PRIVACY POLICY

Welcome to our shop.luisaspagnoli.it. website (“Site”).

User are invited to read this Privacy Policy which is applicable to the navigation of the Site regardless to whether a purchase is made or use is made of the services provided on the Site. Users are also invited to read the General Conditions of Use and the Cookies Policy, which provide further information on privacy and the security systems adopted by the Site.

1. THE POLICY

All Data subjects are entitled to the protection of their Personal Data. TD respect the rights of their users to be informed on the collection and subsequent processing operations concerning their Personal Data. The Site activities have been carefully configured to respect the principle of strictly necessary when processing data that can identify users, even indirectly- For this reason, we have configured the Site so that the use of personal data is kept to a minimum and exclude the processing of personal data when the purpose of the specific activity can be achieved using anonymous data or other means, identifying the person only when needed or at the request of the authorities and police forces.

The Privacy Policy was drawn up in accordance with Recommendation No. 2/2001 adopted on May 17, 2001 by the Labour Group for the Protection of Personal Data - Art. 29 regarding the minimum requirements for the collection of data on-line within the European Union, and also represent the Statement to Data Subjects under art. 13 of Legislative Decree no. 196 of June 30, 2003 and addenda ("Personal Data Protection Code"). The Privacy Policy indicates the identity of the Data Controllers in charge of the personal data collected and processed via the Site, indicates exactly which personal data is collected, the purpose and processing methods used, the scope of the communication of personal data to third-parties, the security measures put in place to protect and safeguard such data and the options open to the Data Subjects to check the processing of their personal data and exercise the rights granted to the same by the Privacy Policy.

For further information on the Privacy Policy, the user can send an email to privacy@triboo.it or contact Triboo Digitale at the clicking links provided in section 3 below.

2. HOW WE COLLECT YOUR DATA  ON THE SITE

Data acquired during navigation

Generally speaking, no user personal data is collected when visiting or browsing through the Site. The processing of personal data of users who visit and consult the Site is limited to the so-called navigation data. The data processing systems and software procedures used by this website acquire some personal data, during their normal functions, the transmission of which is implicit when using Internet communication protocols. This refers to information which is not collected to be associated with identified parties, but due to their nature could, permit the identification of the user if they are elaborated and associated with data held by third parties. This category of data includes, for instance, IP addresses or computer domain names used by the users to connect to the website, the URI Uniform Resource Identifier addresses of the requested resources, the time of request, the method used to make the request to the server, the size of the file received in reply, numerical code indicating the status of the reply given by the server (successful, error etc.) and other parameters of the operating system and the environment used by the User. This data  is used for the sole purpose of collecting anonymous statistics on the use of the Site and to check it functions correctly and they are cancelled immediately after such anonymous processing. The data could be used to ascertain responsibility in the case of any hypothetical electronic crimes which damage the Site: in addition to this eventuality, at present the so-called navigation data are retained and deleted within the terms provided by the applicable regulations, according to the purpose for which they were collected and subsequently processed.

Data provided spontaneously by the User

The Site also collects and processes personal data provided voluntarily by users when they interact with the functions and services provided on the Site, for instance during the Site registration process or to send purchase orders for products through the Site, or for registration to receive newsletters, take part in initiatives via the Site, requests for information and sending of communications. In the sections of the Site where the Data Subject's personal data are collected, a specific Information Notice is available and, when required by the Privacy Code, the users are requested to grant their consent for the processing of their data. For further information on the purposes for which personal data is processed on the Site, please read the section that follow "Purpose and Methods of Processing Personal Data".

If users provide personal data of third parties, whilst using the functions and services on the Site, they must undertake previous actions to ensure that the disclosure of such personal data and the subsequent processing for the purposes specified in the Privacy Policy and the applicable Information Notice is compliant with the Personal Data Protection Code, as well as with the applicable laws and regulations. By way of example, users  may provide personal data of third parties only after having duly informed them and upon specific consent to the processing of their data, as required by the PDPC.

3. WHO PROCESSES YOUR PERSONAL DATA, HOW AND FOR WHAT PURPOSE

The personal data of Site users are generally collected and processed  to manage the interaction of users with some functions of the Site, for instance, Site registration or purchasing transactions and the execution of relative purchase orders.  Moreover, personal data is processed to fulfil all obligations as foreseen by the laws, regulations and EC norms and standards in force, and to exercise its rights at a judicial level. Collection of data is necessary for such activities. Failure to collect the data makes it impossible to fulfil the contractual obligations or provide the requested services. Consequently, pursuant to Article 24 of the Privacy Code, the consent of users for such processing purposes is not necessary.

In addition to the foregoing,  the data can also be processed for marketing purposes, i.e. the sending of information and promotional materials on Site products, special offers and/or promotions by standard mail, email, newsletters and text messages by SMS and MMS. It is always possible to oppose receipt of promotional materials; in fact, instructions on how to oppose this service and no longer receive such communications are included in every mail received.  Conferral of data for marketing purposes, as illustrated above, is optional and any refusals will not have any consequence on the possibility for Users to request products and enjoy the services and other functions provided by this Site.

