PRIVACY POLICY

PRIVACY POLICY FOR WEBSITE’S USERS: https://shop.pineider.com e www.pineider.com
Please read carefully this privacy policy (hereinafter, the “Privacy Policy”) given to the users of the following websites: https://shop.pineider.com and www.pineider.com (hereinafter, the “Websites”) on personal data processing according to Article 13 of General Data Protection Regulation NO. 679/2016 (hereinafter “GDPR”).

1. WHO PROCESSES YOUR PERSONAL DATA?

Data Controller
The data controller is Pineider 1774 S.r.l. with registered office at Bagno a Ripoli (FI), Via del Roseto n. 54 (Italy) and can be contacted at the following e-mail address:  privacy@pineider.com (hereinafter, “Pineider” or the “Data Controller”).

Recipients of your personal data
Your personal data could be communicated to:

  1. persons authorized by the Data Controller that are committed to/ or under an appropriate statutory obligation of confidentiality;
  2. subjects delegated and/or appointed by the Data Controller to carry out activities related to the purposes specified below (including technical maintenance interventions on the systems) rightly appointed as data processor;
  3. persons, companies or professional firms that provide assistance to the Data Controller, appointed, where necessary, as data processor;
  4. subjects, bodies or authorities to whom the communication of your personal data is mandatory pursuant to the provisions of law or orders of the competent authorities;
  5. business partner active in luxury or publishing field or in the field of event’s organization with which Pineider is willing to carry out partnership marketing activities;
  6. third parties involved in the performance of activities strictly related or linked to the conclusion and/or execution of extraordinary transaction;
  7. other group company located in Italy.

Your personal data could be transferred outside the European Economic Area in compliance with art. 44 ff GDPR.

2. PERSONAL DATA PROCESSED

Data provided on a voluntarily basis
Users can voluntarily provide personal information through, by way of example, the access to the Websites’ personal area, the newsletter subscription, contacting Pineider through channels made available by the Data Controller (e-mail, telephone), as well as identifying the closest authorized sales point or for recruitment purposes (please visit the “Privacy Policy for applicants”).
Data of third parties
Please note that if You provide us with information related to third parties You shall be sure that such third parties have been prior and properly informed about the method and purposes of the processing herein shown. 
Please consider that with regard to such cases, You act as an independent data controller and  you bear full responsibility and obligation provided by law.
Personal data relating to persons under the age of 16
Please note that if you are not 16 years old, you are not entitled to provide us with any personal data and, in any case, we are not responsible for your false statements. If we become aware of your false statements, we will immediately delete any personal data acquired.
Data related to or arising from the use of the Websites
Please note that we collect the following data by means of the services that You use:

- Technical data: IP addresses or domain names of the devices used by the users to connect to the Websites, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received as a reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding your operating system and device environment. This data is used exclusively for the purposes of obtaining (anonymous) statistics on the use and proper functioning of the Websites to control its correct functioning, and such information is deleted immediately after processing. These personal data may also be used to ascertain any liability in cases of alleged computer crimes against the Website or against third parties and they will be deleted after 7 days.

- Personal data collected through cookie or similar technologies: for further information please see “Cookie” section. 

Cookie: definitions, features and applicable law
Cookie are small text files sent/read by websites on your devices, which are then transmitted back to those websites during the next visit. Thanks to cookies websites remember your actions and preferences (such as login data, the default language, font sizes, additional display settings, etc.) so that they do not need to specify them again on the next visit. Cookies are used to perform IT authentications, session monitoring, and to store information about the activities of users who access a website, and may also contain a unique identifier that allows for monitoring of user experiences on the site for statistical or advertising purposes.
During the browsing the site, user can also receive on his computer cookies from sites or web servers other than the one he is visiting (c.d. "third-party" cookies). Some operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the site to function.
There are indeed various types of cookies, depending on their features and functions, and these may remain on user device for different periods of time: so-called session cookies, which are automatically deleted when you close your browser; and so-called persistent cookies, which remain on your device until a pre-established date.
According to the applicable law, your prior explicit consent for the use of cookies is not always required. In particular, such consent is not required for “technical cookies”, i.e. those used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary to provide a service explicitly requested by the user. In other words, those cookies are necessary for the operation of a website or to perform tasks requested by the user.

