PRIVACY POLICY AS PER ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 (GDPR) 

1. Definitions

1.1          Cookies: text files (letters and/or numbers) that contain information that is stored on a User’s computer or mobile device each time the User visits a website through a browser. Upon subsequent visits, the browser sends cookies to the website that generated them or to another website. Cookies are stored either for a limited period of time for a specific site (i.e. session cookies), or for a longer period of time regardless of browsing time (i.e. persistent cookies).

1.2          Cookie Policy: the document concerning the Cookies, available at this link.

1.3          Customers: customers who have already purchased at least one Aspesi product.

1.4          Events: events and promotional and commercial initiatives related to the Products and to Aspesi.

1.5          GDPR: Regulation (EU) 2016/679 of 27 April 2016.

1.6          General Terms and Conditions: general terms and conditions of the Websiste and the services offered by Aspesi through the Website.

1.7          Personal Data: any information that directly or indirectly concerns an identified or identifiable natural person such as the person’s name, identification number, location data, online identifiers, or factors of the person’s physical, physiological, genetic, psychic, economic, cultural or social identity.

1.8          Policy: this Privacy Policy jointly with the Cookie Policy.

1.9          Post-Registration Services: the creation of a personal account, the purchase of Products through a simplified procedure (by accessing to the Users’ Personal Data recorded in his/her personal account, such as for example the data concerning the payment method), the creation and updating of a wishlist, the monitoring of the status of the Products purchased and the receipt of birthdays cards.

1.10          Privacy Policy: this document concerning the processing of Personal Data by Aspesi.

1.11        Processing: any operation or set of operations concerning Personal Data, including, by way of example, the collection, organisation, structuring, storage, modification, extraction, consultation, use, circulation, interconnection, limitation, erasure and destruction of the Personal Data.

1.12        Products: clothes, shoes and accessories (such as, for example, scarfs, belts and bags) bearing the trademark “Aspesi” that are sold through the Website.

1.13        Profiling: Processing of Personal Data through the evaluation of personal aspects of the Users by using fully or partially automated procedures, for evaluation and predictive purposes.

1.14        Services: services strictly connected to the purchase of Products, such as the delivery of the Products to the address communicated by the User, the management and verification of payments, returns and warranties, the performance of fiscal and financial assessment concerning the purchase, the managing of Products purchase orders, costumer care services (such as, for example, information regarding purchase orders and deliveries, reimbursements and returns of Products). 

1.15        Users: users of the Website.

1.16        Website: this Website.

 

2. Data Controller

support@aspesi.it

The data controller is Alberto Aspesi S.p.A., with registered office in Corso Venezia, 14, 20121, Milan (Italy), Italian Fiscal Code, VAT and Registrar of Companies of Milano No. 02683619139 (“Aspesi”).

Any requests by the Users concerning the Processing carried out by Aspesi as the data controller (including if Users wish to exercise their rights as per points 9 and 10 below) shall be addressed to Aspesi via mail, sent to its registered office, or via e-mail, sent to the address “aspesi@legalmail.it".

 
 

3. Purposes and legal basis of Processing

Aspesi collects and uses Users’ Personal Data for the following purposes:

a)           Allow Users to browse the Website, essentially through the use of Cookies: the Processing of Personal Data for the purpose under this letter a) is governed by the Cookie Policy, available at this link, that Aspesi recommends consulting.

b)          Allow Users to register on the Website and create a personal account: the Processing of Personal Data for the purpose under this letter b) is necessary for the User to use the Post-Registration Services, that are available only to registered Users, and any refusal will prevent the User only from being able to use the Post-Registration Services, provided that such User will be able to purchase the Products and use the Services also in  case of  non-registration. This Processing is based on the free, specific, informed and unequivocal consent of the User, expressed through a declaration or positive action (e.g. flag or click) on the Website. The withdrawal of consent can be exercised by the User at any time, following the instructions in point 9 letter a) of this Privacy Policy.

c)           Allow Users to purchase the Products and use the Services offered by Aspesi: the Processing of Personal Data for the purpose under this letter c) is necessary for the User to purchase the Products and use the Services, and any refusal will prevent the User from purchasing the Products and using the Services, according to the General Terms and Conditions. This Processing is based on the execution of the General Terms and Conditions by Users, and on the related pre-contractual measures proposed by Aspesi.

