PRIVACY POLICY INFORMATION ON THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH ARTICLE 13 OF REGULATION (EU) 2016/679

Data subjects: users consulting the website www.albertaferretti.com of ‘AEFFE S.P.A.’

WHY THESE INFORMATION

Pursuant to Regulation (EU) 2016/679 (hereinafter the ‘Regulation’, or ‘GDPR’), this page describes the methods for processing the personal data of users consulting the website of ‘AEFFE S.P.A.’ accessible by electronic means at the following address: www.albertaferretti.com. This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on this site but which refer to resources outside the domain www.albertaferretti.com

DATA CONTROLLER

Following consultation of the site, data relating to identified or identifiable natural persons may be processed.
- Triboo Digitale S.r.l. with registered office in Viale Sarca 336, Building sixteen, 20126 Milan, VAT/C.F. and registration number with the Milan Companies' Register IT02912880966; e-mail: privacy@triboo.it - PEC: triboospa@legalmail.it; - tel. +39.0264741491. Triboo Digitale S.r.l. is the owner of the processing of your personal data for the sole purposes necessary to comply with regulatory obligations regarding tax and accounting matters deriving from purchases made at the e-commerce shop, including any electronic payments through the payment system available to you. - Legal basis: legal obligation and contractual obligation.
- AEFFE S.P.A. with registered office in Via delle Querce 51 - 47842 San Giovanni in Marignano (RN) VAT no.: 01928480407, Email: privacy@aeffe.com, Tel: 0541 965211.

Aeffe S.P.A. is the data controller of your personal data relating to navigation on the site, registration on the online portal, orders placed and to answer customer care requests received and in general to guarantee the functionalities available on the website; as well as, subject to your free consent, for the optional purposes of marketing and profiling.

DATA PROTECTION RESPONSIBLE

The Data Protection Officer (‘DPO’) for Aeffe S.p.A. is the company Studio Paci & C. Srl (Contact person Dr. Gloriamaria Paci) who can be contacted at the following address: dpo.aeffe@studiopaciecsrl.it, telephone: 0541 - 1795431 and PEC: studiopaciecsrl@pec.it. The Data Protection Officer (‘DPO’) for Triboo Digitale S.r.l. can be contacted at the following email address: lapo.curinigalletti@triboo.it.

TYPES OF DATA PROCESSED, PURPOSE OF THE PROCESSING AND LEGAL BASIS

Given that personal data means any information relating to an identified or identifiable natural person

, directly or indirectly (Art. 4 no. 1 GDPR), that the data subject means the natural person (user of the Site) to whom the data refer and that processing means any operation or set of operations carried out with or without the aid of automated processes and applied to personal data or sets of personal data (Art. 4 n. 2 GDPR), the personal data that the owner processes as a result of navigation on the Site are as follows:

1) Navigation data Legal basis: ‘processing of data necessary for the navigation of the website’ - contractual obligation - art. 6 par. 1 letter b) GDPR The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data, which is necessary to navigate the Site and to use the information it contains, is also processed by the data controller for the purpose of:
- obtain aggregate and anonymous statistical information on the use of the Site (most visited pages, number of visitors per time slot or per day, geographical areas of origin of visitors, etc.)
- check the correct usability of the contents offered by the Site;
- prevent or counteract any possible computer crimes, fraudulent use of the functions available on the Site, also for the purpose of reconstructing security incidents and their traceability Duration of storage: In compliance with the principles of lawfulness, purpose limitation, data minimisation, pursuant to Art. 5 of the GDPR, navigation data will be stored for a period of time not exceeding the achievement of the technical purposes described above for which they are collected and processed, except for any need to ascertain crimes by the judicial authorities.

2) Data communicated by the user Legal basis: ‘processing of data necessary to answer users’ questions’ - contractual obligation - art. 6 par. 1 letter b) GDPR The optional, explicit and voluntary sending of messages to the contact addresses of the data controller, private messages sent by users to institutional profiles/pages and on social media, as well as the completion and submission of forms on the controller's website, entail the acquisition of the sender's contact data, necessary to answer, as well as all the personal data included in the same communications. Specific information is published on the pages of the site set up for the provision of certain services, and where necessary the user's consent is collected, informing them of the purpose and the option of providing it. Duration of storage: The data communicated by the user are stored for the time necessary to handle individual requests, any subsequent storage for statistical purposes provides for the anonymization of such data (except for any need to ascertain crimes by the judicial authorities).

