PRIVACY POLICY
Updated to European Regulations for the protection of personal data No. 679/2016, GDPR and to Law Decree No. 101/2018
In observance of the obligations deriving from the European legislation (European Regulations for the protection of personal data No. 679/2016, GDPR) and the "Privacy Decree" - Law Decree No. 101/2018, the website herein, www.fashionpo.com, complies with and protects the privacy of visitors and users, enacting proportionate measures to protect the rights of users.
This document also considers the Recommendation no. 2/2001 that the European Authorities adopted for the protection of personal data, to identify the minimum requisites for collecting personal data online.
This document is applied solely to online activities on this website and is valid for users/visitors to the website. Information is only made available for this website www.fashionpo.com and not for other sites that may be consulted by the users via links.
The aim of the privacy information sheet is to provide maximum transparency regarding the information that the site collects and how it uses it.
LEGAL BASIS OF PROCESSING
Data processed further to consent
By using or consulting this website, visitors and users expressly approve this information on cookies and consent to processing of their personal data regarding the ways and purposes described below, including any dissemination to third parties if necessary for the provision of a service.
Providing data and therefore consent to collection and processing of data is discretionary.
The User can deny consent and revoke consent already given at any time by clicking on the appropriate link at the bottom of the page. However, denying consent may bring about the impossibility of providing some services and the browsing experience on the site may be affected.
CONSENT OF MINORS
In compliance with art. 8, paragraph 1 of the EU Regulations and pursuant to art.2-quinquies of the Privacy Decree No. 101/2018, minors over 14 years of age may express their consent to the processing of their data also for marketing purposes. The consent of minors under the age of 14 is permitted on condition that it is provided by those exercising parental authority.
In compliance with art. 2-quinquies of the Privacy Decree, FASHIONPO, when preparing the registration and acquisition of consent forms, uses a particularly clear and simple language, concise and exhaustive, easily accessible and comprehensible in order to make the consent given by the minor valid related to the direct offer also to possible Users (over the age of 14).
TYPES OF DATA PROCESSED
Browsing our website for consultation does not require any provision of personal data; however, technology is used that will store some data regarding the tools used, that can in some way be traced back to the user.
Personal data that we receive from our customers help us to personalise and continuously improve your purchases on the website. In particular, we use your data to manage orders, supply products and services, process payments, communicate with you about orders, products, service and promotions, update our records and generally manage your account, showing content such as wish lists and customer reviews and recommending products and services that may be of interest to you. We also use this data to improve our online shop and our service, to prevent or uncover fraud or abuse that damages our website and to allow third parties to carry out technical, logistical and other types of activities on our behalf.
Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, and only for the duration of the said connection, some personal data whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified individuals, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. The following belong to this category of data:
- internet protocol (IP) address associated with the device used to connect;
- type of browser and device’s parameters used to connect to the website;
- name of internet service provider (ISP);
- date and time of visit;
- web page of referral and exist;
- number of clicks made within the site and any preference expressed
- other parameters regarding the operating system and the user’s computer environment.
These data can be used to obtain anonymous statistical information about site use and to check correct operational, in addition:
- to fulfil obligations dictated by national and EU legislation;
- to ascertain responsibility in the event of hypothetical cyber crimes that damage the site and for verification in the event of any disputes.
Only data collected (both via the website and the App) for supervisory purposes will remain on the server for a period of 12 months.
Data provided voluntarily by the user:
The optional, express and discretionary sending of emails to the addresses provided on this website will entail the subsequent acquisition of the sender’s email address, which is necessary for responding to requests and for any other personal data entered in the letter.
Specific summary information, in which consent to process data is specifically requested, if necessary, will be progressively reported or viewed on the website pages made available for certain services provided on request (newsletter, registration as a site user).
Data deriving from the installation of the app
Personal data deriving from installation and use of the “FASHIONPO” App (hereinafter “App") is processed to allow use of the services that are distributed by this application.
Some of the data collected by the App (e.g. geolocation data) can also be used for profiling, for the purpose of offering products and services based on the consent granted.
