PRIVACY POLICY

Contents

-About us

-Your obligations

-Data Protection Officer (DPO)

-What type of data do we collect?

-Why do we collect your data?

-Who will process your data?

-What happens if you do not provide your data?

-What happens if you do not consent to the processing of personal data for marketing purposes (direct, research and market surveys) and profiling by Santoni?

-How will we process your personal data? - How long is your personal data stored for?

-Where is your data stored?

-What are your rights?

-To whom can you complain?

About us

Santoni S.p.A. (Tax ID/VAT no. 01806460430), with registered office in Via Montenapoleone 9 Milan, Italy, in its capacity as data controller (the “Controller” or “Santoni”), provides this notice not only to comply with legal obligations under Regulation (EU) 2016/679, but also because it believes that it is essential to protect personal data in the performance of its activities and wants to provide you with all the information you need in this regard.

Your obligations

All we ask is that you read this notice carefully in order to be fully informed about how we process your personal data, so that you can give your consent, where applicable, for the processing referred to in paragraph 4 and 7.

Data Protection Officer (DPO)

Santoni S.p.A. has appointed a data protection officer (DPO) whom you can contact at the following address if you have questions about the processing of personal data: privacy.santoni@legalmail.it.

What type of data do we collect?

Santoni collects the following information about you:

• name

• surname

• tax ID number or VAT number

• email

• telephone number

• address

• city

• country

• date of birth

• sex (M/F)

• id code

• accounting data

• invoicing data

• bank data

• data relating to purchases made [recent orders (order id number, date, store, order status, shipping address if different), product colour and material]

• foot characteristics (length, ankle height, collar circumference, foot entry, metatarsals and ankle)

• data relating to personal preferences/habits

• computer data

Why do we collect your data?

We can only process your data for the following reasons and, in any case, provided there is a legal basis that allows us to do so:

1) Registration on the website www.santonishoes.com

Your personal data is processed in order to fulfil your request to create a personal account for accessing and using the services offered by Santoni through the website.

2) For the sale, assistance and return of products (including personalised ones) via the www.santonishoes.com website and the fulfilment of subsequent regulatory and other obligations

Your personal data is processed in order to carry out the activities preliminary and subsequent to the purchase of products via the website, namely for the management of orders, payments, handling of complaints, shipping, returns, and the statutory warranty applicable to the product sold, as well as the fulfilment of any other obligation deriving from the aforementioned sale, such as the registration and storage of your personal data. Furthermore, your personal data will be processed to allow Santoni to fulfil additional obligations deriving from the sales contract and the specific regulations governing it, including those relating to accounting.

Moreover, the processing of your personal data (including: name, surname, email address, foot characteristics – length, ankle height, collar circumference, foot entry and metatarsals, as well as product colour and material) is undertaken in order to carry out preliminary and subsequent activities following your request to configure and create a product tailored to your needs.

Your personal data may also be used to send you specific communications and information relating to contractual obligations or deadlines, the way in which the service is provided or for any business operational requirements. Subject to the principles of necessity, relevance and non-excessiveness, such communications may be made by post, telephone or email.

Your personal data is also processed to prevent fraud of any kind, including contractual fraud. Finally, your data will be processed to provide you with assistance on the services covered by the sales contract.

3) For the sale of products (including customised ones, assistance and returns in our stores or via the phone and the fulfilment of subsequent regulatory and other obligations

Your personal data is processed in order to carry out preliminary and subsequent activities relating to the purchase of products at our stores and/or remotely via telephone (including sales of products concluded remotely by telephone or via “WhatsApp”, through our stores in Italy), for the management of payments, handling of complaints, returns and the legal guarantee relating to the product sold as well as for the fulfilment of any other contractual obligation, such as the registration and storage of your personal data. Furthermore, your personal data is processed to allow Santoni to fulfil additional obligations deriving from the sales contract and the specific regulations governing it, including those relating to accounting.

4) For marketing activities related to Santoni's products and services

Your personal data is processed to send you communications and advertising and/or promotional material, in order to suggest new services, products and/or activities offered by Santoni, as well as to carry out market research or opinion polls. Your data may be processed via:

- email;

- SMS;

- telephone (possibly automated);

- WhatsApp.

The processing in question may be carried out if:

1. you give your consent to the use of your data also with regard to the traditional and automated methods of communication with which the data is processed;

2. if, in the event that the processing is carried out by means of contact with a telephone operator, you are not enrolled in the opt-out register referred to in Italian Presidential Decree no. 178/2010;

3. if you did not object to the processing.

5) To request information via the “Contact us” form

Your personal data is processed in order to manage your request for contact and information relating to the products/services created and offered by the Data Controller using the form found in the “Contact us” section of the website, as well as to carry out any preliminary activities required to the establishment of the contractual relationship.

6) To respond to your enquiries received via the chat option on the www.santonishoes.com website

Your personal data is processed in order to manage your request for information relating to the products/services created and offered by the Data Controller via the website chat option. Your request will be answered by an operator, without the use of automated systems.

7) To create your profile for the purpose of sending you promotional messages

Your personal data, in particular data related to the products you purchased (including product colour and material), browsing data, your preferences and habits, and also the observation and analysis of your browsing behaviour on the website, is processed in order to create your profile, so that we can send you promotional messages tailored to you through the following channels: email, SMS, WhatsApp and telephone (possibly automated).

