Product has been added to cart
Write us to email@example.com
Customer Service is working from Monday to Friday: 8:30-13:00 / 14:30-18:00.
Revised on 25.05.2018
Collistar S.p.A., with legal domicile in Via G. B. Pirelli 19, Milan (MI), Italy, (henceforth “Company”, “us” or “we”), as acting data controller and subsidiary of the Bolton Group (henceforth “Group”), hereby gives notice of the purposes and methods for and whereby it collects, processes and communicates your personal data through the website www.collistar.com (“Site”) and the correlated services (“Services”), in compliance with all applicable legislation and regulations concerning the protection of personal data and, in particular, with the requirements of: (I) EU regulation 679 of 27 April, 2016 ( General Data Protection Regulation or “GDPR”), applicable from 25 May 2018; and (ii) any other law, regulation or provision of competent national and European authorities concerning the protection of personal data (hereinafter referred to collectively as “applicable privacy legislation”).
Note that the aforementioned Services include the purchase of products sold by the Company and participating in prize competitions, lotteries, contests and/or any other initiative organized individually by the Company or in collaboration with the Group.
The Company is the data controller in charge of the processing of personal information (in other terms, any information relating to an identified or identifiable natural person, denominated the ‘data subject’) acquired directly from you via the Site and the Services. This data will be processed in accordance with the terms of this Informative Notice and in compliance with Applicable Privacy Legislation.
2. WHAT KIND OF PERSONAL DATA DO WE COLLECT?
The Company gathers (1) data that you have voluntarily shared with us and (2) data relative to your activities on the Site or your interaction with the Services. In particular, the Company gathers the following categories of data:
1. Registration data: acquired via the registration form.
If the information acquired from and regarding the user do not identify the user as a specific person (e.g. raw data and aggregated or anonymous data) either directly or indirectly, this may be used for any purpose or shared with third parties to the extent permitted by applicable personal data protection legislation.
We do not collect special categories of personal data: you are expressly requested not to send us or share, via the Site or Services or any other means, any information classified as special categories of personal data (”sensitive data”), such as social security numbers and information revealing racial or ethnic origin, political opinions, religion or other beliefs, state of health, criminal convictions or trade union membership.
3. PURPOSES OF PROCESSING OF PERSONAL DATA
We process the personal data acquired from you and concerning you in order to:
a) allow you to register on the Site, and to use the Site and our Services;
b) evaluate and improve the usability of our Services and the user experience when browsing our Site;
c) provide you with support, handle correspondence with you and send you service notifications;
d) process your purchase requests correctly in compliance with all the legal, administrative, accounting and fiscal obligations associated with purchases;
e) comply with legal requirements and respond to requests from state and public authorities;
f) verify the completeness, validity and correctness of the data provided to safeguard the rights of the Company and of other parties and, specifically, (ii) to ensure the security and privacy of the users of the Site and Services; and (iii) to protect against digital fraud;
g) to provide you, subject to your facultative consent, with commercial material and news concerning Collistar products and events via automated channels (SMS, MMS, e-mail, automated voice calls etc.) and non-automated channels (telephone calls with operator or printed correspondence).
Where the data acquired from you or concerning you does not identify you personally, we may use this information for other purposes or divulge it to third parties.
4. ON WHAT LEGAL BASIS IS MY PERSONAL DATA PROCESSED?
The processing of your personal data in accordance with:
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The Company retains and processes your personal data for no longer than the period of time necessary for the purposes defined in paragraph 3. In any case, the following maximum time limits apply for the retention of your personal data:
a) data acquired for the purposes defined in paragraph 3, sub-paragraphs a), b), c) and d) is kept solely for the period of time strictly necessary to allow the user to use the Site or Services;
b) data acquired for the purposes defined in paragraph 3, sub-paragraph e) is kept for ten (10) years in order to fulfill legal and regulatory obligations;
c) data acquired for the purposes defined in paragraph 3, sub-paragraph f) is kept solely for the period of time strictly necessary to pursue the legitimate interests of the company;
d) data acquired for the purposes defined in paragraph 3, sub-paragraph g) is kept solely for the period of time strictly necessary to accomplish the purposes for which it was originally acquired and, in any case, will be deleted once the user ceases to interact with the Site or decides to revoke their consent.
5. HOW IS PERSONAL DATA PROCESSED?
Personal data is processed for the purposes defined above with electronic and manual means, and is protected with adequate security measures. In this regard, while the Company implements commensurate administrative, technical and physical measures to safeguard the data in its possession against loss, theft, unauthorized, dissemination and modification, it cannot guarantee against all possible digital risks.
6. WHO HAS ACCESS TO PERSONAL DATA?
a) Other subsidiaries of the Group, where necessary and where the applicable conditions are met;
b) Third-party service providers appointed to carry out data processing activities as data processors or sub-processors, and officially nominated as such where required by applicable legislation (e.g. cloud service providers, providers of instrumental or accessory services for the delivery of Services - including, but not limited to: banking institutions, for the management of payments and revenue relative to purchases; IT service providers; direct marketing service providers; experts; consultants and lawyers; and companies deriving from mergers, demergers or other transformations); and
c) Competent national authorities, in order to comply with applicable legislation;
7. WILL PERSONAL DATA BE TRANSMITTED TO DIFFERENT COUNTRIES?
We do not transmit personal data to countries situated outside the European Economic Area (EEA).
8. MINORS (PERSONS UNDER THE AGE OF 18)
The Site is not intended for use by persons under the age of 18 years and the Company does not knowingly gather the personal information of minors.
9. WHAT RIGHTS CAN I EXERCISE REGARDING MY PERSONAL DATA?
The user has the following rights, which he/she may exercise at any time at no cost:
a) the right to be informed of the purposes and methods of processing;
b) the right of access;
c) the right to obtain a copy of any data held in a foreign country, and information identifying the place in which this data is kept;
d) the right to request that their personal data is updated, rectified or amended;
e) the right to request the deletion, anonymization or blockage of their personal data;
f) the right to object to the processing and dissemination of their personal data, in whole or in part, even where said activities are conducted with an automated decision-making process;
g) the right to revoke their consent for the processing of their personal information, freely and at any time;
h) the right to contact the data protection officer, where applicable;
i) the right to lodge a complaint with the competent national data protection supervisory authority or judicial authorities;
j) the right to data portability, in other terms, the right to request an electronic copy of the personal data concerning them, which may be transferred to the user or to a different data controller;
k) right to restriction of processing.
10. DATA CONTROLLER AND PERSONAL DATA PROTECTION OFFICER
The data controller is Collistar SpA, with legal domicile in Via G. B. Pirelli 19, Milan (MI), Italy. Please address any correspondence regarding this Informative Notice to the address of the operational head office of the Data Controller, at Via G. B. Pirelli 19, Milan (MI), Italy, or to the e-mail address firstname.lastname@example.org.
In compliance with article 37 of the Privacy Regulation, the Personal Data Protection Officer may be contacted by writing to the e-mail address email@example.com, or to the physical address Via G. B. Pirelli 19, Milan (MI), Italy.
11. MODIFICATIONS AND AMENDMENTS