This notice contains important information on the protection of your personal data processed by us through our website (hereinafter referred to as the "Site"), as data controller, pursuant to Article 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation, hereinafter referred to as the "GDPR").
The Data Controller of your personal data is Drapers S.r.l. with registered office in Bologna, Via di Corticella, 184/9, 40128, Italy and 00281850370 tax code (hereinafter referred to as "Data Controller" or "Drapers").
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org.
For the purposes set out in this notice, the Controller will process:
a) Navigation data
The computer systems and software procedures that are used to operate the Site may, in the course of their standard operation, obtain certain personal data the transmission of which is implicit in the use of Internet communication protocols. This data is not collected in order to be associated with data subjects, but by its very nature could, through processing and association with data held, also by third parties, allow to identify users. This category of data includes the IP addresses or domain names of the devices used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.
This data is used for the sole purpose to check its correct functioning, allow the proper provision of the various functions you requested, and ascertain any liability in the event of potential cybercrimes to the detriment of the Site or third parties.
b) Personal data you provide us with
We collect the data through the Site, such as anagraphic data, contact data and shipping data you voluntarily provide us with in order to register for or log in to the reserved area (where registration has already taken place), order products and contact Drapers by filling out the form.
Your personal data will be processed by the Data Controller to allow you to browse the Site and ensure its proper functioning, manage and respond to your requests for information, enable you to register in the reserved area of the Site, complete and manage your orders, to fulfil legal obligations as well as for purposes of protecting our rights in court proceedings or out-of-court procedures.
In relation to the purposes we pursue, the legal basis for the processing are: the performance of a contract or pre-contractual measures taken at your request, the necessity to comply with a legal obligation to which the Data Controller is subject and our legitimate interest.
Furthermore, if you purchase a product, we may also process your data to send you communications via e-mail regarding products similar to the ones you have already purchased, unless you refuse such purpose.
We only retain personal data for as long as it is necessary for the purpose for which it was collected or for any other related legitimate purpose. Therefore, if personal data are processed for two different purposes, we will keep those data until the purpose with the longer retention period ends. In any case, we will no longer process personal data for that purpose whose retention period has expired. Personal data that is no longer needed, or for which there is no legal basis for its retention, will be irreversibly anonymised (and thus may be retained) or deleted.
Browsing data are deleted after 72 hours without prejudice to any need for criminal investigations by judicial authorities.
The personal data processed to handle and answer your inquiry are kept for the time necessary to handle your request and subsequently deleted.
The personal data processed to register on the Site and to access the reserved area via login are retained until the expiry of a period of 24 months from the last order placed and, in any case, no later than the deletion of your account.
Personal data processed to manage product orders placed through the Site are retained until the expiration of the ten-year statutory limitation period provided by the Civil Code.
Personal data processed for the purpose of sending communications regarding products similar to the ones you have already purchased are stored for the entire duration of your account or until the exercise of your right to object to the processing, whichever is previous.
In the event that it is necessary to process data for the purpose of legal action or defence, the data is retained for as long as any claims and/or actions may be pursued by the law.
Your personal data will be processed by persons authorised and instructed to process the data under the direct authority of Drapers (e.g., employees and collaborators as persons authorised to process personal data under the direct authority of the Data Controller).
In some cases, your personal data may be communicated to other parties acting on our behalf as data processors to whom we have given special instructions regarding the processing of your data, including companies that provide us with IT support services, cloud services, etc.
Furthermore, your personal data may also be processed by authorities and institutions to which the access to the data is regulated by provisions of law or regulations or other companies such as shipping companies, in their capacity as autonomous data controllers.
The list of recipients to whom your personal data are communicated can be requested from the Data Controller by writing to email@example.com.
In particular, your data may be communicated or otherwise provided to, exclusively for the purposes specified above, to the following recipients that will process your personal data as data processors or as autonomous data controllers:
The Data Controller stores personal data on servers located within the European Union. If necessary, it only transfers them outside the European Union if the necessary safeguards are in place.
The Data Controller stores the data in the European Union, where it has its own servers. If the Data Controller needs to transfer certain data outside the European Union in order to manage an order or for product distribution needs, or for the location of a supplier, the Data Controller undertakes to ensure adequate levels of protection and safeguards, such as contractual safeguards, in accordance with the applicable laws, including the execution of standard contractual clauses pursuant to Art. 46(2)(c) of the GDPR, possibly supplemented by additional technical, legal and organisational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.
For any further information on the transfer of your personal data, please send an e-mail to the following address: firstname.lastname@example.org.
In relation to the processing of your personal data, you will always be able to exercise your rights under the GDPR (Articles 15-22), namely:
To exercise your rights, you can write to us at the following e-mail address: email@example.com.
If you consider that the processing of your personal data via the website infringes the data protection legislation, you always have the right to lodge a complaint with a Supervisory Authority (in Italy, the Garante).
The icons reproduced in this notice were created by the Maastricht European Centre on Privacy and Cybersecurity and distributed by the Garante (www.garanteprivacy.it) in the form in which the Garante received them from the authors. The icons are used here on the basis of the CC BY 4.0 licence (the conditions of which are recalled), in the form in which they are published on the Garante’s website.