The processing in question is carried out, with your consent, only on the above-mentioned personal data. The Data Controller shall in no way disseminate or communicate the data processed for this purpose to third parties.

8) NFC: creating your profile for the purpose of sending you promotional messages

For customers who purchase products equipped with the NFC system only, the Data Controller collects and/or receives information about you, such as your name, surname, email address, country of origin and browsing data, which is provided by filling in a form for the collection of the personal data present on the web page dedicated to the NFC system.

This personal data is processed by observing and analysing your browsing behaviour on the website and creating a personal profile for you. This profile considers your habits and preferences, with a view to sending you (by email) advertising and promotional material about new products and/or services that are in line with your needs and interests. This type of data processing only takes place if you give your consent.

9) For IT security purposes

Santoni processes, including via its suppliers (third parties and/or other recipients), your personal data to the extent strictly necessary and proportionate for the purposes of ensuring that a network or connected servers are secure and able to resist, to a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data. For these purposes, Santoni has procedures in place to manage personal data breaches.

Who will process your data?

Your personal data will only be processed by authorised Santoni personnel. However, in order to carry out all processing activities necessary for the purposes described above, your personal data may be communicated to the following recipients in compliance with the principle of data minimisation: IT consultants and IT service providers, marketing/communication agencies, consultants who may be involved in administrative and accounting management, banks and credit institutions, shipping companies, law firms/lawyers and providers of services conducive to the sale of products purchased on www.santonishoes.com.

What happens if you do not provide your data?

Your personal and identification data is needed to create your account in order to access the reserved area of the website; if such data is not provided, Santoni will be unable to fulfil your requests.

What happens if you do not consent to the processing of personal data for marketing purposes (direct, research and market surveys) and profiling by Santoni?

If you do not provide your personal data for this specific purpose, such processing will not take place and this will not affect the processing of your data for the main purposes.

If you have given your consent and subsequently withdraw it or object to the processing for marketing and profiling purposes, your data will no longer be processed for such purposes, without any adverse consequences or effects.

How will we process your personal data?

Your personal data is processed using both electronic and manual means and equipment provided to persons acting under the authority of Santoni and authorised and trained for this purpose. In any case, personal data is protected as appropriate, using effective and adequate security measures to mitigate the risk of a breach.

How long is your personal data stored for?

The personal data required to create an account in order to access the reserved area of the website will be kept for the time necessary to perform this activity and, in any case, for a period not exceeding 10 years, except in cases where events occur that require the competent authorities, also in collaboration with third parties/recipients entrusted with Santoni's data security activities, to carry out any investigations into the causes that led to the event.

Furthermore, the personal data processed for the management of the sales contract with Santoni will be retained for up to ten years after its conclusion, as well as for the fulfilment of obligations (e.g. tax and accounting obligations) that remain even after the conclusion of the sales contract.

Personal data processed by Santoni for marketing purposes (direct marketing, market research and surveys) will be stored for 24 months by Santoni unless you exercise your rights to request its erasure.

With regard to the retention of data processed by the Data Controller (including: data related to products purchased by you, including product colour and material, your preferences and habits) for the purpose of profiling (creation of your profile), the data will be retained for a period not exceeding 24 months from the time of its collection, unless you revoke the consent previously given and/or unless you object to the processing. The data will be deleted once the above-mentioned deadline has been reached.

In addition, data related to the customisation of shoes, in particular that relating to the characteristics of your foot, will be kept for the time necessary to create the requested product and in any case no longer than 24 months.

Finally, the personal data processed by the Data Controller in order to respond to your request made via the “Contact us” form and the chat option available on the company website is kept for the time necessary to respond to this request and for up to 6 months, with the exception of the establishment of the contractual relationship.

Where is your data stored?

Your data is stored in hard-copy, computerised and online archives located within the European Economic Area. However, Santoni mainly transfers your personal data to the following non-EU countries: USA, Japan, Singapore, Canada, United Kingdom, Colombia. This transfer is carried out under Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on the basis standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679.

For any further information, please contact Santoni at privacy@santonishoesit.com.

What are your rights?

We remind you that you may exercise the following rights under Articles 15 to 21 of the GDPR at any time:

- access;

- rectification;

- erasure;

- restriction of processing;

- objection to processing;

- portability.

You are granted your rights without any special charges or formalities and exercising them is essentially free of charge. You have the right:

-to obtain a copy, also in electronic form, of the data to which you have requested access, Should you require further copies, Santoni may charge you a reasonable fee;

-to obtain the erasure of your personal data or the restriction of its processing or the updating and rectification of your personal data, and for third parties/recipients to comply with your request in the event that they should receive your data, insofar as no legitimate reasons prevail that are more compelling than those that motivated your request (e.g. environmental investigations and emergency risk containment handled by the Data Controller using the same);

-to obtain any relevant communication concerning the activities carried out following the exercise of your rights without delay and, in any case, within one month of your request, unless you are duly informed of a substantiated extension of up to two months.

For any further information and to submit your enquiry, please contact Santoni by email at privacy@santonishoesit.com.

To whom can you complain?

Without prejudice to any other administrative or judicial action, you may file a complaint with the relevant supervisory authority, i.e. the authority discharging its duties and exercising its powers in Italy where you have your permanent residence or place of work or, if otherwise, in the Member State where the breach of EU Regulation 2016/679 occurred.

Last updated 12/05/2023