Privacy Policy & Cookie Policy

PRIVACY POLICY E COOKIE POLICY

I. PRIVACY POLICY

EXTENDED INFORMATION PURSUANT TO ARTICLES. 12, 13 AND, IF APPROPRIATE, 14 OF THE GDPR – REGULATION (EU) 2016/679 RELATING TO THE PROTECTION OF NATURAL PERSONS, WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER THE GDPR)

The data controller reports below the information pursuant to the articles. 12, 13 and, if necessary, 14 of the GDPR relating to the processing of personal data provided by the Customer/interested party through the compilation and signing of the Contract to purchase the products/services offered for sale by the data controller himself, spontaneously uploading data to this website personal (in particular by filling in forms) or simply by browsing it.

  1. Data controller and contact details

The data controller is Viganò Alta Moda s.r.l., with headquarters in Via Paolo da Cannobio 39, 20122 Milan.

Tel: 02 874172 - Email: info@vigano1919.it

  1. Principles applicable to treatment

In accordance with the provisions of the GDPR, the data controller constantly works to ensure that personal data is:

(a) processed lawfully, correctly and transparently; (b) collected for specified, explicit and legitimate purposes, and further processed in a way that is not incompatible with those purposes; (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (d) accurate and, if necessary, updated; (e) retained for a period of time not exceeding the achievement of the purposes for which they are processed; (f) processed, using appropriate technical and organizational measures, in such a way as to guarantee their security; (g) processed, if by virtue of consent, by decision freely taken by the Customer/interested party, on the basis of a request presented in a way that is clearly distinguishable from the rest, in an understandable and easily accessible form, using simple and clear language.

The data controller adopts appropriate technical and organizational measures to ensure the protection of personal data by design and to ensure that, by default, only the data necessary for each specific processing purpose are processed.

The data controller collects and takes into utmost consideration the indications, observations and opinions of the Customer/interested party transmitted to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.

  1. Methods of processing personal data

The processing of personal data is carried out manually and with electronic tools, with logic strictly related to the purposes indicated below and, in any case, in such a way as to guarantee the security and confidentiality of the data themselves.

  1. Purpose of the processing of personal data

(4a) Purposes for which data processing is necessary

The personal data provided by the Customer/interested party are mainly processed for the execution of the Contract and the management of the credit and, more generally, of the relationship arising from the Contract itself.

In addition to this possibility, the data can be processed for the selection of new personnel, for the distribution of products / services, management of suppliers and other cases arising from the request of the customer / interested party or normal company administration.

The provision of data in the Contract or subsequently, during the contractual relationship, for the processing purposes in question is mandatory; therefore, the failure, partial or incorrect provision of such data makes it impossible to stipulate and/or execute the Contract and, for the Customer/interested party, to use the products/services offered by the data controller, potentially exposing the Customer/interested party himself. to liability for breach of contract.

The personal data provided by the Customer/interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, to safeguard the vital interests of the Customer/interested party or of another person physical, for the execution of a task of public interest or connected to the exercise of public powers vested in the data controller, or for the pursuit of the legitimate interest of the data controller himself or of third parties, provided that they do not prevail the interests or fundamental rights and freedoms of the Customer/interested party; even in these cases, the provision of data is mandatory and, therefore, failure, partial or incorrect communication of data may expose the Customer/interested party to possible liabilities and sanctions provided for by the legal system.

(4b) Further purposes of the processing following specific and express consent of the Customer/interested party

In addition to the processing purposes mentioned above, the personal data provided/acquired may be processed, subject to the consent of the Customer/interested party, to be expressed by selecting the <> box on the Contract or on the Site (or using other applications social or web of the data controller), also for carrying out market surveys and to carry out commercial and promotional communications, via telephone (also using the mobile number provided) and automated contact systems (e-mail, sms, mms, fax, etc.), on products/services of the data controller or of companies of the Group to which the data controller possibly belongs.

Consent for the processing purposes referred to in this point (4b) is optional; therefore, following any refusal, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.

