Privacy Policy
JEFFREYCAMPBELLSHOES.IT PRIVACY POLICY
Who is the Data Controller?[1]
Asap Ltd. S.p.a., with its registered office at Via della Vigna Nuova 1 - 50123, Florence (FI) (VAT number: 04456050485), hereinafter referred to as the "Controller."
How can I contact them?
The company's contact details are as follows:
- Email: [email protected]
- Certified email (PEC): [email protected]
- Address: Via della Vigna Nuova 1 - 50123, Florence (FI)
Has a Data Protection Officer (DPO) been appointed? What are their contact details?
The company has appointed a DPO as follows:
- DPO Name: Edoardo Degl’Innocenti
- Email: [email protected]
- Introduction
Under the European General Data Protection Regulation (GDPR), legal entities are not considered data subjects and, as such, the European regulation does not apply to them. However, if personal data concerning an individual is included in the context of corporate data collection, that individual should be considered a data subject under the GDPR, and the relevant regulations apply.
- What data processing activities are conducted through the website? What are the legal bases, purposes, and retention periods?
REGISTRATION/ LOG-IN
|
PORPOSE |
The purpose of data processing is to register on the site and make purchases more easily. |
LEGAL BASIS |
Data Subject's Consent. In case of disputes, data will be processed to act and/or defend legal claims based on the legitimate interest of the Controller. |
|
RETENTION PERIOD |
Data will be processed until consent is revoked. If the account remains inactive for 7 years, you will receive an email to inquire if you still wish to keep it active; otherwise, the account will be deleted. Data may be retained for a longer period in the case of disputes. |
|
ADDITIONAL INFORMATION |
Registration is not mandatory for making purchases, as it is possible to proceed as a "guest." When registering through social media, data is imported from the social platform (Meta) and processed accordingly. |
PURCHASE |
PORPOSE |
The primary purpose of data processing is to allow you to purchase and receive the requested product. It is also necessary to fulfill legal obligations, including accounting and tax requirements. The data may be used in the case of disputes related to proper contract performance. |
LEGAL BASIS |
Performance of a Contract and Compliance with Legal Obligations by the Data Controller. In case of disputes, data will be processed to act or defend legal claims, corresponding to the legitimate interest of the Data Controller. |
|
RETENTION PERIOD |
Data will be deleted after 10 years from the contract's fulfillment. Data may be retained longer in the event of disputes for exercising or defending legal rights, based on the legitimate interest of the Data Controller. |
|
ADDITIONAL INFORMATION |
Providing data is mandatory, and refusal to provide data will prevent the purchase of requested products. |
NEWSLETTER |
PORPOSE |
The purpose of data processing is to send newsletters and DEM (Direct Email Marketing). |
LEGAL BASIS |
Consent given by the Data Subject. |
|
RETENTION PERIOD |
Data will be retained for 5 years from the last send. |
|
ADDITIONAL INFORMATION |
Consent may be revoked at any time. The user is free to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide data marked as essential, the Data Controller will not be able to achieve the specified purpose. |
ABANDONED CART |
PORPOSE |
The purpose of data processing is to send n: 2 emails to invite the user to complete the interrupted purchase on the site. |
LEGAL BASIS |
Legitimate interest of the Data Controller in completing the purchase. |
|
RETENTION PERIOD |
72 hours |
|
ADDITIONAL INFORMATION |
Data provision is automatic and follows the partial completion of the shopping cart. |
BACK IN STOCK |
PORPOSE |
The purpose of data processing is to inform you when a product that was out of stock becomes available for purchase. |
LEGAL BASIS |
Pre-contractual measures carried out at the Data Subject's request. |
|
RETENTION PERIOD |
We will retain any Data you submit for as long as Back in Stock deems it necessary to provide adequate service to the User, unless explicitly asked by a User for their Data to be deleted. |
|
ADDITIONAL INFORMATION |
The user is free to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide data marked as essential, the Data Controller will not be able to achieve the specified purpose. |
CONTACT US |
PORPOSE |
The purpose of data processing is to enable the submission of information requests. |
LEGAL BASIS |
Pre-contractual measures carried out at the Data Subject's request. In case of disputes, data will be processed to act or defend legal claims, corresponding to the legitimate interest of the Data Controller. |
|
RETENTION PERIOD |
We will process the data for the time necessary to respond to requests and then delete the data. Data may be retained longer in the event of possible disputes for exercising or defending a legal right, based on the legitimate interest of the Data Controller. Data obsolescence is verified every 12 months. |
|
ADDITIONAL INFORMATION |
The user is free to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide data marked as essential, the Data Controller will not be able to achieve the specified purpose. |
REVIEWS AND PUBLIC QUESTIONS |
PORPOSE |
The purpose is to share your experience and promote the company. |
LEGAL BASIS |
Legitimate interest of the Data Controller and consent provided by the Data Subject. |
|
RETENTION PERIOD |
Reviews will be published on the site until they become outdated and/or until consent is revoked. In fashion articles, reviews are no longer displayed when the product listing is removed. |
|
ADDITIONAL INFORMATION |
Data provision for requests is automatic and follows the purchase of the product.