d)          Prevent and repress unlawful and fraudulent behaviours (also by third parties) against the applicable law, the General Terms and Conditions, and any rule of fairness and good faith: the Processing of Personal Data for the purpose under this letter d) is necessary in order to ensure the correct functioning of the Website and purchase of Products from the Users. This Processing is based on Aspesi’s legitimate interest to protect its company and customers from any unlawful or fraudulent behaviour, that Aspesi considers prevailing over Users’ right to privacy.

e)          Carry out marketing activities by Aspesi concerning the Products and the Events, through statistical analysis and market research, sending newsletters and advertising communications (for example, through e-mail, instant messaging systems, push notifications), managing of the Events’ invitations and participations: the Processing of Personal Data for the purpose under this letter e) is optional, and any refusal by the User will prevent the User from taking advantage of marketing activities by Aspesi relating to the Products and Events, consisting of, for example, discounts, new arrivals, new lookbooks, exclusive promotional initiatives and in-store Events (such as, for example, opening of new stores and starting date of discount sales). This Processing is based on the free, specific, informed and unequivocal consent of the User, expressed through a declaration or positive action (e.g. flag or click) on the Website or by filling-in a paper form during the Events. The withdrawal of consent can be exercised by the User at any time, following the instructions in point 9 letter a) of this Privacy Policy.

f)            Carry out Profiling, following optional consent, as per point 7 below: the Processing of Personal Data for the purpose under this letter f) is optional and any refusal by the User will prevent the User from benefitting from registration and analysis (i.e. Profiling) of the information and preferences expressed by the User on the Website to customise the Services and/or the Post-Registration Services and the receipt of commercial and advertising communications (such as, for example, through receipt of personalised suggestions on the Products and their availability that might be of potential interest to Users). This Processing is based on the free, specific, informed and unequivocal consent of the User, expressed through a declaration or positive action (e.g. flag or click) on the Website or by filling-in a paper form during the Events. The withdrawal of consent can be exercised by the User at any time, following the instructions in point 9 letter a) of this Privacy Policy.

g)           Sending of direct marketing communications to Customers by Aspesi (so-called soft spam) related to the Products by e-mail: the Processing of Personal Data as per letter g) is optional and the eventual refusal by the Customer who has already purchased Aspesi’s Products prevents the same Customer from being updated on Aspesi’s Products and from benefitting from direct marketing communications that concern exclusively the sale by Aspesi of Products similar to those already purchased. This Processing is based on Aspesi’s legitimate interests consisting of the benefit that Aspesi may obtain from sending direct marketing communications that promote the sale of Products to its Customers, involving the latter in Aspesi’s growth and development process, which Aspesi considers to take precedence over the Customers’ right to privacy (who, moreover, may reasonably expect to receive such communications). The objection to this Processing may be exercised by the Customer, at any time and without any reason, following the instructions in point 10 of this Privacy Policy.

h)           Managing the contact requests received on the Website through the completion of the contact form by the Users: the Processing of Personal Data for the purpose under this letter g) is necessary for the management of contact requests sent by the Users. This Processing is based on the free, specific, informed, and unequivocal consent of the User, expressed through a declaration or positive action (e.g. flag or click) on the Website. The withdrawal of consent can be exercised by the User at any time, following the instructions in point 9 letter a) of this Privacy Policy.

i)          Perform statistical analysis, market research, improve the display of the Products, the offer of Services and Post-Registration Services and the use of the Website. Where possible, to achieve this purpose, Aspesi will use anonymous data (data that do not identify or make Users identifiable and therefore do not constitute Personal Data): the Processing of Personal Data under this letter h) is optional and any refusal by the User will prevent the User from using the Services that most fit their preferences, but it will not affect Users’ use of the Services. This Processing is based on Aspesi’s legitimate interest consisting of the benefit that Aspesi may obtain in offering Services that most fit the preferences expressed by Users while browsing the Website and using the Services, that Aspesi considers it as prevailing over Users’ right to privacy. The objection to this Processing (expect where carried on using anonymous data) can be exercised by the Users at any time for any reason by following the instructions under point 9, letter f) of this Privacy Policy.

 

4. Personal Data modalities of collection

Aspesi collects Personal Data in the following modalities:

a)              Personal Data provided on the Website by the Users: these Personal Data are provided, for example, to register to the Website, purchase the Products and use the Services and/or the Post-Registration Services.

b)           Personal Data provided to Aspesi by Users ‘offline’: these Personal Data are provided, for example, during the purchases of the products by Customers, the participation in Events and the communications made to Aspesi’s customer service.

