Privacy policy

Who is the Data Controller?

Alessi UK Ltd., with its registered office in 17 Grosvenor Street, Mayfair London W1K 4QG (VAT: 744335632) (hereinafter referred to as the "Controller").

How can I contact the Controller?

The company’s contact details are:

Additional Information: Email: help@alessi.com

Address: 17 Grosvenor Street, Mayfair London W1K 4QG

1. Introduction

Pursuant to the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulations (PECR), and the Data Protection Act, legal entities are not considered data subjects, and the European regulation does not apply to them. However, if personal data related to a natural person is collected during the processing of corporate data, the individual will be considered a data subject under the aforementioned regulation, and the relevant legislation will apply.

2. What data processing activities are carried out through the website? What are the legal bases, purposes, and retention periods?

REGISTRATION

Purpose: To register on the website and facilitate purchases; to exercise or defend a right in case of disputes.

Legal Basis: Consent of the Data Subject.

Retention Period: If the account remains inactive for 7 years, we will send you an email to confirm whether you wish to keep it active; otherwise, the account will be deleted. Data may be retained longer in case of disputes.

Additional Information: Providing data is optional as purchases can also be made in “guest” mode.

PURCHASE

Purpose: To enable the purchase and delivery of the product.

Legal Basis: Execution of a contract and compliance with legal obligations.

Retention Period: Data will be deleted 10 years after contract fulfillment. Data may be retained longer in case of disputes.

Additional Information: Providing data is mandatory; failure to provide it will prevent the purchase of the requested products.

QUICK CHECKOUT PURCHASE

Purpose: To enable the purchase and delivery of the product.

Legal Basis: Execution of a contract and compliance with legal obligations.

Retention Period: Data will be deleted 10 years after contract fulfillment. Data may be retained longer in case of disputes.

Additional Information: For purchases via quick checkout, personal, shipping, billing, and contact information will be imported from PayPal, ShopPay, and GooglePay (Article 14 UK GDPR).

MARKETING VIA EMAIL

Purpose: To send newsletters and Direct Email Marketing (DEM) using traditional or automated methods (email, social networks).

Legal Basis: Consent of the Data Subject under Article 6(1)(a) UK GDPR.

Retention Period: 5 years from the last communication or until consent is withdrawn.

Additional Information: Consent can be withdrawn at any time. Users are free to provide the requested data, but failure to do so may prevent the achievement of the intended purpose.

MARKETING VIA SMS

Purpose: To send marketing communications via SMS.

Legal Basis: Consent of the Data Subject under Article 6(1)(a) UK GDPR.

Retention Period: 5 years from the last communication or until consent is withdrawn.

Additional Information: Consent can be withdrawn by sending a “STOP” message to the number from which communications are received. Providing data is optional but essential to achieve the intended purpose.

NEWSLETTER/DEM “Soft Opt-in” VIA EMAIL

Purpose: To send newsletters and DEM.

Legal Basis: In case of purchase, consent is not required under Article 22(3) of the Privacy and Electronic Communications Regulations.

Retention Period: 5 years from the last communication.

Additional Information: Opt-out is available at any time.

TRANSACTIONAL EMAILS

Purpose: To send information related to completed purchases.

Legal Basis: Contractual execution.

Retention Period: Until order delivery.

Additional Information: Transactional emails are sent to improve order management and provide confirmation regarding purchases and shipments.

MARKETING AND PROFILING THROUGH DIGITAL PLATFORMS

To display marketing content based on your interests, as identified through your interactions on our website or social media. This includes using retargeting tools from digital platforms to deliver targeted advertising.

Legal Basis: Consent obtained through various methods: Via Cookies on our Website: Your consent to marketing and profiling cookies is collected via our cookie settings. For Custom Audience CRM Campaigns (Prospecting and Retargeting): Explicit consent to use your contact information (e.g., email address) for marketing purposes. Social Media Interaction: If consent to profiling cookies is given, we may process your contact data and social media interaction details to display personalized marketing ads, per your social media privacy settings.

Retention Period: Data will be stored until consent is withdrawn via cookie settings.

Additional Information: Consent via Cookies: Users can manage or withdraw this consent anytime as described in our Cookie Policy. Cookies may be first-party or third-party, and some are installed by Meta. Consent for Custom Audience CRM Campaigns: This consent allows us to process your data for lookalike audience identification and display targeted ads on social media and other platforms. Basic segmentation does not require consent.

