Policy for processing of personal data

Pursuant to and by the effect of Article 13 of the New European Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR).

As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with processing, the interested party (User of the website www.sangiorgiomerate.com) is informed that personal data collected through the website are subject to processing by the Company through IT and/or telematic tools, for the purposes indicated in this policy.

To this end, the User is presented with the Privacy Policy prepared by SANGIORGIO srl (hereafter as “SANGIORGIO” or “the Company” or “the Data Controller”), creator and promoter of the activities available on the website www.sangiorgiomerate.com.

Data Controller

The Data Controller for personal data is SANGIORGIO srl – registered office in Piazza Prinetti 20 – 23807, Merate, Italia – email info@sangiorgiomerate.it.

For further information regarding the rights of the interested party, please consider the paragraph entitled “Rights of Interested Party” of this policy.

Information Processing 

The personal data subject to processing is collected directly by SANGIORGIO srl or by third parties expressly authorized by the Data Controller, or communicated by the Company to such third parties for the pursuit of the purposes described below.

Legal Basis and Purpose of Processing

The personal data provided by the User when browsing the website www.sangiorgiomerate.com are processed by the Data Controller in accordance with the current regulations for the protection of personal data.

The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the establishment, execution and possible termination of online sales contract concluded between the parties, and in the obligations of the same contract connected either directly and/or indirectly deriving from it.

The processing of your personal data by SANGIORGIO is aimed at pursuing the following purposes:

  1. SUBSCRIPTION TO THE SANGIORGIO NEWSLETTER: In the case that you decide to subscribe to the “SANGIORGIO Newsletter”, only after your express and specific consent, your personal data will be processed by the Data Controller for sending of commercial or promotional communications, relative updates, for example, to the latest trends, new arrivals, exclusive offers, special events and promotions. To unsubscribe from the newsletter simply click on the unsubscribe link at the bottom of the emails received or by writing to info@sangiorgiomerate.it.
  2. REGISTRATION ON SANGIORGIOMERATE.COM: In the case that you decide to register on the website www.sangiorgiomerate.com, only after your express and specific consent, personal data will be processed by the Data Controller for the purpose of registration on www.sangiorgiomerate.com. In particular, in providing your name, last name, email address and the setting of an access password, these will be processed for the creation of your personal account, to send informations about browsed or suggested products, abandoned carts and commercial offers; to speed up the purchase process, to allow you to view the status of orders and receive updates on purchases made, as well as change personal settings and update your account, view the history of returns and requests for the exchange of goods.
  3. ONLINE SHOPPING ACTIVITIES: The personal data you provide will be used for the establishment, management, execution and/or conclusion of the online sales contract. The data you provide will be processed by the Data Controller for the purpose of managing the purchase order with reference to, for example, payment, shipment, management of returns, customer support, administrative and accounting purposes related to the management of the order and the fulfillment of obligations under the current legislation. In case of payment by credit card, the fundamental information for the execution of the transaction (credit/debit card number, expiration date, security code) will be processed by STRIPE or, possibly, by companies in charge of the anti-fraud control using an encrypted protocol and without any third parties being able to access it in any way. This information will never be displayed or stored by the seller SANGIORGIO srl.

Nature of Processing

In relation to the purposes referenced in point 1) of the previous section, providing your personal data and consent to its processing is optional. 

Failure to provide consent will make it impossible for SANGIORGIO to allow you to subscribe to the “SANGIORGIO Newsletter”, to send commercial or promotional communications, updates on, for example, latest trends, new arrivals, exclusive offers, special events and promotions.

If you decide to proceed with the newsletter subscription through the section of the website solely dedicated to this activity, the provision of your personal data and consent to their treatment is mandatory.

In relation to the purposes referenced in point 2) of the previous section, providing your personal data and consent to its processing is optional.