3) Registration and purchase data Legal basis: User registration and purchase - contractual obligation - art. 6 par. 1 letter b) GDPR Invoicing and tax and accounting fulfilment - legal obligation - art. 6 par. 1 letter c) GDPR Registration on the portal is preparatory to correct identification in anticipation of and in connection with a purchase. Registration will allow you to create your own user profile without having to re-enter your data for the subsequent purchases. Your user profile will store your residential address, shipping address (if different from your residence), tax code if required by law, and your purchase history. You can request the deletion of your user profile at any time. It is possible to make an online purchase even without registering on the portal, your data will be processed exclusively for your correct identification, to allow the purchase and shipment in application of the general conditions of sale, and to allow invoicing in accordance with the law. Information on the processing of Level I data can be found in the specific information notice available in the registration and purchase forms.


4) Data acquired by means of cookies and other tracking systems
The following are used: a) technical cookies necessary for user navigation, facilitating the correct navigation of the site and the usability of its contents by the user. Legal basis: ‘contractual insofar as they are functional and necessary’. b) analytical cookies used to process aggregate statistical analyses of the use of and interaction with the site by the user. Subject to the user's consent. Legal basis: ‘consent’. c) Profiling cookies allow information to be collected on the preferences expressed by the user during browsing and to prepare reports to be used for targeted advertising and marketing campaigns. Legal basis: ‘consent’. For analytical and profiling cookies, consent to the processing of personal data, in accordance with Article 6(1)(a) GDPR, is expressed by the data subject by clicking on the accept all cookies button or by managing the preferences available by clicking on the customise button, in accordance with the provisions of the ‘Cookie and other tracking tools guidelines’ annexed to the GPDP (Garante per la Protezione dei Dati Personali) Measure No. 231 of 10.06.2021. Information on the processing of data, the purpose, duration and complete management of cookies, including their consent and revocation, can be found in the document ‘Cookie Policy’ also in the footer.

5) Direct marketing Legal basis: consent of the data subject - art. 6 par. 1 letter a) GDPR By entering the personal data (identification and contact details) requested in the forms providing for the granting of consent for direct marketing activities (including newsletter subscription), the User declares that he/she having read this information notice, and gives consent, on an optional basis, to the processing of personal data for marketing activities. In addition to the data communicated by the User, the Data Controller also acquires the date and time the form was sent, the page it came from, and the IP address of the device used to register the consent. The data communicated and in any case acquired by the Data Controller are functional to receiving periodic e-mail communications containing, information about new products on sale at the e-commerce, events and promotions (marketing purposes) of the Data Controller. With regard to the sending of promotional material to your e-mail inbox, interactions with the communications transmitted (e.g. rate of opening of e-mails, any clicks on links and/or banners and/or buttons) may also be processed.
6) Profiling Legal basis: consent of the interested party - art. 6 par. 1 letter a) GDPR By inserting the personal data (identification and contact data) requested in the forms that provide for the granting of consent for profiling, the User declares that he/she has read this information notice, that he/she is over 16 years of age and gives his/her consent, which is in any case optional, to the processing of personal data for profiling activities. In addition to the data communicated by the User, the Data Controller also acquires the date and time the form was sent, the page it came from, and the IP address of the device used to register the consent. As a result of the specific consent given to the profiling activity, the Data Controller still acquires a series of data and information suitable for revealing consumption habits and lifestyles based on the preferences shown by the User when interacting with the pages of the Site, the products purchased and the contents of the communications received by the Data Controller. This data, associated with each other, contributes to defining, through its inclusion in clusters, i.e. in groups of distinct Users based on the preferences shown, the User's profile and is functional to receiving communications that are personalised on the basis of the profile. In connection with the sending of promotional material to your e-mail inbox, interactions with the transmitted communications (e.g. opening rate of e-mails, clicks on links and/or banners and/or buttons) may also be processed.