BACK IN STOCK

Purpose: To inform users when an out-of-stock product becomes available for purchase.

Legal Basis: Execution of pre-contractual measures requested by the Data Subject.

Retention Period: Data will be stored for 18 months.

Additional Information: Providing data is optional, but failure to do so may prevent the intended purpose from being achieved.

CHAT

Purpose: To provide information and assistance via chat; to exercise or defend a right in case of disputes.

Legal Basis: Consent. In case of disputes, data will be processed based on the Controller's legitimate interest.

Retention Period: Data will be retained as long as necessary to respond to inquiries and will then be deleted. Data may be retained longer in case of disputes.

Additional Information: Providing data is optional. However, failure to provide it where required may prevent assistance.

CONTACT US

To allow users or customers to contact the Controller; to exercise or defend a right in case of disputes.

Legal Basis: Execution of a contract and pre-contractual measures requested by the Data Subject. Legitimate interest of the Controller in case of disputes.

Retention Period: Data will be stored for 3 years or longer in case of disputes.

Additional Information: Providing data is mandatory. Failure to do so will prevent contact with the Controller.

ABANDONED CART

Purpose: To send up to 3 emails within 72 hours encouraging users to complete an interrupted purchase.

Legal Basis: The Controller’s legitimate interest in finalizing the purchase.

Retention Period: 72 hours.

Additional Information: Data collection is automatic following partial cart completion.

ABANDONED CART VIA SMS

Purpose: To send up to 3 SMS within 72 hours encouraging users to complete an interrupted purchase.

Legal Basis: The Data subject’s consent

Retention Period: 72 hours.

Additional Information: The provision of data is optional and consent can be revoked at any time by sending a “STOP” SMS to the number from which communications are received.

BROWSING DATA

Purpose: Website security.

Legal Basis: Legitimate interest of the Controller in IT security and compliance with legal obligations. Consent is required for cookies other than those necessary.

Retention Period: 24 months.

Additional Information: Refer to the dedicated Cookie Policy for more information.

3. What else should I know?

Data will be processed lawfully, fairly, and with utmost confidentiality, in compliance with appropriate security measures as provided by the Code and the Regulation. Processing will be carried out using digital means. Data will not be publicly disclosed. Moreover, users will not be subject to automated decision-making processes, including profiling, unless they consent to this through cookies or other tracking tools, as outlined in the Cookie Policy.

4. Who will my data be shared with?

The Controller may share data with parties required by law to fulfill legal obligations. Additionally, the Controller may utilize companies or IT tools that process personal data exclusively on its behalf, all duly appointed as data processors under Article 28 UK GDPR. Data will also be shared with payment gateways as autonomous data controllers. A list of data processors is available upon request. In case of a merger, sale, or corporate restructuring, your data may be shared. If the Controller’s company or part of it is sold to a third party, the latter may continue to use your data under this privacy notice.

5. Where will my data be stored and transferred?

Personal data will be managed and stored on servers located inside and outside the UK. The Controller ensures that any transfer outside the UK complies with Articles 44-47 of the UK GDPR, based on the UK Extension to the EU-US Data Privacy Framework.

6. What are my rights and how can I exercise them?

a) Data Subject Rights

As a Data Subject, you have the following rights under Articles 15 and following of the Regulation:

Additional Information:

  • Right of Access (Article 15 UK GDPR): Obtain confirmation of whether personal data concerning you exists and access it in an intelligible form.
  • Right to Rectification (Article 16 UK GDPR): Request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to Erasure (Article 17 UK GDPR): Request the deletion of personal data under certain conditions, such as revocation of consent, opposition to processing, or if the data is no longer necessary for its original purpose.
  • The Controller must justify any refusal to delete data.
  • Right to Restriction of Processing (Article 18 UK GDPR): Request processing restriction under specific conditions, such as while awaiting the resolution of rectification or objection requests.
  • Right to Data Portability (Article 20 UK GDPR): If processing is based on consent or contract and conducted by automated means, receive data in a structured, commonly used, machine-readable format or request its transfer to another controller.
  • Right to Object (Article 21 UK GDPR): Object, in whole or in part, to the processing of personal data for legitimate reasons.
  • Right to Lodge a Complaint: File a complaint with the competent supervisory authority under Article 77 UK GDPR if you believe data processing violates the applicable regulations.

 

b) How to Exercise Your Rights

You may exercise your rights at any time by contacting the Data controller at the
mail above.

Last updated: 07/02/2025