DATA PROTECTION INFORMATION
Information provided pursuant to art. 13 of Regulation (EU) no. 2016/679 of the European Parliament and the Council
Data Protection Officer: Simone Bongiovanni
Manifattura Mario Colombo & C. S.p.A. wishes to inform you that, pursuant to art. 13 of Regulation (EU) no. 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data (hereinafter “European Regulation”), the company needs to process some personal data collected automatically or provided when you browse or use the Website https://www.colmar.it/ (hereinafter “Website”).
This Data Protection Information therefore refers exclusively to the Website indicated, and does not regard other websites, pages or online services that may be reached via hyperlinks that may be published therein.
1. DATA CONTROLLER
The Data Controller is Manifattura Mario Colombo & C. S.p.A., in the person of its legal representative, domiciled at the company’s registered office in Monza (MB), in Via Olimpia no. 3 (hereinafter “Manifattura Mario Colombo & C.” or “Data Controller”).
2. DATA PROTECTION OFFICER
Manifattura Mario Colombo & C. believes that the protection of personal data is of primary importance, and has thus appointed a Data Protection Officer (DPO), whom you may write to at firstname.lastname@example.org for any questions regarding the protection of personal data.
3. TYPE OF PERSONAL DATA PROCESSED
To allow you to use the Website and its services, including the possibility to create a personal area, to make purchases, send a speculative application or contact Manifattura Mario Colombo & C. (hereinafter “Services”), the Data Controller needs to have and to process some personal data.
In the course of their normal activity, the IT systems and software procedures used for the functioning of Manifattura Mario Colombo & C. acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or the domain names of the computers used by visitors to the Website, the URI (“Uniform Resource Identifier”) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (completed successfully, error, etc.) and other parameters related to the operating system and the user’s IT environment.
These data, necessary for the use of the Website, are processed only to obtain statistical information on the use of the Services (pages most frequently visited, number of visitors per time slot or per day, geographical areas of origin of visitors, etc.) and to check the Services offered are functioning properly.
Browsing data are not retained for longer than seven days, and are deleted immediately after they are aggregated, unless they are required by the Legal Authorities to verify the commission of offences.
Data voluntarily provided by users
To allow for the use of the Website and its Services, Manifattura Mario Colombo & C. processes the following personal data:
- for registration with the personal area “my account”: name, surname, e-mail, password, gender, date of birth. To purchase products featured on the Website, billing and delivery addressed will also be required, if different;
- to sign up for the newsletter: e-mail address;
- to use the assistance services provided by the Call Centre: the personal data supplied for the Call Centre to provide the assistance requested.
The non-compulsory, explicit, voluntary sending of e-mail messages, and the sending of your CV allow us to acquire the name and surname of the sender and their e-mail address, which are necessary in order to reply to the requests, as well as other personal data that may be contained in the e-mail message, the forms or the CV, if attached.
Specifically, users who intend to send an application of a CV via the website are invited to pay maximum attention to the content thereof, and not to include, for any reason, any kind of personal data belonging to particular categories, or personal data that may reveal racial or ethnic origin, political opinions, religious or philosophical convictions, membership of a trade union, or any data referring to sexual health or sexual orientation.
The Website uses the following types of cookies.
- Technical cookies
Technical cookies and session cookies are used. These are small text files that contain a certain amount of information exchanged between the Website and the terminal (or rather with the browser used), in order to allow for the proper functioning and use of the Website. No persistent cookies of any kind are used.
- Analytics cookies
- Profiling cookies
Only third-party profiling cookies are used. These cookies are not indispensable, but they help us to customise and improve your Website experience. For example, they help us indicate the Store nearest you, to find out and remember your preferences and show you pertinent, targeted advertising messages. They also allow us to limit the number of times each advertisement is shown, to measure the efficacy of the advertising campaign, remember your visit and share the data collected with third parties, for example advertisers.
The removal of these cookies, although it does not have an impact on the general usability of the Website, may limit a number of functions.
- Third-party cookies
As already mentioned, this website uses analytics cookies created and made available by Google Analytics.
