We wish to inform you comprehensively and transparently about the processing that our company could carry on your personal data provided and/or collected during various contacts that you could have with us, by visiting our website www.theblackpinafore.com , during the visit in our stores, by downloading and using our Apps, participating in prize contests, Wi-Fi systems in stores, social networks (hereinafter collectively, “Personal Data”).
Your privacy is extremely important for us and we kindly invite you to read the following information notice. By submitting your Personal Data you may enjoy the advantages and benefits reserved exclusively to our registered clients (subject to availability in your Country), and we offer to those who love our products, that visit our online store or our stores in the world or that use our App or other online services.
1. WHO COLLECT THE PERSONAL DATA
Subjects who collect and process the Personal Data, as Data Controller (hereinafter “Data Controllers” or “Controllers”) are:
- TheBlackPinafore of Baudoni Debora , with registered offices in Italy, Sarzana (SP), email firstname.lastname@example.org, for marketing and profiling purposes;
Data Controllers appointed also the following data processors that could process the Personal Data on their behalf (hereinafter collectively “Data Processors”). A complete list of Data Processors appointed may be prompted by writing an email to email@example.com.
2. WHY WE COLLECT THE PERSONAL DATA
Personal Data will be processed for the following purposes:
a. administrative and accounting purposes: execution of sales contract, accounting and fulfillment of legal obligations, after-sales services. The Data collected for this purpose will be kept for the entire duration of the contractual relationship and for 10 years after the termination of the same.
b. subject to your consent, for marketing purposes: dispatch of advertising material or direct sales material, market research, commercial communication even customized with automated systems (e-mail, other communication systems via communication networks such as, by way of example but not limited to: SMS, MMS, Whatsapp, WeChat, etc.) and traditional (paper mail) contact methods, and offering of personalized sales services at Data Controllers stores worldwide.
The Data collected for this purpose will be retained until the withdrawal of your consent.
c. subject to your consent, for profiling purposes, that is analysis of your consumer choices consistent in automated processing of the Personal Data included data relating to purchases details in stores and websites of Data Controllers worldwide. This processing is finalized to predict your purchase preferences and to create clients profiles. The Data collected for this purpose will be retained until the withdrawal of your consent.
For the purposes of letter a., Data Controllers could collect and process the following Personal Data:
• personal information: first name, middle name, surname, name and surname in the local alphabet, occupation, nationality;
• during your visit in stores we will ask you, address of residence, city of residence, province of residence/state of residence, Country of residence, zip code, email address, phone number, mobile number, during a visit on online store we could collect shipping and invoicing address, method of delivery and payment, name of the holder of the credit card and expiration, requests made to customer service, building/apartment, preferred language, preferred contact method, additional addresses, secondary email, secondary phones, contact method(s) that the customer does not want to be used.
In addition to the Personal Data listed above, for the purposes of letters b. and c., Data Controllers could collect and process also the following Personal Data related to your profile and preferences:
• data collected during your visit in stores included use of Wi-Fi system: birthday, alleged age group, date of birth, in certain Country Wechat ID, gender, method and date of registration, preferences on store and sales assistant, language, categories of preferred products, mode of use of services, preferences about the services marked in stores, redemption campaign, attendance events, products brought into the dressing room but not purchased, preferred language, other brands purchased by customer, individual customer style, type of interaction with the customer, collection preferences, customized clientelling, notes, detail of individual contact initiatives of stores/dealers,
• data concerning purchases made online and in stores: detail of the products purchased, size, price, discount, units, color, fit, model, collection, level of expenditure calculated, abandoned shopping cart, tax / VAT code or VAT exemption, passport number, Global Blue membership number, transaction address, notes related to the discount on a personal basis, purchase channel, purchase frequency, purchase preference (discount / full price), preferred season labels (first / second half);
• data regarding participation in prize contests;
• data collected during navigation or during online store purchases or the use of Apps: data related to browsing behavior and/or use held on Data Controllers websites by using, for example, cookies or information about pages that have been visited or searched or related to wishlist.
3. WHAT HAPPENED IF YOU DO NOT PROVIDE THE PERSONAL DATA
Some Personal Data that we will point out during the registration procedure or purchase are required in order to execute the purchase and to pursue the administrative and accounting purposes (letter a. of the Paragraph 2).
