Dear User, we hereby inform you that on 22 September 2021 following the procedure for competing tenders pursuant to Article 163-bis, paragraph 5 of the Bankruptcy Law the Court of Mantua awarded the commercial business unit owned by the company “Corneliani S.r.l. in arrangement with creditors“, whose purpose is the production, manufacture and sale of clothing items and related accessories under the “Corneliani“ brand, to the company “Corneliani S.p.A.“ with its legal headquarters at Via Durini n. 24, Milan (MI) and tax code no. 11762610969.
The deed of transfer for the commercial business unit, as identified above, to the company “Corneliani S.p.A.“ has legal, accounting and fiscal effect as of 1 December 2021.
“Corneliani S.p.A.“ has become the sole owner of the personal data collected and processed as part of the activities carried out by the two companies taking part in the operation, as well as the owner of the website www.corneliani.com (hereinafter, the “Website“), with the processing methods and purposes being unchanged.
Corneliani S.p.A. is aware of the importance of the data subject’s personal data (the subject using the website www.corneliani.com, hereinafter, the “User“) and therefore intends to inform and provide it with the greatest possible control over the management of the personal information collected through this Website in its capacity as the creator and promoter of the activities available at www.corneliani.com in accordance with the provisions of Article 13 of European Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter, the “Regulation“) regarding data collected through the Website.
Therefore, Corneliani S.p.A., as the new data controller (referred to hereinafter as “Corneliani“ or the “Data Controller“), hereby informs you, pursuant to and for the purposes of Article 13 of the Regulation, that the data you provide when accessing and interacting with the Website will be processed in accordance with the provisions of the notice below.
With regard to the data gathered via the Website:
a) Corneliani S.p.A., with its legal headquarters at Via Durini n. 24, 20122, Milan (MI), VAT no. 11762610969, a share capital and reserves of € 13,500,000.00, enrolled in the Milan Monza Brianza Lodi Company Register with Economic and Administrative Index (REA) no. MI - 2623294, is the independent controller for the personal data collected through the Website;
b) Drop S.r.l., with its legal headquarters at Via Sandro Pertini n. 1, Montegranaro (FM), VAT no. 01383870431, a share capital of € 100,000.00 fully paid up, enrolled on the Fermo Company Register with Economic and Administrative Index (REA) no. FR-201713 (hereinafter, “Drop”) is the external supervisor for the processing that Corneliani is the Data Controller for;
c) Your personal data will be processed by Drop as independent data controller for administrative and fiscal activities, implementing the security measures deemed most appropriate to ensure their protection in the processing and retention activities. This policy does not refer to the processing of personal data by Drop, which is the independent controller of the processing, whose policy is available here.
d) The Data Protection Officer (DPO) canbe contacted via the following email address: firstname.lastname@example.org.
For any information regarding the Data Controller and for a complete and updated list of data supervisors,the User may contact Corneliani by writing to email@example.com, by fax to +39 0376 304 308 or by post to the above address.
The personal data processed by the Data Controller (hereinafter, the “Personal Data“) are those provided by the User when browsing the Website during registration (such as, for example, their name, surname, e-mail address, username and password), when subscribing to services (such as, for example, Web Chat) that are made available by the Data Controller and/or when purchasing products made available by the Data Controller (such as, for example: their first name, surname, e-mail address, password, date of birth, gender, social media profile data, if the User registers on the Website through social media profiles, in addition to the data necessary in order to provide the online sales service such as, for example, payment data, billing and delivery address, telephone number).
The personal data is processed in order to carry out the following activities:
The data provided will be processed by the Data Controller in order to process the purchase order with reference to, for example, payment, shipment, handling any returns, for customer service, for the performance of administrative and accounting purposes related to managing the order, for the fulfilment of obligations under current legislation.
For credit card payments, the information required for the transaction (credit card holder, credit/debit card number, expiry date, security code) will be processed by Drop S.r.l. or, where appropriate, by companies responsible for anti-fraud control using a cryptographic protocol and without third parties being able to access it in any way. This information will never be displayed or stored by the Data Controller unless it is to carry out the procedures relating to the purchase and to issue the relevant refunds for any product returns after the User exercises their right of withdrawal or if necessary, to prevent or report any fraud on the Website to the police;
The legal bases for data processing for the purposes of item 3) are:
The personal data collected for the purposes referred to in point 3) above are processed using mainly computer and/or telematic methods and tools and with organisational and logical methods strictly related to the pursuit of the purposes stated in this statement, adopting security measures to minimise the risks of destruction or loss, including the accidental loss of the data, unauthorised access or processing that is not permitted or does not comply with the collection purposes stated in this notice.