Please consider that the Italian Data Protection Authority (i.e. Garante per la protezione dei dati personali) has issued a decision (Decision Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 may 2014 and following clarifications, hereinafter the “Decision”) according to which the technical cookies that do not require explicit consent also include:

  • The “analytics cookies” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website;
  • The browsing or session cookies (for logging purposes);
  • The functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased  so as to improve the quality of service;
  • “Profiling cookies” are aimed at creating user profiles and they are used to send ads messages in line with the preferences shown by the user during navigation. For these cookies the user shall express explicit consent

Social Plugin
Many social networks have developed "social plug-in modules", which website operators can integrate into their websites. This allows social networks users to share content with their "friends" (and propose other related features such as posting comments). Our Websites may include one or more of these social plug-in modules. These plug-ins store and access cookies on the user's computer, allowing social networks to identify their members when they interact with these plug-in. Please note that the aforementioned social plug-in modules can also be used by social networks to provide services that go beyond what is strictly necessary, for example for behavioral advertising. Users should explicitly request these services. You can check the cookie settings on your social media platform.

 Payment
Please consider if You make a payment on the website https://shop.pineider.com by credit card, You shall enter the confidential data of the credit card (card number, holder of the card, expiration date, security codes). These data will be acquired by the payment service provider who will act as an independent data controller, without passing through the Data Controller server and/or any data processors, therefore, he will not process these personal data in any way. The data will be acquired in encrypted format and according to the security requirements of the ISO 27001 certification. The payment service uses the SSL protocol (Secure Sockets Layer). The user can request, through the website, the saving of such data that will be saved directly by the payment service provider and will not be acquired by the Data Controller and / or by any data processor. The website's operational manager will only keep track of the last four digits that make up the credit card number, solely and exclusively to prevent fraud in online payments.

3. PURPOSES OF THE PROCESSING

The personal data provided through the Websites will be processed for the following purposes:

  • a. Ensuring your registration to the personal area of the website https://shop.pineider.com;
  • b. Performing the activities necessary to conclude, manage and execute the purchase agreement of products and goods on the website https://shop.pineider.com;
  • c. For purposes strictly related and/or necessary to satisfy your requests made, from time to time, through the Websites via email or other communication tools;
  • d. ensuring compliance with legal obligations, regulations and European regulations;
  • e. ascertain, exercise or defend a right in judicial proceedings or whenever the judicial authorities exercise their jurisdictional functions;
  • f. forward promotional communications: in compliance with the "Guidelines on Marketing and against Spam - 4 July 2013 [2542348]" issued by the Italian Data Protection Authority, if you consent to receive information concerning promotional activities, including market research, of the Data Controller. Pineider informs you that such activities can be exercised, as required by current regulations, by means of paper mail, operator-assisted calls ("traditional methods") , e-mail, texting, push notifications and use of social networks ("automated methods")(“direct marketing”);
  • g. Analyzing, also through electronic means, Your interests, habits and choices of purchase, in order to send you personalized advertising material related to Pineider’s products and/or services and in order to improve Pineider’s offer of product and services (“profiling”).
  • h. Forward  direct offer of products or services similar to the ones already purchased  (“soft spamming”) with limited reference to the email address that You provided in the context of purchasing of a service or product on the website https://shop.pineider.com;
  • i. Carrying out statistical survey;
  • j. Managing applications procedures;
  • k. Allowing the Data Controller to conclude a potential merger, transfer of assets, transfer of company or branch of company by disclosing and transferring your personal data to the third party involved;
  • l. Communicate your personal data to Pineider’s business partner active in the luxury or publishing field as well as in the field of events organization in order to send you invitations to events organized by the business partner and Pineider (“co-marketing”);

The legal basis of processing for purposes 3 (a), (b), (c) and (j) is the necessity to perform a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to art. 6 (1) (b) GDPR. The performance of such activity does not require your consent.
The legal basis of the processing for purpose 3 (d) is the necessity to comply with a legal obligation to which the Data Controller is subject according to art. 6 (1) (c) GDPR.

