Provided on this page is the information required - pursuant to article 13 of Legislative Decree no. 196 of 30 June 2003, the “Personal Data Protection Act” (‘hereinafter “Data Protection Act”) and article 13 of EU Regulation no. 2016/679, concerning the provisions that protect individuals with regard to personal data processing and the free movement of such data (hereinafter also referred to simply as “GDPR”) - regarding the processing of the personal data of users (hereinafter also referred to simply as the “User” or collectively as the “Users”) who communicate with Sergio Rossi S.p.A. using the “Contact us” form on this page, accessible electronically from the address sergiorossi.com (hereinafter also referred to simply as the “Website”).
1. The Data Controller
The Data Controller for Users is Sergio Rossi S.p.A., with registered office in San Mauro Pascoli (FC), in Via Stradone, 600/602 (47030) tel.: +39 0541 – 813111; fax: +39 0541 – 813345; email: email@example.com (hereinafter also referred to simply as “Sergio Rossi” or the “Data Controller”).
2. Categories of personal data processed
2.1 Personal data provided directly by Users
Sergio Rossi will process the following personal data provided directly by Users when they fill in the “Contact us” form on this Website: name, surname, e-mail address, order number and telephone number.
2.2 Personal data collected by Sergio Rossi
Sergio Rossi may process the following personal data of Users, which will be collected while they purchase products on the Website and/or when they visit Sergio Rossi stores: the store in which the sale took place, the type, amount and price of the products purchased by the User and information for the delivery of the same, residence address.
3. Purposes of personal data processing and legal basis
The personal data voluntarily provided by the User when filling in the “Contact us” form on the page of the Website will be processed by the Data Controller for managing the requests made on the form by the User.
The legal basis for the processing of personal data for the purposes referred to above in paragraph 3 is the User's explicit prior consent
4. Mandatory or optional nature of provision of the User’s personal data - consequences of refusal
The provision of personal data on the part of the User for the purposes set forth in paragraph 3 is optional, but failure to provide said data would make it impossible for Sergio Rossi to deal with any requests made by the User.
It remains understood that Users may, at any time, withdraw their consent and/or oppose said processing easily and free of charge, with a simple written communication, as specifically indicated in paragraph 10 “Contacts for exercising the rights of the data subject and other information”
5. Means of data processing
Personal data will be processed lawfully, correctly and in a transparent manner, for specific, explicit and legitimate purposes and in compliance with the laws, regulations and provisions regarding personal data protection.
Users’ personal data will be processed primarily in electronic format and in some cases also in hardcopy format.
The personal data you have provided will not be subject to fully automated decision-making processes.
6. Recipients of personal data
The recipients of the personal data referred to in paragraph 2 for the purposes specified below will be:
(i) subjects appointed by Sergio Rossi S.p.A. to process data, who have been given specific written instructions:
- employees in the marketing and event organisation office;
- employees in the retail and wholesale office;
- employees in the IT office;
- employees in the purchasing office;
- employees in the administration and finance office;
- employees in the quality control office;
- employees in the shipping office;
(ii) subjects that provide services to Sergio Rossi S.p.A., appointed in writing as data processors by the latter:
- Diana E-Commerce Corporation S.r.l.: a company appointed to manage IT services related with the Website and its e-commerce service and requests regarding the rights of data subjects;
- companies that perform customer support activities;
- companies that provide internet and cloud computing services;
- companies that provide shipping services;
- Sergio Rossi subsidiaries and associated companies: Sergio Rossi USA Inc., Sergio Rossi Hong Kong Ltd, Sergio Rossi Shanghai Ltd, Sergio Rossi Japan Ltd and Sergio Rossi Retail S.r.l..
(iii) subjects that provide services for Sergio Rossi S.p.A. as independent data controllers:
- legal, fiscal and accounting consultants;
- public authorities in the event of fiscal and financial audits.
For a complete and updated list of the recipients of personal data, Users may write to Sergio Rossi S.p.A. at the addresses given in art.10 below “Contacts for exercising the rights of the data subject and other information”.