However, due to the nature of the means of online transmission, such measures cannot fully limit or exclude any risk of unauthorised access or loss of data. To this end, it is advisable to periodically check that the computer is equipped with the appropriate software devices for the protection of incoming and outgoing network data transmission (such as up-to-date antivirus systems), and that the internet service provider has taken appropriate measures regarding network data transmission security (such as firewalls and spam filters).
The Data Controller undertakes to process the data in accordance with the principles of correctness, lawfulness and transparency, to collect the data to the extent which is necessary and accurate for the processing, and to allow for its use only by staff which are authorised for this purpose.
The personal data collected for the purposes referred to in point 3) above are provided directly by the User with the exception of the data collected when registering for or accessing the Site via a social media profile and the purchase data provided by Drop S.r.l. in the event that the User has given their consent to profiling.
Providing the personal data which is classified on the Website as “mandatory“ is strictly necessary for the activities referred to in point 3).
If the User refuses to provide the personal data classified on the website as “mandatory“, it will be impossible to perform the activities referred to in point 3)
Providing further data, other than what is stated on the website as “mandatory“ is, on the other hand, optional and has no consequences for the performance of the activities referred to in point 3) above.
Depending on the case and if necessary, the mandatory or optional nature of providing the data will be stated by the presence of an appropriate character (*) by the mandatory information.
The personal data is processed by the Data Controller, by the Data Controller’s staff and consultants (who will act as subjects authorised to conduct the processing), by the companies of the Group and by the relevant permanent establishments, as well as by companies that provide the Data Controller with specific technical and organisational services related to the Website and to the management of marketing, profiling and market research activities in their capacity as data processors or subjects authorised to conduct the processing, within the limits and for the purposes set out in point 3). More specifically, the personal data may be communicated to:
The personal data will not be disclosed.
The personal data may be transferred to countries within the European Union and to countries outside the European Union for the purposes set out in point 3).
The personal data will be transferred to countries outside the European Union where the third countries offer an adequate level of data protection, as determined by the appropriate adequacy decisions made by the European Commission.
The personal data will only be transferred to countries outside the European Union in the absence of an adequacy decision by the European Commission where there are standard contractual clauses approved by the European Commission for the transfer of personal data or where there are Binding Corporate Rules (BCRs).
The User may request a copy of the data transferred to countries outside the European Union by writing to the following address: firstname.lastname@example.org.
The personal data is stored in accordance with the following terms depending on its purpose:
When the periods above expire, the personal data will be definitively deleted. This is without prejudice to cases where storage for a later period is necessary for litigation, requests by competent authorities or under applicable law.
The personal data will be handled and stored in archives or on servers located within the European Union owned by the Data Controller and/or third party companies appointed as Data Supervisors and, in any case, currently located in Italy.
By writing to the following address email@example.com, you may exercise your rights with regard to the Controller at any time in accordance with the privacy legislation, as reproduced below.
The User is entitled to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information:
The User also has the right to:
The Controller reserves the right to make amendments to this policy at any time by advertising it to the User at www.corneliani.com. Please check this page often and take the last modification date found at the end of the document as a reference.
In the event of non-acceptance of the changes made to this policy, the User may request that the Data Controller delete their personal data.
Unless otherwise specified, the above notice will continue to be applicable to the personal data collected up to that point.
Drop S.r.l. (hereinafter “Drop”) cares about the protection of your personal data and your privacy, and as Data Controller for the purposes specified below, would like to provide you with the details on how your personal data is managed in compliance with the provisions stipulated in Art. 14 of EU Regulation 2016/679 (GDPR).
The present policy shall be updated whenever the way in which your personal data is modified, in compliance with legal provisions and/or company decisions.
We inform you that your personal data shall be processed by Drop exclusively for administrative and fiscal purposes, implementing the security measures deemed most appropriate to guarantee the protection of such data during the processing and storage activities.
Our duty and your privacy:
Drop would like to provide you with a series of information that you need to be aware of, not only to comply with the obligations provided for by the GDPR, but also because transparency and honesty are an integral part of what we stand for as a company.
TABLE OF CONTENTS:
● About us
● Our responsibility
● When and how we collect your data
● The type of data we collect
● Why we collect your data
● How we process your data
● Your rights
● Where your data is kept
● How long we keep your data for
● Third parties who can process your data
For the management of your data relating solely to administrative and fiscal activities deriving from the sale of products, the Data Controller is Drop S.r.l., with registered office at Viale Sandro Pertini n. 1, 63812 Montegranaro (FM), C.F. and VAT number 01383870431.
You may contact us for any information or requests via the following email address: firstname.lastname@example.org.
