The following disclosure is provided pursuant to the EU Regulation 679/16 General Data Protection Regulation (hereinafter called “GDPR”) by Drapers s.r.l. – Sole Shareholder Vitale Barberis Canonico S.p.A., with headquarters in Bologna, via Bonvicini no. 9, Tel 0039 0516310278 Fax 0039 05163133117 (hereinafter called “Drapers”) in the role of Data Owner of data collected on the website www.drapersitaly.it (hereinafter called the “Website”).
Drapers fundamentally respects data protection regulations and therefore requests that you read this disclosure carefully to enable you to make free choices in full awareness of all the relative information when you fill out the required fields to register on the Website in order to purchase the products on offer.
All your personal data (hereinafter called “Personal Data” and/or “Data”) which is collected will be processed according to the principles recognised under regulations pertaining to personal data protection as are in force from time to time, such as principles of transparency, correctness, lawfulness, data minimisation, limitation of the purpose for which they are stored, accuracy, integrity and confidentiality.
Drapers informs you that the Website could contain links to other third party applications or websites and that Drapers does not accept responsibility for the processing of personal data by such third parties or for their contents, in relation to which Drapers shall not be held liable.
Data Owner and Data Controller
The Data Owner is Drapers S.r.l. with headquarters in Via Bonvicini, 9, 40128 Bologna, email firstname.lastname@example.org
The Data Controller is Federico Slanzi, VAT no. 08797820969, of Milano (MI), via D’Apulia, 4 (hereinafter the “Data Controller”), email email@example.com.
Legal Basis for data processing
Type of data processed and purpose of processing
During their normal functioning, the computer systems and software procedures used on the Website collect some Personal Data whose transmission is implicit when Internet communication protocols are used. This information is not collected in order to be associated with identifiable persons, but by its very nature, could, by means of processing and association with data held by third parties, lead to the identification of the user.
This category of data includes IP addresses and the domain names of the users’ PCs which are connected to the Website, URI (Uniform Resource Identifier) addresses for the resources requested, the time of the request, the method used to send the request to the server, the dimension of the file received in response, the numeric code indicating the response given by the server (successful, error, etc.) and other parameters relating to the operative system and the IT environment of the user.
Such Data are used to enable navigation of the Website, for technical administration of the Website itself, as well as to collect statistics about the use of the Website and to check that it is functioning correctly.
Data provided on a voluntary basis
Upon your prior agreement, in some sections (e.g., “Contacts”) of the Website you will be asked to provide some common Personal Data (such as contact names, numbers, etc.) Drapers will process such Data as you have provided in the following ways:
a. To permit use of the Website by registered users;
b. To fulfil its own obligations deriving from the completion of the purchase of the products offered on the Website using the e-commerce service;
c. To fulfil its own administration and accounting obligations relating to the services offered by the Website;
d. To reply to any requests for contact or information;
e. To analyse consumer preferences and habits of the users.
Data relating to payment tools
In order to pay for a product offered on the Website, the registered user will be redirected to the payment service supplier, Nexi S.p.A., which will collect the data relating to payment for the products offered on the Website as an autonomous data owner without such data being transferred from the Website server or memorised by the server in any way.
Information on the cookies used by this Website can be found at www.drapersitaly.it/bd-en/cookie-policy/.
Other than specified for navigation data, the release of data for purposes ranging from (a) to (e) of the preceding paragraph is optional. Failure to provide such data may make it impossible to pursue these additional specific purposes.
Your data will be processed as automated instruments.
Your data will be processed by the Data Owner, the Data Controller and other respective employees and collaborators specifically responsible for processing, who will always act in compliance with current legislation. Explicit security measures are observed to prevent the loss of data, illicit or incorrect use of data and non-authorised access.
Your Personal Data, as the subject of processing, will be communicated to others who have ongoing contractual relationships with Drapers S.r.l. and who will process your Data as Drapers officers according to the instructions received from the latter in compliance with current legislation.
Such persons may be: commercial collaborators, partner companies in the development of products and services, companies responsible for the management and dispatching of orders, platform suppliers for sending emails, or also persons mandated to carry out technical maintenance activities including maintenance of network equipment and of electronic communications networks, software developers for payment software, suppliers for the technological platform and payment gateway for orders for products in the e–payments sector, payment service providers for e-payment activities.
Your Personal Data may then be shared with third parties with whom Drapers has ongoing contractual relationships relating to functional services for the performance of the activity (e.g., carriers for the delivery of products, accounting companies, persons, companies or professional offices who provide assistance and consultancy services for administrative, legal, tax, financial and debt collection purposes relating to the provision of the services). In this respect, we inform you that, in order to send automatic transactional emails from the Website, users’ email addresses will be shared with the transactional email service supplier, SendGrid Inc., which will process such Data as an autonomous data owner pursuant to its own data protection policy, available at: https://sendgrid.com/policies/privacy/services-privacy-policy/.
Finally, your Personal Data will be communicated upon request to the relevant finance offices, namely other public administration offices in compliance with current legal requirements.
In consideration of Drapers’ international activities, some Data may be shared with other parties who may not be located in EU or EEC countries. Drapers assures you that the processing of your Personal Data will be carried out in compliance with the applicable legal requirements. For this reason, data transfer will be carried out using adequate guarantees such as adequacy decisions, standard EU-approved contractual clauses or other guarantees which are deemed to be adequate.
Your Data will not be shared in any way.
Your processed Personal Data will be stored by Drapers for the time strictly necessary for the execution of the service requested and for the implementation of the contractual relationship. However, as such Personal Data are processed to enable the implementation of the contractual relationship, Drapers may store your Data for a longer period, in particular for the time necessary to protect Drapers’ interests from any possible liability relating to the execution of the contract.
In any event, Drapers informs you that it will keep your registration credentials active on the Website for up to  months from the date of the last login of a registered user, after which the Data will be anonymised.
Your Personal Data which have been processed in order to comply with legal requirements will be stored by Drapers for the period foreseen by the law or regulatory requirements, while your Personal Data which have been processed for marketing and profiling purposes will be stored for a maximum of 24 or 12 moths respectively starting from the date of the collection of such Data.
As the person concerned, you may at any time request deletion, a copy, the update, the correction or integration or the blocking of Personal Data processed in violation of the law pursuant to the EU Regulation 2016/679 (“GDPR”).
In particular, you always have the right:
Should you wish to exercise your rights, please send a communication to the Data Owner to the address given above, or by email to firstname.lastname@example.org.
In the event that you consider the processing of your Personal Data on this Website has been carried out in violation of the provisions of the GDPR, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data as provided by Article 77 of the GDPR, or to have recourse to the appropriate courts pursuant to Article 79 of the GDPR.
Updated 10th December 2019.