Other third parties may also install cookies on your device for profiling purposes. We have no control over the used of third-party cookies, so we are not responsible for how they are used. Third parties have their own data protection information and ways of collecting data. Please find below a list of the third-party cookies used and links to the pertinent data protection information:
• Adwords - https://policies.google.com/technologies/ads
• Facebook - https://it-it.facebook.com/policies/cookies/
• Instagram - https://help.instagram.com/1896641480634370?ref=ig
• Criteo - https://privacy.criteo.com/#/cookiecontrol
• Tradelab - http://tradelab.com/en/privacy/
• Pingdom - https://www.pingdom.com/legal/cookie-policy
To withdraw consent for these cookies, you may refer to the following websites: http://www.youronlinechoices.com/uk/your-ad-choices or http://www.allaboutcookies.org/manage-cookies/index.html
You may deactivate all cookies by changing the settings of your browser. Please note, however, that such changes to your browser settings may make it impossible to use the Website, if the cookies required for providing our Services are blocked. Each browser has different settings for the deactivation of cookies. You can find links here to the instructions for the most common browsers: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
- Social Login
If you decide to sign in to the website using one of your social network accounts (“Social Login”), you will automatically share some personal data with the Data Controller. Specifically, if you use the Social Login option, you will authorise the social network of your choice to send us the personal data necessary to sign in to the Website, so you do not have to enter them manually.
For information regarding the use of the personal data processed when you use the Social Login option on this Website, please view the Facebook data protection policy at the following link.
Any calls made to the Call Centre numbers indicated on the Website may result in the processing of the caller’s personal data, in order to provide the services requested by the same, such as, merely by way of example, personal data required for managing requests regarding returns or post-sales assistance. Manifattura Mario Colombo & C. may also use the services of third-party call centres that operate - in full compliance with the data protection regulations - under the terms of a service agreement on behalf of the Data Controller, in their capacity as data processors, pursuant to art. 28 of the European Regulation.
4. PURPOSES OF PROCESSING AND LEGAL BASIS
The personal data the Data Controller comes into possession of are exclusively those provided when users browse the Website and use its Services.
The personal data are processed for the following purposes:
A) to conclude and execute the contract for the purchase of goods sold via the Website. It is mandatory to provide your personal data for this purpose, because they are a necessary requisite for the conclusion of the contract to which the purchaser is a party. Failure to provide your data would make it impossible for Manifattura Mario Colombo & C. to process your order, and you would not be able to purchase any of our products.
The legal basis processing is founded on is the need to execute a contract to which you are a party, and the need to comply with legal obligations.
B) to allow you to register with the personal area “my account” within the Website, and to use the services reserved for registered users. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for you to access the advantages and all the Services the personal area offers you.
The legal basis processing is founded on is your explicit consent for the processing of your personal data.
C) to manage requests transmitted to the Call Centre. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to process any requests you decide to make to our Call Centre.
The legal basis processing is founded on is your explicit consent for the processing of your personal data.
D) for sending your CV to apply for any work opportunities available. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to accept and assess your speculative application.
The legal basis processing is founded on is your explicit consent for the processing of your personal data.
E) for sending commercial and promotional messages containing offers of products and services similar to those you have already purchased (“soft spam”), using the e-mail address provided on the occasion of your previous purchase. It is not mandatory to provide your personal data for this purpose, and you may withdraw your consent at any time.
The legal basis processing is founded on is the Company’s legitimate interest in developing relations with its customers and increasing the volume of sales of products in which you have already shown an interest.
F) with your specific, explicit consent, your e-mail address may be used to send messages of a commercial nature regarding our products and Services, providing you with updates on new products, new arrivals, exclusive products, offers and promotions. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to keep you constantly updated on offers and promotions reserved for our customers.
G) with your specific, explicit consent, your e-mail address may be used to send previews and commercial offers in line with your tastes and purchasing preferences. These customised messages will be drawn up by analysing your previous purchases and the other information described in the paragraph above “Definition and type of personal data processed”. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C.to send you offers in line with your tastes and purchasing preferences.
Your personal data may be processed both with IT tools and by hard copy means.
5. PERIOD FOR WHICH PERSONAL DATA MAY BE STORED
The Data Controller intends to store the personal data for a period of time no longer than is necessary to achieve the purposes for which said data have been collected and processed.
With this in mind, and in observance of the regulatory measures in force, Manifattura Mario Colombo & C. will store the personal data acquired thanks to the sale of its products for a period of time no longer than 10 years, after which they will be deleted or permanently, irreversibly anonymised.
