Chariot
PRIVACY POLICY IN STORE
Privacy Policy Privacy Policy in Store Cookie Policy
Privacy Policy Privacy Policy in Store Cookie Policy

Privacy Policy in Store

Dear Customer, pursuant to Article 13 of UE Regulation 2016/679 – General Data Protection Regulation (“GDPR”), the company Save The Duck S.p.A. provides you with the present policy regarding the processing of certain of your personal data collected through the digital forms available in our stores, as well as those collected in the context of contractual relationships with the Controller. More detailed policies may be provided separately or subsequently in relation to further or specific processing of personal data.

  1. CONTROLLER – CONTACT DETAILS


The Controller is Save The Duck S.p.A., with registered and administrative office in Via Arcivescovo Calabiana no. 6, Milan, Italy, Fiscal Code and VAT Number 07853840960 (the “Controller” or “STD”). To request information on the processing of your personal data, you may contact the Controller or the Corporate Privacy Contact or send requests/petitions to the e-mail address privacysavetheduck@savetheduck.com

 

  1. TYPE OF PROCESSED PERSONAL DATA – LEGAL BASIS AND PURPOSE OF DATA PROCESSING

The Controller processes your personal data collected through the digital forms available at STD stores, namely first name, last name, e-mail address, phone number (if provided), date of birth, gender. In addition, STD may collect personal data and/or information related to the goods you purchased, such as model, color, size, etc. Personal data are processed by STD to fulfill purposes instrumental and functional to the contractual and/or pre-contractual relationship and to the fulfillment of legal and regulatory obligations to which the Controller is bound by virtue of its business activities, in particular for the purpose of:

 

1) managing pre-contractual obligations, executing the contractual relationship and related fulfilments, including regulatory fulfilments: the processing of your personal data could take place in order to carry out the preliminary and consequent activities to the management of the relationship with STD and those instrumental and functional to its execution, as well as for the fulfilment of any other obligation deriving from the existing contract. This includes, for example, the delivery of the purchased products or the assistance on the services and products referred to in the contract (and in the complaints, if any) and, in general, the processing of any customer requests and the management of interactions in the context of the contractual or commercial relationship.

2) fulfilling obligations arising from the applicable law: the processing of personal data may be necessary or necessitated by the fulfilment of obligations arising from the law or from regulations, either national and/or EU, in force and applicable to the Controller, as well as from provisions issued by competent authorities and bodies;

3) pursuing a legitimate interest of the Controller: STD may process personal data for the legal defense of its own right or interest before any competent authority or body; to proceed with the direct offer of products or services similar to those object of previous purchase, limited to the e-mail coordinates provided in the contractual/commercial context and save opposition to such processing (so-called soft spamming), as well as for the management of the customer archive and statistical processing in aggregate form, for internal purposes;

4) in addition, subject to your consent (optional and revocable at any time):
(a) STD may process your personal data for marketing purposes, market, sending of informational, promotional or advertising material (including newsletters), communication of new business initiatives, offers of products or services, also through the website www.savetheduck.com, surveys, customer satisfaction with the quality of STD’s products or services, sending analysis, event invitations, either directly or through specialized companies, including personal or phone interviews, questionnaires, market surveys and similar. Such activities may be carried out by e-mail (including newsletters), MMS, SMS, WhatsApp or similar modalities, registered mail, phone calls with an operator, as well as through targeted advertising carried out through digital platforms, social networks and digital advertising tools, none excluded; networks and, in general, advertising carried out by digital modalities and/or tools, none excluded;
(b) STD may collect information regarding your preferences, habits, lifestyles, as well as details of purchases made, in order to use them for the creation of group and individual profiles profiling”) and the sending of personalized communications. Such activities may be carried out through e-mail (including newsletters), MMS, SMS, WhatsApp or similar modalities, registered mail, phone calls with an operator, as well as through targeted advertising carried out through digital platforms, social networks and, in general, advertising carried out through digital modalities and/or tools, none excluded.

 

  1. MANDATORY OR OPTIONAL NATURE OF PERSONAL DATA PROVISION

The provision of personal data for the purposes referred to in points 1) to 3) of paragraph 2 above is merely optional. However, since such processing may be necessary to manage the contractual relationship, failure, partial or inaccurate provision of such data may result, as the case may be, in the impossibility to execute and/or manage and fulfill orders and/or carrying out and fulfilling specific customer requests or to properly perform all obligations connected with the contractual relationship. It may also prevent STD from sending you general information on products or services similar to those previously purchased, or otherwise pursuing its legitimate interests (such as defense of its rights in legal proceedings). For the purposes referred to in point 4) of paragraph 2 above, the provision of data is merely optional and the related processing is based on consent, which is optional and revocable at any time. It is understood that any subsequent revocation of consent shall not affect the lawfulness of the data processing carried out in the period prior to such revocation. Failure to provide consent will not entail any consequence, but only the impossibility of receiving promotional or advertising material or offers related to STD’s products and/or services, including personalized ones.

