Dear User, we hereby inform you that on 22 September 2021 following the procedure for competing tenders pursuant to Article 163-bis, paragraph 5 of the Bankruptcy Law the Court of Mantua awarded the commercial business unit owned by the company “Corneliani S.r.l. in arrangement with creditors“, whose purpose is the production, manufacture and sale of clothing items and related accessories under the “Corneliani“ brand, to the company “Corneliani S.p.A.“ with its legal headquarters at Via Durini n. 24, Milan (MI) and tax code no. 11762610969.
The deed of transfer for the commercial business unit, as identified above, to the company “Corneliani S.p.A.“ has legal, accounting and fiscal effect as of 1 December 2021.
“Corneliani S.p.A.“ has become the sole owner of the personal data collected and processed as part of the activities carried out by the two companies taking part in the operation, as well as the owner of the website www.corneliani.com (hereinafter, the “Website“), with the processing methods and purposes being unchanged.
Corneliani S.p.A. is aware of the importance of the data subject’s personal data (the subject using the website www.corneliani.com, hereinafter, the “User“) and therefore intends to inform and provide it with the greatest possible control over the management of the personal information collected through this Website in its capacity as the creator and promoter of the activities available at www.corneliani.com in accordance with the provisions of Article 13 of European Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter, the “Regulation“) regarding data collected through the Website.
Therefore, Corneliani S.p.A., as the new data controller (referred to hereinafter as “Corneliani“ or the “Data Controller“), hereby informs you, pursuant to and for the purposes of Article 13 of the Regulation, that the data you provide when accessing and interacting with the Website will be processed in accordance with the provisions of the notice below.
1. Data Controller and Supervisor
With regard to the data gathered via the Website:
a) Corneliani S.p.A., with its legal headquarters at Via Durini n. 24, 20122, Milan (MI), VAT no. 11762610969, a share capital and reserves of € 13,500,000.00, enrolled in the Milan Monza Brianza Lodi Company Register with Economic and Administrative Index (REA) no. MI - 2623294, is the independent controller for the personal data collected through the Website;
b) Drop S.r.l., with its legal headquarters at Via Sandro Pertini n. 1, Montegranaro (FM), VAT no. 01383870431, a share capital of € 100,000.00 fully paid up, enrolled on the Fermo Company Register with Economic and Administrative Index (REA) no. FR-201713 (hereinafter, “Drop”) is the external supervisor for the processing that Corneliani is the Data Controller for;
c) Your personal data will be processed by Drop as independent data controller for administrative and fiscal activities, implementing the security measures deemed most appropriate to ensure their protection in the processing and retention activities. This policy does not refer to the processing of personal data by Drop, which is the independent controller of the processing, whose policy is available here.
d) The Data Protection Officer (DPO) canbe contacted via the following email address: firstname.lastname@example.org.
For any information regarding the Data Controller and for a complete and updated list of data supervisors,the User may contact Corneliani by writing to email@example.com, by fax to +39 0376 304 308 or by post to the above address.
2. Categories of collected personal data
The personal data processed by the Data Controller (hereinafter, the “Personal Data“) are those provided by the User when browsing the Website during registration (such as, for example, their name, surname, e-mail address, username and password), when subscribing to services (such as, for example, Web Chat) that are made available by the Data Controller and/or when purchasing products made available by the Data Controller (such as, for example: their first name, surname, e-mail address, password, date of birth, gender, social media profile data, if the User registers on the Website through social media profiles, in addition to the data necessary in order to provide the online sales service such as, for example, payment data, billing and delivery address, telephone number).
3. Purpose of processing the personal data.
The personal data is processed in order to carry out the following activities:
closing and executing the contract of sale for the products offered on the Website: the personal data provided will be used for the purposes of establishing, managing, executing and/or closing the on-line sales contract.
The data provided will be processed by the Data Controller in order to process the purchase order with reference to, for example, payment, shipment, handling any returns, for customer service, for the performance of administrative and accounting purposes related to managing the order, for the fulfilment of obligations under current legislation.
