Newsletter & Reporting activities
1 - INTRODUCTION – WHO WE ARE?
Peck S.p.A., with registered office in Milano – Via Spadari, n. 9 - 20123, P.IVA No. 09828820150 (hereinafter, “Data Controller”), owner of the stores identified by the “Peck” trademark as well as owner of the website www.peck.it (hereinafter, the “Website”), in its capacity as data controller in relation to personal data pertaining to customers of the stores and users browsing the Website (hereinafter, the “Users”) hereby provides the privacy policy pursuant to art. 13 of the Regulation EU 2016/679 of the Council of 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
2 - HOW TO CONTACT US?
The Data Controller takes the utmost account of its Users’ right to privacy and protection of personal data.
For any information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:
- registered letter with return receipt (to the following address Via Spadari, n. 9 – 20123 Milano)
- by e-mail (to the following address privacy@peck.it)
- by sending a fax to 02.860408
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller, whose contact details are the following: the company Shibumi S.r.l in the person of Mr. Lapo Curini Galletti - e-mail: privacy@peck.it.
3 - WHAT DO WE DO? - PROCESSING PURPOSES
By browsing the Website or entering one of the stores identified by the “Peck” trademark, the User may communicate to the Data Controller his/her willingness to receive a periodic newsletter containing promotional material through which the Data Controller proposes the purchase of products and/or services offered by the Data Controller and/or third-party companies.
In connection with the activities that may be carried out by the Data Controller, the Data Controller collects personal data relating to Users.
Particularly, the personal data of the Users will be lawfully processed for the following purposes:
- sending of the newsletter: Users’ personal data (name, surname, email address) are collected and processed by the Data Controller for the sending of a newsletter containing advertising material, direct sales and commercial communications, i.e. so that the Data Controller can contact the User by e-mail to propose to the User the purchase of products and/or services offered by the Data Controller itself and/or by third party companies, to present offers, promotions and commercial opportunities;
- reporting and strategic assessment activities. User’s personal data (name, surname, nationality, sex, age) are collected by the Data Controller and consequently anonymised in order to use it, in aggregate form, to draft reports related to the Data Controller's business activities and conduct strategic assessments on how to set up future business activities such as, by way of example and not limited to, future marketing campaigns or long term strategies based on target country and/or age group. The reports are used in the interest of the Data Controller to improve its products, service and to implement a more effective management of its activities. In order to perform the aforementioned activities, no personal data are retained after the creation of such reports, since personal data of Users are appropriately anonymized, in order to no longer allow, even indirectly, the identification of the data subjects concerned. It is understood that Users have the right to object, at any time and free of charge, to the processing of their personal data for the purposes set out in this paragraph, by sending a communication to the Data Controller through the modalities set out in paragraph 8 below.
- legal obligations, i.e., to comply with obligations imposed by law, an authority, a regulation or European legislation.
The provision of personal data for the above processing purposes is optional but necessary, since failure to provide such data will make it impossible for the User to receive promotional e-mails from the Data Controller.
The User may easily oppose further sending of promotional communications by clicking on the appropriate link in each e-mail. Once the request has been made, the Data Controller will send the User an e-mail message to confirm that what the User has requested has been carried out.
The Data Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (i.e., the formation of contact lists already completed shortly before the receipt by the Data Controller of the request for objection) the User will continue to receive some further promotional messages. If you continue to receive promotional messages after 24 hours of exercising your right to object, please report the problem to the Data Controller using the contact details set out in paragraph 7 below.
4 - LEGAL BASIS FOR PROCESSING
Sending of the newsletter (as described in par. 3, lett. a)): the legal basis consists in art. 6, paragraph 1, lett. a) of the Regulation, namely, the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User to provide a specific free and optional consent, in order to pursue such processing purpose.
Reporting and strategic assessment activities (as described in par. 3, lett. b)): the legal basis consists in Article 6, paragraph 1, lett. f) of the Regulation, i.e. the need to pursue a legitimate interest of the Data Controller (i.e. improvement of products, services and implementation of a more effective management of its activities in new countries and/or in the interest of its target clients). In any case, as soon as the personal data of Users are appropriately anonymised by the Data Controller, as these data are no longer personal data that make a data subject identifiable, even potentially, these data no longer fall under the scope of the Regulation.
Legal obligations (as described in the previous paragraph 3, letter b)): the legal basis consists of art. 6, paragraph 1, lett. c) of the Regulation, as the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
5 - PROCESSING METHODS AND DATA RETENTION PERIOD
The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
As regards the purpose described in paragraph 3, letter a) above, Users’ personal data will be stored for the time strictly necessary to fulfil the purposes described therein and, in any case, until Users withdraw their consent.
As regards the purpose described in paragraph 3, letter b) above, the personal data of the Users will be kept for the time strictly necessary to fulfil such purpose, or in any case as long as necessary to protect the interests of both the Users and the Data Controller in civil proceedings.
In any case, this is without prejudice to possible retention periods provided for by laws or regulations.
6 - TRANSMISSION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union, and, in this case, the Data Controller will ensure that the transfer takes place in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate guarantees) of the Regulation.
The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website, the newsletter’s service and the Users’ requests. These subjects, who have been instructed to do so by the Data Controller pursuant to Article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulations.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “Data Processors” pursuant to Article 28 of the Regulations, such as, for example, IT and logistic service providers functional to the operation of the Data Controller’s Website, suppliers of outsourcing or cloud computing services, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 7 below.
7 - RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights granted by the Applicable Regulations by contacting the Data Controller as follows:
- registered letter with return receipt (to the following address Via Spadari, n. 9 – 20123 Milano)
- by e-mail (to the following address privacy@peck.it)
- by sending a fax to 02.860408
The Users may also contact the Data Protection Officer (DPO) appointed by the Controller, whose contact details are the following: the company Shibumi S.r.l in the person of Mr. Lapo Curini Galletti - e-mail: privacy@peck.it.
Pursuant to the Applicable Law, Users have:
a. the right to withdraw consent at any time, if the processing is based on their consent;
b. the right of access to personal data;
c. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ("right to be forgotten");
the right to object:
d. in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
e. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
f. if they consider that the processing of their personal data is in breach of the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, located in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/ ).
***
The Data Controller is not responsible for updating all links that can be viewed in this cookie policy, therefore whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to such link.