With regard to the processing of your personal data for direct marketing purposes, if you have given your explicit authorisation, in observance with the regulatory requirements and the general measure adopted by the Data Protection Authority on 24 February 2015, Manifattura Mario Colombo & C. has established that your personal data processed for direct marketing purposes will be deleted within 24 months of the date on which they were recorded. Personal data processed for profiling purposes will be deleted within 12 months of the date on which they were recorded.
Data collected from you for personnel recruitment purchases will be stored for a maximum of 12 months.
With regard to other personal data, since it is not possible to accurately determine how long your personal data will be stored for, the Data Controller undertakes to ensure that your personal data are processed based on the principles of adequacy, relevance and minimisation, as required by the European Regulation, and to verify each year whether they still need to be stored. Therefore, once the purposes for which the data were collected and processed have been achieved, we will remove them from our systems and records and/or we will take appropriate measures to anonymise them, so that they cannot be used to identify you, without prejudice to instances in which it may be necessary to maintain said data in order to comply with regulatory obligations, or to verify, exercise or defend our rights in court.
6. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data processed will not be disclosed to third parties. Your data may, however, come to the attention of the following subjects, for the processing purposes set forth above:
• subjects who may access data under the terms of European Union law, or the law of the member state to which the Data Controller is subject;
• subjects who - within the European Union, completely independently, as separate Data Controllers, or as data processors appointed for the purpose by Mario Colombo & C. - perform activities accessory to the services mentioned in paragraph 4., i.e, banking operators, internet providers, courier and shipping companies, companies that carry out marketing activities, companies that offer IT infrastructures and IT assistance and consulting services, or design and create software and websites, legal firms, companies that offer services to customise and optimise our services, companies that offer data analysis and development services (including data on how users interact with our services), service centres, companies or consultants entrusted with providing other services to the Data Controller, within the limits established by the purposes for which they were collected;
• the company issuing the credit card you use, providers of services for anti-fraud checks connected with the payment process and (where necessary) for the activation of the procedure for anti-fraud checks.
In addition, your personal data may come to the attention of our employees, if they have been appointed as subjects acting under the authority of the Data Controller, in accordance with art. 29 of the European Regulation, or as a System Administrator.
Any disclosure of your personal data will be fully compliant with the legal measures provided for in the European Regulation and with the technical and organisational measures provided for by the Data Controller to guarantee an adequate level of security.
7. TRANSFER OF PERSONAL DATA TO THIRD-PARTY COUNTRIES
In order to provide services, the Data Controller may transfer your personal data to third-party countries. In such cases, we undertake to:
• ensure that the country your personal data are sent to is able to guarantee an adequate level of protection, as provided for in art. 45 of the European Regulation; or
• use the standard data protection contract clauses approved by the European Commission for the transfer of personal information outside the EEA (clauses approved pursuant to art. 46.2 of the European Regulation); or
• ensure, in the event we transfer your personal data to the USA, that the third-party subject is compliant with the Privacy Shield framework.
For further information on the norms governing the transfer of data to third-party countries, click here.
8. ANY AUTOMATED DECISION-MAKING PROCESSES
If you have given your consent for profiling, the data you provided may be used to analyse and predict preferences or behaviours, and to identify your GPS location, in order to customise the content of commercial communications and offer you products and offers dedicated to you and in line with your tastes and preferences.
Specifically, the following may be identified and analysed:
• the number and type of requests for information on the products featured on the Website over the last 12 months;
• the number and type of products featured on the Website purchased and the amount spent over the last 12 months;
• the number and type of visits to the Website in a set period of time, also via third-party profiling cookies.
As provided for in the regulations in force, for the installation of said profiling cookies, your prior consent is required. For this reason, when you log in to the Website, a banner will appear informing you that (i) profiling cookies are used on the Website, and that (ii) by closing the banner, scrolling down the home page or clicking on any element outside the banner, you agree to the use of said cookies. If you give your consent for the installation of cookies in this way, we will keep track of this consent with a dedicated technical cookie, to avoid you having to view the banner on your subsequent visits to the Website. Please note that if you delete this technical cookie from your device or from your browser, all trace of this consent will be lost, so the banner will appear again on your next visit.
You are of course free to block the installation of profiling cookies at any time; this will not affect your ability to visit the Website and use its services in any way.
