GENERAL PERSONAL DATA PROCESSING POLICY
Personal Data Processing Policy
pursuant to European Regulation 2016/679 of the European Parliament and Council of 27 April 2016,
concerning the protection of natural persons with regard to personal data processing (in short “GDPR”)
Piquadro S.p.A (hereinafter referred to as "PQ"), Parent Company of the "Piquadro Group", together with The Bridge S.p.A. (hereinafter referred to as "TB") and Lancel Sogedi S.A. (hereinafter referred to as "LC"), as Joint Data Controllers, consider the privacy and protection of personal data fundamental and invite their users and customers to carefully read this Policy which contains important information on Data Processing (in short , "Information").
The logical and physical security of the data and, in general, the confidentiality of the personal data processed will be safeguarded by taking all technical and organizational measures necessary to guarantee their security.
- is provided for all the companies belonging to the Piquadro Group, which share data with each other for joint and common purposes;
- is deemed valid for the websites https://www.piquadro.com/it/, https://www.thebridge.it/it and https://www.lancel.com (hereinafter: “Site/Sites”);
- it forms an integral part of the Platform and the services offered by the Group companies;
- is provided pursuant to article 13 of the Regulation, to those who interact with the web services of the Website and the joint Controllers, either by simple consultation or through the use of specific services made available by the Group companies.
- it is intended exclusively for natural persons of age to whom the services of the Group companies are addressed.
A) Identity and contact information of the joint Controllers
Località Sassuriano, 246
Silla di Gaggio Montano (40041 - Bologna, Italy)
Tax Code and VAT No.: 02554531208
The Bridge S.p.A.
registered office in Scandicci (50018 - Florence, Italy),
Via E. Codignola 14/16,
Tax Code and VAT No.:04253320487
Lancel Sogedi S.A.
registered office in 75017, France
48-50 rue Ampere Paris
Ape Code 4772 b - Tva code Fr 20,612,036,376
B) What data we collect and how we collect them
- Data voluntarily provided by the data subject
While using the Website and in general the services offered by the Group companies, we may ask you to provide us with certain personal data or personal information that might be used to identify you, for example by e-mail or online form, through the form to subscribe to the Memberships and our Services or through another type of request.
This information may include personal details and contact details, such as your name, surname, address, e-mail address and telephone number, and some information such as gender and profession.
Brief explanatory notes will be provided or appear on the web pages or through appropriate forms for specific optional services.
- Automatically collected data
In the course of normal operation, the websites may acquire some personal data of the user whose transmission is implicit in the use of internet and mobile phones communication protocols.
These data are collected through the use of systems capable of storing text or information files, such as Cookies or SDK (Software Development Kit).
- Navigation / session and operating data, through cookies or technical SDKs: this category of data includes IP addresses or domain names of computers and terminals used by users, information on the type of device and device used, mobile device identifiers (such as device ID), the URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the technical data relating to the requests (time, language, method, size, status, outcome, etc.), and other related parameters to the user's operating system and IT environment, resolution, application version, information on the activity carried out through our Services, such as the date and time you used a service, the features you used, the purchase history, and the data generated when you use our Services (for example, the project saved in your shopping cart);
- Statistical data, through analytical cookies or SDKs (proprietary and third parties together with the technical data with masked IPs): this category of data includes IP addresses or computers domain names and terminals used by users, information on the type of device and device used, mobile device identifiers (such as device ID), aggregated anonymously.
- Behavioral and profiling data, through profiling cookies or SDKs (both proprietary and third party) and analytical cookies or SDKs (proprietary and third party together with profiling with unmasked IP): this category includes data to track navigation, identify user preferences and improve their browsing experience, send targeted advertising messages and banners, carry out marketing / retargeting activities tailored to the user's needs (non-anonymous data). A list of third parties operating on the Site is available below [GO TO LIST].
This data will only be collected with your consent, if you do not want to customize the options, please consult the “Managing preferences" section below.
- Social data: if you share your social networks account to access our Services, any information that you provide or authorize to provide us via social networks (e.g. Facebook, Google). The Websites may ask for some permissions to share data that allow you to perform actions with the User's account and to retrieve information, including personal data, from it. This information may include your user ID and email address.
For more information, please check the sites of the individual social networks directly.
