This policy shows the methods and purposes of the processing carried out by Safilo S.p.A. with registered office in Settima Strada 15, 35129 Padua, Italy, (hereafter, "Safilo"), as Data Controller, of the personal data of the subjects involved in respect of the browsing of the website http://www.davidbeckhameyewear.com. (“Site”) on the occasion of your access to the Site, as well as the necessary information about your rights and how to exercise them.
The processing of visitor's data by Safilo will be based on the principles of transparency, correctness, lawfulness, relevance and necessity.
The appointed Data Protection Officer ("DPO") can be contacted at the e-mail email@example.com.
What kind of information do we collect, for what purposes and with which legal basis?
1) Navigation data
Computer systems responsible for site operation acquire, during normal operation, some personal data that are implicit in the use of Internet communication protocols. This information is not collected to be associated with identified persons, but only for the legitimate interest of the site owner in the safe system operation and to ensure visitors the navigation on the site. By their very nature such data could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. The data could be used by police forces and judicial authorities upon request for the performance of their duties.
The data will be used exclusively for the safe operation of the systems and to ensure the visitor the navigation on the site, thus constituting the contractual and pre-contractual implementation of this processing.
2) Data delivered voluntarily by visitors
These data are provided spontaneously by visitors to take advantage of the interactive activities offered by the Site. In particular, Safilo may request personal information in some sections of the site, such as name, surname, date of birth, email address, etc. This may happen, for example, if you require to receive newsletters. We may also collect personal information from our users on third parties, for example where the Site allows the user to send an email to direct someone to our site or send them an active promotion. In this case, we will know the name and e-mail address of the recipient and the user who has provided them declares to have obtained the necessary consent from the recipient. This information will only be used for the intended purpose (sending e-mail) and Safilo will not contact third parties any further unless they contact us.
Except where not otherwise indicated, the personal data supplied will be used exclusively to manage and respond to the requests of the user/visitor, thus constituting the contractual and pre-contractual implementation of this processing.
In each of the above-mentioned sections of the Site where personal data are collected for each different purposes, there are specific Privacy policies explaining the details of the processings, as well as any requests for consent to the processing of personal data for marketing and even profiled purposes (for more details click here), for which the specific consents are the legal basis of the processings
The user/visitor is in any case asked to refrain from entering special categories of personal data, i.e. those that reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data related to the health or sex life or sexual orientation of the person, since they cannot be treated further without consent and must be eliminated.
Kind of the data provision and consequences of refusal
Processing methods and subjects who may have access to data
Your personal data are processed with electronic instruments for the time necessary to achieve the purposes for which they were collected. They are processed in compliance with the applicable legislation, adopting the appropriate and most suitable security measures aimed at preventing unauthorized access, disclosure, modification or unauthorized destruction.
Your data will be processed by Safilo employees or collaborators, specifically trained on the treatment and any digital service providers appointed as data controllers.
Data may be communicated, subject to release of your optional and specific consent, to Safilo who will use them for its profiled marketing purposes but will not be disclosed to other third parties except for legal obligations or judicial authorities and will not be disseminated in any way.
Processing of personal data outside the European Economic Area (EEA)
All of your data will be processed by Safilo in via Settima Strada 125, 35129 Padova, with appropriate safeguards, as required by the European Data Protection Regulation no. 679/2016 (hereinafter also referred to as "GDPR").
The aforementioned processing for newsletters is carried out directly on MailChimp's service in the USA, ie a country subject to the European Commission's adequacy decision, only for the companies registered in the Privacy Shield Program (which is not the case with Safilo).
However, the nature of the data processed (in total or maximum part provided by the interested party, real, updated and limited only to those necessary and relevant) and the accurate methods of treatment (based on state-of-the-art technologies and security measures more than adequate) - together with the fact that there are no particularly sensitive data such as those relating to credit cards nor sensitive data or of minors, and that the processing takes place, on an informed basis, subject to the consent of the person concerned also pursuant to art. 49.1, lett. a) of the GDPR regarding the treatment for marketing purposes and pursuant to art. 49.1, lett. b) with regard to processing for contractual and pre-contractual execution, - provide guarantees and advantages that ensure proportionate processing of data and a prudent and correct management of the limited risks inherent in data processing in the USA.
You can always obtain the details of this processing of your personal data in the USA by sending a written request to the e-mail address firstname.lastname@example.org.
Data retention time
We keep personal data voluntarily provided by visitors only for the time strictly necessary for the execution of the requested service, in case of consent to marketing activities up to 36 months.______.
It will be possible at any time to exercise access to your personal data, correct, integrate or delete them or request the limitation of processing that concerns the ones pending correction or the end necessary to protect the rights, object to the processing, revoke the consents given, and also obtain (in case of consent to the processing) the release, in electronic form, to you or to another person indicated, of the personal data provided, sending a written request to the e-mail address email@example.com
You will also always have the right to lodge a complaint regarding the processing of your personal data to the competent Supervisory Authority (the Guarantor for the Protection of Personal Data in Italy).
Link to third parties
Information notice amendments
We may from time to time make changes to this disclosure imposed by changes in legislation and to stay abreast of new developments and possibilities on Internet. We reserve the right to make such changes at our discretion; the user is periodically asked to check this page, as it is subject to such changes when you visit our website.