereinafter, collectively referred to as the “Partners of the Data Controller”).

The Partners of the Data Controller, as independent data controllers, will process the User’s personal data for own marketing purposes and may contact the User through traditional means (by post, operator call) or through automated means (email or text messaging).

In compliance with article 13, paragraph 4 of the Privacy Code, as well as article 14, paragraph 3 of the General Data Protection Regulation, the Partners of the Data Controller must forward the User their own information statement which must include the origin of the personal data disclosed to them in addition to the conditions envisaged in article 13, paragraph 1, in order to allow each data subject to contact the entity that collects and discloses the data in order to object to the processing pursuant to Applicable Regulations.

 

Data Processing Methods

Controller will process the Personal Data of Users using manual or automated instruments and relying on logics that are strictly correlated to said purposes and in any case in such a manner as to guarantee the security and confidentiality of said data. Data provided spontaneously, is gathered directly by the Data Controller using electronic means or through a third party, expressly appointed as Data Processor, even through information systems of Customer Relationship Management (CRM). The CRM is used by the Data Controller to improve the management of data of customers from an administrative and information standpoint, as well as to offer high quality services and whenever users grant their consent, for marketing purposes, both direct or profiled.

 

Data Preservation

Personal Data of Users is preserved for the time strictly necessary to pursue the purposes for which they were gathered and until the consent is withdrawn by the User and in any case said preservation period must conform to Applicable Regulations.

Contact data will be preserved for the time strictly necessary to fulfil the contract obligations arising with the User, as well as to fulfil tax obligations and to protect the interests of the Data Subject and Data Controller pursuant to the Italian Civil Code.

Personal Data of Users gathered for marketing or profiling purposes will be preserved in compliance with Applicable Regulations, as well as in compliance with the provisions of the Data Protection Authority, currently in force.

 

Scope of Disclosure and Dissemination of Personal Data

The Data Controller designates special Data Processors, each according to their respective duties and operating under the direct authority of the Data Controller from which they receive proper operating instructions and they may have headquarters located in or outside the European Union.

Employees or collaborators of the Data Controller in charge of managing the Website, may learn about the Personal Data of Users. Said persons which are formally appointed by the Data Controller as “data processors” will process the User’s personal data solely to fulfil the purposes outlined in this information statement in compliance with provisions of Applicable Regulations.

Moreover, third parties may gain knowledge of the Users’ Personal Data and may process said personal data on behalf of the Data Controller as “External Data Controllers“, by way of example, providers of information services and logistics to serve the operation of the Website, providers of services in outsourcing or cloud computing, as well as professionals and consultants.

Users have the right to obtain an updated list of Data Processors appointed by the Data Controller by making a request to the Data Controller to the contact details provided below.

 

Transfer of Data

If the Data Controller is forced to disclose personal data to data processors working on behalf of the Data Controller and by virtue of specific contract restrictions, in EU or non-EU countries (where there is a decision on the suitability of the Commission pursuant to article 45 of the GDPR), the transfer of personal data will be limited strictly to what is necessary, restricted to purposes for which they were gathered while adopting all necessary measures to ensure a proper level of protection of the personal data and utmost compliance with Applicable Regulations.

 

Data Protection Officer (“DPO”)

The Data Protection Officer appointed voluntarily by the Data Controller can be contacted at the following addresses: Piazza D.G. Damiani n. 1 – 15048 Valenza (AL) – Italia; e-mail privacy@damiani.com .

 

Rights of the Data Subject

Users of the Website have the right to exercise the rights envisaged in article 7 of the Privacy Code, according to the methods set out in article 8 of the Privacy Code. Users may exercise their own rights with respect to the Data Controller at any time in compliance with the GDPR EU 679/2016. In particular, Users may request the following by contacting the Data Controller specified above:

  • the right to know about the existence of the data processing that concerns the user and in this case, the right to access their own personal data pursuant to article 15 of the GDPR 679/2016 and the right to obtain communication of said data in intelligible form and information about their origin without delay; the right to know about recipients or categories of recipients of the personal data to whom they are disclosed;
  • the right to obtain rectification or supplementation of the personal data concerning them without delay pursuant to article 16 of the GDPR EU 679/2016;
  • the right to obtain immediate erasure of own personal data whenever the consent is withdrawn and when the data is no longer required for the purposes for which they were collected or otherwise processed or if the legal basis of the processing ceases to exist, or if personal data is processed unlawfully or if said obligation is imposed by law or legal authorities pursuant to article 17 of the GDPR EU 679/2016;
  • the right to limit the processing of data concerning the users whenever the data subject disputes the accuracy of the data or whenever the user objects to their processing as the processing is unlawful or if the Data Controller no longer needs to process the data; the personal data is in any case required to ascertain, exercise or protect a right in legal proceedings pursuant to article 18 of the GDPR EU 679/2016;
  • the right to data portability, it being understood as the right to obtain from the Data Controller personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided pursuant to article 20 of the GDPR EU 679/2016;

 

Users interested in exercising said rights can simply send an email to the following address: privacy@damiani.com .

It must be noted that the Data Controller will notify each recipient of the personal data of any rectifications, deletions or restrictions of the data processing made pursuant to article 16, article 17, paragraph 1 and article 18, unless this proves impossible or involves a disproportionate effort. The Data Controller will disclose information about said recipients whenever requested by the User.

 

Right to Object

If the conditions of article 21 of the GDPR are applicable, Users will have the right to object to the processing of the data concerning them, unless there are legitimate reasons of the Data Controller to continue to process the data. Request must be forwarded by email to the following address privacy@damiani.com.

 

Withdrawal of Consent

Users have the right to withdraw their consent given at any time without prejudice to the lawfulness of the processing based on the consent acquired prior to the withdrawal pursuant to article 7, paragraph 3 of the GDPR EU 679/2016. Said withdrawal may result in the inability to continue to render the services by the Data Controller and pursue the above purposes.

 

Complaint to the Data Protection Authority

If Users believe that the processing concerning their personal data violates the GDPR or the Privacy Code, they may lodge a complaint with the Data Protection Authority (Data Protection Authority, Piazza di Monte Citorio No. 121-00186 Rome – Italy; email: garante@gpdp.it).