Users’ Personal Data communicated to Aspesi by PR companies: these Personal Data are communicated to Aspesi by the PR companies involved in the organization of the Events.

c)              Users’ Personal Data communicated to Aspesi by PR companies: these Personal Data are communicated to Aspesi by the PR companies involved in the organization of the Events.

d)             Personal Data automatically collected by the Website: these Personal Data are automatically collected by the Website, for example through Cookies (for additional information, Aspesi recommends consulting the Cookie Policy available at this link.

 

5. Categories of recipients of Personal Data

Personal Data are processed by Aspesi and/or by third parties, selected based on their reliability and expertise, to which the Personal Data could be provided as necessary or appropriate, as long as they operate within the European Economic Area. Users’ and Clients' Personal Data could be processed by, and/or provided to:

a)               employees and/or staff of Aspesi;

b)              third-party providers of services necessary for the proper functioning of the Website (e.g. companies that offer web hosting services);

c)               third-party providers of services necessary to ensure the commercialization of the Products and the use of the Services and/or the Post-Registration Services (such as, for example, manufacturers, couriers, providers of payment services);

d)              third-party providers of consultancy and advisory services (e.g. fiscal consultant);

e)              third-party providers of browsing data analysis concerning the Website;

f)                competent authorities, for the purposes of performing investigations regarding unlawful or fraudulent use of the Website;

g)               subject to the optional consent of the User, third-party providers of automated newsletter services and/or commercial communications, and of services involving marketing, promotion, and analysis of habits and consumer choices, also through Profiling;

h)               third-party providers of PR and managing services for the Events.

 

6. Period of storage of the Personal Data (or criteria for determining such period)

were collected, as per point 3 above. Without prejudice to User’s exercise of their right to withdraw their consent as per point 9 a) below or their right to object as per point 9 f) and as per point 10 below, Aspesi will keep Personal Data as follows:

a)              Cookies: for the purposes under point 3 letter a), see the Cookie Policy available at this link;

b)             Personal Data for the use of the Post-Registration Services and/or the Services: for the purposes under point 3 letters b) and/or c) (in this case, limited to the Services other than the purchase of the Products), for the duration of the General Terms and Conditions and for 26 months after the expiry of such General Terms and Conditions, without prejudice to point 6 letter f) below;

c)              Personal Data for the purchase of Products and for preventing unlawful and fraudulent behaviours: for the purposes under point 3 letters c) (limited to the purchase of Products) and d), for a period of 5 years after the conclusion of the purchase procedure of a Product, without prejudice to point 6 letter f) below;

d)             Personal Data for Profiling and for commercial communications of Aspesi: for the purposes under point 3 letters e) and f), for a period of 5 years after the User’s last interaction with Aspesi, suitable to demonstrate an interest in receiving marketing communications concerning Aspesi, including the collection of consent or the participation to Events and/or initiatives promoted by Aspesi;

e)           Personal Data for direct marketing communications: for the purpose of point 3 letter g), for a period of 5 years following the last purchase by the Customers, suitable to demonstrate an interest in Aspesi’s Products;

f)               Personal Data for managing the contact request: for the purpose under point 3 letter h), for a period of 3 months from the receipt of the contact request sent by the User by filling in the designated form on the Website. By way of exception from this term, in case of a complaint or a claim being sent via the "contact" form, the User's Personal Data will be kept for the period referred to in point 6 letter g) below;

g)               in any case, Aspesi is authorised to keep, in whole or in part, Personal Data for a maximum of 10 years from when they are collected, limited to the information necessary to comply with legal obligations and allow Aspesi to ascertain, exercise and defend its rights in court or before any other competent authority, or for a longer period if the potential legal assessment or procedure lasts more than 10 years.

Once these terms expired, Aspesi will automatically erase the Personal Data collected or transform them into an irreversibly anonymous form.

 

7. Profiling

Profiling is carried out by Aspesi as follows:

a)              object: Personal Data concerning Users, collected on the Website and suitable to reveal tastes, behavioural habits and preferences referred to the purchase of Products, the use of the Services and/or the Post-Registrations Services (e.g. wishlist) and the participation to Events;

b)             purpose: improving the promotion and marketing communications referred to Aspesi’s Products and Events, by sending commercial communications in line with interests and preferences expressed by the User on the Products, Services, Post-Registration Services and/or Events;

c)              rationale of Processing: the Users’ profiles are identified on a statistical basis through the analysis and processing of the Personal Data of all the Users on the Website and with the classification of Users within homogeneous categories of Users;

d)             effects for Users: receipt of commercial and marketing communications concerning the Products, Services, Post-Registration Services and/or Events that are in line with the interests and preferences expressed by Users in browsing the Website, purchasing the Products and/or using the Services. In no way does Aspesi Profiling: i) constitute an automated decision-making process whereby legal or similarly significant effects derive for Users; ii) affect the behaviour and training or purchasing choices of Users; iii) have a prolonged and permanent impact for Users, considering that Personal Data collected by Aspesi can be independently updated at any time by Users; or iv) due to the nature of Products sold by Aspesi and the category of Users interested in the Processing, discriminate such Users.