For credit card payments, the information required for the transaction (credit card holder, credit/debit card number, expiry date, security code) will be processed by Drop S.r.l. or, where appropriate, by companies responsible for anti-fraud control using a cryptographic protocol and without third parties being able to access it in any way. This information will never be displayed or stored by the Data Controller unless it is to carry out the procedures relating to the purchase and to issue the relevant refunds for any product returns after the User exercises their right of withdrawal or if necessary, to prevent or report any fraud on the Website to the police;
Website registration: if the User decides to register on the Website, their personal data will be processed by the Data Controller to register on the Website and to use the services intended for registered users only after express consent is provided. Particularly, when the User provides their name, surname, e-mail address, date of birth, sex and sets an access password, these will be used to create a personal account, to speed up the purchase process, to allow the User to view the status of their orders and receive updates on purchases made, to set and modify their own data and any “Preferences“ that will improve browsing, and to update the account, to view their returns history and requests to exchange goods, to save favourite items in the Basket. If the User registers for the Website or accesses it without being registered by means of a social media profile, providing their name, surname, email after giving express consent to perform actions via the User account, such information will be processed for the same purposes as above. In some cases, social media sites request some feedback and information regarding the use of logins. For further information, please refer to the corresponding privacy documentation on social media at HTTPS://IT-IT.FACEBOOK.COM/POLICY
marketing purposes following the purchase of a product on the Website (soft spam): if the User has purchased a product on the Website, their personal data will be processed in order to send promotional email communications about related products;
marketing, profiling and market research purposes: if the User decides to subscribe to the Website, only following free and specific optional consents, the personal data will be processed by the Data Controller to send commercial or promotional communications, for profiling activities or to analyse the preferences aimed at the creation of personalised content and offers as well as for market research purposes. These communications may be sent via email, SMS, MMS or Whatsapp.Please note that the processing for profiling purposes is partly automated and allows for clusters of users with similar purchase characteristics and preferences to be created in order to better target Corneliani's sale initiatives and proposals;
subscription to the Corneliani newsletter: if the User decides to subscribe to the Corneliani newsletter, and only after providing express consent, the personal data will be processed by the Data Controller to send commercial or promotional communications via email, for profiling activities or to analyse the preferences aimed at the creation of personalised content via email and offers as well as for market research purposes. In order to unsubscribe from the newsletter, you must flick on the unsubscribe link at the bottom of the email or by writing to the following address: firstname.lastname@example.org;
Web Chat service: if the User browses or registers on the Website, the personal data will be processed by the Data Controller to send commercial or promotional communications, for profiling activities or to analyse the preferences aimed at the creation of personalised content and offers as well as for market research purposes via the Web Chat service.
sending CVs: if the User decides to submit their CV to the Website, the Data Controller will use the personal data in order to consider the User's profile for an application for an open vacancy.
4. Legal basis for processing the personal data.
The legal bases for data processing for the purposes of item 3) are:
the provision of its services by the Controller, through the management of the Website - article 6(1)(c) of the Regulation;
the formation, execution and possible termination of on-line sales contract between the parties and in the obligations connected to the said contract and/or directly and/or indirectly deriving from it - article 6(1)(b) of the Regulation;
the consent of the data subjects to marketing and profiling - article 6(1)(a) of the Regulation;
the management of requests from data subjects, including the processing of CVs for applications for open positions - article 6(1)(c) of the Regulation.
5. Processing methods for the personal data.
The personal data collected for the purposes referred to in point 3) above are processed using mainly computer and/or telematic methods and tools and with organisational and logical methods strictly related to the pursuit of the purposes stated in this statement, adopting security measures to minimise the risks of destruction or loss, including the accidental loss of the data, unauthorised access or processing that is not permitted or does not comply with the collection purposes stated in this notice.
However, due to the nature of the means of online transmission, such measures cannot fully limit or exclude any risk of unauthorised access or loss of data. To this end, it is advisable to periodically check that the computer is equipped with the appropriate software devices for the protection of incoming and outgoing network data transmission (such as up-to-date antivirus systems), and that the internet service provider has taken appropriate measures regarding network data transmission security (such as firewalls and spam filters).