Prior consent is also requested for the sending of offers, discounts and any other benefits and promotional initiatives modelled on your specific needs and purchase inclinations. For this reason, when you register with the Website, you can check the dedicated box to give your consent. Also in this case, you may change your choice at any time from the dedicated control panel in your personal area, accessible from https://www.colmar.it/rto/account/newsletterunsubscribe.
In any case, as required by art. 22, para 3 of the European Regulation, the Data Controller will adopt all the most appropriate measures to safeguard your rights, also in the case of profiling, as well as any other legitimate rights, as indicated in detail in Paragraph 9 (“Rights of the Data Subject”) in this Data Protection Information.
9. RIGHTS OF THE DATA SUBJECT
With regard to the processing of your personal data, pursuant to the European Regulation, the data subject has the right to:
• withdraw consent for processing at any time. It must be made clear, however, that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, as provided for in art. 7, para. 3 of the European Regulation;
• ask the Data Controller for access to personal data, as provided for in art. 15 of the European Regulation;
• obtain from the Data Controller the rectification of inaccurate personal data, including by means of providing a simple supplementary statement, as provided for in art. 16 of the European Regulation;
• obtain from the Data Controller the erasure of personal data where one or more of the grounds provided for in art. 17 of the European Regulation applies;
• obtain from the Data Controller restriction of processing where one or more of the cases provided for in art. 18 of the European Regulation applies;
• receive from the Data Controller the personal data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance to another Data Controller, as provided for in art. 20 of the European Regulation;
• object, at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her carried out pursuant to art. 6, para. 1, letters e) or f), including profiling based on those provisions, as provided for in art. 21 of the European Regulation;
• not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, without his or her prior, specific consent, as provided for in art. 22 of the European Regulation. This category includes, but is not limited to, any form of automated processing of personal data with the aim of analysing or predicting aspects regarding consumer and purchase choices, economic situation, interests, reliability and behaviour;
• lodge a complaint with a supervisory authority (art. 77) or seek an effective judicial remedy (art. 79), if he or she believes his or her data have been processed in breach of the European Regulation. The complaint may be lodged in the Member State in which the data subject is habitually resident or works, or in the place where the presumed breach occurred.
To exercise each of your rights, you may contact the Data Controller, in the person of the legal representative, by writing to Via Olimpia no. 3, Monza (MB), or you may contact the Data Protection Officer, by writing to Studio Legale Bongiovanni, Via Susa no. 31, Turin (TURIN) or email@example.com, providing the following personal data:
- name, surname and postal address;
- Details of the request;
- Purchase code;
- Photocopy of a valid identity document.
10. CONSENT OF MINORS IN RELATION WITH INFORMATION SOCIETY SERVICES
It is explicitly forbidden for minors under the age of sixteen (16) to use the Services provided through the Website. Considering the technologies available and the services provided, Manifattura Mario Colombo & C. has provided for checking systems designed to verify that consent for the processing of the personal data of a minor has been granted or authorised by the parent or legal guardian. By registering with or making a purchase on the Website, you confirm that you have reached the age of majority established in your country of residence.
11. DATA BREACH POLICY
In the event of a breach of personal data, Manifattura Mario Colombo & C. has set up a crisis team and provided for specific intervention procedures, in order to swiftly resolve the problem and alert the user so that he or she can adopt suitable precautions to reduce to a minimum the potential damage that may caused by the breach.
The information provided to users in the event of a breach will specifically indicate:
- the name and contact data of the Data Protection Officer, or any other contact that can provide information;
- any consequences of the breach of personal data;
- the measures adopted or proposed by the Legal Representative to remedy the breach of personal data and, if appropriate, to limit the possible negative effects.
Manifattura Mario Colombo & C. will issue a public communication, or take similar measures, and will not be obliged to inform the user if adequate technical and organisational measures are implemented to protect the data affected by the breach, if measures are subsequently adopted to prevent the user’s rights being placed at high risk again, or when the communication would require a disproportionate effort. In any case, Manifattura Mario Colombo & C. will consider whether it is opportune - even if it is not strictly compulsory - to keep the user informed.
Where necessary, Manifattura Mario Colombo & C. will also inform the Data Protection Authority of the breach within 72 hours.
For this reason, if a breach comes to the attention of a Data Processor, or another processor appointed thereby, he or she must notify the violation, within 12 and 24 hours respectively of discovery.
Any breaches of personal data may be notified by writing to firstname.lastname@example.org.