The information we receive from social media and other third parties is stored and used by our companies in accordance with this Policy.
- with your consent, other information such as precise geolocation (latitude and longitude) using information including GPS, Bluetooth or Wi-Fi connections.
These functions are configurable through the settings of the single device and the authorizations requested by the Site.
Some information is necessary in order to provide the services connected to the Site, and failure to collect them would make it impossible to provide the aforementioned services or involve the partial operation of the Site. The optional information does not affect the operation of the services and can be freely managed by the user.
The forms expressly indicate the mandatory items (with the symbol * or ü). Explicit consent will always be required, by specific request, where necessary.
C) Purpose of personal data processing and relevant legal grounds
Your personal data will be processed:
(i) without obligation of consent for the following purposes:
- to ensure the complete and correct site operation, online account registration, PQClub/TBClub membership, Connequ App membership, management of orders, purchases, sales and deliveries of the products and their monitoring, customer service management, management of payments, management of returns and repairs, management of contacts with customers, management of allowances and discounts;
- administrative-accounting management and related fulfillments (issue of receipts, invoices, preparation of payments), protection of credit positions and defense before the court;
- internal statistics, corporate economic analysis and management
- as concerns the contact data provided at the time the contract was signed, sending of advertising of similar products with the right to immediate erasure upon request;
The processing above meets the following legal grounds, respectively:
- fulfilling a contract or pre-contractual measures, satisfying a request of the interested party - condition laid down by law in Art. 6, letter b) GDPR;
- legal obligation of the Data Controller - condition laid down by law in Art. 6, letter c) GDPR - or for the ascertainment, exercise or defence of a right before the court;
- pursuing a legitimate interest of the Data Controller - condition laid down by law in Art. 6, letter f) GDPR - regarding improvement of the company’s operations and market surveys, improvement of the services supplied to its customers,
- pursuing a legitimate interest of the Data Controller - condition laid down by law in Art. 6, letter f) GDPR and Legislative Decree no. 130 dated 3 June 2003, no.196 (“Privacy Code”)- the so called “Soft spam” - direct marketing and customer retention.
The granting of data marked on the form with (*) for the purposes described in foregoing section (i) is mandatory and the absence of the data and/or express refusal to processing them shall make it impossible for the Data Controller to execute the contract or execute the pre-contractual measures, fulfil the obligation with possible non-fulfilment and responsibility of the interested party also for sanctions contemplated by the law (e.g. impossible issue of the relevant invoice).
(ii) with your consent (Art. 7, GDPR) for the following purposes:
- various types of marketing activity, including the promotion of products and services, the distribution of posters and information and promotional material, both in paper and electronic format, the sending of newsletters and sales communications by email, invitations;
- various types of profiling activity, including the analysis of behaviour for promotional purposes, the creation of lists for promotional and sales communication purposes and the sending of newsletters, processing profiles for making available targeted and personalized services for the customer’s needs.
The granting of data for the purposes explained in foregoing section (ii) is optional, meaning that you may decide to not give your consent, or to revoke it at any time. Automated processes using software that in any case require human decision-making intervention to prevent undesirable consequences for the interested party are used for this processing; they are always and in any case limited to receiving communications from the Data Controller.
D) Preferences Management
You can set your preferences for to customize and receive targeted communications at first access or to change your preferences at any time.
On the Site you can set your preferences by clicking on the "Cookie configuration" link or in the cookie banner within the Site.
Of course, it is recommended that the user consent to customize and use the cookies and SDKs in order to allow us to offer an optimal browsing experience and to ensure that irrelevant advertisements are not shown.
If consent is denied, the use of analytical/performance cookies and SDKs and/or social media/advertising cookies will be disabled.
Cookies that are already present on the device due to a previous consent are not automatically deleted. These cookies will have to be deleted manually by following the instructions on your web browser.
You can also manage your preferences for cookies directly from within your browser and prevent - for example - third parties from installing them.
Through the browser preferences you can also delete cookies installed in the past.
We kindly ask you to check the settings of cookies management directly in the browser settings.
E) Intragroup data sharing
This policy briefly indicates how the Piquadro Group companies share the information internally, regulated in detail by mutual co-ownership agreements.