 

  1. DATA COMMUNICATION – PERSONAL DATA TRANSFER OUTSIDE THE EU

Within the Controller's structure, your personal data will be processed, each to the extent of its competence, by authorized individuals pertaining to our sales, marketing, administrative and support functions. For exclusive reasons of technical support of the Controller’s IT system purposes, data recorded in the Controller’s systems may be accessible to our IT personnel. Any IT service providers who may for support, maintenance or back-up reasons, come into contact with personal data, will be expressly authorized by the Controller and will operate under strict contractual obligations or as processor pursuant to the GDPR. For the implementation of the purposes set out herein, your personal data may be disclosed, including abroad, to the entities or categories of entities indicated below and always only in connection with the purposes set out in paragraph 2 above: (a) public authorities, administrations and/or bodies for compliance with legal or regulatory obligations (including EU regulations and/or requirements); (b) any suppliers, subcontractors, business partners, collaborators in various capacities of the Controller, as part of the implementation of the supply activities provided for in the contracts with customers. These subjects may operate as autonomous controllers as or processors appointed by the Controller pursuant to Article 28 of the GDPR; (c) external individuals or entities performing specific assignments on behalf of the Controller (such as, by the way of example, certification or financial statements, invoicing and filing of invoices, archiving shipping of documents and materials, insurance coverage, professional legal, accounting and/or tax consulting, crediting and/or debiting of economic entitlements, either in Italy or abroad. These subjects may act as autonomous controllers or as processors appointed by the Controller pursuant to Article 28 GDPR; (d) the data necessary for electronic invoicing will be transferred to the e-invoicing service provider appointed as processor pursuant to Article 28 GDPR, who will automatically forward them to the Italian Revenue Agency’s Interchange System. Finally, personal data may also be communicated and/or transferred to third parties also for purposes not directly related to the execution of the contract, in accordance with the consents expressed by the data subject, and to those who carry out the activities referred to in point 4) of paragraph 2 above, including companies managing digital platforms or social networks, on behalf of the Controller. In order to know the identity, the activities performed and the framework pursuant to the GDPR of the third parties who may process your personal data, you can submit a specific request to privacysavetheduck@savetheduck.com.In the course of the company's activities, as they are structurally or occasionally organized, it is possible that your personal data may also be transferred to individuals or entities located outside the EU or the European Economic Area (EEA). As STD's activities are currently organized, such occurrence is limited to the logging of IT messages or events at office automation systems and solutions, sometimes belonging to non-EU organizations (e.g., Microsoft 365, Hubspot, etc.), used to manage business processes and/or deliver customer services and which provide suitable guarantees in terms of data security and compliance with the principles of the GDPR. Should the need to make use of other types of non-EU or EEA suppliers that have access to some of your personal data, the Controller will provide you with full information and will verify that every measure (contractual and otherwise) appropriate and necessary to ensure an adequate level of protection of your personal data is adopted, in accordance with and in the manner indicated by Chapter V of the GDPR and, in any case, by the current legislation on the protection of personal data. In any case, you may always request more information about the identity of any non-EU such third parties who may know/process your personal data and the activities carried out by them sending a request to privacysavetheduck@savetheduck.com or dpo@savetheduck.com

 

  1. PROCESSING MODALITIES – PERSONAL DATA STORAGE

The processing of your personal data is carried out in a lawful, correct, confidential manner and is carried out for purposes that are determined, explicit, legitimate and not exceeding the above-mentioned purposes. Processing is performed using paper, optical, computer and telematic media, possibly also in cloud-based, as well as through automated and computerized procedures, always, however, according to criteria of maximum fairness and security, in accordance with the provisions of the applicable legislation on the protection of personal data and through appropriate technical and organizational measures suitable to prevent the destruction or loss of data, illegal or incorrect use and unauthorized access. Personal data will be processed and retained for the entire duration of the contractual and/or commercial relationship and, subsequently, for the maximum time provided for by the applicable legal provisions regarding the statute of limitation (including in the fiscal and administrative field) and, in general, for the exercise/defense of the Controller’s rights in disputes promoted by public authorities, public subjects/entities and private entities. The retention period, however, will not exceed 10 years from termination of the contractual relationship, unless legal defense needs arise or changes in legal requirements occur. However, the data subject's right to object at any time to processing based on legitimate interest for reasons related to his or her particular situation is unaffected. As for the marketing and profiling purposes referred to in point 4) of paragraph 2 above, personal data will be retained until consent is revoked. Once all the purposes legitimizing the retention of personal data have ceased, the Controller will make sure to delete them, compatibly with technical back-up procedures, or transform them into anonymous form

 

  1. DATA SUBJECT’S RIGHTS

Pursuant to Chapter III of the GDPR, the natural person to whom the personal data refer (so-called data subject) always has the right to request from the Controller access to his/her personal data, rectification or erasure of the data, restriction of the processing or the possibility to object to the processing, to request data portability, to revoke (where requested) consent to the processing by asserting these and other rights pursuant to the GDPR. Finally, in the cases referred to in Article 77 of the GDPR, the data subject has the right to lodge a complaint with the competent Supervisory Authority, i.e., which carries out its duties in Italy where the data subject has its habitual residence or works (http://www.garanteprivacy.it) or, if different, in the Member State where the GDPR violation occurred. Such rights may be exercised by a request addressed without formalities to the Controller. The request may be sent to the Controller or the Corporate Privacy Contact by letter to the address in paragraph 1 above or by email to privacysavetheduck@savetheduck.com or dpo@savetheduck.com.

Merci pour votre subscription

You are currently browsing EU site
If you want to shop in US click below
Go to US