Triboo Digitale Srl – with registered office in Viale  Sarca 336 - 20126 Milan Italy (TD), email:  ecare@luisaspagnoli.it is the autonomous Data Controller for the processing of processes personal of Site users as is strictly necessary to manage the purchasing operations and execute the orders placed via the Site, including the management of the sales and other transactions performed on the Site, delivery of products, returned materials and warranties, and all further activities necessary to the sale of its products via the Site.

Luisa Spagnoli S.p.A. with registered office in Strada Santa Lucia 71,  email: ecare@luisaspagnoli.it ("Luisa Spagnoli S.p.A."), is the autonomous Data Controller for the processing of user data for the above indicated marketing purposes.

Personal data of users are collected and processed using electronic and automated systems, and also manually for a minor amount of requirements, and retained for the time needed to achieve the purposes pursued each time; the processing logics and procedures are related to the purposes indicated in the Privacy Policy. 

Depending on the specific processing purpose, the personal data can be accessed by the Data Controllers as above, and their respective Chief Processors, if appointed. To receive an updated list of the Chief Processors appointed to processing personal data and the third-parties to whom such data is communicated, please contact the Customer Care Service or send an email to the email address privacy@triboo.it.

 

4. SCOPE OF COMMUNICATION OF PERSONAL DATA

Personal data of users can only be communicated to third parties in accordance with the indications provided in the Privacy Policy and the Privacy Statement published on the Site in the sections in which user personal data is collected.

Personal data can be communicated to authorities and public entities; professionals, freelancers, including associates and commercial partners (i.e. third-parties providing Site management services of a commercial, professional and technical nature and to pursue the aforementioned purposes);  third-parties in cases of mergers, acquisitions, corporate or business branch spin-offs or other extraordinary transactions. These third-party subjects only receive the information needed for them to implement their designated functions. In particular, TD communicates the personal data collected to Arcese Logistic S.r.l., duly appointed as Chief External Processor for the execution of logistic activities concerning shipping and the return of purchased products. All the above subjects undertake to use the information received for the aforementioned processing purposes only, and keep them secure and confidential, in accordance with the requirements of the applicable laws and regulations in force. In addition, personal data may be communicated to legitimate recipients under the laws or regulations in force.

Except for the foregoing, personal data are not shared with third-parties who do not provide any service at a commercial, professional and technical level. The third-parties, i.e. Data Controllers, Chief Processors or Processing Officers, as the case may be,  to whom such data is communicated shall process the same for the aforementioned purposes only, in accordance with the requirements of the applicable privacy code. 

5. SECURITY MEASURES

In order to guarantee the security of all personal data, the security measures foreseen by the PDPC and any applicable regulations have been adopted to prevent loss of data, illegal or illicit use of the data and unauthorised access to said data, with particular but not exclusive reference to Annex B to the Privacy Code (Technical Regulations regarding minimum security measures). In addition, information systems and computer software programs are configured so as to minimise the use of personal and identifier data therefore such data are used only when necessary for specific processing purposes pursued each time. 

6. RIGHTS TO ACCESS PERSONAL DATA AND OTHER PRIVACY RIGHTS

Users are always entitled to  exercise, at any moment in time, the rights granted by Art. 7 of the PDPC,  such as for instance obtaining confirmation as to whether or not their personal data exists in an intelligible form; access such data; verify the contents, origin and accuracy; the right to obtain the updating, rectification, integration of the data; erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; certification to the effect that the operations indicated above have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; the right to oppose, for legitimate reasons, all or part of the processing of the personal data, for instance the right to oppose the processing of the personal data for marketing purposes.

To exercise such rights, users are required to contact the respective Data Controllers, depending on the type or processing to be opposed, using the email addresses provided in paragraph 3. 

7. COOKIES

Please read our Cookie Policy for information on cookies and how to disable them.

8. AMENDMENTS AND UPDATES TO THE SITE'S PRIVACY POLICY

This Privacy Policy can be amended and updated, wholly or in part, also in consideration of any amendments to the applicable standards and laws in force. Amendments and updates to the Privacy Policy shall be notified to users with the publication of the updated Privacy Policy on the Home Page of the Site, with the words "Privacy Policy Updated" and shall become binding as soon as it is published on the Site. We therefore recommend users to access this section regularly in order to check the most recent and updated version of the  Privacy Policy.

9. GIFT CARD – PERSONAL DETAILS OF A THIRD PARTY RECIPIENT

The personal details of a third party recipient (name and email address) to whom you wish to send a "Gift Card" to during the purchase process, shall be processed exclusively to allow Triboo Digitale to send the "Gift Card" via email to the recipient, to unlock the card and fulfil all consequent services and obligations assigned to Triboo Digitale.  The details (name and email address of the recipient) shall only be retained until confirmation is received that the recipient has unlocked the Gift Card, following the instructions provided on the Site or, whichever occurs later, until the date within which the Buyer is entitled to exercise his right of withdrawal expires: once the Gift Card has been unlocked, or, whichever occurs later, once the date within which the Buyer is entitled to exercise his right of withdrawal has expired, the details of the recipient processed for the purposes illustrated herein will be erased.