CUSTOMER PRIVACY INFORMATION

Customer Information to be provided in accordance with Art. 13, Reg. UE 2016/679 (GDPR)

Data controller identity and contact information 
The data controller is Giordano Vini S.p.A (below: "Giordano" or "the Owner"), with registered office a Via Cane Guido 47 bis/50, 12055 Diano d'Alba (CN) - P. IVA and C.F. 04642870960.

 

Category of data acquired
Giordano acquires the following types of personal data:

  1. Personal data, such as first and last name, place and date of birth, sex, address of residence, alternative address;

  2. Contact details, such as shipping address, telephone number (landline and/or mobile) and e-mail address;

  3. Tax data, such as tax code (in cases where an invoice is required in addition to the expense report)

  4. Data relating to purchases 

  5. Navigation data is acquired through online forms: this data includes IP address, time of access to the site and / or registration, any registration referer,  methods of access to the server, numerical code indicating the status of the response given by the server.

No data of a sensitive nature or any data which belongs to the particular categories referred to in art. 9 of the GDPR or data relating to criminal offences or convictions is acquired.
Personal data is collected directly from the data subject through:

  • the compilation of the Registration / Order Entry Form on Giordano online e-commerce sites;

  • by postcard;

  • through other active contact channels, online and by phone.

 

Purpose of processing, legal basis and storage time
Data is collected and processed to:

  1. perform pre-contractual and contractual obligations, and, in this case, fulfill online and paper orders in all their phases, from taking charge to delivery and for the management of payments and possible debt collection with payment methods according to the customer's choices; the legal basis is Art. 6, paragraph 1, point b), GDPR since the processing is aimed at fulfilling pre-contractual or contractual obligations to which the data subject is a party; the period of data retention is determined on the basis of the time period necessary to execute the order or pre-contractual obligations, at all stages, from taking charge of the order until its delivery

  2. comply with mandatory administrative and other rules under current national law or by virtue of European Union decisions; the legal basis is Art. 6, paragraph 1, point c), GDPR since the processing is aimed at fulfilling legal obligations to which the Data Controller is subject; the period of data retention is determined according to the individual national and Community rules that impose legal obligations to which the Data Controller is subject.

  3. provide assistance service (via chat, telephone, e-mail) for every need related to the purchase of our products or the use of our services; the legal basis is Art. 6, paragraph 1, point b), GDPR since the processing is aimed at fulfilling pre-contractual or contractual obligations to which the data subject is a party; the period of data retention is determined on the basis of the time period necessary to execute the order or pre-contractual obligations;

  4. perform, following the purchase by the customer, direct marketing activities related to the company’s products and services (promotional communications, direct sales offers). The legal basis is Giordano's "legitimate interest" (art. 6, paragraph 1, point f), GDPR) in maintaining the relationship voluntarily established by the customer and in informing the customer about their sales activities, to inform about new products and brands, to present offers and promotions, allowing the customer to become aware of these opportunities and to decide, if they wish, to place further orders. Giordano uses the contact details provided by customers themselves, and the contact methods that the customer mainly uses (paper mail, telephone with operator and e-mail). The telephone number and/or address conferred in the purchase process will be used for this purpose only after application, where possible, of national rules relating to the "Public Register of Oppositions": in the case of registration in the Register, the telephone number and/or address will not be used for these purposes, unless later consent is given directly to Giordano for such contact. The data is stored in our archives for the period necessary to maintain the relationship established with the customer and to inform them about our activities, allowing Giordano to legitimately continue marketing and direct sales activity as long as the customer remains interested in our products and services, and in any case no later than a period of 12 months from the last useful contact or purchase. Of course, the customer may still object at any time to such processing by following the instructions indicated in each communication. In case of opposition, the data will be stored only if this is necessary to pursue other purposes; otherwise it will be definitively deleted.

  5. perform direct marketing activities with profiling related to direct marketing based on the user's preferences and behaviour on the site (advanced requests, data taken from the user's profile) or together with other information taken from our own or third-party archives; the legal basis is the data subject’s consent (art. 6, paragraph 1, point a), GDPR); Giordano will electronically analyze user preferences and behaviour (e.g. personal characteristics deriving from questions posed and profile, areas of greater interest, products of which information has been requested). Therefore, Giordano will perform processing that results in the selection of information stored on the user, so they can be contacted about offers and purchase proposals, surveys and searches of interest to them and in line with their preferences, and not be disturbed by irrelevant contact. This profiling activity could also be carried out from archives made available by third parties. The retention period relating to this purpose will be interrupted when the customer withdraws their consent and/or manifests their unwillingness to receive further information and offers from Giordano, communicating this in the manner referred to in the chapter "Rights of the data subject pursuant to art. 15-22, GDPR";

  6. communicate personal data to third parties, for autonomous processing by the latter, for direct marketing purposes by e-mail, text, telephone and other forms of electronic communication; the legal basis is the data subject’s consent (art. 6, paragraph 1, point a), GDPR). The retention period will be interrupted when the customer withdraws consent and/or expresses opposition to the processing, communicating this in the manner referred to in the chapter "Rights of the data subject pursuant to art. 3-10p.m.;

  7. carry out fraud prevention activities and investigation of the client's solvency; the legal basis is Giordano's "legitimate interest" (art. 6, paragraph 1, point f), GDPR) in preventing fraud and economic losses due to non-receipts against orders of its products by customers; in this case, the Data Controller will also proceed with the processing of additional personal data, such as tax data (tax code on first order, credit and debt status, protests); personal data will be stored for a period not exceeding the deadlines provided for by law, subject to any extension of the retention period in the event of disputes (including disputes raised through judicial authorities).