Failure to provide consent will make it impossible for SANGIORGIO to allow you to register with www.sangiorgiomerate.it, create a personal account, speed up the purchase process, view the status of orders and receive updates on purchases, the possibility to update personal settings and account preferences, view the history of returns and exchange requests.

In relation to the purposes referenced in point 3) of the previous section, providing your personal data and consent to its processing is mandatory.

Failure to provide the consent will make it impossible for SANGIORGIO to proceed with the establishment, management, execution and/or conclusion of the online sales contract, therefore making it impossible to perform, for example, activities related to payment, shipment, management of returns, customer support, administrative and accounting purposes related to the management of the order and the fulfillment of obligations under current legislation.

Personal Data Processing

The Data Controller processes the personal data provided by the User when browsing the website www.sangiorgiomerat.com, in the event of any registration/subscription to the services/programs made available by SANGIORGIO and/or the possible purchase of goods made available by SANGIORGIO. 

Examples of personal data are name, last name and email address, in addition to the data necessary for the conclusion of the online sales contract, such as: the functional data for the execution of payment, shipment and exchange of purchased goods.

Methods of Processing and Storing Data

The processing of personal data is performed by the Data Controller in compliance with the provisions of the current legislation on Privacy. The Data Controller processes personal data using IT and/or telematic tools and with organizational and logical procedures strictly related to the purposes indicated in this policy, as well as adopting the appropriate security measures to prevent access, disclosure, unauthorized modification or destruction of personal data, its loss and its illicit and incorrect use. However, the Company cannot guarantee its Users that the measures taken for website security and the transmission of data and information on the website are capable of limiting or excluding any risk of unauthorized access or loss of data by devices pertaining to the User. For this reason, it is suggested that the Users of the website make sure that their computer is equipped with adequate software to protect the transmission of data (such as updated antivirus) and that its Internet provider has adopted appropriate measures for the security of the transmission of data on the network. The Company also undertakes to process the data according to the principles of correctness, lawfulness and transparency, to collect the data to the extent necessary and exact for processing and to allow its use only by personnel for authorized purposes. The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and/or by third-party companies appointed as External Data Processor for processing and, in any case, currently located in Italy.

In relation to the different purposes for which data is collected, personal data will be kept for the time strictly necessary to achieve that purpose and, in any case, in accordance with the current relevant regulations.

In any case, the Company will take care to avoid the use of data indefinitely by proceeding, on a regular basis, to verify appropriately the effective permanence of the interest of the User to which they refer.

Data Processors and Recipients

The data collected will not be disseminated in any way, but will be treated within the limits and for the purposes described by the employees of the Company on the basis of appropriate operating instructions (for example, administrative, commercial, marketing, legal personnel, system administrators, etc.). Some data processing may also be performed by third parties, appointed as External Data Processors for processing, of which the Data Controller relies on or could be used in the management of the contractual relationship, the provision of services offered and organizational needs of its activities. In particular, the data could be communicated to:

  1. Persons, public and private, that can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules;
  2. Persons who need access to data for purposes related to the contractual relationship existing between the parties, within the limits strictly necessary for the performance of auxiliary tasks (such as, for example, banks and lenders, technical service providers, hosting providers, IT companies, communication agencies, mail carriers and shipping companies);
  3. Consultants, within the limits necessary for carrying out their professional duties.

Transfer of Data Abroad

The management and storage of personal data will be carried out on servers of the Owner and/or third-party companies duly appointed as External Data Processors located within the European Union.

Your personal data may be transferred abroad, in accordance with the provisions of current legislation, even in countries outside the European Union.

The transfer to countries outside the EU, in addition to cases in which this is guaranteed by an Adequacy Decisions by the Commission, is carried out in such a way as to provide appropriate and opportune guarantees pursuant to Articles 46, 47 or 49 of the Regulation.

