Privacy Policy (B2C)

This notice contains important information on the protection of your personal data processed by us through our website (hereinafter referred to as the "Site"), as data controller, pursuant to Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation, hereinafter referred to as the "GDPR").

Data controller

The Data Controller of your personal data is Drapers S.r.l. with registered office in Bologna, Via di Corticella, 184/9, 40128, Italy and 00281850370 tax code (hereinafter referred to as "Data Controller" or "Drapers").

The Data Controller can be contacted at the following e-mail address: privacy@drapersitaly.it.

Categories of personal data

For the purposes set out in this notice, the Controller will process:

  1. personal data you voluntarily provide us with on the Site via: (i) the “Contact” form (personal and contact data), (ii) reserved area for registration or login (personal and contact data), (iii) orders (personal, contact and shipping data) as well as data relating to the payments made and any additional data you provide us with;
  2. data collected automatically during the Site navigation.

a) Navigation data 

The computer systems and software procedures that are used to operate the Site may, in the course of their standard operation, obtain certain personal data the transmission of which is implicit in the use of Internet communication protocols. This data is not collected in order to be associated with data subjects, but by its very nature could, through processing and association with data held, also by third parties, allow to identify users. This category of data includes the IP addresses or domain names of the devices used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.

This data is used for the sole purpose to check its correct functioning, allow the proper provision of the various functions you requested, and ascertain any liability in the event of potential cybercrimes to the detriment of the Site or third parties.

With regard to personal data collected via cookies, we invite you to read our Cookie Policy


b) Personal data you provide us with 

We collect the data through the Site, such as anagraphic data, contact data and shipping data you voluntarily provide us with in order to register for or log in to the reserved area (where registration has already taken place), order products and contact Drapers by filling out the form. 

Purpose and legal basis of processing

Your personal data will be processed by the Data Controller to allow you to browse the Site and ensure its proper functioning, manage and respond to your requests for information, enable you to register in the reserved area of the Site, establish and manage the contractual relationship (including the management of your orders), to fulfil legal obligations, send you marketing communications as well as for purposes of protecting our rights in court proceedings or out-of-court procedures.

In relation to the purposes we pursue, the legal basis for the processing are: the performance of a contract or pre-contractual measures taken at your request, the necessity to comply with a legal obligation to which the Data Controller is subject, your consent and our legitimate interest.

  1. Allowing you to browse the Site and ensuring its proper functioning. The legal basis of the processing is the performance of a contract or pre-contractual measures taken at your request. Providing personal data for this purpose is necessary to enable you to navigate the Site and to be able to monitor its proper functioning.
  2. Managing and responding to your requests for information received via the "Contact" form on the Site. The legal basis of the processing is the performance of a contract or pre-contractual measures taken at your request. You are not obliged to provide your data for the above-mentioned purpose, however, the consequence, in the event you do not provide such data, is that your requests cannot be fulfilled and/or that the Data Controller would be in the impossibility to fulfil its contractual obligations, and therefore to execute the contract.
  3. Allowing you to register on the Site by creating a personal database and then accessing the reserved area by the login. The legal basis of the processing is the performance of a contract or pre-contractual measures taken at your request. You are not obliged to provide your data for the above-mentioned purpose, but the consequence, in the event you do not provide such data, is that you will not be able to register or access the reserved area.
  4. Establishing and managing the contractual relationship, including the management of the order of products placed through the Site, of your invoicing, of your payments and of the shipment of your orders. The legal basis of the processing is the performance of a contract or pre-contractual measures taken at your request. You are not obliged to provide your data for the above-mentioned purpose, however, the consequence in the event you do not provide such data is the impossibility for the Data Controller to establish and manage the contractual relationship with you.
  5. Compliance with legal obligations to which the Data Controller is subject (e.g. obligations set forth in the Civil Code, as well as tax and accounting obligations). The legal basis of the processing is the fulfillment of legal obligation to which the Data Controller is subject. Providing data for this purpose is necessary to allow the Data Controller to fulfill its legal obligations; failure to provide your personal data entails the impossibility for the Data Controller to fulfill the legal obligations and, therefore, to establish and manage the contractual relationship.
  6. Sending marketing communications via e-mail regarding the Data controller’s commercial initiatives and products. The legal basis of the processing is your consent, which can be withdrawn at any time without prejudice to the processing activity carried out prior to withdrawal. You are not obliged to provide your data for the above-mentioned purpose, however, the consequence in the event you do not provide such data is the impossibility for the Data Controller to send you marketing communications. 
  7. Exercising or defending a right in court proceedings or out-of-court procedures. The legal basis of the processing is the legitimate interest of the Data Controller in exercising or defending its rights. The Data Controller has considered that this legitimate interest does not prejudice the rights and freedoms of the data subjects.

