INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA
Welcome to Bikkembergs website (hereinafter the “Website”).
Pursuant to art. 13 of the Regulations (EU) 2016/679 (hereinafter the “GDPR”), this page provides information on how we process your personal data (i.e. hereinafter “processing” and “Data”) that we collect when you visit the Website for purchasing the products offered on the website (i.e. hereinafter the “Products” and, in general, for interacting with the website services.
JOINT CONTROLLERS OF THE PROCESSING AND RESPONSIBLE FOR THE DATA PROTECTION
In relation to the processing of personal data through the Website, Levitas S.p.A. with registered office in Milan, Via Stendhal n. 36, Tax Code, VAT number and registration number in the Milan Company Register 01884450444, e-mail: privacy@bikkembergs.com (hereinafter, "Levitas") and Diana E-Commerce Corporation S.r.l. based in 35038 Torreglia (PD), via San Daniele n. 137/139, VAT number 05097740285, e-mail: privacy@dianacorp.com (hereinafter, "Diana"), have signed a Joint Ownership agreement, the conditions being fulfilled pursuant to art. 26 GDPR.
Levitas e Diana are joint controllers of personal data for all activities related to the sale of products offered on the Website, such as the order execution and after-sales assistance (e.g. for returns and complaints).
Levitas is also the independent data controller for the purposes of managing the Website and your registration on the Website (i.e. personal account), as well as for marketing and profiling.
Levitas has appointed a Data Protection Officer (DPO) who can be contacted by writing to the following address dpo@bikkembergs.com.
Diana has appointed a Data Protection Officer (DPO) who can be contacted by writing to the following address privacy@dianacorp.com.
The contact point established under the joint ownership agreement is Levitas, so any request relating to the processing of data can be made at the following e-mail address: privacy@bikkembergs.com.
The contents of the agreement pursuant to art. 26 GDPR state the relationship between the Parties represented in this information note.
Hereinafter, when we use the expression "Joint Controllers", we will be referring jointly to Levitas and Diana.
Conversely, you will find the reference to Diana or Levitas in the event that the information refers to only one of the two data controllers.
2. LEGAL BASIS, PURPOSE AND STORAGE PERIOD
Navigation within the Site is free and does not require authentication credentials; the Data is used for navigation purposes to provide an uninterrupted browsing experience, recognizing the User after the first access; these activities are necessary for the functioning of the Website and for browsing on it.
Profiling cookies and third-party analytical cookies are also enabled on the Website: the settings panel on the banner allows Users to manage their preferences, as well as to disable unwanted cookies.
The data can be processed as concerns the services offered by the Website and the Users’ requests; in particular, on the Website, it is possible to do the following: 1) register and create a personal account, purchase the products faster, memorize multiple delivery addresses, check the orders in real time 2) register in order to request newsletters and always be updated on the news and promotional offers of the Bikkembergs world 3) make purchases of the Products even without being registered, but, in this case, no further services are available for those who have created an account (see the previous point 1) will be offered, 4) request an update on the availability of a Product sold on the Website, 5) request the after-sales assistance for the Products.
The Data may also be processed by the Joint Controllers for the fulfillment of legal obligations in civil, fiscal, administrative and accounting matters and to defend or assert a right of Diana and/or Bikkembergs and/or for the assessment and prevention of fraud and other crimes or offenses.
The legal basis of the data processing is as follows:
As concerns the processing of cookies on the website, it is the legitimate interest, as set out in accordance with art. 6 letter f) and article 47 of Regulation 679/2016, in addition to the express consent of each User expressed through banners for third-party analytical cookies as well as for profiling cookies;
As concerns the registration of a private account, which involves the inclusion in the CRM software, it is the execution of a contract of which the data Subject is a party or for the execution of pre-contractual measures adopted at the request of the data Subject;
As concerns the purchase of products sold on the Website, it is the execution of pre-contractual, contractual, administrative and accounting obligations;
As concerns the update of new available products sold on the Website, it is the execution of a contract of which the data Subject is a party, or the legal basis is the execution of pre-contractual measures adopted at the interested party’s request;
As concerns the disputes and the prevention of offenses, it is the legitimate interest of the Data Controllers;
As concerns softspam activities, it is the legitimate interest of the Data Controllers;
As concerns the newsletter activity, it is the User’s express consent until cancellation, which is possible at any time;
As concerns marketing purposes, it is the User's express consent until cancellation, which is possible at any time;
As concerns profiling activities, it is the User’s express consent until cancellation, which is possible at any time.