7) Further data acquired by the Data Controller

The subscription to the newsletter, the possible request to receive personalised commercial communications and also the interaction with the pages of the Site that the User may reach also through social networks, as a result of the marketing campaigns promoted by the Data Controller that determine the redirection to a specific page (so-called ‘landing page’), allows the Data Controller to acquire other data with respect to the data communicated by the Users, such as, for example, the date and time of opening of e-mails containing newsletters and commercial communications, the contents of interest. so-called ‘landing page’), allows the Data Controller to acquire other data than those communicated by the Users, such as, for example, the date and time of opening of e-mails containing newsletters and commercial communications, the contents of interest and therefore the preferences shown by the recipients. This data is functional to the establishment of a relationship with customers and also to the sending of news and/or information selected on the basis of demonstrated preferences. For the above-mentioned purposes, the legal basis legitimising the processing is represented by the consent to the processing, pursuant to Art. 6, par. 1 lett. a) GDPR, expressed by the person concerned by clicking on the relevant boxes within the form intended for newsletter subscription and the request to receive personalised communications. Further details about the processing of the data communicated by Users, the legal bases and the processing methods are available in the complete information notices of the data acquisition forms of the marketing campaigns.

8) Social Media Policy: Information on the processing of personal data carried out through the Social Media platforms used For information on the processing of personal data carried out by the operators of the Social Media platforms, please refer to the information rendered by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, as part of its corporate promotion and advertising purposes, in order to manage interactions with the users themselves (comments, public posts, messages, shares, etc.) in compliance with the regulations in force on the protection of personal data and with this privacy policy; where necessary, the user's consent is collected, informing the user from time to time on the purposes for which it is to be provided and whether it is optional. Personal or ‘sensitive’ data included in public comments or posts within social media channels may be removed. 

9) Customer Care Legal basis: contractual obligation - Art. 6 para. 1 letter b) GDPR.
Managing and responding to any reports, after-sales enquiries (including order status and tracking), purchase assistance, returns, refunds, order cancellations and complaints made by the customer, in accordance with the general terms and conditions of sale. The user can take advantage of the Customer Care service via chat using the Chat Live channel on the site. The personal data requested (name, surname, email address) are necessary for the identification of the user for the correct handling of requests. OPTIONAL GIVING OF DATA AND REVOCATION OF CONSENT With the exception of automatically acquired browsing data, the giving of personal data is always voluntary and optional, even though refusal to communicate may prevent the sending of messages, requests for information or assistance, as well as the submission of any complaints, reports and requests for assistance in general. Consent to data processing, where required, is also optional but necessary in the event that the data subject wishes to subscribe to the newsletter and/or receive customised commercial communications. Full information on data processing can be found in the information notices attached to the aforementioned forms, to which we refer you.
The right to revoke consent to the processing given, both for marketing and profiling activities, is granted at any time to the person concerned and may be exercised by using the unsubscribe function at the bottom of the commercial communications received and/or profiling or by sending a communication to privacy@aeffe.com.

PERSONAL DATA DIFFERENT FROM THOSE INDIVIDUED IN THE CONTACT FORMS 

Since the contact forms on the pages of the Site contain free text fields or in some cases allow files to be sent, the User is invited to check the personal data that he/she intends to share, avoiding communicating so-called special data, i.e. data that could reveal the person's political opinions, religious or philosophical beliefs, state of health, sexual life or sexual orientation. With regard to such data, should the data controller consider that the communication has been made in error or that it is not necessary to process the request received, it will disregard it and/or provide for its immediate deletion.

PERSONAL DATA REFERRED TO OTHER PERSONS (DIFFERENT FROM THE INTERESTED PARTY)

For the same reasons explained above, the contact forms and files sent as attachments may in fact contain personal data relating to other interested parties (for example, in the event that the order is requested to be shipped to a person other than the purchaser). In the event that the User decides to communicate such data, he/she assumes full responsibility for it, also by proxy of the person concerned.

