This page contains the personal data protection policy – pursuant to article 13 of EU regulation 2016/679, concerning the provisions on the protection of individuals with regard to personal data processing and the free movement of such data (hereinafter also referred to simply as “GDPR”) – regarding the processing of the personal data of users (hereinafter also referred to simply as the “User” or collectively also as the “Users”) who communicate with Sergio Rossi S.p.A. using the form “Contact us”, on this page and accessible electronically from the address sergiorossi.com (hereinafter also referred to simply as the “Website”).
1. Data Controller for the processing of personal data and the data processor
The Data Controller for Users is Sergio Rossi S.p.A., with registered office in San Mauro Pascoli (FC), in Via Stradone, 600/602 (47030) tel.: +39 0541 – 813111; fax: +39 0541 – 813345; email: firstname.lastname@example.org (hereinafter also referred to simply as “Sergio Rossi” or the “Data Controller”).
Sergio Rossi has designated a Data Protection Office (DPO), who may be contacted directly at the following email address: email@example.com.
2. Categories of personal data processed
2.1 Personal data provided directly by Users
Sergio Rossi will process the following personal data provided directly by Users when they fill in the “Contact us” form on this Website: name, surname, email address, order number and telephone number, photo, purpose of the request as well as any further personal data entered in the “comments” box.
2.2 Personal data collected by Sergio Rossi
Sergio Rossi may process the personal data of Users, which will be collected while they purchase products on the Website and/or when they visit Sergio Rossi stores and/or while registering on the Website when creating an account: the store in which the sale took place, type, quantity and price of the products purchased by the User, as well as details for the delivery of these, address.
3. Purposes of personal data processing and legal basis
The personal data voluntarily provided by the User when filling in the “Contact us” form on the page of the Website will be processed by the Data Controller for managing the requests made on the form by the User.
The legal basis for the processing of personal data for the purposes referred to above in paragraph 3 is the User's explicit prior consent
4. Mandatory or optional provision of the user’s personal data - consequences of refusal
The provision of personal data on the part of the User for the purposes set forth in paragraph 3 is optional, but failure to provide said data would make it impossible for Sergio Rossi to deal with any requests made by the User.
It remains understood that Users may, at any time, withdraw their consent and/or oppose said processing easily and free of charge, with a simple written communication, as specifically indicated in paragraph 10 “Contacts for exercising the rights of the data subject and other information”
5. Means of data processing
Personal data will be processed lawfully, correctly and in a transparent manner, for specific, explicit and legitimate purposes and in compliance with the laws, regulations and provisions regarding personal data protection.
Users’ personal data will be processed primarily in electronic format and in some cases also in hard copy format.
The personal data you have provided will not be subject to fully automated decision-making processes.
6. Recipients of Personal Data
The recipients of the personal data referred to in paragraph 2 for the purposes specified above will be:
(i) subjects appointed by Sergio Rossi S.p.A. to process data, who have been given specific written instructions:
- employees in the marketing and event organisation office;
- employees in the retail and wholesale office;
- employees in the IT office;
- employees in the omni-channel office;
- employees in the purchasing office;
- employees in the administration and finance office;
- employees in the quality control office;
- employees in the shipping office;
(ii) subjects that provide services for Sergio Rossi S.p.A. appointed in writing as data processors by the latter:
- Diana E-Commerce Corporation S.r.l.: a company appointed to manage IT services related to the Website and its e-commerce service and respond to requests from Users via the “Contact us” form on the Website;
- companies that perform customer support activities;
- companies that provide internet and cloud computing services;
- companies that provide shipping services;
- Sergio Rossi subsidiaries and associated companies: Sergio Rossi USA Inc., Sergio Rossi Hong Kong Ltd, Sergio Rossi Shanghai Ltd, Sergio Rossi Japan Ltd, Sergio Rossi Retail S.r.l., Sergio Rossi UK Ltd; Sergio Rossi Deutschland GmbH;
(iii) subjects that provide services for Sergio Rossi S.p.A. as independent data controllers:
- legal, fiscal and accounting consultants;
- judicial and/or public authorities in cases of express request or in the event of fiscal and financial audits.
