Policy on personal data processing. In force since June 8th 2020.
1. Nature of the data processed and purpose of the processing. Data Controller
Alessi s.p.a., with its registered office in Crusinallo (VB), via Privata Alessi n. 6 (P.Iva IT00465840031), with share capital of Euro 5,400,000.00 fully paid up, certified email address (PEC): firstname.lastname@example.org, in relation to the personal data provided by users on accessing and/or registering with the website www.alessi.com (Website) or on purchasing the products offered for sale on said website.
The Data Controller is Alessi S.p.A., email: email@example.com.
2. Purpose of the processing.
Alessi S.p.A. shall process the personal data provided by users for the following purposes:
(a) to enable said users to register with the Website and make use of the services restricted to registered users, and to purchase the products offered for sale on the Website and, thus, to enable the completion of the purchasing contract and to carry out the relevant operations correctly;
(b) for administrative/accounting purposes relating to registration with the Website;
(c) subject to the express agreement of the user, for Alessi S.p.A. to send informative and promotional communications (including newsletters) in relation to the products offered for sale on the Website and for market research purposes also aimed at evaluating the level of customer satisfaction), by email and/or by post (for so-called “marketing” purposes);
(d) subject to the user's agreement, for the analysis of their consumer choices and purchasing habits (known as “profiling”), by Alessi S.p.A., through a study of the type and frequency of their online purchases, in order to send informative and/or advertising material that may be of particular interest to the user, by the methods described in (c) above;
(e) limited to the email address provided by the user when purchasing a product offered on the Website, to enable the direct sale of similar products without requiring the express and prior agreement of the user and provided that the user does not exercise their right to object as described in art. 3 below (“soft spamming”);
(f) to respond to the user's requests.
(g) if a user who has not logged in to the Site abandons the purchase procedure without completing the order, for the purpose of sending an email to remind the user of the possibility of completing the purchase. The legal basis for the processing is the implementation of pre-contractual measures at the request of the interested party.
(h) to share personal data necessary to enable interaction with social networking platforms such as Facebook, Pinterest and Instagram. The legal basis for the processing is the Alessi S.p.A.’ legitimate interest to perform these activities.
Alessi S.p.A. shall not process users' sensitive data or data relating to criminal records.
IP addresses and Log Files
Within the timelines prescribed by law, Alessi S.p.A. shall store the log files and IP addresses used when making an online purchase, in order to prevent and identify any fraudulent online transactions.
3. Provision of data and consequences of the failure to consent to processing
The provision of data for the purposes set out in (a) and (b) of art. 2 above is purely optional. However, as the said processing is necessary in order to enable the user to register with the Website and to provide the online purchasing service, the user's refusal to provide the relevant data will prevent them from registering with the Website and from completing an online purchase.
With regard to the purposes of processing referred to in (c) (for so-called “marketing” purposes) of art. 2 above, consent to the processing of personal data is purely optional. Failure to consent will not affect the user's ability to register with the Website and/or to make purchases on said Website but will exclusively prevent the user from receiving informative and promotional communications from Alessi S.p.A. relating to the products offered for sale on the Website (including newsletters) in relation to its own products and services or those of third parties and for market research purposes also aimed at evaluating the level of customer satisfaction, by email and by post.
Failure to consent to the processing of personal data for the purposes referred to in art. 2 (d) above (for so-called “profiling” purposes) will prevent Alessi S.p.A. from studying the type and frequency of the user's online purchases, in order to send to said user informative and/or advertising material that may be of particular interest to them.
The provision of data for the purpose referred to in (f) of art. 2 is purely optional, but any failure to provide said data will prevent Alessi S.p.A. from responding to the user's requests.
The user may, in any event, revoke any consent granted for the purposes described in points (c) (for so-called "marketing" purposes) and (d) (for so-called "profiling" purposes), or object to processing for the purposes referred to in letter (e) (“soft spamming”) and (g):
- by contacting Alessi S.p.A. at the addresses indicated in art. 1 above;
- by using the relevant link shown at the end of any email with promotional content sent by Alessi S.p.A.. The objection expressed in these ways also extends to the sending of communications by post.
The provision of data for the purpose referred to in (h) of art. 2 is purely optional, but any failure to provide said data will prevent users to interact with the relevant social network platforms through the Website.
Subject to the aforesaid, the user may exercise their right to object, at any time, by contacting Alessi S.p.A. using the contact details indicated in art. 1 above.
4. Data disclosure
The personal data provided by the user, for the purposes described in art. 2 above, may be disclosed or communicated to the following parties:
- to the employees and/or personnel of Alessi S.p.A. for the undertaking of activities relating to administration, accounting, information technology and logistical support, who act in the capacity of data supervisors and data processors respectively;
- to parties who process online payment transactions;
- to all those public and/or private parties, natural and/or legal persons (legal, administrative and tax consultancy firms), where the communication is necessary or of practical use for the correct fulfilment of contractual obligations undertaken in relation to the services provided through the Website, and of legal obligations;
- to all those parties (including Public Authorities) that have access to the data by virtue of regulatory or administrative measures;
- to forwarding agents and to parties responsible for the delivery and/or collection of the products purchased;
- to the company that, on behalf of Alessi S.p.A., send the newsletters and other informative communications transmitted on behalf of the latter.
No personal data provided by users in relation to registration with the Website and/or to a purchase from the Website shall be distributed. The up-to-date list of data supervisors and data processors can be consulted at the Data Controller's head office.
5. Data storage
The user's data shall be stored only for the period of time required to ensure the correct provision of the services offered.
Should the user decide to close their account on the Website, the data shown therein shall be stored for administrative purposes for a period of no longer than three months, without prejudice to any specific legal obligations concerning the storage of accounting records or for public safety purposes.
6. Right of access to personal data
The user has the right to:
a) obtain confirmation of the existence or not of personal data pertaining to them and its communication in an intelligible form; and to revoke their consent at any time without prejudice to the lawfulness of the processing based on the consent granted prior to the revocation;
b) obtain information:
- on the source of the personal data, on the purposes and methods of the processing, on the software employed if the data has been processed with the help of electronic means;
- on the Data Controller's identification details;
- on the parties or categories of parties to whom the data may have been communicated or who may have become aware of it in their capacity as a designated representative within the country, as data supervisors or data processors;
- the updating, rectification or completion of data pertaining to them;
- the deletion, the conversion into anonymous form or the blocking of unlawfully processed data, including data that needs to be stored for the purposes for which the data has been collected or subsequently processed;
- confirmation that, in term of their content, the abovementioned operations have also been brought to the attention of any parties to which the data has been communicated or distributed, unless it is impossible to do so or would involve clearly disproportionate effort in relation to the right protected;
- data portability;
d) object, in whole or in part:
- for legitimate reasons, to the processing of their data, even if it relates to the purpose of its collection;
- to the processing of their personal data, provided for the purposes of commercial information or of sending advertising material or direct sales or for carrying out market research or marketing communications.
The abovementioned rights may be exercised by making a request to the Data Controller, at the contact details shown in art. 1.