The Data Controller undertakes to process the data in accordance with the principles of correctness, lawfulness and transparency, to collect the data to the extent which is necessary and accurate for the processing, and to allow for its use only by staff which are authorised for this purpose.
6. Providing the personal data.
The personal data collected for the purposes referred to in point 3) above are provided directly by the User with the exception of the data collected when registering for or accessing the Site via a social media profile and the purchase data provided by Drop S.r.l. in the event that the User has given their consent to profiling.
Providing the personal data which is classified on the Website as “mandatory“ is strictly necessary for the activities referred to in point 3). If the User refuses to provide the personal data classified on the website as “mandatory“, it will be impossible to perform the activities referred to in point 3)
Providing further data, other than what is stated on the website as “mandatory“ is, on the other hand, optional and has no consequences for the performance of the activities referred to in point 3) above.
Depending on the case and if necessary, the mandatory or optional nature of providing the data will be stated by the presence of an appropriate character (*) by the mandatory information.
7. Communicating and disseminating the personal data.
The personal data is processed by the Data Controller, by the Data Controller’s staff and consultants (who will act as subjects authorised to conduct the processing), by the companies of the Group and by the relevant permanent establishments, as well as by companies that provide the Data Controller with specific technical and organisational services related to the Website and to the management of marketing, profiling and market research activities in their capacity as data processors or subjects authorised to conduct the processing, within the limits and for the purposes set out in point 3). More specifically, the personal data may be communicated to:
third parties, solely for the purpose of executing the contract for the purchase of products on the Website (the credit institution for the execution of remote electronic payment services by credit/debit card) and suppliers of services related to the sale (couriers, logistics companies), specifically appointed as data processors, to the extent strictly necessary for the performance of ancillary tasks;
law enforcement or judicial and/or administrative authorities, in accordance with the law and after a formal request by such entities, or if there are reasonable grounds to believe that the disclosure of such data is reasonably necessary to (1) investigate, prevent or take action regarding suspected illegal activities or to assist governmental law enforcement or supervisory authorities; (2) defend against any claims or allegations from third parties, or protect the security of its website and business; or (3) exercise or protect the rights, property, or safety of the Data Controller, its group companies, affiliates, customers, employees, or any other person;
public or private subjects who are able to access the personal data by virtue of the provisions of law, regulation or EU legislation, within the limits provided for by these rules.
The personal data will not be disclosed.
8. Transferring the personal data abroad.
The personal data may be transferred to countries within the European Union and to countries outside the European Union for the purposes set out in point 3). The personal data will be transferred to countries outside the European Union where the third countries offer an adequate level of data protection, as determined by the appropriate adequacy decisions made by the European Commission. The personal data will only be transferred to countries outside the European Union in the absence of an adequacy decision by the European Commission where there are standard contractual clauses approved by the European Commission for the transfer of personal data or where there are Binding Corporate Rules (BCRs). The User may request a copy of the data transferred to countries outside the European Union by writing to the following address: email@example.com.
9. Retention period for the personal data
The personal data is stored in accordance with the following terms depending on its purpose:
The personal data collected for the conclusion and execution of contracts of sale for the products on the Website: until the administrative and accounting formalities are concluded. Billing data is stored for 10 years from the invoice date. With specific reference to the personal data relating to payments: until the certification of the payment and the relevant administrative and accounting formalities following the expiry of the right of withdrawal and the terms applied to contest the payment have been concluded;
Personal data relating to registration on the Website: until it is deleted from the Website;
Personal data relating to subscription to the Corneliani Newsletter, the Web Chat service and soft spam): until the opt-out request is made by the User;
Personal data relating to purchases that can be associated with the user for marketing and customer profiling purposes: as provided for by the decision of the Italian Privacy Authority of 2005, for 24 and 12 months, respectively;
Personal data included in CVs: up to a maximum period of 6 months after sending the CV.
When the periods above expire, the personal data will be definitively deleted. This is without prejudice to cases where storage for a later period is necessary for litigation, requests by competent authorities or under applicable law.
The personal data will be handled and stored in archives or on servers located within the European Union owned by the Data Controller and/or third party companies appointed as Data Supervisors and, in any case, currently located in Italy.