For a complete and updated list of the recipients of personal data, Users may write to Sergio Rossi S.p.A. at the addresses given in article 10 below “Contacts for exercising the rights of the data subject and other information”
7. Duration of Personal Data Storage
Users’ personal data for the purposes set forth in paragraph 3 will be stored for 3 years from the date they are received.
8. Transfer of personal data outside of the EU
Users’ personal data will not be transferred outside of the European Union.
It is understood that, should personal data of users be transferred to countries outside the EU for the purposes described above, Sergio Rossi and Diana E-commerce, each for its own purposes inform that the transfer of non-EU data will always be in accordance with the provisions of applicable privacy legislation; i.e., based on an adequacy decision of the European Commission in relation to non-EU country to which the personal data of users will be transferred or, failing that, by obtaining consent when necessary, or through the adoption of all other measures necessary to ensure the security of personal data to be transferred. These measures include, for instance contractual agreements based on “standard contractual clauses” as identified by the European Commission.
9. Exercising the rights of the data subject
Pursuant to articles 13, paragraph 2, letters b), c) and d), and 15 et seq. of the GDPR, Sergio Rossi informs Users that they:
- have the right to request access to their personal data, together with information on the purposes for which they are being processed, the category of personal data processed, the subjects or categories of subjects to which they have been or will be communicated (with an indication of whether these are subjects located in third-party countries or are international organisations) and – when possible – indications on the storage period of personal data or the criteria used to determine this period, the existence of their rights to rectify and/or delete the personal data, to limit the processing thereof and to object to the processing thereof, and their right to lodge a complaint with a supervisory body, as well as indications on the origin of the data and the existence and reasoning applied in the instance of automated decision-making processes. If they exercise this right, and unless otherwise indicated by the User, they will receive an electronic copy of their personal data that is subject to processing.
- Users are also entitled to obtain:
- the rectification of their personal data if inaccurate or incomplete;
- the deletion of their personal data, if one of the conditions pursuant to art. 17 of the GDPR exists (for example: if personal data are no longer required for the purposes for which they were collected, if they decide to withdraw their consent for processing – where this is the legal basis therefor and where there are no other legal grounds for the processing, they oppose the processing and there is no other legitimate prevailing interest of the Data Controller, or their data has been processed illegally);
- the restriction of the processing of the personal data of data subjects 1) for the time required by Sergio Rossi to ascertain the accuracy of their personal data (in the event that a User has disputed it), or 2) where the processing of their personal data is unlawful or the restriction of the processing of data instead of its deletion is requested by the User, or 3) when Sergio Rossi no longer requires the User’s personal data, but this data is needed for the User to ascertain, exercise or defend a right in court, or, lastly, 4) for the time needed to assess the possible prevalence of the legitimate reasons of the Data Controller over those of the User, if the User has opposed the processing of his/her personal data pursuant to the point below;
- their personal data in a structured, commonly used and machine-readable format, also in order to transfer it to another data controller, if the processing is based on consent or on a contract and is carried out with automated methods (the right to data portability). If in their interests, Users may ask Sergio Rossi to send their personal data directly to another data controller, if this is technically feasible.
- Users are also entitled to oppose the processing of their personal data if processed pursuant to article 6.1, letter e) (i.e. to carry out a public service the Data Controller is authorised to perform) or letter f) (i.e to pursue a legitimate interest of the Data Controller) of the GDPR, unless compelling legitimate reasons of the Data exist to proceed with the processing, pursuant to article 21 of the GDPR.
- Users are also entitled to withdraw their consent at any time without prejudice to the lawfulness of the processing of their personal data based on consent and carried out before said withdrawal.
- If they are not satisfied with the way their personal data is processed by Sergio Rossi, Users can lodge a complaint to the competent supervisory authority. In Italy, this is the Data Protection Authority, whose official website (www.garanteprivacy.it) indicates the complaints procedure.
- Any rectification or deletion of personal data or processing restrictions implemented at the request of the User – except where impossible or requiring disproportionate effort – will be communicated by Sergio Rossi to each of the recipients to whom Users’ personal data may have been transmitted in accordance with this information.
Exercising the above rights is without any form of restriction and free of charge. Sergio Rossi may ask that Users verify their identity before carrying out further actions subsequent to their request.
10. Contacts for exercising the rights of the data subject and other information
For further information on the processing of personal data on the part of Sergio Rossi, please visit the Personal Data Protection Policy on the Website