PRIVACY POLICY – INFORMATIVA PRIVACY
Privacy Notice regarding the processing of Personal Data pursuant to Article 13 of Regulation (EU) 2016/679
SUMMARY OF THE POLICY
Calzaturificio Peron S.r.l., located at Via Premaore 57, 30010 Camponogara (VE), Italy, VAT number 00330560277, as the Data Controller (hereinafter: “Via Della Paglia” or “Controller” or “Company”), in accordance with Regulation (EU) 2016/679 (hereinafter: “Regulation”) – considers privacy and the protection of Personal Data as a primary goal of its activities. Therefore, before submitting any personal data to the Controller, we invite you to carefully read this Privacy Notice, which contains important information about the processing of your Personal Data.
“Personal Data” refers to any information concerning an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more elements specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
This Notice:
- is intended for the websites https://www.viadellapaglia.com/ and related subdomains (hereinafter: “Website”);
- constitutes an integral part of the Website and the services we offer, particularly regarding the craftsmanship, production, and sale of handmade Italian shoes;
- is provided in accordance with Article 13 of the Regulation, to those who interact with the web services of the Website and the Controller, either by simply browsing the Website or by using specific services offered through the Website.
The Controller can be contacted at the following email address: info@viadellapaglia.com
This document has been drafted pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter: “Regulation”) to allow you to understand our privacy policy, how your personal information is processed when you use our websites (https://www.viadellapaglia.com/ and related subdomains – collectively referred to as the “Website”), and, where applicable, to give your free and informed consent for the processing of your Personal Data. The information and data you provide or otherwise acquire when using the Via Della Paglia services (such as submitting a request for information) – hereinafter referred to as “Services” – will be processed in compliance with the provisions of the Regulation and the confidentiality obligations guiding the Company’s activities.
In accordance with the Regulation, the processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, data minimization, purpose limitation, accuracy, integrity, and confidentiality.
FULL NOTICE
Table of Contents
1. Data Controller
2. Personal Data Subject to processing
a. browsing data
b. data provided by the Data Subject
3. Purposes of processing
4. Legal basis of processing
5. Recipients of Personal Data
6. Personal Data retention period
7. Transfer of Personal Data to third country or international organizations
8. Rights of the Data Subject
9. Entry into force and update
1. Data Controller
The Data Controller for the personal data processing is Calzaturificio Peron S.r.l., located at Via Premaore 57, 30010 Camponogara (VE), Italy, VAT number 00330560277 (hereinafter: “Via Della Paglia” or “Controller” or “Company”), reachable at the email address info@viadellapaglia.com.
2. Personal Data Subject to processing
As you navigate the Website, we inform you that the Company will process your Personal Data, which may include identifiers such as your name, identification number, online identifier, or one or more elements specific to your physical, economic, cultural, or social identity, allowing identification or identification of the data subject.
Other Personal Data you voluntarily provide, for example, through request forms for information (e.g., product inquiries or customization requests), may also be processed. Sensitive data as defined in Article 9.1 of the Regulation will not be processed unless explicit consent is provided by the data subject.
a. Browsing Data
The IT systems and software procedures used for the operation of the Website acquire, during their normal operation, certain Personal Data whose transmission is implied by the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its nature, it could, through processing and association with data held by third parties, identify users. This category includes IP addresses or domain names of the computers used by users connecting to the Website, URI addresses (Uniform Resource Identifier) of requested resources, request times, methods used to submit requests to the server, file sizes obtained in response, server response status codes (success, error, etc.), and other parameters regarding the user’s operating system and IT environment. These data are used solely to derive anonymous statistical information about Website usage and to monitor its proper functioning, to identify anomalies and/or abuses, and are immediately deleted after processing. These data could be used to investigate potential cybercrimes involving the Website; except in such cases, web contact data are retained for no longer than necessary for the purposes for which they are collected and processed.
b. Data Voluntarily Provided by the Data Subject
When you browse the Website and use our Services (e.g. placing an order, filling out online forms, requesting an invoice), we may process the following:
- identity and/or contact details such as name and surname, email, phone, tax code, address, date of birth, purchase preferences, financial data (including credit/debit card details, which are not stored by us but by third parties processing payments).
If you provide the Controller with the Personal Data of other Data Subjects, you must ensure – taking full responsibility – that the processing is based on a valid legal basis pursuant to Article 6 of the Regulation, which justifies communication to Via Della Paglia and the related processing of such data.
3. Purposes of processing
The processing of personal data that we intend to carry out may have the following purposes:
- to provide the Services you have requested, such as:
Viewing the site;
Creating an account;
Requesting information;
Requesting returns and refunds;
Subscribing to the newsletter;
Recording preferences in the “wish list”. - to process and manage orders;
- to respond to assistance or information requests;
- to fulfill any legal, accounting, and tax obligations;
- to assert or defend rights in legal proceedings, in case of abuse in the use of the Website and/or our Services, or in case of contractual or non-contractual disputes.
4. Legal Basis of processing
The legal basis for processing Personal Data for the purposes in section 3(a-c) is Article 6.1(b) of the Regulation, for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, as processing is necessary to provide the requested Services. The provision of Personal Data for these purposes is optional, but failure to provide the data would make it impossible to activate the Services offered by the Website.
