This notice is provided pursuant to and by the effect of the General Data Protection Regulation UE 679/2016 (hereinafter “GDPR”). It has been created to explain how personal data of its visitors and customers (hereinafter the "users") is collected and used.
This notice concerns exclusively Biffi Boutique S.p.A. and does not extend to any website other than www.biffi.com (hereinafter: “biffi.com”) or any application/platform connected to biffi.com.
The data controller for your personal data is Biffi Boutique S.p.A. (hereinafter “Biffi”), an italian company with registered office in Corso Genova, 6, 20123 Milano, Italia; Partita IVA (Tax ID): 05935720150.
The contact details of the data controller are the following: Corso Genova 6 – 20123, Milano and email@example.com.
The personal data subject to processing is collected directly by Biffi or by third parties expressly authorized.
The collection is carried out through different channels (automatic collection by the site, via forms, chats, e-mails, apps, devices, social media and other means).
PERSONAL DATA PROCESSED AND PURPOSES OF THE PROCESSING
Biffi does not process personal data relating to minors. By accessing biffi.com and using the services offered, the user declares to have reached the age of majority.The personal data of the users is processed within the scope of the activities and for the purposes specified below:
1. Improvement and performance of purchase contracts
To conclude purchase orders and to execute them, we ask users to provide us with some personal data such as, for example, name, surname, e-mail, delivery address, etc..The data provided us is processed by the controller for the purposes of purchase order management, in the context of activities such as, for example, payment, anti-fraud prevention, shipment, management of returns, customer assistance, for the execution of the administrative-accounting activities related to the management of the order and for the fulfillment of obligations under the current legislation.
2. Newsletter subscription and commercial / promotional communications
In case of subscription to the newsletter, the e-mail address (mandatory data required for registration) and any other optional data (for example gender, geographical area) that users consent to provide us for a personalization of the offers are used for sending of commercial or promotional communications, relating to offers and promotions, updates, events. To unsubscribe from the newsletter, simply click on the appropriate unsubscribe link at the bottom of the e-mail or by contacting our Customer Service or send an email to firstname.lastname@example.org.
3. Registration on biffi.com
In case of registration on the site, we ask users to provide us with a series of data (name, surname, e-mail, password, gender), plus any other optional data (for example date of birth, telephone number), which are processed for the creation and management of a personal profile, useful to speed up the purchase process, to view the status of the orders placed and any returns.The user is solely responsible for the truthfulness and correctness of the information and data provided to Biffi and undertakes to promptly communicate any changes to the data previously communicated.To cancel site registration and request the deletion of the data provided, the user can contact our Customer Service or send an email to email@example.com.
TREATMENT MODALITIES AND ACCESSIBILITY
For Biffi the privacy and security of the personal data of its users are very important, so we collect and manage your personal data with the utmost care and adopt specific measures to keep it safe.We will process your personal data mainly through IT and electronic tools; the tools used guarantee high security standards, in compliance with current legislation.The personal data is accessible by persons or entities belonging to the following categories:
- employees, staff or other authorised persons (under Article 29 GDPR);
- Subjects who need to access data to fulfill their contractual obligations: consultants; companies providing banking, financial and insurances services; entities who carry out activities of printing, transfer, enveloping, transport and sorting of communication to customers; couriers and postal operators; advertising, digital, marketing and social media agencies; entities providing IT services appointed as processors (under Article 28 GDPR) or independent data controllers. Some of these third parties may also be based in non-EU countries and, in these cases, the transfer of your personal data to these countries is carried out in compliance with the guarantees provided for by the law.
The transfer of personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection (as established by specific decisions of the European Commission) will be performed only after conclusion between the data controller and said subjects of specific agreements, containing safeguard clauses also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of an agreement between you and the controller (for the purchase of goods offered on our site, for registration on the website or the use of services on the website) or for the management of your requests.Personal data may also be communicated to the competent authorities in accordance with the regulation applicable time by time. Personal data are not object to disclosure. An updated list of the Processors involved in the processing of personal information can be requested by writing an email to: firstname.lastname@example.org.
DATA RETENTION PERIOD
Contractual data is stored for the time required by tax and civil law, also for the purpose of managing any litigation. Data required by law will be stored for the time provided by the applicable law.The data collected for registration to the newsletter or for registration on the site is stored until the withdrawal of the consent or until the objection, which may occur at any time.
The user has numerous rights, listed below: - right of access your personal data and modify it Articles 15-16 GDPR);- in the cases established by law, the right to erasure (right to be forgotten – Article 17 GDPR), - the right to restriction of processing (Article 18 GDPR), - the right to data portability (Article 20 GDPR), - the right to object to processing (Article 21 GDPR); - in case of processing on the basis of consent, the right to withdraw the consent at any time, without prejudice to the lawfulness of processing based on the consent before its withdrawal (Article 7 GDPR). You may request to exercise your rights using the following contact details of the controller: Biffi Boutique S.p.A. - Corso Genova 6 – 20123, Milano and email@example.com.In case of processing that the user believes infringes the applicable regulation, the user can lodge a complaint with the relevant supervisory authority that, for Italy, is the Italian Data Protection Authority. In the alternative, the user may lodge a complaint with the authority of the EU Member State of his habitual residence, habitual place of work or of the place of the alleged infringement.
Last Update: 1st August 2019