Privacy & Cookies

Privacy

PRIVACY POLICY IN ACCORDANCE WITH ARTICLE 13 OF LEGISLATIVE DECREE NO. 196/2003 and ARTICLE 13 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016

POLICY

Corneliani is aware of the importance of the personal data of users and therefore intends to inform and provide the same with the most control possible on the management of the personal information collected through this Internet website (hereinafter, the "Website") in compliance with the provisions of Article 13 of Legislative Decree No. 196/2003 (the "Italian Data Protection Code") and Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "Regulation") concerning the data collected and processed through the website www.corneliani.com (hereinafter, the "Website")

 

Data Controller of the data collected on the Website

 

With respect to the data collected and processed through the Website, we inform you that:

 

a)      Corneliani S.p.A. (hereinafter "Corneliani"), with registered office at Via Mario Panizza No. 5, 46100 Mantua (Province of Mantua), with VAT No. IT00152660205, having a share capital of EUR 10,522,819, registered in the Companies' Register of Mantua with Economic Administrative List No. 87606, is an independent data controller of the personal data of the users who browse the Website, including the browsing data and data collected through the Website for marketing and profiling purposes.

 

b)      Alkemy S.p.A. (hereinafter "Alkemy"), with registered office at Via San Gregorio No. 34, 20121 Milan (Province of Milan), with VAT No. 05619950966, having a share capital of EUR 566,961.00, registered in the Companies' Register of Milan, is an independent data controller connected with and correlated to the sales made through the e-shop on the Website and for any necessary pre and post sale assistance and services.

 

 

A) Privacy Policy provided by Corneliani S.p.A. as independent data controller under Article 13 of the Italian Data Protection Code and Article 13 of the Regulation in relation to the processing carried out with marketing and profiling purposes[VS1] 

 

1)    Data Controller and Data Processors

 

The data controller of the data collected and processed through the Website for its browsing, to respond to questions and queries, to provide customer services, and for marketing and profiling purposes, as better indicated in the following paragraph, is Corneliani S.p.A., with registered office at Via Mario Panizza No. 5, 46100 Mantua (Province of Mantua), with VAT No. IT00152660205, having a share capital and reserves of EUR 61,500,968, registered in the Companies' Register of Mantua with Economic Administrative List No. 87606.

 

Corneliani has appointed Alkemy S.p.A., whose registered office is at Via San Gregorio No. 34, 20121 Milan, as data processor, as provider of IT services and operating manager of the Website, with reference to the processing carried out on the same Website for which it is also data controller. For any information about the data controller and for a full list of the data processors, you may write Corneliani at: privacy@corneliani.it or by fax at No. + 39 0376 304 308 or via mail at the abovementioned address.

 

 

2)   Categories of data collected and the purpose of the processing carried out on the Website for which Corneliani is independent Data Controller

 

Different types of personal data are collected and processed through the Website for different purposes and using different means. More precisely:

 

(a) the personal data relating to browsing, stored to allow the proper functioning of the Website, is for marketing purposes. In this regard, please read the specific Cookie Policy [link];

 

(b) personal data provided voluntarily by the user (such as e-mail address, vital statistics, the password given by filling out the form to request information on this Website or the information related to education and to work experience) is processed by Corneliani to respond to the user's requests about the Corneliani products and to provide the services offered by Corneliani to its customers (such as appointments in boutiques or Made-to-Measure) or to assess any candidacy for jobs spontaneously sent by the user through the Website.

Please note that registration and access to the Website through social media profiles may require disclosing certain information (including Name, Surname, Email and any other public profile information about the user and on the social media itself) by the  social media chosen and therefore will require acquiring certain permissions and consents to release before logging on, which will allow carrying out actions with the user's account. In some cases, social media websites seek some feedback and information on the use of login. For more information, please refer to the relevant privacy policy on social media at the address https://it-it.facebook.com/policy.php;

 

(c) with the user's express permission, Corneliani may process the user's personal data for marketing purposes, so as to send to the user, either with traditional means (such as mail and telephone) or with telematics means (such as newsletters, email, SMS, MMS and web chat), information and updates about products, promotions, events and other initiatives offered by Corneliani, as well to carry out specific market research.