 

8. Transfer of Personal Data outside of the EEA (including the EU)

Personal Data collected by Aspesi for the purposes under point 3 of this Privacy Policy will be transferred by Aspesi, in accordance with Articles 44 and subsequent of the GDPR, using appropriate safeguards suitable to ensure the protection of the Personal Data, to:

1)             the company Salesforce UK Limited, with registered office in Floor 26 Salesforce Tower, 110 Bishopsgate Londra EC2N 4AY, UK, pursuant to the termination agreement between the European Union and the United Kingdom;

2)             the following US companies, which provide services related to the managing of the Website and to the performance of Aspesi’s marketing activities, and which belong to the “Privacy Shield List” (consisting of a list of the US companies that adopt safeguards in processing Personal Data suitable and in line with the European standard regarding the Processing), published and updated according to the European Commission’s adequacy decision No. 2016/1250, resolved in compliance with art. 25 of the Directive 95/46/CE, that will be valid upon revoke, modification or cancellation pursuant to art. 45 of the GDPR:

a)              Google Inc., with registered office at 1600 Amphitheater Parkway Mountain View, CA, United States, 94043, on account of the company’s being part of the EU–US Privacy Shield List;

b)             Magento, Inc., with registered office at 345 Park Avenue, San Jose, CA 95110-2704, USA;

3)             the company DHL Express Italy S.r.l., with registered office at Via Lombardia 2/A, 20068, Peschiera Borromeo (MI), which, also through its affiliate, deliveries the Products worldwide, according to the exception set forth in article 49, paragraph 1, lett. b), since the transfer of Personal Data is necessary to the performance of the purchase agreement of the Products executed between Aspesi and the User.

 

9. User Rights

In accordance with the GDPR, Users have the right, for the period as per point 6 of this Privacy Policy, to:

a)              with reference to Processings under point 3 letters b), e), f) and h), withdraw consent at any time without prejudice to the lawfulness of prior Processing, by sending an email to Aspesi or by opting out of Aspesi commercial and marketing communications (Article 7 of the GDPR);

b)             ask Aspesi for access to the Personal Data and information regarding the Processing, as well as request an electronic copy, unless otherwise specifically requested by the User (Article 15 of the GDPR);

c)              request the rectification of the Personal Data and/or have it completed without undue delay (Article 16 of the GDPR);

d)             request, for specific reasons (e.g. unlawful processing, withdrawal of consent, non-existence of the purpose for processing), the erasure of the Personal Data without undue delay (Article 17 of the GDPR);

e)             in certain circumstances (e.g. inaccurate Personal Data, unlawful processing, exercise of a right before court) request that the Processing be restricted (Article 18 of the GDPR);

f)               with reference to the Processings under point 3 letters d) and i), object to the Processing of the Personal Data at any time (if anonymous data were not used), by sending an email to Aspesi (Article 21 of the GDPR);

g)              in cases of automated processing, receive the Personal Data in a readable format, for the purpose of communicating them to a third party, or, where technically feasible, request that Aspesi send the Personal Data directly to the third party (right to Personal Data portability – Article 20 of the GDPR);

h)             be informed by Aspesi without undue delay of any breaches or unauthorised access by third parties to Aspesi’s systems that contain the Personal Data (data breaches – Article 34 of the GDPR);

i)               lodge a complaint with the supervisory authority of the EU country where the User resides, works or where the User believes that his or her rights have been breached (Article 77 of the GDPR).

For additional information on the terms and conditions for exercising their rights, Users can consult the GDPR at this link, or contact Aspesi as per point 2 of this Privacy Policy.

10. Objection to the Processing of Aspesi's direct marketing communications

Aspesi points out that each Customer has the right to object to the Processing of Personal Data as per point 3 letter g), at any time and without any reason, by sending an e-mail to Aspesi or by exercising the opt-out in Aspesi's direct marketing communications. In case such right is exercised, Aspesi will stop the use of the Customer's Personal Data for direct marketing purposes of Products similar to those previously purchased by the Customer.