Providing and processing of Personal Data for profiling and marketing purposes (letters b. and c. of paragraph 2) is optional and therefore their inclusion in our Customer Relationship Management (CRM) systems that allow the processing of the Personal Data for marketing and profiling purposes will take place only with your consent.
You may at any time revoke your consent to the profiling and/or marketing purposes (letters b. and c. of Paragraph 2) contacting individually Data Controllers to the addresses above mentioned. Failing to provide the Personal Data and/or withhold your consent preclude the pursuit of profiling and marketing purposes but will not have any effect on your ability to finalize your purchases.
4. HOW WE WILL PROCESS THE PERSONAL DATA
The Personal Data provided and/or collected by Data Controllers will be processed and stored by automated tools and, in some cases, they will be processed and stored on paper. In particular, Personal Data processed for profiling and marketing purposes will be stored in the CRM systems that allow the processing of Personal Data for marketing and profiling purposes of Data Controllers and/or Data Processors whose server is located in United States of America.
You acknowledge that the Personal Data is being transferred abroad, also outside European Union, and may become accessible to governments under a lawful order made in that country.
The Personal Data collected for administrative and accounting purposes (paragraph 2, letter a.) shall be stored for the time necessary to perform the contract, or the provision of legal warranties in accordance with the terms of the retention required by the applicable law.
The Personal Data collected for marketing and profiling purposes (paragraph 2, letters b. and/or c.) will be stored until the client asks to revoke the registration or the consent to the processing of the Personal Data. The Personal Data related to the details of purchases processed for profiling and/or marketing purposes, which will be retained for the time allowed by Italian Data Protection Authority (“Authority”) in his measure dated 24 February 2005 or, in case of acceptance, by the number of years required by the accepted measure of the request for preliminary verification presented by Data Controllers if adopted by the Authority. On expiry of the retention terms indicated above, the Personal Data will be automatically erased or made permanently and irreversibly anonymous.
5. WHO WILL PROCESS THE PERSONAL DATA
The Personal Data will be processed by:
• employees and associates of the Data Controllers designated as persons in charge of the processing;
• employees and associates of the Data Processors designated by Data Controllers including (i) subjects that manage the traditional or online stores and that may view, edit and update the Personal Data entered into the CRM systems by which the Data Controllers process for marketing and profiling purposes (ii) subjects that manage storing of the Personal Data on behalf of the Data Controllers in accordance to local agreements and laws;
• third party members in or outside the EU, Data Processors, used by the Data Controllers in particular for acquisition services and data entry of Personal Data, shipping, distribution of promotional material, after sales support, market research, management and maintenance of the CRM systems by which the Data Controllers process for marketing and profiling purposes and others Data Controllers IT systems.
A full list of data processors appointed by the Data Controllers can be communicated by writing to firstname.lastname@example.org.
The Personal Data may also be disclosed to third parties, independent data controllers, in particular professionals or legal or tax advice and assistance firms and companies managing payments made by debit or credit card. The Personal Data will not be disseminated in any way.
The Personal Data will be transferred outside of the country or of the European Union, in countries not providing for an adequate level of data protection, only in accordance with the safeguards set forth by applicable privacy laws and, in particular, with standard contractual clauses for the transfer of Personal Data to third countries provided by Commission of EU. 6. YOUR RIGHTS According to Chapter III of Regulation (EU) 2016/679 and other applicable laws, you can at any time request information on personal data collected, used, disclosed or processed by the Data Controllers (right of access), as well as request for integration, rectification or erasure and object to their processing.
Furthermore, starting from 25th of May 2018 (when Regulation (EU) 2016/679 shall apply), you will be able to exercise also the following rights: restriction of processing, data portability and lodge a complaint with a supervisory authority. In particular, you have the right to object and withdraw your consent, in whole or in part, to the collection, use, disclosure or processing of your personal data for purposes of dispatch of advertising material, direct selling or for the fulfillment of market surveys or commercial communication both automated (e-mail, other systems of distance communication as, by way of example: SMS, MMS, Whatsapp, WeChat, etc.) and traditional (paper mail). If you prefer that the processing of your personal data is carried out solely by means of traditional contact methods, you may object to the processing of your personal data by means of automated contact methods. In order to exercise your rights above and/or submit an inquiries or complaints with regard to the processing of your personal data, you may send a request to the Data Controllers by writing to email@example.com.