Privacy Policy
Last updated: October 11, 2024
PRIVACY POLICY ON PERSONAL DATA PROCESSING
Slowear S.p.A. (hereinafter referred to as "Slowear", the "Company" or the "Data Controller") makes this statement in accordance with and for the purposes of Article 13 of (EU) Regulation 2016/679 (hereinafter referred to as the "GDPR") on the protection of individuals with regard to the processing of personal data, for the purpose of informing you about the purposes and methods of personal data processing carried out by the Data Controller while browsing this website (hereinafter referred to as the "Website") or at Slowear direct stores ("Store").
It should be noted that this policy refers only to the Website and not to websites of third parties, which may be reached by the user through links on the Website.
DISCLAIMER
à The processing of personal data relating to the Slowear Club is described in a separate and specific policy, linked to the terms and conditions, both documents available at the following link.
à Data processing related to the online sale of products is described in a separate privacy policy, provided by the supplier that manages the e-commerce platform (for more information click here), acting as independent data controller (https://www.global-e.com/consumer-privacy-policy).
In order to facilitate users' browsing experience, the Website uses cookies. To learn more about the Cookies used, please refer to the relevant Cookie Policy.
CATEGORIES OF PERSONAL DATA PROCESSED
a) Website Browsing Data
The computer systems and software procedures used to operate this Website shall acquire certain personal data during normal operation for which transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, enable users to be identified. This category of data includes, for example, the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
b) Data provided voluntarily by the data subject
The optional, explicit and voluntary provision or sending of any personal data (for example, name, surname or email address) to Store personnel or through the use of forms available online or by email to the addresses indicated on the Website entails the unavoidable acquisition by the Data Controller of your data (e.g. name, surname, email address) and their subsequent processing to manage or respond to your requests. Therefore, any data subject who prefers to avoid the collection of their data by the Data Controller is invited not to submit any request or, at least, to provide as little personal data as possible.
In consideration of the purposes of the Data Controller, described below in this policy, the data subject is invited not to communicate, even through the published email addresses or the appropriate online contact forms, personal data not strictly necessary, including those so-called "particular" data, i.e. data that may be used to reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as data relating to the health or sex life or sexual orientation of the person. If the user voluntarily or involuntarily sends these data, the Data Controller will not process them further and will proceed with their erasure within the technically necessary times.
c) Website and Store Registration Data
Registration on the Website or in the Store results in the creation of an Account that allows the data subject to access certain specific services, including the ability to manage orders and save information for future purchases, as well as purchase products. In order to use all the services reserved for the registered user, the Data Controller will process personal data such as: name, surname, date of birth, telephone number, email address and password. In case of registration in the Store, the following data may also be collected optionally: gender, age, country of reference and telephone number.
d) Purchase data
The Data Controller collects data related to the purchase of products from users logged on the Website, or who provide their information at the Stores (e.g. product purchased and quantity). PLEASE NOTE: Personal data related to payments on the Website and collected to allow online sales are not processed by Slowear, but rather by the operator of the e-commerce platform. Therefore, please refer to the policy provided by this independent subject for any information relating to the related methods and purpose of the data processing.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
a) Navigating the Website
Browsing data, which does not allow the Data Controller to identify the user unless combined with other information, shall be processed on the basis of Slowear's legitimate interest in enabling the correct and efficient use of the content and services offered through the Website (Article 6.1, letter f) of the GDPR).
b) Services requested directly by the user
Personal data provided voluntarily by the data subject (see point 1, letter b)) shall be processed exclusively to manage and/or respond to any requests made to Store personnel or sent to the email addresses indicated or received through contact forms on the Website, such as the "Contact us" or "Track and Return your order" service (Article 6.1, letter b) of the GDPR).
c) Registration and management of the personal account
The processing of the data collected, indicated in point 1, letters c) and d) above, is necessary to enable the Data Controller to provide the requested services, such as creating an account on the Website or in the Store, or a product cart on the Website (Article 6.1, letter b) of the GDPR). It is specified that any optional data collected at the Stores is not essential for account registration. As part of the management of the relationship with registered users, the Data Controller may send service communications, without requiring the consent of the data subject to receive them.
d) Sending promotional communications
Subject to the optional consent of the registered user (Article 6.1, letter a) of the GDPR), the Data Controller may also process the personal data identified above in point 1, letter c) to send promotional material (e.g. newsletters) and commercial communications (e.g. invitations to events). In cases where communications concern products or services similar to those already purchased by the data subject, the related communications may be sent even in the absence of consent, as required by current legislation. If the user has not registered on the Website or in the Store, but has nevertheless chosen to subscribe to the newsletter service to receive promotional material, the data referred to in point 1, letter b) above shall be processed, for the sole purpose of sending the desired communications and therefore to enable the Data Controller to provide the requested services (Article 6.1, letter b) of the GDPR).
e) Profiling and sending profiled promotional communications
Subject to the explicit and optional consent of the registered user (Article 6.1, letter a) of the GDPR), the Data Controller may also process the personal data identified above in point 1, letters b), c) and d) for profiling purposes, i.e. to analyse or predict, also thanks to algorithms and other automated systems, the user's tastes, habits and consumption choices, in order to offer products and services suitable for the interests of the registered user and to process promotions and personalised communications.