  1. Categories of personal data processed

The data controller mainly processes identification/contact data (name, surname, addresses, type and number of identification documents, telephone numbers, e-mail addresses, of a fiscal/billing nature, except for others) and, if required commercial transactions, financial data (of a banking nature, in particular current account identifiers, credit card numbers, except for others connected to the aforementioned commercial transactions).

The processing that the data controller carries out, both for the execution of the Contract and by virtue of the express consent of the Customer/interested party, does not generally concern particular categories of personal data, known as sensitive (which reveal racial or ethnic origin , political opinions, religious beliefs, state of health or sexual orientation, etc.), nor genetic and biometric data or so-called judicial data (relating to criminal convictions and crimes).

However, it cannot be excluded that the data controller, in order to carry out the obligations arising from the Contract, must retain and/or needs to process sensitive, genetic and biometric or judicial data of the Customer/interested party or third parties, of which the Customer/interested party acts as data controller; in the hypothesis in question, the processing by the data controller takes place pursuant to, under the conditions and within the limits set out in the appointment of the same data controller as data controller, by the Customer/interested party.

The data controller processes, as data controller with reference to the Site, and, potentially, as data controller appointed for this purpose (in the terms set out above) by the Customer/interested party, also the so-called navigation data. The computer systems and software procedures used to operate the websites acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but which, by its very nature, could allow the interested party to be identified. This category of information includes geolocation data, IP addresses, browser type, operating system, domain name and website addresses from which access has been made or exited, information on the pages visited by users within of the site, access time, time spent on a single page, internal path analysis and other parameters relating to the operating system and the user's IT environment. It is, therefore, information which, by its very nature, allows users to be identified through processing and association also with data held by third parties.

The Site may then use cookies, both session (which are not stored on the data subject's computer and disappear when the browser is closed) and persistent, for the transmission of personal information, or in any case systems for tracking of interested parties.

  1. Source of personal data

The personal data that the data controller processes are collected directly by the data controller from the Customer/interested party at the time of, and during, navigation of the latter on the Site (or using other social or web applications of the data controller), or , including through its sales representatives, on the occasion of, or subsequent to, the signing of the Contract, during its execution, or from public sources.

As specified above, the data controller, as data controller appointed for this purpose, in order to carry out the obligations arising from the Contract, may retain and/or process data, in particular navigation data, potentially also sensitive, genetic and biometric or judicial, of third parties, of which the Customer/interested party has as data controller, acquired, with the prior consent of said third parties, at the time of, and during, navigation of the same third parties on the Site (or using other social or web applications referable to the owner of the treatment).

  1. Legitimate interests

The legitimate interests of the data controller or third parties may constitute a valid legal basis for the processing, provided that the interests or fundamental rights and freedoms of the interested party do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject, for example when the data subject is a client of the data controller. In particular, it constitutes a legitimate interest of the data controller to process personal data of the Customer/interested party: for fraud prevention purposes, for direct marketing purposes, to ensure the free circulation of the same data within the business group to which the data controller processing possibly belongs, or relating to traffic, in order to guarantee the security of networks and information, i.e. the ability of a network or system to resist unexpected events or illicit acts that may compromise the availability, l authenticity, integrity and confidentiality of data.

  1. Circulation of personal data

(8a) Communication of personal data - categories of recipients

In addition to the employees and collaborators in various capacities of the data controller (who are authorized by the data controller himself to process pursuant to adequate written operating instructions, in order to guarantee the confidentiality and security of the data), some processing operations they can also be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, functional to the purposes referred to in point (4a), therefore both in execution of contractual and legal obligations, among which they deserve mention, a however, inevitably, non-exhaustive title: commercial and/or technical partners; companies that provide banking and financial services; companies that perform document archiving services; debt collection companies; auditing and financial statement certification companies; rating companies; subjects who carry out professional assistance and consultancy activities in favor of the data controller; companies that carry out customer care activities; factoring companies, credit securitization companies or otherwise credit transferees; company of the Group to which the data controller possibly belongs; subjects who provide commercial information; IT services company. The subjects belonging to the aforementioned categories process the same personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform for/in the interest of of the data controller; the data controller gives adequate written operating instructions to the data controllers, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.

Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, also functionally to the purposes referred to in point (4b), among which they deserve mention, however, inevitably, not exhaustive: commercial and/or technical partners; companies that institutionally provide marketing services; advertising agencies; subjects who provide assistance and consultancy activities with reference to competitions and prize operations. The subjects belonging to the aforementioned categories process personal data as independent data controllers, or as data controllers, with reference to specific processing operations that fall within the contractual services that the same subjects perform in favor/in the interest of the data controller; the data controller gives adequate written operating instructions to the data controllers, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality and security of the data.

The list, subject to periodic updating, of the data processors with whom the data controller has relationships is available upon written request to be sent to the headquarters of the data controller.

Furthermore, personal data may be communicated, upon request, to the competent authorities, in fulfillment of obligations deriving from mandatory provisions of law.

(8b) Transfer of personal data to third countries

The personal data of the Customer/interested party may also be transferred abroad, both to countries in the European Union and to countries outside the European Union and, in the latter case, either on the basis of an adequacy decision, or within the scope and with the adequate guarantees provided for by the GDPR (therefore, in particular, in the presence of standard contractual data protection clauses approved by the European Commission), or, outside of the hypotheses mentioned above, using one or more of the exceptions provided by the GDPR (in particular, by virtue of the explicit consent of the Customer/interested party, or for the execution of the Contract concluded by the Customer/interested party, or for the execution of a contract stipulated between the data controller and another natural person or legal in favor of the Customer/interested party, in particular for the execution of activities delegated to it by the data controller for the execution of the Contract concluded with the Customer/interested party). In the event of data transfers to countries outside the European Union, the Customer/interested party is allowed, upon written request to be sent to the headquarters of the data controller, to know the adequate guarantees, or exceptions, which legitimize cross-border processing. It is understood, in the event of data transfer to countries outside the European Union, that for any request relating to the data, including for the exercise of the rights recognized by the GDPR to the Customer/interested party, the latter can always validly contact the owner of the treatment.

  1. Criteria for determining the retention period of personal data

For the purposes referred to in point (4a) above, the retention period of the personal data released by the Customer/interested party, and their consequent potential processing, coincides with the limitation period of the rights/duties (legal, fiscal, etc. ) descending from the Contract: generally 10 years, therefore, unless events interrupt the statute of limitations which could effectively extend said period.

For the purposes referred to in point (4b) above, the retention period of the data released by the Customer/interested party, and their consequent potential processing, ends with the revocation of the consent previously given by the Customer/interested party himself or, in the absence of this, in any case after one year from the termination of any relationship between the data controller and the Customer/interested party.

  1. Rights of the Customer/interested party

The data controller recognizes - and facilitates the exercise by the Customer/interested party of - all the rights provided for by the GDPR, in particular the right to request access to their personal data and to extract a copy of it (art. 15 GDPR ), to the rectification (art. 16 GDPR) and to the cancellation of the same (art. 17 GDPR), to the limitation of the processing that concerns him (art. 18 GDPR), to the portability of the data (art. 20 GDPR, where applicable conditions) and to oppose the processing that concerns him (articles 21 and 22 GDPR, for the hypotheses mentioned therein and, in particular, to the processing for marketing purposes or which translates into an automated decision-making process, including profiling, which produces legal effects that concern him, where the conditions are met).

The data controller also recognizes the Customer/interested party, if the processing is based on consent, the right to revoke said consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. To do this, the Customer/interested party can unsubscribe at any time on the Site (or on other social or web applications of the data controller) or by using the appropriate link at the bottom of each commercial communication received, or by contacting the data controller at contact details above.

The data controller also informs the Customer/interested party of the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, as supervisory authority operating in Italy, and to lodge a judicial appeal against a decision of the Guarantor Authority. , as well as towards the data controller himself and/or a data controller.