10. User rights
By writing to the following address firstname.lastname@example.org, you may exercise your rights with regard to the Controller at any time in accordance with the privacy legislation, as reproduced below. The User is entitled to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to obtain access to the personal data and the following information:
the purpose of the processing;
categories of the personal data in question;
recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly if they are recipients in third countries or international organisations;
where possible, the expected retention period of the personal data or, if this is not possible, the criteria used to determine that period;
the User's right to ask the Data Controller to rectify or erase the personal data or to restrict the processing of the personal data concerning them or to object to it being processed;
the right to submit a claim to a supervisory body;
where the data is not collected from the User, all the information available about its origin;
an automated decision-making process, particularly with regard to profiling, and, at least in such cases, meaningful information on the logic used as well as the importance and expected consequences of such processing for the User.
The User also has the right to:
be informed of the existence of adequate safeguards pursuant to Article 46 GDPR relating to the transfer if the personal data is transferred to a third country or an international organisation;
obtain a copy of the personal data subjected to processing;
rectify any inaccurate personal data relating to them without undue delay in the cases referred to in Article 17(1) GDPR, by writing to the following address: email@example.com;
make additions to any incomplete personal data;
delete any inaccurate personal data relating to them without undue delay;
limit the processing in the cases referred to in Article 18, paragraph 1 of the GDPR;
receive the personal data concerning them which is provided to a data controller in a structured, commonly used and machine-readable format and to transmit such data to another data controller without hindrance from the latter in the cases referred to in Article 20 of the GDPR; in order to exercise their right to take the data to other entities, the User must make an express request by writing to the following address: firstname.lastname@example.org;
object to the processing of the personal data relating to them, as well as profiling at any time on grounds relating to their particular situation;
not be subjected to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning them or significantly affects them in a similar way.
11. Amendments to this notice.
The Controller reserves the right to make amendments to this policy at any time by advertising it to the User at www.corneliani.com. Please check this page often and take the last modification date found at the end of the document as a reference.
In the event of non-acceptance of the changes made to this policy, the User may request that the Data Controller delete their personal data.
Unless otherwise specified, the above notice will continue to be applicable to the personal data collected up to that point.
Drop S.r.l. (hereinafter “Drop”) cares about the protection of your personal data and your privacy, and as Data Controller for the purposes specified below, would like to provide you with the details on how your personal data is managed in compliance with the provisions stipulated in Art. 14 of EU Regulation 2016/679 (GDPR).
The present policy shall be updated whenever the way in which your personal data is modified, in compliance with legal provisions and/or company decisions.
We inform you that your personal data shall be processed by Drop exclusively for administrative and fiscal purposes, implementing the security measures deemed most appropriate to guarantee the protection of such data during the processing and storage activities.
Our duty and your privacy:
Drop would like to provide you with a series of information that you need to be aware of, not only to comply with the obligations provided for by the GDPR, but also because transparency and honesty are an integral part of what we stand for as a company.
TABLE OF CONTENTS:
● About us
● Our responsibility
● When and how we collect your data
● The type of data we collect
● Why we collect your data
● How we process your data
● Your rights
● Where your data is kept
● How long we keep your data for
● Third parties who can process your data
For the management of your data relating solely to administrative and fiscal activities deriving from the sale of products, the Data Controller is Drop S.r.l., with registered office at Viale Sandro Pertini n. 1, 63812 Montegranaro (FM), C.F. and VAT number 01383870431.
You may contact us for any information or requests via the following email address: email@example.com.
If appropriate, you may also contact our Data Protection Officer via the following email address: firstname.lastname@example.org.
The updated link of Processors and subjects appointed to carry out processing activities is kept at the Data Controller’s registered office.
We inform you that your data shall be legally processed in line with our decisions regarding the modalities and purposes of such processing.
When and how we collect your data:
Your data shall only be collected when it is specifically communicated to Corneliani S.p.A when a product is purchased on www.corneliani.com. You may decide not to communicate your data, and in this case, you may continue to browse the website, however we shall not be able to provide you with any services without your personal data.