The provision of data in the fields marked with an asterisk (*) in the Forms of the Website is necessary to register in the Website and use the relevant services as well as to purchase the Website’s products; failure to provide the data will make it impossible to obtain the products and services you have required. On the other hand, the provision of data in the fields not marked with an asterisk, although it may be useful to facilitate relations with Diana and Levitas, is optional and not providing it does not affect the possibility to obtain the products and the required services.
With reference to marketing and profiling purposes, the provision of data is optional and your refusal will not prevent you from logging onto the Website, purchasing products and using the relevant services.
The co-ownership relationship existing between the Parties to this agreement is shown below, in relation to the purposes and the different categories of interested parties and Data involved:
PURPOSES |
INTERESTED PARTIES |
JOINT CONTROLLERS |
Titolarità |
PRESERVATION PERIOD |
Involved data |
Registration on the Website* (personal account): to allow you to create your personal account on the Website and to access and use the related services (i.e. lists of past orders and returns, Wishlist, shipment addresses) |
Website’s Users |
|
Levitas |
Until your request for cancellation of the account or for 24 months following the last communication sent |
name, surname, e-mail, password (required) date of birth, no. mobile phone (optional) |
Sale of products: for the conclusion and execution of the sales agreement for the products offered on the Website, including the management and processing of purchase orders |
Purchasers of products |
X |
|
The billing data is kept for maximum 10 years from the date of issue of the invoice. |
name, surname, email, mobile number, shipping and billing address, payment details |
Customer care:for the management and response to the requests you send us in relation to the products purchased on the Website, including returns, complaints and refunds |
Purchasers of products |
X |
|
For the time necessary to reply to your request and, in any case, for a maximum of 3 months from your request, subject to further storage for the fulfillment of legal obligations and/or the management of disputes |
name, surname, date of birth, e-mail, mobile number, home address or domicile |
New product availability update: acknowledgment of your request for the update on the availability of the requested product on the Website |
Users of the Website |
|
Levitas |
For the period of time necessary to reply to your request or for maximum 6 months following the request |
|
Fulfillment of legal obligations (particularly in civil, fiscal and accounting subjects) |
Purchasers of products |
|
Diana |
The billing data is kept for 10 years from the date of issue of the invoice. |
name, surname, email, mobile number, shipping and billing address |
Fulfillments regarding the processing of personal data: feedback to the interested parties in the event they exercise their rights pursuant to art. 15 and following of the GDPR and management of any data breach |
|
X |
|
For the duration of the relationship and in any case for maximum 5 years from the collection of the Data |
name, surname, email, mobile number, shipping and billing address, communication to exert the rights |
Contents and prevention of offenses: to defend or assert a right and/or for the detection and prevention of fraud and other crimes or offenses |
|
X |
|
The billing data is kept for maximum 10 years from the date of issue of the invoice. |
name, surname, date of birth, e-mail, mobile number, home address or domicile |
Newsletter: sending newsletters and other informative and promotional communications including invitations to special events |
|
|
Levitas |
Until the withdrawal of consent |
|
Marketing: for sending information and commercial communications, including promotional ones, regarding the products and services (e-mail, sms and other social channels) |
Users of the Website |
|
Levitas |
Until the revocation of the consent or, failing that, for a maximum period of 36 months from the moment the consent is given |
name, surname, date of birth, e-mail, mobile number, home address or domicile |
Soft Spam: the use by Levitas of the e-mail address provided by the data Subject in the context of the sale of a product or service for the direct sale of its products or services similar to those of the sale made. The data Subject can oppose the processing at any time easily and free of charge. |
|
|
Levitas |
Up to the opposition to the processing by the Data Subject |
e-mail address, purchase data. |
Profiling: behavioral analysis of the products purchased by the data Subject and the related personal data for statistical and marketing purposes (so-called "specific marketing") |
Users of the Website |
|
Levitas |
Until the revocation of the consent or, failing that, for a maximum period of 36 months from the moment the consent is given |
name, surname, date of birth, e-mail, mobile number, home address or domicile |
Use of navigation data and cookies for the functioning of the website, analytical and profiling cookies |
Website Users |
|
Levitas |
As given in the Cookie Policy |
As given in the Cookie Policy |
PROCESSING METHOD
Data processing is mainly carried out electronically by the Joint Controllers and by other subjects who, appropriately selected in terms of reliability and competence, carry out operations that are instrumental to the pursuit of the Controller's corporate purpose.
AUTHORIZED PROCESSORS AND INDEPENDENT CONTROLLERS
The employees and/or collaborators of the Joint Controllers (or the Data Controller) in charge of managing the Data may become aware of the Data. These subjects, who have been instructed to do so by the Data Controller pursuant to art. 29 GDPR, will process the data exclusively for the purposes indicated in this statement and in compliance with the provisions of the applicable legislation.