The provision of data is mandatory only for processing Giordano must carry out in order to fulfill its pre-contractual and contractual obligations towards the data subject, as well as in respect of legal obligations, rules and regulations. Failure to provide such data may result in the non-performance or partial execution of the contract and/or non-continuation of the relationship. 

 

Data processing
Personal data is processed by the Data Controller in predominantly electronic ways, and is stored within the company’s management system. Appropriate security measures are observed to prevent data loss or alteration (including accidental), unlawful or incorrect uses and unauthorized access.
In case of online purchase by credit card, Giordano guarantees maximum confidentiality and security. Credit card information (number, maturity, generality of the holder) will only be known by the issuing institution. Giordano will only have knowledge of a code (so-called "token") that cannot be traced back to the credit card holder or to credit card details.

 

Scope of data communication
User data may be disclosed to third parties for various purposes, as follows:

  1. For purposes related to the provision of the service to which the user has subscribed, the data could be made available to third parties, who will act as autonomous data controllers, and who provide services instrumental in meeting the user's request (for example, credit institutions or credit card issuers to manage purchase payments). Such communication is allowed without the consent of the data subject (art. 6, paragraph 1, point b), GDPR);

  2. The data must be communicated to third parties, independent data controllers, as it is necessary to comply with legal rules or regulations. Such communication is allowed without the consent of the data subject (art. 6, paragraph 1, point c), GDPR);

  3. The data may also be communicated to supervisory bodies, police forces and the judiciary in order to assert or defend their own right or the right of a third party in court. Such communication is allowed without the consent of the data subject pursuant to art. 6, paragraph 1, point f), GDPR, i.e. by virtue of the legitimate interest of the Data Controller or a third party in safeguarding their fundamental rights and freedoms provided that those of the data subject do not prevail;

  4. The data may be communicated to third parties for their own purposes of direct marketing: these third parties are identifiable in companies operating in the field of direct marketing and, in particular, distance selling. Such communication may take place with the explicit consent of the data subject;

  5. The personal data of the data subject can also be processed by third parties who carry out processing operations on behalf of Giordano as Data Controllers (art. 4, paragraph 8, GDPR), such as IT companies, call centers, printers, postmen, etc., and by persons authorized by Giordano pursuant to art. 29, GDPR that carry out processing activities that are indispensable in the pursuit of the above purposes, such as those related to administration, management of information services, relationships with actual and potential customers, marketing and sales, the organization of advertising, and promotional and direct sales campaigns.

 

Place of processing and transfer of data in non-EU countries
Processing, including storage, of personal data takes place on servers owned by the owner and/or third-party companies in charge, and duly appointed as data processors, located within the European Union. However, personal data may be transferred to third countries, mainly for analysis and  digital and  social  marketing services, or to social networks platforms. Such transfers are carried out in accordance with the contractual clauses referred to in the Decision of the European Commission of 5 February 2010 for the transfer of personal data to managers located in third countries, in compliance with the requirements of art. 46, GDPR and, where applicable for compliance with contractual obligations of which it is part of the interested party, in compliance with the provisions of art. 49, paragraph 1, point b), GDPR.

 

Rights of data subjects pursuant to Articles 15 to 22, GDPR 
By writing to the Data Controller at the postal address Giordano Vini S.p.A. via G. Cane 47bis/50 - 12055 Diano d'Alba (CN) or at the e-mail address privacy@giordanovini.it, the data subject can exercise the rights to: access (art.15, GDPR), rectification (art.16, GDPR), cancellation and oblivion (art.17, GDPR), limitation of processing (art.18, GDPR), notification in case of correction or cancellation (art.19, GDPR), data portability (art.20, GDPR), withdrawal of consent, opposition to processing (art.21, GDPR) for legitimate reasons or for sending marketing and direct sales communications even limited to one or more contact tools (e.g. by post and/or e-mail and/or telephone), as well as to oppose profiling (art.22, GDPR) if connected to direct marketing. At any time, the data subject may request a complete and up-to-date list of data controllers and third parties to whom personal data may be disclosed.

 

Complaint to the Supervisory Authority
The data subject has the right to lodge a complaint with the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data – Piazza Venezia 11, 00187 Rome (RM)– www.garanteprivacy.it, sending emails to protocollo@pec.gpdp.it, using the form available on the Authority's website.

 

Data Protection Officer
The Data Protection Officer can be contacted at dpo@giordanovini.it for information on data processing.