The Customer/interested party, if he wishes to modify or delete the data he has provided via the site, can make a request directly to the owner. In the event that the customer/interested party has registered on the site, he can use his reserved area to exercise all the rights provided for by the information.

In the event of a request to delete your data, we inform you that it may no longer be possible to continue providing the service requested.

  1. Security of systems and personal data

Taking into account the state of the art and costs of implementation, as well as the nature, object, context and purposes of the processing, as well as the risk, in terms of probability and severity, for the rights and freedoms of natural persons , the data controller adopts technical and organizational measures deemed appropriate to guarantee a level of security appropriate to the risk, in particular ensuring, on a permanent basis, the confidentiality, integrity, availability and resilience of the processing systems and services ( including through the encryption of personal data, where necessary) and the ability to promptly restore the availability of data in the event of a physical or technical incident, and by adopting internal procedures aimed at testing, verifying and regularly evaluating the effectiveness of the technical and organizational measures used .

When assessing the appropriate level of security, account shall be taken of the risks presented by the processing which arise, in particular, from destruction, loss, modification, unauthorized disclosure or access, accidentally or illegally, to personal data transmitted, stored or otherwise processed.

The data controller ensures that anyone acting under its authority and having access to personal data does not process such data unless instructed to do so by the data controller.

That said, the Customer/interested party acknowledges and accepts that no security system guarantees, in terms of certainty, absolute protection; therefore, the data controller is not liable for acts or facts of third parties who, despite the adequate precautions taken, illegally access the systems without the necessary authorizations.

  1. Automated decision-making processes, including profiling

The data controller may carry out automated processing, including profiling, in relation to the purposes referred to in point (4b) above, to optimize the navigability of the Site (or the usability of other social or web applications of the data controller) and to improve the purchasing experience, except as specified above with regard to the rights of opposition and revocation of consent by the Customer/interested party.

Profiling means any form of automated processing of personal data aimed at evaluating certain aspects relating to a natural person, in particular to analyze or predict aspects concerning, for example, that person's personal preferences, interests or location, also for the purpose of creating profiles, i.e. homogeneous groups of subjects in terms of characteristics, interests or behaviour.

The data controller does not carry out any automated processing that produces legal effects concerning the Customer/interested party or that similarly significantly affects his person, unless this is necessary for the conclusion or execution of the Contract, is authorized by law or is based on the explicit consent of the Customer/interested party, in any case always recognizing the latter's right to obtain human intervention, to express their opinion and to contest the decision.

II. COOKIE POLICY

Cookies are small text files that can be used by websites to make the user experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third-party services that appear on our pages. At any time you can modify or withdraw your consent from the Cookie Declaration on our website. By continuing to browse this site by closing the information banner or by clicking on any part of the page or scrolling to highlight further content, you accept the Cookie Policy and cookies will be set and collected
Find out more about who we are, how you can contact us and how we process personal data in our Privacy Policy.
Please specify your consent ID and the date you contacted us regarding your consent.
Your consent applies to the following website: vigano1919.it.

Necessary cookie

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Cookies in this category:

  • _ab
  • _orig_referrer
  • _secure_session_id
  • Cart
  • cart_sig
  • cart_ts
  • checkout_token
  • Secret
  • Secure_customer_sig
  • storefront_digest
  • cookieconsent_status
  • cookieconsent_preferences_disabled

 Statistical cookies

Statistical cookies help website owners understand how visitors interact with sites by collecting and reporting information anonymously.

Cookies in this category:

  • _shopify_fs
  • _shopify_s
  • _shopify_sa_t
  • _shopify_uniq
  • _shopify_visit
  • _shopify_y
  • _and
  • tracked_start_checkout
  • _ga
  • _gid
  • _hole
  • __atuvc
  • __oven
  • __atuvc
  • __don't win
  • __cfduid

 Marketing cookies

Marketing cookies are used to track visitors across websites. The intention is to display content that is relevant and engaging for the individual user.

Cookies in this category:

  • _year
  • GOES
  • _s
  • collect
  • GPS
  • PREF
  • BizoID
  • _fbp
  • _fbc