If appropriate, you may also contact our Data Protection Officer via the following email address: email@example.com.
The updated link of Processors and subjects appointed to carry out processing activities is kept at the Data Controller’s registered office.
We inform you that your data shall be legally processed in line with our decisions regarding the modalities and purposes of such processing.
When and how we collect your data:
Your data shall only be collected when it is specifically communicated to Corneliani S.p.A when a product is purchased on www.corneliani.com. You may decide not to communicate your data, and in this case, you may continue to browse the website, however we shall not be able to provide you with any services without your personal data.
The type of data we collect:
Pursuant to Art. 4 of EU Regulation 2016/679 (GDPR), “personal data” means any information relating to a natural person who can be identified directly or indirectly.
The personal data that we process are: your name and surname, your physical address and, if different, your address for tax purposes, your tax code and your email address.
We shall not collect any data regarding you as a person (i.e. personal data revealing your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your trade union membership, genetic data, biometric data, or data concerning your health, sex life or sexual orientation).
Why do we collect your data?
We shall only process your data for specific reasons, and only if there a legal basis that justifies us doing so.
In particular, your data shall be processed by Drop in its capacity as Data Controller solely for the administrative and fiscal purposes related to the purchase of products on www.corneliani.com, the legal basis for which is the performance of the contract of sale and the relevant legal obligations, in compliance with Art. 6 of EU Regulation 2016/679 (GDPR).
How we process your data:
Processing modalities are the technical and organisational methods used by us to ensure the suitable and secure management and storage of your data. Your data shall be processed using electronic means. Your data shall only be accessible to authorised staff (identified as Designated Individuals and/or Data Processors), through the granting of specific and individual access permissions.
We guarantee that your data shall be processed with maximum security: we have adopted suitable physical, digital and organisational measures to ensure the protection of your personal data.
You have the right:
1) to access your data.
This means you have the right to ask for additional information regarding:
● the data categories we are processing;
● the purpose of the processing;
● the categories of the potential recipients to whom your data may be communicated;
● the period for which your data is stored, or, in the absence of this information, the criteria used to determine this period;
● your other rights regarding the use of your data.
We shall provide you with the relevant information as promptly as possible within a maximum of one month from your request, as long as this does not infringe upon the rights and freedoms of other subjects (for example another person’s right to confidentiality) and that there are no legal obligations that prevent it. We shall inform you in the event that we are unable to satisfy your request for any reason;
2) to correct your data if it is incorrect or not up to date;
3) to obtain the erasure of your personal data (right to be forgotten).
You may, at any moment, request for the personal data we have of yours in our possession to be erased, if keeping it is no longer necessary for the purposes of the processing and there are no legal obligations or other legitimate binding reasons.
The correspondence relating to the exercising of your right shall, in any event, be kept for a maximum of 5 years as proof;
4) to the portability of your data, i.e. the right to transfer your data from one electronic system to another;
5) to object, at any time, to the further processing of your personal data carried out by us on the basis of a legitimate interest of ours;
6) to file a complaint with the supervisory authority.
But before doing that, contact us! We will be happy to resolve any problems relating to the processing of your personal data.
You may exercise your rights at any time by sending an email to the following address: firstname.lastname@example.org
Drop guarantees your rights even if it is processing your personal data on behalf of a third party. If we are processing your data on behalf of a third party, we guarantee that any requests to exercise your rights shall be forwarded to them without undue delay.
If you think that there has been a breach of your personal data, please contact us immediately email@example.com or contact our Data Protection Officer at firstname.lastname@example.org
Where your data is kept
Your data shall be processed within the European Union and shall not be transferred to countries outside of the EU.
If we need to transfer and/or store your data outside of the EU, you shall be duly informed. In this event, we shall adopt all suitable measures to guarantee the maximum protection of your data.
Your data shall be stored electronically. The original documentation shall be kept:
● at the administrative department at our registered office;
● with online communication and email providers;
● with the Digital Storage delegate pursuant to the 2022 Agid Guidelines on the Storage of Digital Documents;
● potential Sub-Processors, pursuant to Art. 28, paragraph 4 of EU Regulation 2016/679 (GDPR).
How long do we keep your data for?
All data relating to the fulfillment of administrative and tax-related purposes shall be stored for 10 (ten) years in compliance with the relevant legal provisions.
Therefore, we shall stop actively processing your data after 10 years from your last purchase, unless there are legal obligations under which we must store your data for longer than this.
Third parties who can process your data:
For more information contact us at: email@example.com or firstname.lastname@example.org.
The availability of items, prices, shippings methods, payment methods and currencies will be updated based on the new destination.