Furthermore, third parties may become aware of the Data and they may process the Data on behalf of the Joint Controllers (or the Data Controller) as external data processors, such as, by way of example, IT and logistics service providers, service providers in outsourcing or cloud computing, professionals and consultants.
For the management of payments and anti-fraud controls, the Data could be communicated to Adyen N. V., which processes the Data as an independent Controller and on the basis of the information note about the Data processing given at https: //www.adyen .com / it_IT / policies-and-disclaimer / privacy-policy by Adyen.
In order to offer you Klarna's payment methods, the transmission of the Data and order details to Klarna, which processes the Data as an independent controller, may be required at the checkout stage for the purpose of evaluating the payment methods in line with the User needs; in this case, the data is processed according to the information on data processing given by Klarna at https://www.klarna.com/international/privacy-policy/
The updated list of the Data Processors of personal data is available by a specific request sent to the Data Joint Controllers in accordance with the methods given in the paragraph 7.
The Data will not be disclosed to third parties, except in cases where the disclosure is required by law or is necessary for purposes provided for by law for the pursuit of which the consent of the data subject is not required; in such cases, the Data may be made available to third parties who will process them independently and solely for the aforementioned purposes (for example, in the event of requests made by the police or the judiciary or other competent bodies).
SOCIAL BUTTONS AND WIDGETS
The Website is equipped with Social buttons/widgets. These icons are the social network icons such as Facebook, Twitter, Instagram, Pinterest, Google+, Youtube, Linkedin and Instagram and they allow you to interact with the relevant networks by simply clicking on the icon. By entering the social networks, you can share content or recommend the Website products.
After clicking the Social buttons/widgets, the social network might collect the data relevant to your visit to the Website. As given in the introduction, this privacy information note does not consider the processing of the User’s personal data performed by social networks. Please refer to the social network’s privacy information for further information about this topic.
Outside of cases where the User voluntarily shares your navigation data with the social networks chosen by clicking on the social button/widgets, the Joint Collectors will not share or diffuse any detail of his/hers with the social network.
DATA TRANSFER
Given the presence of Bikkembergs in many countries around the world, some Personal Data may be collected, made accessible or stored outside the country of residence of each Data Subject, even outside the European Economic Area, for example in the United States of America. The Data may be processed both inside and outside the European Economic Area in compliance with the rights and guarantees provided for by current legislation, it being understood that any transfer of Data outside the European Economic Area will take place in the presence of the conditions of adequacy of the country of transfer or, in any case, subject to the signing of agreements containing adequate contractual standards containing clauses approved by the European Commission for the protection of data.
DATA SAFETY
Specific security measures are taken by the Joint Controllers to also prevent, in addition to unauthorized access, the loss and illicit or incorrect use of the Data.
The Joint Controllers cannot guarantee their Users that the measures adopted for the security of the Website and the transmission of Data on the website limit or exclude any risk of unauthorized access or loss of Data by the devices used by Users; therefore, they ask each User to make sure that their device is equipped with adequate software for the protection of data transmission over the network, both inbound and outbound (such as, for example, up-to-date antivirus systems, firewalls and spam filters).
RIGHTS OF THE DATA SUBJECT
Each Concerned Person has the right at any time to ask the Joint Controllers for the following:
- ask the Joint Data Controllers to access the Data, update, correct or delete them or limit the processing that concern the data or to oppose their processing;
- in relation to the Processing based on the legal basis of consent, the Subject can withdraw his/her consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- he/she can propose a complaint to the National Supervisory Authority;
- where applicable, the Subject can receive his/her Personal Data provided for portability in a structured, commonly used and machine-readable format.
In relation to the Personal Data, the Data Subject has the right to request access to Personal Data and their rectification or cancellation or the limitation of their Processing as well as to oppose to their Processing, in addition to the right to the portability of data. In the event that the Subject has given consent, he/she has the right to request the revocation of the consent without prejudice to the lawfulness of the processing based on the consent given before the revocation.
To exercise these rights, the data Subject can write to: privacy@bikkembergs.com, the contact point established pursuant to art. 26 GDPR, without prejudice to the right to exercise the rights towards each Joint Controller by writing to the respective references given in paragraph 1. Furthermore, if registered on the Website, each User can exercise the right to revoke any consent given by accessing the personal area on the Website or, if the Subject subscribed to the newsletter service, he she can use the link contained in each newsletter.