 

(d) with the user's express permission, Corneliani may also process the user's personal data to study consumption habits and choices, to make its initiatives more responsive to the tastes and needs of its customers. We emphasise, in that regard, that such processing is partly automated and permits creating clusters of customers with similar purchasing characteristics and preferences in order to better target Corneliani's marketing initiatives and proposals.

 

3)   Corneliani's personal data processing procedures

 

The personal data collected through the Website are processed using primarily computers and computerised procedures and instruments and by adopting safety measures to minimise the risks of destruction or loss, also accidental, of such data, and unauthorised access or processing that is not permitted or that does not comply with the purposes of the collection indicated in this Privacy Policy. However these measures, by the nature of the means of on-line transmission, cannot entirely limit or exclude any risk of unauthorised access or the circulation of the data. Consequently, we recommend periodically checking that your computer has the proper software devices to protect the transmission of data on the network, both inbound and outbound (such as updated antivirus systems), and that your Internet service provider has adopted appropriate measures for the secure transmission of data over the network (such as firewalls and spam filters).

 

4)   Mandatory or voluntary nature of providing data and legal basis

 

Except for the browsing data whose provision and whose collection are governed by the Cookie Policy, the provision of the personal data collected through the Website to manage users' requests and questions, for marketing purposes as well as to study consumer habits and preferences, is freely given, voluntary and optional. Failure to provide personal data does not restrict the use of the Website; it might however make it impossible for Corneliani to manage requests for information or for service and queries or to send information, updates, newsletters, etc.

Except for the browsing data that is governed by the Cookie Policy, the processing of personal data rests on the user's consent for the purposes referred to in above paragraph b) – solely for logging on to the social network – and in paragraphs c) and d) above.

Corneliani also processes user data to provide feedback or the requested services to the extent that such is strictly necessary to respond to the request or to provide the service or to assess any unsolicited e-mails from prospective candidates sent through the Website.

 

5)   Categories of data subjects

 

Corneliani disseminates the personal data of users of the Website only to the extent permitted by law and in accordance with the below statement.

In addition to what is stated in paragraph 2b) concerning logging on to social media, personal data will be processed and known - apart from Corneliani's employees and independent contractors, who will operate as persons authorised to the processing - by the companies of the Group and by the relevant permanent establishments, as well as by companies that provide specific technical and organisational services to the latter connected to the Website and to managing the marketing and communication activities in their capacity as data processors or as persons authorised to carry out the processing. Furthermore, the data may also be communicated to law enforcement agencies or to the Court, in accordance with the law and upon formal request by these entities, or in the case where there are well-founded reasons to believe that disclosure of such data is reasonably necessary to (1) investigate, prevent or take action regarding suspected unlawful activities or to assist national control and supervisory authorities; (2) to defend itself against any claim or allegation from third parties, or to protect the security of its Website and that of the Company; or (3) to exercise or protect the rights, property or safety of Corneliani, its affiliates, its customers, its employees, or any other person.

Personal data will not be disclosed and will be transferred abroad, also outside the European Union, solely to ensure adequate levels of protection and safeguards according to the law, such as the Standard Contractual Clauses adopted by the European Commission.

 

6)    Source of data and storage periods

 

The personal data collected by Corneliani are provided directly by the user (by registering on the Website or by using the services associated therewith), except for the browsing data referred to in paragraph 2a) above, for the data collected in the event of registering and accessing through a social media profile, as indicated in paragraph 2(b) above, and for the purchasing data provided by Alkemy S.p.A. in the event where the user had provided their consent to profiling.