The legal basis of the processing for the purposes 3(e) and (k) is the legitimate interests pursued by the Data Controller according to art. 6 (1) (f) GDPR.
The legal basis of the processing for the purposes 3 (f), (g) and (l), is your consent according to art. 6 (1) (a) GDPR. Failure to give your consent does not affect the Websites’ use. The consent is freely given and you have the right to withdraw your consent at any time through an email to the Data Controller to privacy@pineider.com.
The processing of your personal data for the purpose 3 (h) is based on the legitimate interest of the Data Controller according to art. 130 of the Italian Legislative Decree no. 196/2003 which does not require consent. Please consider that you may at any time request not to receive such communications by using the "Unsubscribe" link put at the bottom of each communication.  

Please consider that the processing for the purpose 3 (i) does not comprise personal data processing.

4. RETENTION PERIOD

With reference to the processing carried out for the purposes as per 3 (a) Your personal data will be deleted if you do not access your personal area for a period of 36 months
With reference to the processing carried out for the purposes as per 3 (b) your personal data are processed, without prejudice to the legal obligations to which Pineider is subject, beyond the time allowed by Italian law to protect its interests from possible complaints.
With reference to the processing carried out for the purposes as per 3 (c), your personal data will be proceed for the period strictly necessary to fulfill your request except for the need to fulfill legal obligations or protect the Data Controller legitimate interests.  
With reference to the processing carried out for the purposes as per 3 (d), your personal data will be processed for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which is subject.
With reference to the processing carried out for the purposes as per 3 (e) and (k), your personal data will be processed for the period strictly necessary to allow the        Data Controller to verify, exercise or defend a right before a court or whenever the authorities exercise their jurisdictional functions and / or carry out any extraordinary transactions involving Pineider and related activities.
With reference to the processing carried out for the purposes as per 3 (f), (g) and (l), your personal data will be stored until you withdraw your consent. In any case, Pineider is entitled to keep the personal data for the period of time provided for and permitted by Italian law to protect its interests.
With reference to the processing carried out for the purposes as per 3 (h), your personal data will be stored until you oppose to this processing using the "unsubscribe" link that you can find at the bottom of each communication forwarded via e-mail.
With reference to the processing carried out for the purposes as per 3 (j) your personal data will be stored for a period not exceeding 12 months from receipt of your application. In the event of a successful selection, your data will be stored according to the privacy policy for employees.

5. EXERCISE OF YOUR RIGHTS

Withdraw of your consent

You can  withdraw  at any time your consent sending an e-mail to the Data Controller: privacy@pineider.com.
Your consent is free and the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Exercise of your rights
You have the right, at any time, to request to the Data Controller access to, rectification, erasure, to object to relevant processing activity. According to art. 18 GDPR you are entitled to ask for restriction of the processing concerning your personal data or and to receive in a structured, commonly used and machine-readable format the personal data concerning you, in accordance with art. 20 GDPR.
Requests to exercise your rights must be sent to the following address: privacy@pineider.com.
In any case, pursuant to the Applicable Law, you have the right to lodge a complaint with the relevant supervisory authority (the Italian “Garante per la protezione dei dati”) if you believe that the processing of your Personal Data is against the applicable law.

6. HOW IS THE SECURITY OF YOUR PERSONAL DATA ENSURED?

The processing of your personal data by the parties referred to in paragraph 1 above, is performed in accordance with the provisions of the current applicable law. In particular, in order to ensure the security of your personal data, the Data Controller has implemented adequate technical and organizational measures to guarantee an adequate level of security to the risk, taking into account the state of the art and the implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk of various probabilities and severity for the rights and freedoms of individuals.

7. PRIVACY POLICY UPDATE

This Privacy Policy has been published in april 2019 and may change over time, also in relation to the entry into force of new sector regulations, the updating or provision of new services or technological innovations. Pineider will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Websites. Pineider invites you, therefore, to regularly visit this section to become aware of the most recent and updated version of this Privacy Policy in order to be always updated on the data collected and on the use made of it by the Data Controller.