After downloading and installation of the App, the model used, the type and version of the operating system used are automatically detected from the mobile device. This information helps us to provide the services requested and to manage the App, to analyse its use, to protect the App and its content from unsuitable or inappropriate use and to improve the user’s experience.
Personal data are used to provide the App, to maintain and improve it and to communicate with the users.
Downloading the App is also used as numerical data for the sole purpose of taking anonymous statistical information about the number of users who download the App.
With regard to the data saved by the App in the device’s keystore, based on the operating system using, the following is noted:
- Android: data are saved in the shared preferences until the customer carries out "Delete data” from Applications management or until the App is uninstalled;
- iOS: data are saved in the keystore.
- Windows Phone: data are saved in the keystore until the customer uninstalls the App.
The website owner is not involved in this processing; for further information about saving and deleting data on the device, please refer to the producers of the operating systems used.
PROCESSING PURPOSES
a) to provide the services requested and to manage customer relations. Providing the personal data required for these purposes is not mandatory, but refusing to do so will mean it is impossible to carry out what has been requested;
b) to fulfil obligations dictated by national and EU legislation;
c) for security purposes (antispam filters, firewalls , detecting viruses), the data automatically registered may also included personal data such as the IP address, that may be used, in compliance with the current laws in force, to block attempts to damage the website or to cause damage to other users, or for damaging or criminal actions.
The above information are processed according to the owner’s legitimate interests.
Secondary purposes of processing personal data
Personal data collected for the purposes above may also be processed for activities functional to the promotion and sale of products via the website, the APP, to carry out market surveys and customer satisfaction surveys: Providing data for these purposes is discretionary and consent is required to process these data.
By providing consent to processing for Marketing purposes, the data subject specifically acknowledges these promotional, commercial and marketing purposes in a broad sense of processing (including consequent management and administration activities) and expressly authorises them, once consent has been given according to the foreseen procedures, pursuant to the EU regulation.
It is specifically and separately stated, as required by article 21 of the EU Regulation, that should personal data be processed for direct marketing purposes, the data subject has the right to oppose personal data processing concerning his/her own data at any time and should the data subject oppose processing for direct marketing purposes, the personal data cannot be the subject of processing for said purposes.
THIRD-PARTY SERVICE PROVIDERS
FASHIONPO also uses other companies and individuals to carry out some activities on our behalf.
In addition to the controller, in some cases, some appointed categories may have access to the data, who are involved in organising the website (administrative, sales, marketing and legal staff, system administrators) in addition to some external subjects (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies).
These suppliers only have access to the personal data that are necessary to carry out their own duties. We ensure you that they cannot use these data for other purposes and must process personal data in compliance with this information about privacy, and pursuant to application legislation on data protection.
Computer systems and software procedures in charge of the operation of apps (Apple Store, Google Play or Windows Phone Store) acquire some data during their work that are referable to the user, which must be sent as part of using the communication protocols for the internet, smartphones and devices used.
The Data Controller is not involved in this type of processing and cannot, therefore, be considered responsible for it.
The Data Subject may, however, consult the information on privacy made available on the following websites:
Apple Store:
https://www.apple.com/legal/internet-services/itunes/it/terms.html
Google Play:
https://play.google.com/intl/it_it/about/play-terms.html
Windows Phone Store:
https://www.microsoft.com/en-us/privacy/privacystatement
SECURITY MEASURES AND PROCESSING METHODS
Personal data is processed using automatic tools for the time strictly necessary to achieve the purposes for which they are processed. Specific security measures are observed to prevent any loss of data, illicit or incorrect use and unauthorised access.