The personal data provided by the user during browsing, inherent to the browsing itself and traced through cookies, will be stored for a maximum period of six (6) months. Data processed to provide a response to the data subject or to provide a service will be stored for the time necessary to provide feedback to the user or the service requested, and for any additional time required by Corneliani to meet the need or the request received. The data collected as a result of candidates submitting work applications will be stored for no longer than 6 months. The data collected for profiling purposes will be stored for the statutory period of 12 months and the marketing data will be stored for a reasonable period, in accordance with the relevant industry.

 

7)   Rights under Article 7 of the Italian Data Protection Code, and Articles 15, 16, 17, 18, 20 and 21 of the Regulation

 

The user is always entitled to obtain confirmation from Corneliani as to whether or not the personal data concerning him/her exists, even if not yet recorded, and their communication in an intelligible form. The user is also entitled to obtain information about the origin of his/her personal data; the purpose and methods of processing; the logic applied where the processing involves using electronic equipment; the personal identification details of the data controller and the data processors; an indication of the persons or categories of persons to whom the personal data may be communicated or who may become aware thereof while, for example, acting in the capacity of data controllers, data supervisors or persons authorised to perform the processing. The user is also entitled to request to update, correct or integrate information, cancel it, transform it into anonymous form or block data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed, confirmation that the requested operations were notified, also on their contents, to those to whom the data was communicated, unless this requirement proves impossible or involves using means that are manifestly disproportionate to the protected right. The user is also entitled to data portability.

The user is entitled to oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him/her (even if pertinent for collection purposes) to send advertising or direct marketing material or to carry out market research or commercial communications. The user is also entitled to ask for the restriction of the processing of data concerning him/her. The right of opposition may be exercised, also specifically, with regard to one or more methods to deliver marketing communications. The user is also entitled to lodge a complaint with the competent supervisory authority as well as to withdraw the consent previously provided.

The abovementioned rights may be exercised by contacting Corneliani in writing at privacy@corneliani.com.

 

B) Privacy Policy provided by Alkemy S.p.A. as independent data controller under Article 13 of the Italian Data Protection Code and Article 13 of the Regulation in relation to the processing carried out for purposes connected or instrumental to sales on the Website

 

1)   Data Controllers and Data Processors

 

The data processor, for purposes related and instrumental to sales made through the e-shop on the Website and the relevant activities of pre and post sale (assistance as to purchases, returns, refunds, reimbursements, exchanges), is Alkemy S.p.A. with registered office at Via San Gregorio No. 34, 20121 Milan (MI), VAT No. 05619950966, share capital of EUR 566,961.00, registered at the Companies' Register of Milan.

 

For the purposes referred to in the paragraph below, Alkemy needs to disclose personal data to its "persons in charge of processing" and to external "data processors". The full list of data processors is available at the registered office of the data controller.

 

2)   Categories of data collected and the purpose of the processing carried out on the Website by Alkemy

 

Alkemy collects directly from the user the personal data provided in the context of the processes to purchase products on the Website's e-shop and to interface with users as regards those activities that are functional and instrumental to the sale, as well as to provide any necessary pre and post sales assistance.

 

3)   Methods of processing and personal data sources

 

The personal data collected for the purposes referred to in paragraph 2) above are processed using primarily computers and computerised procedures and instruments and by adopting safety measures to minimise the risks of destruction or loss, also accidental, of such data, and unauthorised access or processing that is not permitted or that does not comply with the purposes of the collection indicated in this Privacy Policy.

However these measures, by the nature of the means of on-line transmission, cannot entirely limit or exclude any risk of unauthorised access or circulation of the data. Consequently, we recommend periodically checking that your computer has the proper software devices to protect the transmission of data on the network, both inbound and outbound (such as updated antivirus systems) and that your Internet service provider has adopted appropriate measures for the secure transmission of data over the network (such as firewalls and spam filters).

Personal data collected by Alkemy for the purposes referred to in paragraph 2) above are provided directly by the user.

 

4)   Mandatory or voluntary nature of providing data and legal basis

 

The provision of personal data, specifically that relating to vital statistics, payment details, electronic mail address, postal address and phone number, are required to conclude the agreement to purchase the products through the e-shop of the Website.

