Information pursuant to Article 13 of the European Regulation 679/2016
Pursuant to Article 13 of the European Regulation (EU) 2016/679 (hereinafter referred to as GDPR), and in relation to the personal data that the Company will come into the possession of with the activity related to the navigation on the website https://www.fashioncityoutlet.com, we communicate the following:
Data controller and data protection officer
The data controller is Segesta Invest srl in the person of its legal representative pro tempore, with an address for service in Milan via Fatebenefratelli 34. The data controller can be contacted by PEC at segestainvest@legalmail.it
The Company has not appointed a data protection officer (DPO or, data protection officer, DPO).
The purpose of the processing is for the correct and complete execution of the promotion and advertising activity
Personal data may be processed by means of both paper and computer files (including portable devices) and processed in a manner strictly necessary to meet the above purposes.
Legal basis for processing
The Company processes personal data lawfully where the processing:
- is necessary to fulfill a legal or fiscal obligation incumbent on the Company;
- Is based on express consent.
Consequences of non-disclosure of personal data
With regard to personal data related to the performance of the contract to which it is a party or related to the fulfillment of a regulatory obligation (e.g., fulfillments related to the keeping of accounting and tax records), failure to disclose personal data prevents the completion of the contractual relationship itself.
Personal data, processed for the above purposes, will be retained for the mandatory period of the Law and, thereafter, for as long as the Company is subject to retention obligations for tax or other purposes, provided, by law or regulation.
Personal data may be disclosed to:
1. consultants and accountants or lawyers who provide functional services for the above purposes;
2. banking and insurance institutions that provide functional services for the above purposes;
3. parties who process data in fulfillment of specific legal obligations;
4. Judicial or administrative authorities, for the fulfillment of legal obligations.
Personal data are not subject to dissemination or any fully automated decision-making process, including profiling.
The rights recognized by the GDPR include those of:
- to request from the Company access to personal data and information related to them; rectification of inaccurate data or supplementation of incomplete data; deletion of personal data (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); limitation of the processing of personal data (upon the occurrence of one of the cases indicated in Article 18, paragraph 1 of the GDPR);
- to request and obtain from the Company - in cases where the legal basis of the processing is a contract or consent, and the processing is carried out by automated means - personal data in a structured, machine-readable format, including for the purpose of communicating such data to another data controller (so-called right to personal data portability);
- To object at any time to the processing of personal data when special situations arise;
- revoke consent at any time, limited to cases where processing is based on consent for one or more specific purposes and involves common personal data (e.g., date and place of birth or place of residence), or particular categories of data (e.g., data revealing racial origin, political opinions, religious beliefs, health status or sex life). Processing based on consent and carried out prior to revocation of consent retains, however, its lawfulness;
- Propose a complaint to a supervisory authority (Data Protection Authority - www.garanteprivacy.it).
□ Give consent
□ Denies consent
Processing related to the web services of these sites takes place at the providers of Internet services used for the implementation and provision of the site and at the offices of the Data Controller.
Data are processed by designated personnel only, including for any maintenance and administration of the processing systems.
Navigational and technically indispensable data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Data relating to identified or identifiable persons may also be processed on the basis of additional information communicated by the interested party: for example, through the completion of forms (forms) for data collection; or through the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, which underlies the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the communication.
Data processed for store order management include master data, addresses, bill of purchase, reports and notes.
No profiling data is directly acquired regarding the data subject's consumption habits or choices. However, it is possible that through links or by incorporating third-party elements, such information is acquired by autonomous or separate entities. See in this regard the section on Cookies.
The personal data collected are used for the sole purpose of performing the services or services requested and are disclosed to third parties only if this is necessary for that purpose. Services include: consultation and mere enjoyment of the site and its contents; registration and access to the restricted area; donations and payments; subscription to and receipt of the newsletter; reports; contact request; etc.
In-depth information directions are prepared for some services.
In any case, no data derived from the web services is disseminated or published without the prior consent of the person concerned.
Finally, please note that in some cases (not subject to ordinary management) Public Authorities may request news and information even of a personal nature, which the Holder is obliged to follow up.
Apart from what is specified for navigation data and technically indispensable, the user is free to provide personal data for specific requests on products and/or services. Failure to provide certain data, considered indispensable may result in the impossibility of obtaining what has been requested.
Legal basis. Possible management of consent to processing
When necessary, outside the cases in which the legitimate interest of both the owner and third parties applies, and in any case after reading the information notice, the interested party is requested to express his or her consent to the processing and communication of his or her data for the purposes and within the limits described, failing which the Owner will be unable to process the data to carry out and implement the services requested by the interested party or proposed to him or her.
The e-mail contacts used to send the periodic newsletter come from voluntary subscriptions by the recipient to whom a request for confirmation is always submitted, as well as from information acquired in the context of the sale of products or services of the Owner or otherwise similar for legitimate interest. The newsletter includes the sending of information, communications including commercial or promotional and material. It is emphasized that contacts are not acquired from public lists of subscribers. In the event that the communications are not of interest to the recipient, it is possible to avoid further mailings related to the specific channel by clicking the appropriate unsubscribe link contained in each message of that channel, or to avoid further contact by writing to the contact details at the bottom exercising your right to unsubscribe from the newsletter.
The requested data are freely provided by the person concerned: some of them (Name, Telephone, E-mail) are indispensable; others are optional. Consent to processing is required to transmit the report, which also includes receiving the newsletter (see specific section) for promotional and commercial communications, from which one can later unsubscribe.
The processing of personal data, understood as collection, recording, organization, storage, processing, modification, deletion and destruction or the combination of two or more of these operations, is carried out by manual, computer and telematic means, including automated means, with logic strictly related to the stated purposes and, in any case, in such a way as to ensure security and confidentiality and for the time strictly necessary to achieve the purposes for which they were collected.
The data are processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, accurate, and if necessary updated, relevant, complete and not excessive in relation to the purposes of processing, respecting the minimum security standards and the fundamental rights and freedoms, as well as the dignity of the person concerned with particular reference to confidentiality and personal identity.
Specific security measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access.
The data will be kept until the end of the legal limitation period for defending or asserting a right in court, after the purpose (purpose of processing) for which the data was collected has been fulfilled.
Personal data will not be transferred to a recipient in a third country or international organization outside the European Union (EU) or European Economic Area (EEA)
At any time, the data subject may: exercise his or her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided against the data controller, pursuant to Articles 15 to 22 of the GDPR ; lodge a complaint with the Garante(www.garanteprivacy.it); and if the processing is based on consent, revoke that consent given, taking into account that revocation of consent does not affect the lawfulness of the processing based on the consent before revocation.
European legislation, Reg.(EU) 2016/679, and Italian legislation, Legislative Decree No. 196 of June 30, 2003, as amended and supplemented, as well as the provisions of the Italian Data Protection Authority apply to the processing of personal data related to the site.
Requests should be addressed to the Data Controller through segestainvest@legalmail.it