PERIOD OF DATA STORAGE

In compliance with the principle of retention limitation set out in Article 5 GDPR, data are kept for the time strictly necessary to achieve the purposes described above. In particular: - In the case of registration to the portal, your data will be retained until your eventual cancellation of membership, or following a period of inactivity of 5 years. - The data relating to the optional purposes (4. Direct marketing. - 5. Profiling) will be kept until you revoke your consent, to be requested either through the automatic modalities present in the e-mails, or by sending your request to the contact data of the Data Controller. At the end of 2 years from the acquisition of consent, a communication will be sent to the contact channels issued to allow the revocation of consent or its continuation.
- for activities carried out in execution of a contract or pre-contractual measures taken at the request of the person concerned, pursuant to Art. 6, para. 1, lett. b) GDPR, the data will be retained for the duration of the contract; for example, for registration on the portal, your data will be retained until you cancel your user account, or following a period of inactivity of 5 years. If you have made a purchase, the same may be retained for a period of time in compliance with the obligations prescribed by the laws in force, by way of example on the basis of tax legislation for at least 10 years; - Data relating to the purposes of direct marketing and profiling will be retained until you revoke your consent, to be requested either through the automatic methods present in e-mails, or by sending your request to the contact details of the Data Controller. At the end of 2 years from the acquisition of consent, a communication will be sent to the contact channels issued to allow the revocation of consent or its continuation. This is without prejudice, however, to the right of the Data Controller to keep the data for a longer period than that indicated above in order to ascertain and/or defend its rights in court (e.g. in the event of complaints).
In such cases, the retention periods are those linked to the aforementioned defence requirements and the time limits may coincide with the lapse and prescription periods provided for by law.

RECIPIENTS OF THE DATA

Recipients of the data collected following consultation of some of the services listed above are certain subjects designated by the Data Controller pursuant to Article 28 of the Regulation, as data processors, and other service providers in the field of web-agencies, digital communication, system support, social networks in the field of data collection through marketing campaigns, and any other digital service providers for which a complete list can be requested by writing to privacy@aeffe.com. Some data and information may be transmitted or acquired by parties identified as autonomous data controllers, including third party companies such as payment method operators chosen by the data subject (e.g. PayPal, PayPal Express, Alipay, Wechat and AmazonPay and Klarna), data relating to cookies that are usually anonymised before being sent, for statistical purposes. The personal data collected are also processed by the data controller's staff acting on the basis of specific instructions provided by the data controller regarding the purposes and methods of processing.

DATA PROCESSING SECURITY

Personal data transmitted and stored for the time necessary for the stated purposes are protected by specific technical and organisational security measures with reference to art. 32 of the Regulation, capable of guaranteeing on a permanent basis confidentiality, integrity, availability and the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident, including against the risks of destruction, loss, modification, unauthorised disclosure or accidental or unlawful access to personal data transmitted, stored or otherwise processed. The communication of data via the web is protected by SSL encryption of the communication channel, and the filling in of the contact forms on the Site is protected by Google's ‘ReCaptcha’ system, which makes it possible to distinguish between so-called ‘human’ and automated access in order to prevent ‘robotised’ systems from simulating the entry of data that cannot be traced back to a person with the intention of compromising the Site's functionality.

TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

The Controller uses the hosting provider Amazon.com, Inc. located in the USA Non-EU Country. The Data Controller has verified the existence of adequacy decisions for the recipient country by the Commission, with particular reference to the provider's inclusion in the Data Privacy Framework (adequacy decision of 10/07/2023, pursuant to Article 45 of the GDPR, ‘EU-US Data Privacy Framework’.). Other safeguards for the transfer to the recipients, depending on the case, may be: signing of standard contractual clauses, verification of the adoption of any additional measures in transposition of EDPB Recommendation 01/2020. As an exception to these guarantees, for data processing (in ref. of Art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favour of the data subject or consent to the transfer shall be verified.