In addition to the purposes described above, Slowear may also process user data:
- for the purpose of performing anonymous statistical and aggregate analyses, to analyse performance, correct errors and improve the use and efficiency of its services, as well as to prevent and ascertain fraud and abuse in order to protect the safety of its customers, by virtue of its legitimate interest (Article 6.1, f) of the GDPR);
- to comply with and execute legal provisions or orders, decisions and measures of competent authorities (Article 6.1, c) of the GDPR), including the Italian Data Protection Authority (the "Italian Data Protection Authority");
- to communicate user data to competent authorities and bodies, by virtue of their binding requests or legal obligations (Article 6.1, c) of the GDPR);
- by virtue of its legitimate interest in ascertaining, exercising or defending its right in court as well as to manage any disputes or controversies in connection with the services related to the Website (Article 6.1, f) of the GDPR).
PROCESSING METHODS
All personal data is processed mainly through electronic tools and methods. However, processing by paper means is not excluded a priori.
The processing operations are carried out under the supervision of technical and organisational measures that guarantee the security and confidentiality of the data, in order to reduce the risk of accidental or illegal destruction, loss, alteration, unauthorised disclosure or unauthorised access to personal data or processing that is not permitted or does not comply with the purposes indicated in this document.
The processing shall be carried out exclusively by trained persons and persons duly authorised in writing by the Data Controller, in compliance with the provisions of the applicable legislation.
DURATION OF DATA RETENTION
Personal data collected through the use of the Website is processed for the time strictly necessary to achieve the purposes for which it was collected and, according to the times indicated below:
• the data provided and/or collected by the Data Controller through browsing the Website are deleted at the end of each related session, except for and only for established security reasons, to enable the Data Controller to ascertain any liability in the event of computer crimes committed against Slowear;
• data provided voluntarily by the user to make any requests shall be kept for 24 months from the time of its collection, unless the user has registered an account, in which case the data of the request shall be associated with the account and kept for the entire duration of the retention of data relating to the account;
• the data provided at the time of registration, up to 10 years from when the user decides to deactivate their personal account;
• data processed for marketing purposes, until the revocation of the user's specific consent and in any case no later than 5 years from the last interaction of the user on our Website or at the Stores;
• data processed for profiling purposes, including the detail of purchases, until the revocation of the user's specific consent and in any case no later than 5 years from the user's last interaction on our Website or at the Stores.
DISCLOSURE OF PERSONAL DATA AND RECIPIENT CATEGORIES
Exclusively for the purposes specified above, all data collected and processed may be processed by internal figures duly authorised to process data in the performance of their duties, as well as by external parties who process data on behalf of the Company and are appointed as data processors by means of a specific contract or other legal act.
It is understood that users' personal data may be disclosed to third parties, such as police forces, whenever required by law or by a measure of a competent authority.
DATA TRANSFER TO A THIRD COUNTRY
Your personal data may be transferred outside the European Economic Area (EEA) and, in particular, to the United States of America. It should be noted that data transfers to the US are, today, guaranteed by European Commission decision C(2023)4745, which declared the level of protection adequate through the EU-US Privacy Framework. Any further transfers of personal data abroad will always be carried out by the Company in accordance with the applicable legislation, implementing appropriate measures such as the use of standard contractual clauses approved by the European Commission, if the transfer takes place to a country for which no adequacy decision has been taken by the competent authorities.
RIGHTS OF DATA SUBJECTS
You can exercise your rights at any time, namely:
§ right of access: to obtain confirmation from the Data Controller as to whether or not your data is being processed and, if so, to receive information about all the elements characterising the processing;
§ right to rectification: to obtain from the Data Controller, without undue delay, the modification and updating of inaccurate data concerning you;
§ right to erasure: to obtain from the Data Controller the erasure of your data without undue delay when:
o the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
o you decide to revoke one or more of the consents on which some processing operations are based, if the Data Controller cannot rely on any other legal basis pursuant to current legislation;
o you object to the processing of your data for marketing and/or profiling purposes;
o your personal data has been processed unlawfully by the Data Controller;
o your personal data must be deleted to comply with a legal obligation to which the Data Controller is subject;
§ right to restriction of processing: to obtain from the Data Controller the suspension of processing when:
o you dispute the accuracy of your personal data, for the period necessary for the Data Controller to carry out the appropriate checks;
o the processing is unlawful and you decide to oppose the deletion of your data, requesting instead that its use be limited;
o although the Data Controller no longer needs it for the purposes identified above, the data are necessary for you for the purpose of ascertaining, exercising and/or defending your right in court;
§ right to portability: to receive, in a structured, commonly used and machine-readable format the personal data you have provided to the Data Controller, also obtaining direct transmission from the latter, if technically feasible, to another data controller;
§ right to object: you object at any time to the processing of your data for statistical or aggregate analysis purposes, carried out by virtue of the legitimate interest of the Data Controller;
§ right to revoke consent: to revoke one or more of the consents previously provided by you, provided that the processing carried out up to that time by the Data Controller on the basis of the consent previously given will remain fully lawful. It should be noted that, in order to revoke their consent, the data subject must notify the Data Controller of their intention expressly and unequivocally, by sending a written communication to the Data Controller or by contacting Customer Care in the "Contacts" section of the Website;
§ right to lodge a complaint with the Italian Data Protection Authority: without prejudice to any other administrative or judicial appeal, lodge a specific complaint with the competent supervisory authorities – in Italy, the "Autorità Garante," or Italian Data Protection Authority – if it considers that the processing carried out by the Data Controller violates current legislation.
The rights listed above may be exercised at any time, freely and without difficulty, by sending the relevant request to the following email address privacy@slowear.com.
DATA CONTROLLER
The Data Controller of your personal data is Slowear S.p.A., which can be contacted at the following address: Via Della Fornace 15/17 – 30034 Mira – Venice, or by writing to the email address privacy@slowear.com
This Policy is subject to change. It is therefore advisable to check this web page on a regular basis and to take into account the most up-to-date version of the information contained therein.
Page Last Updated: October 2024