The type of data we collect:
Pursuant to Art. 4 of EU Regulation 2016/679 (GDPR), “personal data” means any information relating to a natural person who can be identified directly or indirectly.
The personal data that we process are: your name and surname, your physical address and, if different, your address for tax purposes, your tax code and your email address.
We shall not collect any data regarding you as a person (i.e. personal data revealing your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, your trade union membership, genetic data, biometric data, or data concerning your health, sex life or sexual orientation).
Why do we collect your data?
We shall only process your data for specific reasons, and only if there a legal basis that justifies us doing so.
In particular, your data shall be processed by Drop in its capacity as Data Controller solely for the administrative and fiscal purposes related to the purchase of products on www.corneliani.com, the legal basis for which is the performance of the contract of sale and the relevant legal obligations, in compliance with Art. 6 of EU Regulation 2016/679 (GDPR).
How we process your data:
Processing modalities are the technical and organisational methods used by us to ensure the suitable and secure management and storage of your data. Your data shall be processed using electronic means. Your data shall only be accessible to authorised staff (identified as Designated Individuals and/or Data Processors), through the granting of specific and individual access permissions.
We guarantee that your data shall be processed with maximum security: we have adopted suitable physical, digital and organisational measures to ensure the protection of your personal data.
You have the right:
1) to access your data.
This means you have the right to ask for additional information regarding:
● the data categories we are processing;
● the purpose of the processing;
● the categories of the potential recipients to whom your data may be communicated;
● the period for which your data is stored, or, in the absence of this information, the criteria used to determine this period;
● your other rights regarding the use of your data.
We shall provide you with the relevant information as promptly as possible within a maximum of one month from your request, as long as this does not infringe upon the rights and freedoms of other subjects (for example another person’s right to confidentiality) and that there are no legal obligations that prevent it. We shall inform you in the event that we are unable to satisfy your request for any reason;
2) to correct your data if it is incorrect or not up to date;
3) to obtain the erasure of your personal data (right to be forgotten).
You may, at any moment, request for the personal data we have of yours in our possession to be erased, if keeping it is no longer necessary for the purposes of the processing and there are no legal obligations or other legitimate binding reasons.
The correspondence relating to the exercising of your right shall, in any event, be kept for a maximum of 5 years as proof;
4) to the portability of your data, i.e. the right to transfer your data from one electronic system to another;
5) to object, at any time, to the further processing of your personal data carried out by us on the basis of a legitimate interest of ours;
6) to file a complaint with the supervisory authority.
But before doing that, contact us! We will be happy to resolve any problems relating to the processing of your personal data.
You may exercise your rights at any time by sending an email to the following address: email@example.com
Drop guarantees your rights even if it is processing your personal data on behalf of a third party. If we are processing your data on behalf of a third party, we guarantee that any requests to exercise your rights shall be forwarded to them without undue delay.
If you think that there has been a breach of your personal data, please contact us immediately firstname.lastname@example.org or contact our Data Protection Officer at email@example.com
Where your data is kept
Your data shall be processed within the European Union and shall not be transferred to countries outside of the EU.
If we need to transfer and/or store your data outside of the EU, you shall be duly informed. In this event, we shall adopt all suitable measures to guarantee the maximum protection of your data.
Your data shall be stored electronically. The original documentation shall be kept:
● at the administrative department at our registered office;
● with online communication and email providers;
● with the Digital Storage delegate pursuant to the 2022 Agid Guidelines on the Storage of Digital Documents;
● potential Sub-Processors, pursuant to Art. 28, paragraph 4 of EU Regulation 2016/679 (GDPR).
How long do we keep your data for?
All data relating to the fulfillment of administrative and tax-related purposes shall be stored for 10 (ten) years in compliance with the relevant legal provisions.
Therefore, we shall stop actively processing your data after 10 years from your last purchase, unless there are legal obligations under which we must store your data for longer than this.
Third parties who can process your data:
For more information contact us at: firstname.lastname@example.org or email@example.com.
The availability of items, prices, shippings methods, payment methods and currencies will be updated based on the new destination.