- Data controller and category of personal data processed. The above personal data, provided directly by you, as well as other data that may be collected by Sergio Rossi (i.e. boutiques where a sale took place, as well as the type, quantity and price of the products you purchased) in the context of the sale of products at Sergio Rossi shops will be processed in accordance with the provisions of the EU Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (''DPA 2018”). Please note that the definition of personal data does not include data where the identity has been removed (anonymous data).
Sergio Rossi is made up of different legal entities. This privacy notice is issued on behalf of the Sergio Rossi group (“Sergio Rossi”).
Sergio Rossi S.p.A., Via Stradone 600/602, 47030 - San Mauro Pascoli (FC) telephone: 0541 - 813111; e-mail: email@example.com is the controller as defined in the GDPR and the DPA 2018 ( the “Data Controller”). Sergio Rossi UK Limited, registered in England (Company number 02707792) with registered office at 24 Old Burlington Street, London, W1S 3AW is also responsible for processing your data subject to the terms of this privacy notice as processor (as defined in the GDPR and the DPA 2018).
- Purpose of processing. Your personal data will be processed for the following purposes: i) compliance by the Data Controller with Italian, UK and EU legal obligations in tax, civil and accounting matters; ii) establishing, carrying out and managing the sales relationship and related services (e.g. administrative and accounting activities; issuing invoices and credit notes; customer registration; processing and sending purchase orders; after-sales service: management of returns and any complaints, tax free regime compliance); iii) marketing, i.e. to send you advertising and promotional or business material (newsletters, brochures, catalogues and presentations, invitations to special events) and to carry out market research through traditional contact methods (paper mail and calls from Sergio Rossi personnel) or automated methods (email, SMS, instant messaging and mms); iv) group or individual profiling purposes, in order to prepare and/or create profiles based on your preferences and purchases and to customise your experience in Sergio Rossi to coincide with your interests and buying preferences. This profiling is automated but, in any case, it will not produce legal effects or similarly significantly effects on you. Please note that Sergio Rossi – prior your information - will also processes your personal data where it is necessary for Sergio Rossi’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. .
- Legal basis. The legal basis for the processing of your data for the purposes referred to in points i) and ii) above is the business relationship to which you are party and for the purposes referred to in points iii) and iv) above is your express prior consent.
- Provision of data. Providing your data for the purposes referred to in points i) and ii) above is optional, but failure to do so will prevent us from continuing the sales relationship and providing you with the related services. Similarly, the provision of your data for the purposes referred to in points iii) and iv) is optional, but while failure to do so will not have any effect on the ability to purchase products, it will not be possible to inform you about promotional and business initiatives nor to send you invitations to events nor give you a personalised experience based on your interests and preferences.
- Change of purpose. Sergio Rossi will only use your personal data for the purposes for which they are collected, unless Sergio Rossi reasonably considers the need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that Sergio Rossi may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- Processing methods. Your personal data will be processed using manual, electronic, telematic and paper means. Your personal data in particular will be processed through the Customer Relationship Management of Sergio Rossi (“Sergio Rossi CRM”). The insertion of your personal data in Sergio Rossi CRM for the purposes referred to in points iii) and iv) above is optional and can only take place if consent is given to one of the purposes above-mentioned. On the other hand, the insertion of your personal data for the purposes referred to in points i) and ii) above is necessary for the Data Controller to establish, carry out and manage the sales relationship between you and Sergio Rossi. Once your personal data are inserted in Sergio Rossi CRM they can be read, modified and updated by employees at Sergio Rossi headquarters as well as by employees in Sergio Rossi shops in Italy and abroad who are appointed specifically for the purposes of processing.
- Disclosure and recipients of your data. We may share your personal data and the recipients of your data will be: a) employees and/or collaborators of Sergio Rossi (departments: retail, administration and finance, marketing, omni-channel, quality and shipping) appointed as persons in charge of the processing to whom specific instructions have been provided in writing; b) people or entities who provide services for Sergio Rossi and who are appointed by the latter in writing external data processors as well as its subsidiaries and affiliates of Sergio Rossi: Sergio Rossi USA Inc, Sergio Rossi Hong Kong Ltd; Sergio Rossi Shanghai Ltd; Sergio Rossi Japan Ltd, Sergio Rossi Retail S.r.l. and its France branch (Sergio Rossi Retail S.r.l. (France)), Sergio Rossi Deutschland GmbH; Sergio Rossi UK Ltd; c) people and entities who provide services for Sergio Rossi as independent data controllers (legal, tax and accounting consultants), public authorities – including judicial authorities - in the case of tax, judicial and financial audits and banks. Your data will not be disseminated. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. For a complete and up-to-date list of the recipients of your personal data, please write to Sergio Rossi at the below addresses.
- Data security. Sergio Rossi has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, Sergio Rossi limits access to your personal data to the recipients of data set out above. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Sergio Rossi has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Storage period.. Your personal data will be stored for the purposes referred to in points i) and ii) for the entire duration of the business relationship and for a period of 10 years following the termination of the business relationship except in cases where further retention is justified by express provisions of the law and/or disputes and / or request of competent authority and for the purposes referred to in points iii) and iv) for 5 years from the collection of your consent and its registration when it is recorded in our Sergio Rossi CRM and at the end of which your data will be made anonymous in a irreversible and permanent manner.
- Transfer out of the EU. Your personal data will not be transferred outside the European Union. It is understood that in the event that, for the purposes described above, your personal data will be transferred to countries outside the EU, Sergio Rossi hereby informs you that such extra-EU data transfer will always be compliant with the provisions of applicable privacy legislation, namely on the basis of an adequacy decision issued by the European Commission in relation to the non-EU country to which your personal data will be transferred or, in the absence of the adequacy decision, through the collection of your consent, when necessary, or through the adoption of any other measure necessary to guarantee the security of the personal data being transferred. Such measures include, for example, contractual agreements based on the so called standard contractual clauses as developed by the European Commission.
- Rights of the data subject. Under the GDPR and the DPA 2018, you have and may exercise your rights at any time to: request access to your personal data, obtain the rectification and erasure of your data, restrict the processing of your data, exercise the right to data portability, object to the processing of your data. In particular, you may object to the processing of your personal data by Sergio Rossi for marketing and profiling purposes even only in relation to contact methods and, for example, if you wish the processing to be carried out solely through traditional contact methods you may object to the processing of your personal data through automated contact methods; withdraw consent, if given; not be subject to a decision based solely on automated processing and obtain the human intervention of the Controller, to express your point of view and to contest the decision; lodge a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) and/or the Italian Data Protection Authority (www.garanteprivacy.it), following the procedures and instructions published on the relevant authority’s website. We would, however, appreciate the chance to deal with your concerns before you approach either authority so please contact us in the first instance. Any rectification or erasure of your personal data or restrictions requested by you in relation to the processing carried out - unless this is impossible or involves a disproportionate effort - will be communicated by Sergio Rossi to each of the recipients to whom your personal data may have been transmitted in accordance with this notice. The exercise of the above rights is not subject to any form of restriction and is free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may, however, ask you to verify your identity before taking any further action as a result of your request.
Data Protection Officer (DPO) For the exercise of any of your rights set out above and/or to obtain any information regarding this privacy notice, you can send a written communication to Sergio Rossi S.p.A. with registered office in San Mauro Pascoli (FC), Via Stradone, 600/602 (47030) or an email to Data Protection Officer (DPO) at the following e-mail address: firstname.lastname@example.org.