RIGHTS OF DATA SUBJECTS

Data subjects have the right to obtain, in the cases provided for, access to their personal data, rectification, erasure, restriction of processing concerning them, portability, or to object to processing and to withdraw consent (where used as a legal basis) with reference to Articles 15 to 22 of the Regulation). The request is made through the contact details of the Data Controllers.
For the exercise of the rights it is also possible to use the model prepared and available on the website of the Italian Data Protection Authority at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275 RIGHT TO COMPLAIN Interested parties who consider that the processing of personal data relating to them carried out through this site is in breach of the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided for by Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation). The model for lodging a complaint is available on the website of the Data Protection Authority at this link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524

INFORMATION
ARTICLES. 13 AND 14 OF REGULATION (EU) 2016/679
Data Subjects: Users of e-commerce services
‘AEFFE S.P.A.’, and “Triboo Digitale S.r.l.” in their capacity as Data Controllers of your personal data, pursuant to and for the purposes of EU Regulation 2016/679 hereinafter “GDPR”, hereby inform you that the aforementioned legislation provides for the protection of the parties concerned with respect to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights. Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations provided therein.
Roles and responsibilities: this section describes the roles of the companies that process your personal data following a purchase on our e-commerce site www.albertaferretti.com or following registration.
• Triboo Digitale S.r.l.
Triboo Digitale S.r.l. is the owner of the processing of your personal data for the sole purposes necessary to comply with regulatory obligations regarding tax and accounting matters deriving from purchases made at the e-commerce shop, including any electronic payments through the payment system available to you.
Legal basis: legal obligation and contractual obligation.

• AEFFE S.P.A.
Aeffe S.P.A. is the owner of the processing of your personal data relating to registration on the online portal, orders placed and to respond to customer care requests received (points 1, 2, 3 of this information notice) and in general to guarantee the functions available on the website; as well as, subject to your free consent, for the optional marketing and profiling purposes described in points 4 and 5 of this information notice.

Source of data: data are collected directly from the data subject during registration on the website or during the purchase of a product without registration or also as part of online promotional campaigns (e.g. social network campaigns).
Purpose and legal basis of the processing: Your data will be processed to guarantee the functions available, including the management of the shopping cart (Shopping bag), for the selection of one or more articles, to store the contents of the shopping cart from the last time you logged on, commercial transactions with the payment methods you have chosen and other accessory and functional services to facilitate your choice of articles, as well as, when required, invoicing in application of the law, logistics for transport, delivery, collection, and possibly for after-sales activities and verification of the efficiency of the service. The Owner makes it known that the process of authentication to its account of the manager of the payment service chosen for the purchase of one or more products from the Store (including PayPal, Scalapay, Klarna, etc...) is managed by the same manager as autonomous data controller.

1) Registration on the portal: registration on the portal is preparatory to your correct identification in anticipation of and against a purchase. Registration will enable you to create your user profile without having to re-enter your data for subsequent purchases. Your user profile will store your residential address, your shipping address (if different from your residence), your social security number if required by law, and your purchase history. You can request the cancellation of your user profile at any time.
Data controller: Aeffe S.p.A.

2) Purchase without registration: it is possible to make a purchase online even without registering on the portal, your data will be processed exclusively for your correct identification, to allow the purchase and shipping in application of the general conditions of sale, and to allow billing in accordance with the law.
Data controller: Aeffe S.p.A. and Triboo Digitale S.r.l. for invoicing.

3) Customer care/ Online shop Customer service: management and response to any reports, requests for post-sales information (including order status and tracking), purchase assistance, returns, refunds, cancellation of orders and complaints forwarded by the Customer, in compliance with the general conditions of sale, through the online forms and paper forms made available by the Controller on the website. This also includes the processing of photos/images of products where necessary to process the request, in compliance with the general conditions of sale.
Data controller: Aeffe S.p.A.
The legal basis of the processing for purposes 1, 2, and 3 is pre-contractual and contractual in the terms in which data processing is foreseen for operations prior to the purchase and the purchase itself. In order to enable the invoicing of purchases, the legal basis is a legal obligation. Consequences of non-communication: the processing of data is necessary in response to the customer's request for the purposes indicated, any non-communication, or incorrect communication, of any of the mandatory information may make it impossible for the Controller to guarantee the purchase of the products and further services requested. Optional purposes: the purposes described below in points 4 and 5 are optional and not mandatory, and their implementation is based solely on your consent. In particular, two different consents are required: the first (point 4) for the sending of promotional communications by Aeffe S.p.A. as the data controller - the second (point 5) for profiling (defining your profile, analysing habits or consumption choices, so as to suggest to you, in several ways, offers deriving from your preferences). You may revoke your consent at any time, either through the automatic methods present in the e-mails, or by sending a communication to the contact details of the data controller.