If you have purchased goods or services from Via Della Paglia, your data may be processed for sending direct marketing material related to similar products or services offered by the Company, without your consent (so-called “soft spam”). The processing of your data for such purposes is based on the legitimate interest under Article 6.1(f) of the Regulation and Article 130, paragraph 4 of Legislative Decree 196/2003. However, you have the right to object to this processing at any time, initially or in response to subsequent communications, easily and free of charge by contacting the Controller, and to receive immediate confirmation of the interruption of this processing (Article 15 of the Regulation).
The purpose outlined in section 3(d) represents a processing of Personal Data carried out pursuant to Article 6.1(c) of the Regulation, for compliance with a legal obligation to which the controller is subject. Once Personal Data is provided, the processing is necessary to fulfill a legal obligation to which the Company is subject.
The processing for the purposes described in section 3(e) will be carried out pursuant to Article 6.1(f) of the Regulation, as it is based on the legitimate interest of the Data Controller.
5. Recipients of Personal Data
Your Personal Data may be shared with the following parties, for the purposes outlined in section 3 above:
- Entities acting typically as data processors pursuant to Article 28 of the Regulation, such as i) individuals, companies, or professional firms providing assistance and consulting services in accounting, administrative, legal, tax, financial, and debt collection matters; ii) entities with which it is necessary to interact for the provision of services (e.g., hosting providers and website providers); iii) entities delegated to perform technical maintenance activities (including maintenance of network equipment and electronic communication networks). The list of data processors may be requested from the Controller.
- Entities, bodies, or authorities, independent data controllers, to whom Personal Data must be disclosed due to legal obligations or orders from authorities;
- Individuals authorized by the Company to process Personal Data under Article 29 of the Regulation, necessary for activities strictly related to the provision of the Services, who have committed to confidentiality or have an appropriate legal confidentiality obligation (e.g., employees of the Controller).
6. Personal Data retention period
Personal Data processed for the purposes of section 3(a-f) will be stored for the time strictly necessary to achieve these purposes and then for the period necessary to respond to any questions or claims related to our services, in accordance with the principles of data minimization and retention limitation under Article 5.1(e) of the Regulation. In any case, the Controller will process Personal Data for the time necessary for contractual and legal obligations.
In particular, the Personal Data related to:
- Requests for information will be retained for the maximum period necessary to provide a response to the data subject, and in any case, no longer than 24 months;
- Orders placed, including data related to return and refund requests, will be retained for a maximum period of 10 years;
- Preference data in the wishlist will be retained for as long as the account or browsing session is active, unless the data subject does not have an account;
- Newsletter subscriptions and marketing communications will be retained until the data subject exercises their right to object or withdraw consent. Please note that, if you have consented to receive informational newsletters and/or promotional communications, even after deleting your account, you will continue to receive these communications unless you explicitly choose to unsubscribe from these services.
Further information regarding the data retention period and the criteria used to determine this period can be requested by writing to the Data Controller.
7. Transfer of Personal Data to third country or international organizations
It is hereby noted that the Data Controller does not intend to transfer personal data to third countries or international organizations outside the European Union that do not provide an adequate level of protection, as recognized under Article 45 of the GDPR, based on an adequacy decision by the EU Commission. If necessary for the provision of the services on the Website, the transfer of personal data to third countries or international organizations outside the EU, for which the Commission has not issued an adequacy decision under Article 45 of the GDPR, will only take place if adequate safeguards are provided by the recipient country or organization, in accordance with Article 46 of the GDPR, and provided that the data subjects have enforceable rights and effective legal remedies. In the absence of an adequacy decision by the Commission under Article 45 of the GDPR, or of adequate safeguards under Article 46 of the GDPR, including binding corporate rules, cross-border transfers will only occur if one of the conditions set out in Article 49 of the GDPR applies.
8. Rights of the Data Subject
Pursuant to Articles 15 and following of the Regulation, you have the right to request, at any time, access to your Personal Data, rectification or erasure of such data, restriction of processing in the cases provided by Article 18 of the Regulation, and to obtain your data in a structured, commonly used, and machine-readable format, as set out in Article 20 of the Regulation. You may, at any time, withdraw the consent you have given under Article 7 of the Regulation; file a complaint with the competent supervisory authority under Article 77 of the Regulation (Italian Data Protection Authority, WWW.GARANTEPRIVACY.IT), if you believe that the processing of your data is in violation of the applicable laws.
You may submit an objection to the processing of your data under Article 21 of the Regulation, providing reasons that justify your objection. The Data Controller reserves the right to assess the request, which may be rejected if there are overriding legitimate grounds for processing that prevail over your interests, rights, and freedoms.
Requests should be made in writing to the Data Controller using the contact details provided in this Privacy Notice
9. Entry into force and update
This Privacy Policy is effective as of 27/11/2024. The Company reserves the right to modify or update its content, in whole or in part, also due to changes in applicable legislation. Via Della Paglia will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Website. The Data Controller therefore encourages you to regularly visit this section to become aware of the most recent and updated version of the Privacy Policy, so you are always informed about the data collected and how the Company uses it.