7. Duration of personal data storage
Users’ personal data for the purposes set forth in paragraph 3 will be stored for 10 years.
Users’ personal data will be stored on the servers of Diana e-Commerce Corporation Srl, located in Europe.
8. Transfer of personal data outside of the EU
Users’ personal data will be transferred outside of the European Union to subsidiaries and/or affiliates of Sergio Rossi S.p.A. (specifically, in the U.S.A., Japan, China and Hong Kong), with their explicit prior consent, and in any case, in compliance with the personal data protection regulations in force.
9. Exercising the rights of the data subject
Pursuant to articles 13, paragraph 2, letters b), c) and d), and 15 et seq. of the GDPR, Sergio Rossi informs Users that they:
- Have the right to request access to their personal data, together with information on the purposes for which they are being processed, the category of personal data processed, the subjects or categories of subjects to which they have been or will be communicated (with an indication of whether these are subjects located in third-party countries or are international organisations) and – when possible – indications on the storage period of personal data or the criteria used to determine this period, the existence of their rights to rectify and/or delete the personal data, to limit the processing thereof and to object to the processing thereof, and their right to lodge a complaint with a supervisory body, as well as indications on the origin of the data and the existence and reasoning applied in the instance of automated decision-making processes. If Users exercise this right, and unless otherwise indicated by said Users, they will receive an electronic copy of their personal data subject to processing.
- Users are also entitled to obtain:
- the rectification of their personal data if inaccurate or incomplete;
- the deletion of their personal data, if one of the conditions pursuant to art. 17 of the GDPR exists (for example: if personal data are no longer required for the purposes for which they were collected, if they decide to withdraw their consent for processing – where this is the legal basis therefor and where there are no other legal grounds for the processing, they oppose the processing and there is no other legitimate prevailing interest of the Data Controller, or their data has been processed illegally);
- the restriction of the processing of Users’ personal data 1) for the time required by Sergio Rossi to ascertain the accuracy of their personal data (in the instance that a User has disputed it), or 2) where the processing of their personal data is illegal or the User requests the restriction of processing instead of deletion, or 3) when Sergio Rossi no longer requires the User’s personal data, but said data are needed for the User to ascertain, exercise or defend a right in court, or, lastly, 4) for the time needed to assess the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the User, if the User has opposed the processing of his/her personal data pursuant to the point below;
- their personal data in a structured, commonly used and machine-readable format, also in order to transfer it to another data controller, if the processing is based on consent or on a contract and is carried out with automated methods (the right to data portability). If in their interests, Users may ask Sergio Rossi to send their personal data directly to another data controller, if this is technically feasible.
- Users are also entitled to oppose the processing of their personal data if processed pursuant to article 6.1, lett. e) (i.e. to carry out a public service the Data Controller is authorised to perform) or lett. f) (i.e. to pursue a legitimate interest of the Data Controller) of the GDPR, unless compelling legitimate reasons of the Data Controller exist to proceed with the processing, pursuant to article 21 of the GDPR.
- Users are also entitled to withdraw their consent at any time without prejudice to the lawfulness of the processing of their personal data based on consent and carried out before said withdrawal.
- If they are not satisfied with the way their personal data is processed by Sergio Rossi, Users can lodge a complaint with the Italian Data Protection Authority, following the procedures and instructions published on the Authority’s official website (www.garanteprivacy.it).
- Any rectification or deletion of personal data or processing restrictions implemented at the request of the User – except where impossible or requiring disproportionate effort – will be communicated by Sergio Rossi to each of the recipients to whom Users’ personal data may have been transmitted in accordance with this information.
Exercising the above rights is without any form of restriction and free of charge. Sergio Rossi may ask that Users verify their identity before carrying out further actions subsequent to their request.
10. Contacts for exercising the rights of the data subject and other information
To exercise their rights, Users may write to: Sergio Rossi S.p.A., Via Stradone 600/602, San Mauro Pascoli (FC) , Italy or send a fax to +39 0541 - 813345 or an email to: firstname.lastname@example.org.
For further information on the processing of personal data on the part of Sergio Rossi, please visit the Personal Data Protection Policy on the Website.