COMMUNICATION AND DISSEMINATION
The personal data collected will not be disclosed, sold, traded or communicated with any third party other than the Data Controller, without the express consent of the data subject. Communication to third parties, other than the Controller, by internal and external processors, and by processing clerks identified and appointed ex article 13 para. 1, letter e) of the EU Regulations is foreseen for the exclusive pursuit of the purposes set out in the paragraphs entitled “Data processed further to consent and processing purposes” of this information sheet and in all cases within the limits thereof, also possibly to: subjects and third-party companies supplying technical and computer assistance (e.g. companies that make the APPs and the company management system, etc.), affiliated companies or other third parties that provide information processing services to FASHIONPO or activities complementary to those offered by FASHIONPO, to allow the execution of the contract, shippers, all engaged in proper and regular pursuit of the purposes described.
In any case, processing by third parties will be made fairly and in compliance with current laws.
Subsequent to express agreement, communication will be made to third-party companies (belonging to the same group as the Data Controller, or third-party companies for the supply of products related to the activity of the owner: e.g., company selling clothing and accessories) for marketing purposes (traditional or automatic) of the latter.
PROCESSING LOCATION
The data processed by the website are processed at the Data Controller’s premises, pursuant to current law, the company Fashion Group Prato S.r.l., with registered offices in (59100) Prato (PO), via del Carmine 11, that is located within the European Economic Area and acts in compliance with European law.
COOKIES
As is usual on all websites, this site also uses cookies, small text files that allow us to keep information about visitors preferences, to improve site functionality, to simplify browsing by making procedures automatic (e.g. Login, site language) and to analyse the site use.
In particular, session cookies are essential for being able to distinguish between connected users and are useful for preventing a requested function from being provided to the wrong user, and for security, to prevent cyber attacks on the website. Session cookies do not contain personal data and only last for the current session, i.e. until the browser is closed. No consent is required for them.
Functionality cookies used by the website are strictly necessary for using the site, in particular, they are connected to an express function request by the user (such as Login), for which no consent is necessary.
FashionPo may also use web beacons (including conversion pixels) or other technologies for purposes similar to those described above and may include them on web pages, in marketing emails or newsletters and on affiliated websites, in order to determine whether or not the messages have been opened and the links clicked on. Web beacons do not store data on user devices, but they are able to monitor website activity in conjunction with cookies. The above information regarding cookies also applies to web beacons and related technologies.
By using the website, the visitor is expressly consenting to the use of cookies.
DISABLING COOKIES
Cookies are connected to the browser used and can be disabled directly by the browser, thus refusing/revoking consent to the use of cookies.
It is necessary to bear in mind that disabling cookies may prevent the correct use of some site functions; it will not be possible to access some functions, pages and sections of our website and, in this case, FASHIONPO will not take any responsibility for this.
Instructions on how to disable cookies are given in the “guide” menu of the browser that you use, from where it is possible to change cookies preferences, following the link you can find on the web pages:
For Internet Explorer™: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d;
For Safari™: https://www.apple.com/legal/privacy/en-ww/cookies/;
For Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en;
For Firefox™: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop.
THIRD-PARTY COOKIES
This website, therefore, acts as an intermediary for third party cookies, used to be able to provide other services and functions to visitors and to improve use of the website, such as social buttons, or videos. This website has no control over third-party cookies, that are entirely managed by third parties. Consequently, the information about the use of said cookies and on their purposes, and on the ways to disable them, are provided directly by the third parties on the pages stated below.
In particular, this website uses cookies from the following third parties:
- Google Analytics: A Google analysis tool, that uses cookies (performance cookies) to collect anonymous browser data (IP cut to the last eight characters) and grouped exclusively for the purpose of examining site use by users, filling out reports on site activity and providing other information, including the number of visitors and pages visited. Google can also transfer this information to third parties where it has been imposed by law and whenever these third parties process the information on behalf of Google. Google will not associate the IP address with any other data possessed by Google. Data sent to Google is placed in the Google servers located in the United States.
On specific agreement with Google, that is appointed as data processor, it undertakes to process data based on the Controller’s requests (see bottom of information sheet), given via software settings. Based on these settings, the advertising and data sharing options are disabled.
Further information on Google Analytics cookies can be found at the page Google Analytics Cookie Usage on Websites.
The user can disable data collection by Google Analytics selectively, by installing this plugin on his/her own browser: https://tools.google.com/dlpage/gaoptout?hl=en.
