BEZ KOMERCIJALNOG PRIKAZA

KLIKNITE DA OTKRIJETE PRODAVNICE

PRIVACY POLICY – ONLINE INFORMATION

PRECONDITIONS

What is this document?  This document is the personal data processing policy for data subjects who interact with this website. Why this document? National and international legislation on personal data protection require that the data subject is informed on personal data that are processed and on who will process them, in order to guarantee that the processing will be fair and transparent

 

Hereinafter we will therefore see clearly listed who will process your data, which personal data will be processed, the purposes for which the personal data will be processed, for how long the data will be processed, which are your rights and how to exercise them.

 

Which laws are referred to in this document? The policy is offered by taking in conjunction with:

  • The General Data Protection Regulation (GDPR) EU n. 2016/679 (hereinafter the “Regulation”)
  • Italian Legislative Decree n. 196/2003 as amended by the Legislative Decree n. 101/2018 (hereinafter “Code”)
  • European Directive n. 2002/58/CE – the so-called “e-Privacy”

 

    POLICY

1)    DATA CONTROLLER

Teddy S.p.A., via Coriano n. 58, Grosrimini, blocco 97, 47924 Rimini (RN), Tel. (+39) 0541 301411, Fax (+39) 0541 383430, E-mail help@calliope.style


2)    PURPOSES, LEGAL BASIS, STORAGE RETENTION PERIOD AND NATURE OF THE PROCESSING

Personal data, depending on the actions carried out by the data subject, will be processed for the following purposes:

a. Shop in the online store, manage the return and/or exchange of goods, guarantee the functions or services available on the site, such as, but not limited to, the purchase, receipt, management and use of gift cards or discount vouchers, if available:

  • The legal basis of this process is the need to perform pre-contractual measures adopted upon request by the data subject of which is party;
  • The data retention period for this purpose is equal to the time necessary to process the request and in any event until the statute of limitations has run out for any legal action against the Controller by the Data Subject;
  • Personal data is essential to execute the request and the eventual rejection will determine the inability to reply to the data subject.

b. Registration in the reserved area of the online Store:

  • The legal basis of this process is the need to perform a contract of which the data subject is party;
  • The retention period of personal data processed for this aim is the contract period and, in case of litigation, for the whole duration of it, until all the appeal actions terms will be exhausted;
  • Personal data is essential to execute the request and the eventual rejection will determine the inability to use the reserved area.

c. Calliope loyalty program membership:

  • The legal basis of this processing is the need to perform a contract of which the data subject is party, pursuant to the “General Terms and Conditions for the Calliope loyalty program” (hereinafter “T&C”; this includes, by way of example but not limited to, the issuance of the fidelity card, the creation of the master data in the Controller's database, the sending of technical (non-promotional) communications necessary to comply with the T&C or its annexes, other activities necessary to comply with the T&C and not executable anonymously;
  • The retention period of personal data processed for this aim is the contract period and, in case of litigation, for the whole duration of it, until all the appeal actions terms will be exhausted and in any event until the statute of limitations has run out for any legal action against the Controller by the Data Subject;
  • Personal data is essential to execute the request and the eventual rejection will determine the inability to activate the Fidelity Card.

d. “Community Tester” membership:

  • The legal basis of this process is the explicit consent of the data subject to be contacted in taking part to products satisfaction test;
  • The data retention period for this purpose is valid until the data subject does not revoke the consent. We remember that the consent could be revoked at any time without that the lawfulness of processing based on consent before its withdrawal is affected;
  • Additional information on the logic applied and on protection provided for the data subject are available by sending a written request to the Data Controller;
  • The provision of personal data is optional and the eventual rejection will determine the inability to participate in product satisfaction tests.

e. Prize contests membership:

  • The legal basis of this process is the need to perform a contract of which the data subject is party, pursuant to the specific regulation set up for the prize contests;
  • The retention period of personal data processed for this aim is the contract period and, in case of litigation, for the whole duration of it, until all the appeal actions terms will be exhausted;
  • Personal data are necessary to process the membership to the prize contests and the eventual rejection will determine the inability to join in.

f. Send brochures and marketing material (direct marketing), also by email or SMS (mailing list, offers, etc.):

  • The legal basis of this process is the explicit consent of the data subject;
  • The data retention period for this purpose is valid until the data subject asks for the unsubscription from the promotional service/sending of newsletters. We remember that the consent could be revoked at any time without that the lawfulness of processing based on consent before its withdrawal is affected;
  • The provision of personal data is optional and the eventual rejection will determine the inability to receive brochures and marketing material.