Rights of Interested Party

As the interested party, you may exercise, at any time, the rights provided to you in Articles 15, 16, 17, 18, 20 and 21 of the GDPR which, in particular, confer the rights to:

  1. Obtain from the Data Controller, pursuant to Article 15, confirmation of the existence or not of personal data being processed and, in this case, obtain access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients located in Third Countries or International Organizations; (iv) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
  2. Obtain from the Data Controller, pursuant to Article 16, the correction of inaccurate personal data without undue delay; taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, by providing an additional declaration;
  3. Obtain from the Data Controller, pursuant to Article 17, the deletion of their personal data without undue delay. The Owner has the obligation to cancel, without undue delay, personal data if there is one of the reasons indicated in paragraph 1 of Article 17;
  4. Obtain from the Data Controller, pursuant to Article 18, restriction of processing when one of the hypotheses governed by paragraph 1 of Article 18 occurs;
  5. Obtain from the Data Controller, pursuant to Article 20, the portability of data or to receive in a structured, commonly used and machine-readable format, their personal data provided to a Data Controller. The Data Subject also has the right to transmit such data to another Data Controller without impediments by the first Data Controller to whom it has provided them, if the conditions indicated in Article 20 paragraph 1 are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
  6. Object to, in whole or in part, pursuant to Article 21, the processing of their personal data.

To exercise these rights, the User can access his account (if registered) or just send their requests to info@sangiorgiomerate.it.

It should also be noted that the Data Subject has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation, without prejudice to the consequences indicated above regarding a refusal to provide such personal data. The Data Subject also has the right to lodge a complaint with a Control Authority.

SANGIORGIO will respond to requests concerning personal data made by the interested party within one month, except in cases of particular complexity, for which it may take up to a maximum of three months. In any case, the Data Controller will provide the interested party with the reason for the delayed response within one month of the request. The outcome of the request will be provided in writing or in electronic format. In case of request for rectification, cancellation and limitation of processing, the Data Controller will communicate the results of the requests received by the Data Subject to each of the recipients of their data, unless this proves impossible or involves a disproportionate effort.

The Company specifies that a contribution may be requested from the Interested Party if the applications manifest to be unfounded, excessive or repetitive; in this regard, the Data Controller will provide a register to track the requests for intervention.

Changes to this Policy

The data controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on the website www.sangiorgiomerate.it. Therefore, please consult this page often, referring to the date of last modification indicated at the bottom of the policy. In case of non-acceptance of the changes made to this Privacy Policy, the Data Subject may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected until then.

Privacy Policy updated on 24 May 2018

COOKIE

Our Cookie Policy

The use of cookies by SANGIORGIO srl ("SANGIORGIO" or "the Administrator"), with registered office at Piazza Prinetti, 20 - 23807, Merate Italy, falls under the Manager’s privacy policy, in conformity with the terms of Legislative Decree 196/03 of the Personal Data Protection Code (Privacy Code) and the Order of 8 May 2014, “Identification of the simplified procedures for providing information and getting consent for the use of cookies” from the Italian Data Protection Authority. Pursuant to Art. 13 of the Privacy Code, we inform you that SANGIORGIO, as Data Controller, acts in conformity with the terms of the corresponding legislation.

Acceptance Procedures

As specified in the brief notice indicated in the banner, you may give your consent to the use of cookies simply by clicking on the “OK” key or scrolling down the page or clicking on any element of the content within the site’s pages.
Continuing to navigate upon exiting this cookie policy without specifically choosing to manage permissions is equivalent to granting consent to the use of all cookies.

What is a cookie and what is its purpose?

A cookie is a small file that is sent to the browser and saved on your device when you visit a website like yoox.com (“the website”).
Cookies allow the site to function efficiently and improve its services, in addition to providing information to the site owner for statistical or advertising purposes, primarily to personalise your navigation experience by remembering your preferences (for example, remembering the language and currency you set, in order to recognise you at the next visit, etc.).

Which cookies do we use and for what purposes?

Our website uses various types of first party cookies (organized and managed by SANGIORGIO), and third party cooks (organized and managed by third parties based on their own individual privacy policies and not under the control of SANGIORGIO) and similar technologies, each of which has a specific function. Below is a table explaining them.

