Data processing by Safilo will be based on the principles of transparency, correctness, lawfulness, relevance and necessity.
The appointed Data Protection Officer ("DPO") can be contacted at the following e-mail address: firstname.lastname@example.org.
WHAT KIND OF INFORMATION DO WE COLLECT AND FOR WHAT PURPOSE?
2.1) NAVIGATION DATA
The computer systems used for the Website acquire, during normal browsing, some personal data that are then implicitly used for Internet communication protocols. Such data are not collected in order to be associated with identified interested parties, but only for the legitimate interest of the Website owner in safe running of the systems and to ensure visitors’ browsing on the Website. Given their nature, such data could, through processing and associations with other data held by third parties, allow users’ identification. The following data fall in this category: IP addresses or domain names of the computers used to connect to the Website, addresses in inform Resource Identifier (URI) notation of the requested resources, request time, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and user's computer environment. Such data could be used by the judicial authorities and by police forces upon request for the performance of their institutional duties.
2.2) DATA PROVIDED VOLUNTARY BY VISITORS/USERS
Such data are provided spontaneously by the visitors in order to take advantage of all the interactive activities offered by the Website. In particular, in certain sections of the Website, Safilo may ask for personal information such as name, surname, address, birth date, gender, email address, etc.. This may be required, for example if the user buys products, signs up to a contest or promotion, sends a message to the “Contact US” section or required those services for which registration or subscription Is needed.
Except where not otherwise indicated, the personal data supplied will be used exclusively to manage and respond to the requests of the user/ visitor, thus constituting the contractual and pre-contractual execution of the legal basis of such treatments.
The user/ visitor is in any case asked to refrain from entering special categories of personal data, i.e. those that reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data related to the health or sex life or sexual orientation of the person, as without consent they cannot be treated further and must be eliminated.
NATURE OF DATA PROVISION AND REFUSAL CONSEQUENCES
DATA TREATMENT METHODS AND SUBJECTS WHO MAY HAVE ACCESS TO DATA
Personal data are processed electronically for the time necessary to achieve the purposes for which they are collected. Data are treated in compliance with the applicable legislation, adopting all necessary and most appropriate and appropriate security measures in order to prevent any unauthorized access, disclosure, modification or unauthorized destruction of them.
The data will be processed by Safilo’s employees or collaborators, specifically appointed as data processors, and eventually by other providers of digital services appointed as data processors.
Data will not be disclosed to third parties except for legal or judicial authorities’ obligations and will not be disseminated in any way.
DATA RETENTION TIME
Personal data voluntarily provided by visitors will be retained only for the time strictly necessary for the execution of the requested service and for a maximum of 5 years. Navigation data will be retained for 7 (seven) days.
You will be able to access your personal data at any time, correct, integrate or delete them, request limitation of their processing and obtain an electronic copy of the data, by sending a written request to the following e-mail address: email@example.com.
Users also have the right to lodge a complaint, for reasons relating to the processing of his personal data, to the competent control authority (in Italy, the “Garante per la protezione dei dati”). A list of EU data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
The Site is not aimed at children under the age of 18 and Safilo does not intentionally collect personal information from them. In the event of accidental recording of any information on minors, Safilo will promptly delete them at the request of users.
LINK TO THIRD PARTIES
TRANSFER OF DATA OUTSIDE THE EU
Safilo may transfer the data to third parties responsible for the aforementioned processing and located outside the European Union (by way of example, to companies of the Safilo group or to third parties) to allow the carrying out of the activities listed in this information (e.g. hosting services). If personal information is transferred to countries that do not provide the same level of protection or an adequate level of protection of personal data (e.g. United States of America), Safilo will ensure that each service provider assumes specific contractual obligations in compliance with the applicable regulations on the protection of personal data except where Safilo can refer to any other legal basis for the transfer of personal information.
Per quanto riguarda invece il trasferimento di dati all’estero dalla piattaforma Shopify, fate riferimento al seguente link: https://help.shopify.com/en/manual/your-account/privacy/GDPR/cross-border-data
Safilo has implemented many of the controls and processes identified in the General Data Protection Regulation (EU 2016/679) to guarantee the protection of the confidentiality, integrity, availability and resilience of data and processing systems. Some of the security measures adopted include the anonymization and encryption of personal data, the limitation of who can access personal data, technological and organizational measures relating to data backup and data recovery and the execution of tests, evaluations and periodic evaluations of security measures.
AMENDTMENTS TO THE POLICY