Data retention time

We only retain personal data for as long as it is necessary for the purpose for which it was collected or for any other related legitimate purpose. Therefore, if personal data are processed for two different purposes, we will keep those data until the purpose with the longer retention period ends. In any case, we will no longer process personal data for that purpose whose retention period has expired. Personal data that is no longer needed, or for which there is no legal basis for its retention, will be irreversibly anonymised (and thus may be retained) or deleted.

Browsing data are deleted after 72 hours without prejudice to any need for criminal investigations by judicial authorities.

Personal data processed to handle and answer your inquiry are kept for the time necessary to handle your request and subsequently deleted.

Personal data processed to register on the Site and to access the reserved area via login are retained until the expiry of a period of 24 months from the last order placed and, in any case, no later than the deletion of your account.

Personal data processed to establish and manage the contractual relationship, including the management of the order of products placed through the Site, invoices, payments and shipment of the products requested, are retained for the entire duration of the relationship. In any case, for purposes related to the fulfilment of obligations under laws and regulations, personal data will be retained for no longer than 10 years from the termination of the relationship.

Personal data processed for the purpose of sending marketing communications regarding the Data controller’s commercial initiatives and products are stored for 24 months from the date on which you provided your last consent or until the exercise of the right of withdrawal or to object, whichever is earlier.

In the event that it is necessary to process data for the purpose of legal action or defence, the data is retained for as long as any claims and/or actions may be pursued by the law.

Categories of data recipients

Your personal data will be processed by persons authorised and instructed to process the data under the direct authority of Drapers (e.g., employees and collaborators as persons authorised to process personal data under the direct authority of the Data Controller). 

In some cases, your personal data may be communicated to other parties acting on our behalf as data processors to whom we have given special instructions regarding the processing of your data, including companies that provide us with IT support services, cloud services, etc.

Furthermore, your personal data may also be processed by authorities and institutions to which the access to the data is regulated by provisions of law or regulations or other companies such as shipping companies, in their capacity as autonomous data controllers.

The list of recipients to whom your personal data are communicated can be requested from the Data Controller by writing to privacy@drapersitaly.it.

In particular, your data may be communicated or otherwise provided to, exclusively for the purposes specified above, to the following recipients that will process your personal data as data processors or as autonomous data controllers: 

  1. collaborators, consultants of the Data Controller;
  2. companies providing services in relation to marketing communications; 
  3. companies that provide us with IT support services for our systems;
  4. companies that provide payments services;
  5. companies that provide us with cloud or hosting services;
  6. shipping companies;
  7. banking and credit institutes;
  8. authorities and institutions to which the right of access to data is regulated by laws or regulations (e.g., public security authorities and police forces) and other data controllers, public or private, where there is a legal basis, such as a legal obligation.

Transfer of personal data abroad

The Data Controller stores personal data on servers located within the European Union. If necessary, it only transfers them outside the European Union if the necessary safeguards are in place.

The Data Controller stores the data in the European Union, where it has its own servers. If the Data Controller needs to transfer certain data outside the European Union in order to manage an order or for product distribution needs, or for the location of a supplier, the Data Controller undertakes to ensure adequate levels of protection and safeguards, such as contractual safeguards, in accordance with the applicable laws, including the execution of standard contractual clauses pursuant to Art. 46(2)(c) of the GDPR, possibly supplemented by additional technical, legal and organisational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.

For any further information on the transfer of your personal data, please send an e-mail to the following address: privacy@drapersitaly.it.

Rights of the data subject

In relation to the processing of your personal data, you will always be able to exercise your rights under the GDPR (Articles 15-22), namely:

  1. obtain confirmation of the processing of personal data (and information on it) and access to their content (right of access);
  2. update, amend and/or correct personal data (right to rectification);
  3. request the erasure or restriction of personal data processed in breach of the law, including data the retention of which is not necessary for the purposes for which the data were collected or otherwise processed (right to be forgotten and right to restriction of processing);
  4. object to the processing at any time where the processing is based on our legitimate interest or in case of marketing (right to object);
  5. withdraw the consent given, where the processing is carried out on the basis of that consent, without prejudice to the lawfulness of the processing based on the consent given before its withdrawal (right to withdraw consent).
  6. in the cases provided, to receive a copy of the personal data concerning you, rendered in the context of the contract, in electronic format and to request that such data be transmitted to another data controller (right to data portability).

To exercise your rights, you can write to us at the following e-mail address: privacy@drapersitaly.it.

Further rights

If you consider that the processing of your personal data via the website infringes the data protection legislation, you always have the right to lodge a complaint with a Supervisory Authority (in Italy, the Garante).

Last update to the Privacy Policy: July 2024

The icons reproduced in this notice were created by the Maastricht European Centre on Privacy and Cybersecurity and distributed by the Garante (www.garanteprivacy.it) in the form in which the Garante received them from the authors. The icons are used here on the basis of the CC BY 4.0 licence (the conditions of which are recalled), in the form in which they are published on the Garante’s website.

There is an error

No results found