TYPE OF COOKIE

FUNCTION

Navigation cookie

From the first access these cookies allow the website to function correctly and allow you to view content on your device by recognising the language and market of the country from which you’ve chosen to connect. If you are a registered user, they will allow you to be recognised and to access the services offered from the dedicated areas. Navigation cookies are technical cookies and are needed for the functioning of the website.

Functional cookies

These cookies allow, based on your express request, for you to be recognised when you subsequently access the website,   so that you do not have to enter your information each time (for example: “Remember me”).
If you have added items into your Shopping Bag and closed the session without completing the purchase and without eliminating those items, these cookies allow you to continue the shopping experience the next time you access the website (within a limited period,) finding the same articles that were selected.
Functional cookies are not essential to the functioning of the website, but rather improve navigation quality and experience.

Analytical cookies

These first party cookies are the property of SANGIORGIO (the site manager) and are used to collect data in an anonymous and aggregate way. These cookies are used to prepare statistical analyses on the navigation methods of our website’s users. SANGIORGIO treats the results of these analyses anonymously and exclusively for statistical purposes only.

Our own and third party marketing and profiling cookies

These cookies are aimed at creating user-related profiles to send commercial messages that meet the preferences shown during the visit, or to improve your navigation experience: while you navigate on our website, these cookies are useful for showing you products of interest to you or which are similar to those you have viewed. Third party cookies are those that have been sent by our trusted third party companies. These cookies allow you to be provided with our commercial offering on other affiliated websites (retargeting). With third party cookies we do not have control of the information provided by the cookie and we do not have access to this data. This information is entirely controlled by third party cookies as described in the respective policy. To find out more about the aforementioned third parties cookie, you can inform yourself on their respective polices and knowingly manage your consent or refusal, for this we invite you to visit http://www.youronlinechoices.com.

Social Network Cookies

These cookies are necessary to allow your social account to interact with our website. For example, they are used to express your appreciation and to share it with your social networking friends. The social network cookies are not needed for navigation. For more information on the policies regarding the use of social network cookies, it is possible to consult the respective privacy and cookies policies:

Facebookhttp://www.facebook.com/about/privacy/

Google+http://www.google.com/intl/it/policies/privacy/

Twitterhttp://twitter.com/privacy

Instagramhttps://instagram.com/legal/cookies/

YouTubehttps://www.youtube.com/static?template=privacy_guidelines


How can I disable cookies and manage my preferences?

Browser
The majority of browsers are configured to accept, control or potentially disable cookies through the settings. We nevertheless remind you that disabling navigation or functional cookies may affect the functioning of the website and/or limit the service we offer.
Below is the procedure to follow to manage cookies from the following browsers:

IE: 
http://windows.microsoft.com/en-us/windows7/block-enable-or-allow-cookies
Safari: 
https://support.apple.com/kb/PH19255?viewlocale=en_US&locale=it_IT
Chrome: 
https://support.google.com/chrome/answer/95647?hl=en&hlrm=fr&hlrm=en
Firefox: 
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Third Parties
For more information on cookies and to manage your preferences for third party profiling cookies, please go to 
http://www.youronlinechoices.com. Once on the site, by accessing the area “Your Choices” you can: visualise the list of third party companies, our partners, which install cookies on our site (Company); verify the presence and activation status of installed cookies (Status) and manage your consent selectively (On/Off). By expanding the dedicated voice (Info) for each company, you can access more information relative to the company and, via a link, reach the specific information about privacy and cookies

Access to Data and Customer Care

You may freely and at any time exercise all of your rights pursuant to Art. 7 of the Privacy Code, or receive assistance and explanations on how to provide your consent or selective refusal, or on how to delete cookies from your browser, by sending an e-mail to info@sangiorgiomerate.it. We will reply to you promptly.

Last updated 24/05/2018