|
OPEN A STORE |
PORPOSE |
The purpose is to request information if you wish to open a store. |
LEGAL BASIS |
Pre-contractual measures carried out at the Data Subject's request. In case of disputes, data will be processed to act or defend legal claims, corresponding to the legitimate interest of the Data Controller. |
|
RETENTION PERIOD |
Data will be deleted after 2 weeks. |
|
ADDITIONAL INFORMATION |
The user is free to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide data marked as essential, the Data Controller will not be able to achieve the specified purpose. |
WORK WITH US |
PORPOSE |
The purpose of data processing is to send spontaneous job applications. |
LEGAL BASIS |
Execution of pre-contractual measures at the Data Subject's request. |
|
RETENTION PERIOD |
Data will be retained for 3 months, after which they will be deleted. |
|
ADDITIONAL INFORMATION |
The user is free to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide data marked as essential, the Data Controller will not be able to achieve the specified purpose. |
NAVIGATION DATA |
PORPOSE |
Site security. |
LEGAL BASIS |
We will process data based on the company's legitimate interest in cybersecurity and compliance with legal obligations. The legal basis for processing cookies other than necessary ones is consent. |
|
RETENTION PERIOD |
24 months |
|
ADDITIONAL INFORMATION |
For cookie regulations, please refer to the separate policy.
|
- What else should I know?
Data will be processed fairly, transparently, and with the utmost confidentiality, in compliance with appropriate security measures as required by the GDPR and applicable regulations. Processing will be carried out digitally. Data will be publicly disclosed only in the context of reviews and public questions. Additionally, the user will not be subject to automated decision-making processes, including profiling, unless consent is given through the installation of cookies or other tracking tools, subject to the respective policy.
- To whom will my data be communicated?
The Controller may disclose data to entities required by law to fulfill the purposes mandated by law. The Controller also uses certain companies or IT tools that process personal data on behalf of the Controller, such as couriers, all duly appointed as data processors under Article 28 of the GDPR. Data will also be communicated to payment gateways as independent controllers. The list of data processors is available at the registered office.
- What is the place of data storage and transfer?
The management and storage of personal data will occur on servers located in Italy. However, data may be transferred outside of the European Union for certain activities (newsletter and back in stock). The Data Controller guarantees that transfers outside the EU comply with Articles 44-47 of Chapter V of the GDPR through the use of standard contractual clauses and/or the adequacy decision of July 10, 2023.
- What are my rights, and how can I exercise them?
- a) Data Subject Rights
As a data subject, you have the rights as defined in Articles 15 and subsequent articles of the GDPR, including:
- RIGHT OF ACCESS (Article 15 GDPR): The right to obtain confirmation of the existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form.
- RIGHT TO RECTIFICATION (Article 16 GDPR): The right to obtain the correction of inaccurate personal data concerning you and the completion of incomplete data.
- RIGHT TO ERASURE (Article 17 GDPR): The right to obtain the erasure of personal data in specific cases, such as the withdrawal of consent or the objection to processing.
- RIGHT TO RESTRICT PROCESSING (Article 18 GDPR): The right to obtain the restriction of processing in specific cases, such as when requesting rectification or objection.
- RIGHT TO DATA PORTABILITY (Article 20 GDPR): The right to receive your data in a structured, commonly used, and machine-readable format, or request the transfer of data to another controller.
- RIGHT TO OBJECT (Article 21 GDPR): The right to object to the processing of personal data for specific reasons.
- RIGHT TO LODGE A COMPLAINT: The right to file a complaint with the relevant supervisory authority if you believe that data processing violates current regulations.
- b) How to Exercise these Rights:
You can exercise these rights at any time by contacting the Data Controller at the provided addresses.
Last updated: [Date]
This privacy policy has been drafted by Polimeni.Legal.
[1] According to Article 4, No. 7 of the GDPR: the data controller is the one who determines the purposes and means of processing personal data, and their responsibilities are identified by Article 24 of the GDPR.