g. Analyze consumption habits and choices (profiling), carry out market research (surveys and analysis of Customer satisfaction):

  • The legal basis of this processing is the explicit consent of the data subject;
  • The data retention period for this purpose is valid until the data subject does not revoke the consent. We remember that the consent could be revoked at any time without that the lawfulness of processing based on consent before its withdrawal is affected;
  • Additional information on the logic applied and on protection provided for the data subject are available by sending a written request to the Data Controller;
  • The provision of personal data is optional and the eventual rejection will determine the inability to profile.

h. Administrative and management purposes and for the fulfilment of obligations required by the legislation, by a regulation or by an order of the Authority (for example, bookkeeping; tax formalities; administrative and accounting management, etc.):

  • The legal basis arises from the need to fulfil a legal obligation to which is subjected the data controller;
  • The data retention period for this purpose is connected to each legal obligation regulated by specific relevant legislation;
  • The provision of personal data is optional, because the data controller shall fulfil a legal obligation to which is subjected or to the requests of relevant authorities.

i. Prevent, verify and pursue unlawful conducts:

  • The legal basis for this processing is pursuit the legitimate interest of the Data Controller in order to prevent, determine or pursue offences or intellectual property rights breaches (also of third parties) or informatic crimes or made through telematic networks;
  • The data retention period for this purpose is equal to the time reasonably necessary to assert the Data Controller’s rights from the time you become aware of the offence or of its potential commission.

3)   PERSONAL DATA PROCESSED

By processing personal data we mean any operation or a set of operations, performed with or without the aid of automated processes and applied to personal data or a set of personal data, as the recollection, the registration, the organization, the structure, the retention, the trend or change, the exfiltration, the consultation, the use, the communication through the transmission, spread or any other form available, the comparison or the interconnection, the limitation, the deletion or the disruption. It could be send by the data subject (for example contact in the field “message”) to the Data Controller also classified data, pursuant to the Article 9 of the Regulation, like “particular categories of personal data” and so those data that reveal the ethnical origin, political opinions, religious or philosophical beliefs or the trade union membership, data related to health or sexual life or the sexual orientation of a person. This category of data will be processed by the Data Controller, in order to execute the request received. Further treatments, categories of particular data by the Data Controller, will be done only with prior and explicit consent.

Additional personal data eventually processed are the following: 

  • Browsing data:

    Informatic systems and the software procedures used for this site acquire, during their normal exercise, some personal data which transmission is implicit in the use of Internet communication protocols.

    In this category of data fall into the IP addresses or the domain names of computers and the endpoints used by the users, all the addressed in URI/URL (Uniform Resource Identifier/Locator) of requested resources, the timetable of the request, the methods which has been used to submit the request to the server, the file dimension, the code number which identifies the state of the given response by the server (successful, error etc.) and other parameters related to the operational system and the information environment of the user.  Those data, necessary for the use of the web services, are also processed in order to obtain statistical information on the service use (most visited pages, number of visitors hourly, geographical areas of expertise etc.) and control the correct operation of the services offered. Browsing data do not persist more than 365 days and are immediately deleted after their combination (unless required by the Judicial Authority to carry out any criminal investigation).

  • Data requested in the form to join the Calliope Loyalty Program: name, surname, date of birth, address, e-mail, mobile phone;
  • Data required when purchasing products on the Calliope website
  • Data given by the user: The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller involves the acquisition of the sender's contact data, necessary to reply, as well as all personal data included in the communications.
  • Cookies and other tracking systems: Please refer to the detailed policy available at the following link: www.calliope.style/cookie-policy

4)    RECIPIENT OF PERSONAL DATA

Personal data might be shared, for specific purposes, with: 

  • Subjects acting as “Data Processors”, according to the Article n. 28 of the Regulation namely, people, companies or professionals who provide assistance and advisory activities to the Data Controller in connection with the provision of goods/services;
  • Subjects with which is necessary to interact for the goods/services provision, as independent Data Controller (for example, third parties or installment payment systems, the access by social network, etc.);
  • Subjects, bodies or Authorities whom the communication of data is mandatory by the legal provisions or orders from the Authorities;
  • Personnel expressed authorized by the Data Controller, necessary to carry out activities strictly related to the provision of goods/services, which are undertaken to confidentiality or are legally bound to do so and that have received opportune operational instructions, pursuant to article 29 of the Regulation. 

The full list of Data Processors is available by sending a written request to the Data Controller.

5)    TRANFERS OF PERSONAL DATA

Some of your personal data are shared with recipients who could be out of the European Economic Area (EEA). The Data Controller ensures that the processing of your personal data is carried out according to the Regulation. Verily, transfers shall be based on an adequacy decision or on Standard Contract Clauses approved by the European Commission. Further information is available at the Data Controller.