Piquadro, as Parent Company, in order to better rule the Group's strategies and implement the company business efficiently and effectively, has decided to aggregate and unify the administrative management and the commercial and marketing management, both with regard to offline and online activities performed through websites and e-commerce platforms.
Therefore, Piquadro receives information from the companies of the Group and shares it with them.
The information collected by each company of the Group is shared and used reciprocally by the other companies, in order to make the services and offers available as well as to provide, improve, understand, personalize, support and market them, including the products and the respective Piquadro/The Bridge/Lancel brands and therefore within the predefined Group purposes referred to in item C.
Further information on the Group and its additional legal entities is available on the website https://www.piquadro.com/it/struttura-del-gruppo.
In the event that the Group is involved in a merger, acquisition, reorganization, or sale of all or some of the assets, the information will be shared with the following entities or new owners as part of the transaction in accordance with applicable laws on data protection.
F) Categories of recipients of the personal data
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible:
- to employees and collaborators of the Controller in their capacity of staff authorized to process the data (or the so-called “data processing operators”);
- to third parties outsourced to perform the activity on behalf of the Controller in their capacity of Data Processors, including:
- suppliers of services for managing the IT system and the telecommunications networks and the company appointed to manage the e-commerce, suppliers of services to manage the filing of the hard copy and/or electronic documents, suppliers of services to managing customer service activities, also through websites (e.g. call centers, help desks, etc.), suppliers of services to manage sales communication activities;
- independent professionals, firms or companies within the scope of service and consulting relations, also for controlling corporate organization management;
- banks and credit institutions and insurance companies for carrying out the financial (payments/collections) and insurance activities;
- parties that carry out control, auditing and certification fulfilments for the activities initiated by Piquadro S.p.a., also in the interest of the customers, fraud detection and prevention bodies;
- judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign);
You can receive the complete and updated list of the Data Processors by sending a written request to the address firstname.lastname@example.org.
G) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to third parties duly appointed Data Processors.
The data transfer abroad to countries not belonging to the European Economic Area (EEA) takes place exclusively in the context of intra-group communications for the purposes indicated above or to contractual partners, in any case in accordance with the provisions contained in Chapter V, articles 45 and 46 GDPR.
Your personal data will not be disclosed.
H) Personal data retention period
Personal data collected automatically by the Site for the purposes indicated in paragraph C above will be processed and stored for the time strictly necessary to achieve the purposes for which they were collected and automatically deleted after this period and are in any case linked to the duration of the session or to the permanence of installation.
The data will be kept for the time necessary to fulfill these purposes and in any case in compliance with the respective periods indicated in the attached list.
Upon termination of the retention period, data will be destroyed or made anonymous.
I) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified therein and in particular:
The request can be addressed indifferently to each of the Joint Controllers by simply sending an e-mail to one of the following addresses: email@example.com / firstname.lastname@example.org / email@example.com.
In particular, reference is made to the following measures:
- Right of access - Obtain confirmation that processing of personal data concerning you is or is not in progress and, if so, receive information particularly concerning: purpose of processing, categories of personal data processed and storage period, recipients to whom they might be disclosed (Art. 15, GDPR),
- Right to correction - Obtain, without unjustified delay, correction of the incorrect personal data concerning you and the addition of incomplete personal data (Art. 16, GDPR),
- Right to erasure - Obtain, without unjustified delay, erasure of the incorrect personal data concerning you in those cases provided for by the GDPR (Art. 17, GDPR),
- Right to restriction - Obtain restriction of the processing in those cases provided for by the GDPR (Art. 18, GDPR)
- Right to portability - Receive the personal data concerning you in a structured format of common use readable by an automatic device, and obtain their transfer to another controller without impediments in those cases provided for by the GDPR (Art. 20, GDPR)
- Right to object - Objection to the processing of your personal data, unless there are legitimate reasons for the Controller to continue the processing (Art. 21, GDPR)
- Right to make a complaint to the control authority - Make a complaint to GDPD, the Italian Privacy Guarantor, Piazza Venezia n. 11, Rome - https://www.garanteprivacy.it/ - or “CNIL”: Commission Nationale de l'Informatique et des Libertés - French Privacy Guarantor - https://www.cnil.fr.
Last update: 31 March 2021