- About us
- Your obligations
- Data Protection Officer (DPO)
- What type of data do we collect?
- Why do we collect your data?
- Who will process your data?
- What happens if you do not provide your data?
- What happens if you do not consent to the processing of personal data for marketing purposes (direct, research and market surveys) by Santoni?
- How will we process your personal data?
- How long is your personal data stored for?
- Where is your data stored?
- What are your rights?
- Who can you complain to?
Santoni S.p.A. (Tax ID/VAT no. 01806460430), with registered office in Via Montenapoleone 9 Milan, Italy, in its capacity as data controller (the “Controller” or “Santoni”), provides this notice not only to comply with legal obligations under Regulation (EU) 2016/679, but also because it believes that it is essential to protect personal data in the performance of its activities and wants to provide you with all the information you need in this regard.
All we ask is that you read this notice carefully in order to be fully informed about how we process your personal data, so that you can give your consent, where applicable, for the processing referred to in paragraph 3.
Data Protection Officer (DPO)
Santoni S.p.A. has appointed a data protection officer (DPO) whom you can contact at the following address if you have questions about the processing of personal data: email@example.com
What type of data do we collect?
Santoni collects the following information about you:
· tax ID number or VAT number
· telephone number
· date of birth
· id code
· accounting data
· invoicing data
· bank data
· data on purchases made [including: products purchased, recent orders (order identification number, date, order status)]
· computer data
Why do we collect your data?
We can only process your data for the following reasons and, in any case, provided there is a legal basis that allows us to do so:
1) Registration on the website www.santonishoes.com
Your personal data is processed in order to fulfil your request to create a personal account for accessing and using the services offered by Santoni through the website.
2) For the sale of products via www.santonishoes.com and associated regulatory requirements
Your personal data is processed in order to carry out the activities preliminary and consequent to the purchase of products through the website, i.e. for the management of the order, payments, the handling of complaints, shipping, returns, and the statutory warranty covering the product sold, as well as to fulfil any other obligation deriving from the sale, such as the registration and storage of your personal data, and any other obligations that Santoni must fulfil under the sales contract and specific regulations governing it, including those relating to accounting.
Your personal data may also be used to send you specific communications and information relating to contractual obligations or deadlines, the way in which the service is provided or for any business operational requirements. Subject to the principles of necessity, relevance and non-excessiveness, such communications may be made by telephone (or e-mail).
Your personal data are also processed to prevent fraud of any kind, including contractual fraud. Finally, your data will be processed to provide you with assistance on the services covered by the sales contract.
3) For marketing activities related to Santoni's products and services
Your personal data is processed to send you communications and advertising and/or promotional material, in order to suggest new services, products and/or activities offered by Santoni, as well as to carry out market research or opinion polls. Your data may be processed via:
- telephone (possibly automated);
The processing in question may be carried out if:
1. you give your consent to the use of your data also with regard to the traditional and automated methods of communication with which the data is processed;
2. if, in the event that the processing is carried out by means of contact with a telephone operator, you are not enrolled in the opt-out register referred to in Italian Presidential Decree no. 178/2010;
3. if you did not object to the processing.
4) For IT security purposes
Santoni processes, including via its suppliers (third parties and/or other recipients), your personal data to the extent strictly necessary and proportionate for the purposes of ensuring that a network or connected servers are secure and able to resist, to a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.
For these purposes, Santoni has procedures in place to manage personal data breaches.
Who will process your data?
Your personal data will only be processed by authorised Santoni personnel. However, in order to carry out all processing activities necessary for the purposes described above, your personal data may be communicated to the following recipients in compliance with the principle of data minimisation: IT consultants and IT service providers, marketing/communication agencies, consultants who may be involved in administrative and accounting management, banks and credit institutions, shipping companies, law firms/lawyers and providers of services conducive to the sale of products purchased on www.santonishoes.com.
What happens if you do not provide your data?
Your personal and identification data is needed to create your account in order to access the reserved area of the website; if such data is not provided, Santoni will be unable to fulfil your requests.
What happens if you do not consent to the processing of personal data for marketing purposes (direct, research and market surveys) by Santoni?
If you do not provide your personal data for this specific purpose, such processing will not take place and this will not affect the processing of your data for the main purposes.
If you have given your consent and subsequently withdraw it or object to the processing for marketing purposes, your data will no longer be processed for marketing purposes, without any adverse consequences or effects.
How will we process your personal data?
Your personal data is processed using both electronic and manual means and equipment provided to persons acting under the authority of Santoni and authorised and trained for this purpose. In any case, personal data will be protected as appropriate, using effective and adequate security measures to mitigate the risk of a breach.
How long is your personal data stored for?
The personal data required to create an account in order to access the reserved area of the website will be kept for the time necessary to perform this activity and, in any case, for a period not exceeding 10 years, except in cases where events occur that require the competent authorities, also in collaboration with third parties/recipients entrusted with Santoni's data security activities, to carry out any investigations into the causes that led to the event. Furthermore, the personal data processed for the management of the sales contract with Santoni will be retained for up to ten years after its conclusion, as well as for the fulfilment of obligations (e.g. tax and accounting obligations) that remain even after the conclusion of the sales contract.
Personal data processed by Santoni for marketing purposes (direct marketing, market research and surveys) will be stored for 24 months by Santoni unless you exercise your rights to request its erasure.
Where is your data stored?
Your data is stored in hard-copy, computerised and online archives located within the European Economic Area. However, Santoni mainly transfers your personal data to the following non-EU countries: the USA, Japan, Singapore and Colombia. This transfer is carried out under Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on the basis standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679.
For any further information, please contact Santoni at firstname.lastname@example.org.
What are your rights?
We remind you that you may exercise the following rights under Articles 15 to 21 of the GDPR at any time:
- restriction of processing;
- objection to processing;
You are granted your rights without any special charges or formalities and exercising them is essentially free of charge. You have the right:
o to obtain a copy, also in electronic form, of the data to which you have requested access, Should you require further copies, Santoni may charge you a reasonable fee;
o to obtain the erasure of your personal data or the restriction of its processing or the updating and rectification of your personal data, and for third parties/recipients to comply with your request in the event that they should receive your data, insofar as no legitimate reasons prevail that are more compelling than those that motivated your request (e.g. environmental investigations and emergency risk containment handled by the Data Controller using the same);
o to obtain any relevant communication concerning the activities carried out following the exercise of your rights without delay and, in any case, within one month of your request, unless a you are duly informed of a substantiated extension of up to two months.
For any further information and to submit your enquiry, please contact Santoni by e-mail at email@example.com.
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may file a complaint with the relevant supervisory authority, i.e. the authority discharging its duties and exercising its powers in Italy where you have your permanent residence or place of work or, if otherwise, in the Member State where the breach of EU Regulation 2016/679 occurred.
Last updated 09/06/2022