6)    EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING

The Data Controller does not adopt an automated decision-making process on personal data, including the profiling, referred to in Article 22 of the Regulation. Further information will be available at the Data Controller.

7)    DATA ABOUT PEOPLE UNDER 18 YEARS OLD

Company’s information services such as the subscription to the newsletter (direct marketing), profiling and online chat shall be used only by people that are at least 16 (sixteen) years old. The Data Controller will not be responsible of possible recollection of personal data, as well as false statements, offered by the minor, and in every cases, if it is seen to be used, the Data Controller will facilitate the right to access and the right to erasure forwarder by the guardian, foster or who exercises the parental responsibility. 

8)    RIGHTS OF DATA SUBJECT

Data subject has the right to obtain from the Data Controller, in certain specific cases, the access to personal data and the rectification or the erasure of the same or the restriction of the processing or to the right to object to the processing (Article 15 and following of the Regulation). The appropriate petition to the Data Controller shall be presented by contacting the e-mail designed for the feedback to the data subject or by filling the form available in the dedicated privacy section.

In particular, regardless of the purpose or the legal basis on which we process your data, you have the following rights:

  • to request access to data: this consists in asking the data controller whether or not personal data concerning him or her is being processed and, if so, to obtain access to that personal data. At any time, the Data Subject registered on the Site has the possibility of verifying his or her data by accessing the private area of the Site;
  • request rectification of data: this consists in the possibility for the Interested Party to request changes to his/her personal data in the event that he/she believes that such personal data is out of date or in any case inaccurate. In any case, the Interested Party registered on the Site has the possibility of modifying or updating his/her data by accessing the private area of the Site. The Interested Party is responsible for the truthfulness and accuracy of the data provided and undertakes to notify the Data Controller of any change or modification of such data; any liability or loss deriving from the inclusion of inaccurate or out-of-date data on the Site or data referring to third parties is exclusively attributed to the Interested Party;
  • request the deletion of personal data or object to the processing of personal data;
  • request the interruption or limitation of the processing of personal data;
  • request portability of personal data;
  • if the data subject has given consent to the processing of his/her personal data for any purpose, request the revocation of the consent(s)
  • if the Data Subject considers that the processing of personal data relating to him/her is in breach of the provisions of the Regulation, he/she has the right to lodge a complaint with the Italian Data Protection Authority (www.gpdp.it) or with the Supervisory Authority of the Data Subject's country, as provided for in Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).

9)    HOW TO EXERCISE YOUR RIGHTS

In order to exercise your right, you shall access the Privacy Area of the website www.calliope.style, and use the special form provided. Alternatively, you can contact the people in charge of the data subject’s response:
Data Controller: Teddy S.p.A., via Coriano n. 58, Grosrimini, blocco 97, 47924 Rimini (RN), Tel. (+39) 0541 301411, Fax (+39) 0541 383430, E-mail help@calliope.style
Data Protection Officer (DPO): 365TRUST Europe S.r.l., Piazza IV Novembre n. 4, 20124 Milano (MI), E-mail dpo@calliope.style

10) REQUEST DATA DELETION AND UNSUBSCRIBE NEWSLETTER AND/OR COMMERCIAL COMMUNICATIONS

To request the data deletion, the data subject may send a request by e-mail to help@calliope.style or dpo@calliope.style; alternatively, the data subject may send a request for deletion using the form available in the dedicated privacy section.

In order to stop the sending of newsletter and/or commercial communications by email it is enough following the instructions included in the last email received or by sending an email to help@calliope.style by indicating: "Clp", name, surname and email address to which stop the sending of communications. Upon the receipt of the email we will act on the deletion. In order to stop the sending of SMS it is enough sending a SMS directly by the phone number from which you desire to no longer receive communications, by mentioning the word “delete me” (without quotation marks) at the following phone number +393666369292.

11)    CHANGES

The Data Controller reserves the right to amend and/or supplement this Policy at any time and he undertakes to publish the changes on the website www.calliope.style into the Privacy Area and/or to inform Clients in the most appropriate manners assessed.

Prijava na newsletter
PRONAĐI PRODAVNICU moj nalog
Prijava na newsletter
Država
TEDDY SpA, sedište: Via Coriano 58, Grossrimini Blok 97, 47924 Rimini (RN) – PIB/VAT IT00953910403, REA 190509, osnovni kapital 50.000.000 € uplaćen.

Korpa

Vaša korpa je prazna.