4) Direct marketing: Subject to your free consent, the data controller Aeffe S.P.A. may process your data to carry out market surveys, customer satisfaction surveys, statistics, invitations to events and for promotional activities relating also to the sending of advertising and promotional material - by e-mail, regular mail and/or sms and/or telephone calls - other than those necessary to ensure the performance of the relationship. These communications will also be transmitted via the Whatsapp channel upon express indication by the customer in the data collection form. As regards the sending of promotional material to your e-mail inbox, interactions with the communications transmitted (e.g. rate of opening of e-mails, any clicks on links and/or banners and/or buttons) may also be processed.

5) Profiling: in order to improve the search for products that may satisfy you, we would like to use your data to define your profile, analyse habits or consumption choices, so as to suggest to you, in more ways than one, offers deriving from your preferences, either through e-mails, newsletters or dedicated messages. Your data will also be used to personalise online ads, for example when browsing search engines or social platforms (e.g. Google, Pinterest, etc.).
The legal basis for processing for purposes 4 and 5 is the consent of the data subject.
Consequences of lack of consent for optional purposes: lack of consent for the optional purposes of purposes 4 and 5 (Direct Marketing and Profiling) does not affect the purchase of products and the provision of the service. How to revoke consent: you can revoke your consent at any time, including with regard to the use of Whatsapp, given either through the automatic methods at the bottom of each e-mail received or by sending a request to the contact details of the data controller. If you wish to stop receiving promotional communications via Whatsapp, you can send a message saying ‘STOP WHATSAPP’.

Method of processing: The processing is carried out using manual and/or computerised and telematic tools, in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the physical and logical organisational measures provided for by the provisions in force, so as to minimise the risks of destruction or loss, unauthorised access, modification and unauthorised disclosure in compliance with the methods set out in Articles 5, 32 of the GDPR. Recipients: In order to carry out certain activities, or to provide support for the operation and organisation of the business, certain data may be brought to the attention of or communicated to recipients. These recipients are distinguished in:
Third parties: (communication to: natural or legal persons, public authorities, service or other body other than the data subject, data controller, data processor and authorised persons responsible for processing) including:
- Aeffe Group companies in the context of legitimate intra-group communications for internal administrative purposes;
- Triboo Digitale S.r.l. for the sole purposes necessary to comply with tax and accounting regulatory obligations deriving from purchases made at the e-commerce shop, including any electronic payments through the payment system available to you.
- Banking institutions for the management of collections and payments and third party companies, for the same purposes, as managers of the payment methods chosen by the data subject (including PayPal, Scalapay, Klarna, etc.);
- Companies for the management of tax and accounting regulatory fulfilments related to the purchase (e.g. TaxFree fulfilments...);
- Companies that manage traditional or computerised postal services;
- Consultants and freelancers, also in associated form in legal matters, etc. as autonomous owners;
- Subjects/Bodies whose right to access your data is recognised by legal obligation;
- Any other subjects whose communication of data is necessary to achieve the above-mentioned purposes. Data Processors: (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller)
- Companies and other subjects, consultants and freelancers to whom mandates have been conferred for the management of compulsory fiscal, administrative, accounting, legal advice, etc. fulfilments
- Suppliers of marketing services and for the improvement of online product searches;
- Suppliers of IT, web, or other services necessary to achieve the purposes required to manage the relationship.
- Within the company structure: your data will be processed only by personnel expressly authorised by the individual Data Controllers, with assurance of the adoption of a confidentiality agreement.

