- About us
- Your obligations
- Data Protection Officer (DPO)
- What type of data do we collect?
- Why do we collect your data?
- Who will process your data?
- What happens if you do not provide your data?
- How will we process your personal data?
- How long is your personal data stored for?
- Where is your data stored?
- What are your rights?
- To whom can you complain?
Santoni S.p.A. (Tax ID/VAT no. 01806460430), with registered office in Via Montenapoleone 9 Milan, Italy, in its capacity as data controller (the “Controller” or “Santoni”), provides this notice not only to comply with legal obligations under Regulation (EU) 2016/679, but also because it believes that it is essential to protect personal data in the performance of its activities and wants to provide you with all the information you need in this regard.
This policy applies exclusively to customers who purchase Santoni brand products through digital platforms created by an intermediary, to facilitate the meeting between online buyers and sellers (“Marketplace”).
All we ask is that you read this notice carefully in order to be fully informed about how we process your personal data.
Data Protection Officer (DPO)
Santoni S.p.A. has appointed a data protection officer (DPO) whom you can contact at the following address if you have questions about the processing of personal data: email@example.com.
What type of data do we collect?
Santoni collects the following information about you:
· tax ID number or VAT number
· telephone number
· shipping address
· accounting data
· invoicing data
· data relating to purchases made [recent orders (order id number, date, order status, shipping address if different)]
Why do we collect your data?
We can only process your data in order to execute sales contracts concluded through the Marketplace, i.e. for the following specific reasons and, in any case, always in the presence of a legal basis that allows us to do so:
For the sale and return of Santoni brand products purchased through the Marketplace and to fulfil consequent regulatory requirements
Your personal data is processed in order to carry out the activities preliminary and subsequent to the purchase of Santoni brand products via the Marketplace platform you used, or for the management of orders, shipping, returns, and the statutory warranty applicable to the product bought, as well as the fulfilment of any other obligation deriving from the aforementioned sale, such as the registration and storage of your personal data. Furthermore, your personal data will be processed to allow Santoni to fulfil additional obligations deriving from the sales contract and the specific regulations governing it, including those relating to accounting.
Your personal data may also be used where necessary to send you specific communications and information relating to the legal obligations relating to the sales contract and any company operational needs connected to it. Subject to the principles of necessity, relevance and non-excessiveness, such communications may be made by post, telephone or email.
Your personal data is also processed to prevent fraud of any kind, including contractual fraud.
Who will process your data?
Your personal data will only be processed by authorised Santoni personnel. However, in order to carry out all processing activities necessary for the purposes described above, your personal data may be communicated to the following recipients in compliance with the principle of data minimisation: IT consultants and service providers, consultants that may be involved in administrative and accounting management, banks and credit institutions, shipping companies, law firms/lawyers.
What happens if you do not provide your data?
The personal data concerning you and which identify you are necessary and, if not provided, it will be impossible for Santoni to fulfil its obligations under the sales contract between the parties.
How will we process your personal data?
Your personal data is processed using both electronic and manual means and equipment provided to persons acting under the authority of Santoni and authorised and trained for this purpose. In any case, personal data is protected as appropriate, using effective and adequate security measures to mitigate the risk of a breach.
How long is your personal data stored for?
The personal data processed for the management of the sales contract with Santoni will be retained for up to ten years after its conclusion, as well as for the fulfilment of obligations (e.g. tax and accounting obligations) that remain even after the conclusion of the sales contract.
Where is your data stored?
Your data is stored in hard-copy, computerised and online archives located within the European Economic Area.
What are your rights?
We remind you that you may exercise the following rights under Articles 15 to 21 of the GDPR at any time:
- restriction of processing;
- objection to processing;
You are granted your rights without any special charges or formalities and exercising them is essentially free of charge. You have the right:
o to obtain a copy, also in electronic form, of the data to which you have requested access, Should you require further copies, Santoni may charge you a reasonable fee;
o to obtain the erasure of your personal data or the restriction of its processing or the updating and rectification of your personal data, and for third parties/recipients to comply with your request in the event that they should receive your data, insofar as no legitimate reasons prevail that are more compelling than those that motivated your request (e.g. environmental investigations and emergency risk containment handled by the Data Controller using the same);
o to obtain any relevant communication concerning the activities carried out following the exercise of your rights without delay and, in any case, within one month of your request, unless you are duly informed of a substantiated extension of up to two months.
For any further information and to submit your enquiry, please contact Santoni by email at firstname.lastname@example.org.
To whom can you complain?
Without prejudice to any other administrative or judicial action, you may file a complaint with the relevant supervisory authority, i.e. the authority discharging its duties and exercising its powers in Italy where you have your permanent residence or place of work or, if otherwise, in the Member State where the breach of EU Regulation 2016/679 occurred.
Last updated 23/06/2023