- Youtube: a platform owned by Google, for sharing videos, that uses cookies to collect user and browser device information. The videos present on the website do not carry cookies on accessing the page, as the option "Advanced privacy (no cookies)" is set based on which YouTube does not store visitor information unless they do not voluntarily reproduce the videos.
cookie: test_cookie .doubleclick.net this is not a permanent cookie, but it is used to check whether the user’s browser supports cookies.
For more information about the use of data and how it is processed by Google, please read the information on the specific Page prepared by Google, and at the page on Data use mode by Google when using partner sites or apps.
SOCIAL NETWORK PLUGINS
This website incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your favourite social networks. These plugins are programmed so that they do not set any cookies on accessing the page, to safeguard users’ privacy. Sometimes cookies are set, if foreseen by the social networks, only when the user actually and voluntarily uses the plugins. Please be aware that if the user browses when logged into the social network, then he has already consented to using cookies carried by this website at the time of enrolling on social networks.
Collection and use of information obtained via plugins are regulated by the respective privacy information sheets of the social networks, which you are asked to refer to.
TRANSFER OF DATA TO NON-EU COUNTRIES
This website does not transmit collected data outside the European Union. All of our servers and processors are located within the European Union.
The only exception is data processed by Google for the service provided by Google Analytics and Google Maps. The transfer is authorised on the basis of "Standard Contractual Clauses" and additional measures as per EDPB Recommendation No 1/2020.
DATA SUBJECT’S RIGHTS
Pursuant to the European Regulations 679/2016 (GDPR) and Privacy Decree No. 101/2018, the user can exercise the following rights, according to the modes and limits provided for by current law:
- request confirmation of the existence of personal data (right to access);
- have information about the logic, mode and purpose of said processing;
- request update, correction, addition, deletion, and conversion to anonymous form, blocking of data processed in violation of the law, including data no longer necessary for pursuing the purposes for which it was collected;
- in cases of processing based on consent, receiving, only at the cost of any support, the data provided to the controller, in a structured, legible format from a computer and in a format commonly used by an electronic device;
-The right to submit a complaint to the Data Protection Authority – link to Data Protection Authority’s webpage);
- Pursuant to Article 2-terdecies of the Privacy Decree No. 101/2018, all rights (from Article 15 to article 22 of the EU Regulations) concerning the personal data related to deceased individuals may be exercised by those who have a direct personal interest or act to protect the concerned party, in the role of proxy agent, or acting for family reasons worthy of protection.
- and more generally, to exercise all the rights acknowledged by current law.
The requests are sent to the Data Controller.
If the data are processed based on legitimate interests, the right of the data subject for processing are guaranteed (except the right to portability that is not provided for by law), in particular the right to opposing processing that can be exercised by sending a request to the Data Controller. It is possible to oppose processing of one’s personal data:
A) for legitimate reasons;
b) (without the need to give reason for said opposition) when the data are processed for commercial or marketing purposes.
WITHOUT PREJUDICE TO THE LIMITATIONS TO THE RIGHTS OF THE INTERESTED PARTIES REFERRED TO IN ARTICLES 2- undecies and 2-duodecies of Law Decree No. 101/2018
RECOURSE
If the User deems that the aforementioned rights regarding the protection of personal data were violated, the interested party may lodge a complaint with the Data Protection Authority pursuant to art. 77 of the Regulations and art. 141 of the Privacy Decree or file a claim at the Judicial Authority pursuant to art. 78 and 79 of the EU Regulations and pursuant to art. 152 and following of the Privacy Decree.
DATA CONTROLLER
Data controller pursuant to current law is the company Fashion Group Prato s.r.l., with registered office in Via del Carmine n.11, 59100 Prato, that can be contact via the section CONTACTS.
DATA PROCESSORS
To learn about the appointed internal and external Processors, the Data Controller refers to the company privacy policy.
For all communications, it is possible to contact the Data Controller at the email address: web@fashionpo.com.
Google is appointed data processor, processing data on behalf of the controller (Google Analytics).