Transfer of data to third countries: The Data Controller uses the hosting provider Cloudflare, Inc. located in the USA Non-EU country. The Data Controller has verified the existence of adequacy decisions for the recipient country by the Commission, with particular reference to the provider's enrolment in the Data Privacy Framework (adequacy decision of 10/07/2023, pursuant to Article 45 of the GDPR, ‘EU-US Data Privacy Framework’.). Other safeguards for the transfer to the recipients, depending on the case, may be: signing of standard contractual clauses, verification of the adoption of any additional measures in transposition of EDPB Recommendation 01/2020. As an exception to these guarantees, for data processing (in ref. of Art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favour of the data subject or consent to the transfer shall be verified.

Dissemination: Your personal data will not be disseminated in any way.

Retention Period.
We would like to inform you that, in accordance with the principles of lawfulness, purpose limitation, and data minimisation, pursuant to Article 5 of the GDPR, the retention period for your personal data required to perform the services requested is established for a period of time not exceeding the achievement of the purposes for which they are collected. - In the case of registration on the portal, your data will be stored until you cancel your membership, or after a period of inactivity of 5 years. - Data relating to optional purposes (4. Direct Marketing. - 5. Profiling) will be kept until you revoke your consent, which can be requested either by means of the automatic methods present in e-mails, or by sending your request to the contact details of the Data Controller. At the end of 2 years from the acquisition of consent, a communication will be sent to the contact channels issued to allow the revocation of consent or its continuation.
- With the same methods and data protection guarantees, if you have made a purchase, the data may be stored for a period of time in compliance with the obligations prescribed by the laws in force, by way of example on the basis of tax regulations for at least 10 years.

Data Controller: the Data Controller, in accordance with the regulations is ‘AEFFE S.P.A.’, with registered office in Via delle Querce 51 - 47842 San Giovanni in Marignano (RN) VAT no.: 01928480407, Tel: 0541 965211 in the person of its legal representative pro tempore. By sending an e-mail to the following address privacy@aeffe.com you may request further information regarding the data provided.

The Data Protection Officer (‘DPO’) for Aeffe S.p.A. is Studio Paci & C. Srl (Contact person Dr. Gloriamaria Paci) who can be contacted at the following address: dpo.aeffe@studiopaciecsrl.it, telephone: 0541 - 1795431 and PEC: studiopaciecsrl@pec.it.
Triboo Digitale S.r.l., with registered office in Viale Sarca 336, Building sixteen, 20126 Milan, VAT/C.F. and registration number with the Milan Companies' Register IT02912880966; e-mail: privacy@triboo.it - PEC: triboospa@legalmail.it; - tel. +39.0264741491
EU Reg. 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, even if not yet recorded, and communication of such data in intelligible form.
2. The data subject shall have the right to be informed:
a. The origin of the personal data;
b. of the purposes and methods of processing
c. the logic applied in the event of processing carried out with the aid of electronic instruments;
d. the identification data concerning the data controller, data processors and the representative designated pursuant to Article 5(2);
e. of the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
3. The interested party has the right to obtain
a. The updating, rectification or, where interested therein, integration of the data;
b. the cancellation, transformation into anonymous form or limitation of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data was collected or subsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
d. the portability of the data.
4. The data subject shall have the right to object, in whole or in part:
a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b. to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
The data subject, where applicable, also has the right to lodge a complaint with the Garante as supervisory authority in accordance with the established procedures. For any further information, and in order to assert the rights recognised to you by the European Regulation, you may contact the data controller at the references given above.
Consent
Formula for acquiring the consent of the data subject
Having acquired the information provided by the data controller through the information notice, your registration on the website will be recorded, identifying the IP address associated with your data, the time and date of registration. Your possible consents to the processing for the purposes of direct marketing and profiling respectively points (4) and (5) will be recorded (IP address, e-mail, date and time) by ticking/clicking the relevant box, and immediately following the pressing of the ‘send’ / ‘ok’ / ‘register’ button.
These consents will be stored in order to prove that they have been given, and to allow you to revoke them at any time, in addition to all the other rights set out above.