Some of these data may be, vice versa, indispensable for the provision of other services provided on the Website and related to the sale or to fulfil the obligations imposed by law or regulations.

The potential refusal to indicate certain data required for such purposes may make it impossible to execute the agreement to purchase products on the e-shop of the Website or to provide other services connected thereto and shown on the Website. Failure to provide data may therefore constitute, depending on the case, a legitimate and justified reason not to execute the agreement to purchase products on the e-shop of the Website and to provide the services related thereto and shown on the Website.

The communication of additional data other than those listed on the Website as "mandatory", for the fulfilment of legal or contractual obligations or to provide specific services on request, however, is optional and has no consequences on the use of the Website and its services or on purchasing the products on the e-shop of the Website.

Depending on the case and, if necessary, the compulsory or optional nature of the data communication will be indicated from time to time, by appropriately labelling the information that is mandatory or only the data necessary for the provision of the services and to purchase the products on the Website with an asterisk (*). Failure to provide the optional personal data will not entail any obligation or any disadvantage.

The legal basis for the processing of data for the purposes of Clause 2) resides in the fulfilment of the agreement and in the pre and post contractual obligations to execute, as well as the legal obligations related thereto arising on the part of the seller.

 

5)   Categories of data subjects

 

Personal data may be disclosed to:

a) third parties, solely to execute the product purchase agreement on the Website (the financial institution to execute the remote electronic payment services by credit/debit card) and providers of services related to the sale (shippers, logistics company, contact centre);

b) law enforcement agencies or the Court, in accordance with the law and upon formal request by these entities, or in the case where there are well-founded reasons to believe that disclosure of such data is reasonably necessary (1) to investigate, prevent or take action regarding suspected unlawful activities or to assist the national control and supervisory authorities; (2) to defend itself against any claim or allegation from third parties, or to protect the security of its website and that of the company; or (3) to exercise or protect the rights, property or safety of Alkemy, the companies in the same group, its affiliates, its customers, its employees, or any other person.

Personal data will not be disclosed.

 

6)   Data storage period

 

The personal data collected for sale purposes and for the services connected thereto, and also to comply with applicable legislation shall be stored for no longer than 10 years, in accordance with the legislation on fiscal and civil matters.

 

7)   Rights under Article 7 of the Italian Data Protection Code, and Articles 15, 16, 17, 18, 20 and 21 of the Regulation

 

The user us always entitled to obtain confirmation from Alkemy as to whether or not the personal data concerning him/her exists, even if not yet recorded, and their communication in an intelligible form. The user is also entitled to obtain information about the origin of the personal data; the purpose and methods of processing; the logic applied where processing involves using electronic equipment; the personal identification details of the data controller and the data processors; an indication of the persons or categories of persons to whom the personal data may be communicated or who may become aware thereof while, for example, acting in the capacity of data controllers, data supervisors or persons however authorised to perform the processing. The user is also entitled to request to update, to correct or integrate his/her personal data, to cancel it, to transform it into anonymous form or to block data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed, confirmation that the requested operations were notified, also on their contents, to those to whom the data was communicated, unless this requirement proves impossible or involves using means that are manifestly disproportionate to the protected right. The user is also entitled to data portability.

The user is entitled to oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him/her (even if pertinent for collection purposes) to send advertising or direct marketing material or to carry out market research or commercial communications. The user is also entitled to ask for the restriction of the processing of data concerning him/her. The right of opposition may be exercised also specifically, with regard to one or more methods to deliver marketing communications. The user is also entitled to lodge a complaint with the competent supervisory authority as well as to withdraw the consent previously provided.

The abovementioned rights may be exercised by writing to Alkemy at  privacy@alkemy.com .

 


 [VS1]This heading was changed from numbers 1 to letter A to comply with the heading on page 6 of this document, and to distinguish it from the numbering of the clauses below.