Information pursuant to art. 13 of the
Regulation (EU) 2016/679 of the European Parliament and of the Council
FANCY LUX SA wishes to inform that, pursuant to art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereinafter "European Regulations"), needs to proceed with the processing of some personal data collected automatically or provided through the navigation or use of the Site www.fancylux.com "Site" below.
1. HOLDER OF THE TREATMENT
The Data Controller is FANCY LUX SA, VAT number CHE-450.454.084 in the person of the legal representative, domiciled at the registered office in Via Nassa 40 - 6900 Lugano (Switzerland), (hereinafter "FANCY LUX" or "Data Controller ").
2. DEFINITION AND TYPOLOGY OF PERSONAL DATA PROCESSED
To allow the use of the Site and its services, the Data Controller needs to know and process some of your personal data that will be collected by filling in and submitting the forms on the Site. In particular, when you browse or buy on the site Site, FANCY LUX treats the following personal data (hereinafter referred to as "Services")
- to purchase products on the Site: email, name, surname, address, telephone number, billing address;
- to receive our newsletter or commercial communications: the email address; name, surname, day and month of birth;
- to receive personalized commercial communications: the email address; name, surname, day and month of birth, as well as the number, type, value and frequency of product purchases made through the Site, over a period of 12 months;
- to register in the personal area "my account": name, surname, email, password, day and month of birth.
For the simple navigation of the Site, instead, below are specified the types of data processed and the specific disclosure for "cookies".
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of communication protocols of the Internet network.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's IT environment.
These data, necessary for the use of the Site, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.) and to check the correct functioning of the services offered.
The navigation data does not persist for more than seven days and is canceled immediately after their aggregation, without prejudice to the possible need to ascertain the crimes by the judicial authority.
The Site uses the following types of cookies.
- Technical cookies
Technical cookies are used (session or persistent), or small text files containing a certain amount of information exchanged between the Site and the terminal (or rather with the browser used), which allow the correct functioning and use of the same or a best experience on the Site. For example, they help us to indicate the Store closest to its location, to know and remember preferences with respect to the language of the Site. So when a country and language is selected in the splash page or via ip geo location we save this value in cookies for subsequent sessions. Cookies are also used to show / hide the newsletter subscription banner.
- Analytical cookies
- Profiling cookies
Cookies are currently used for user profiling.
- Third-party cookies
Even third parties may install cookies on your device. We do not control the use of third-party cookies and, therefore, we are not responsible for their use. Third parties have their own privacy policies and data collection methods. Below is the list of third-party cookies used:
To withdraw your consent to these cookies, you can refer to the following sites: http://www.youronlinechoices.com/uk/your-ad-choices or http://www.allaboutcookies.org/manage-cookies/index.html
The delivery of all cookies can however be deactivated by changing the settings of your browser. It should be pointed out, however, that intervening on these settings could render the Site unusable if the cookies that are indispensable for the provision of our services are blocked. However, each browser has different settings for disabling cookies. The links to the instructions for the most common browsers are Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
Possible phone calls to the Call Center numbers indicated on the Site may involve the processing of the caller's personal data, in order to provide the services requested by the same, such as, for example, personal data useful for handling requests for returns or post assistance sale.
FANCY LUX, through its data processors, may also use third-party call centers that operate, always in full compliance with privacy regulations, with a specific service contract on behalf of the Data Controller, as data processors pursuant to Article 28 of the European Regulation.
4. STORAGE PERIOD OF PERSONAL DATA
The data controller intends to store personal data for a period of time not exceeding that necessary for the achievement of the purposes for which they were collected and processed.
From this point of view, in compliance with the regulations in force, including the accounting one, FANCY LUX will keep your personal data acquired thanks to the sale of its products for no longer than 10 years. Subsequently, we will cancel them, or transform them into anonymous form permanently and not reversibly.
With regards to the processing of your personal data for direct marketing purposes, if you have explicitly authorized it, FANCY LUX has decided to cancel your personal data processed for direct marketing purposes within 24 months of their registration. Personal data processed for profiling purposes, on the other hand, will be deleted 12 months after registration.
With regard to other personal data, since it is not possible to accurately determine the retention period of your personal data, the Data Controller undertakes from now on to inspire the processing of his personal data on the principles of adequacy, relevance and minimization of data, thus as required by the European Regulation, verifying annually the need for their conservation. Therefore, once we reach the purposes for which they were collected and processed, we will remove them from our systems and registers and / or take appropriate measures to make them anonymous, so as to prevent you from being identified.
This, without prejudice to the case in which we will need to maintain such data to comply with regulatory obligations, or to ascertain, exercise or defend our right in court.
5. CATEGORIES OF RECIPIENTS OF DATA
The personal data processed will not be disclosed to third parties. However, they can learn about your personal data in relation to the processing purposes previously set forth:
- the subjects that can access the data in force of law disposition foreseen by the Swiss law or by the European Union law;
- subjects who carry out, within Switzerland or within the borders of the European Union, in total autonomy, as distinct Data Controllers, or as Data Controllers appointed for this purpose by FANCY LUX, purposes auxiliary to the activities and services referred to in paragraph 3, namely banking operators, internet providers, couriers and shippers, companies that carry out marketing activities, companies that offer IT infrastructures and IT assistance and consultancy services, as well as design and implementation of software and Internet sites, law firms, companies that offer useful services to customize and optimize our services, companies that offer data analysis and development services (including those related to user interactions with our services), service centers, companies or consultants in charge of providing additional services to the Data controller, within the limits of the purposes for which they were rec olti;
- the company issuing the credit card used by you, the anti-fraud control service providers connected to the payment process and (where necessary) for activating the anti-fraud control procedure.
In particular, the Site is managed on behalf of FANCY LUX by the company SINAPPS s.r.l. , which operates, as data processor, in full compliance with privacy regulations, with a specific service contract stipulated with the Data Controller pursuant to Article 28 of the European Regulation.
Any communication of your personal data will take place in full compliance with the provisions of the law provided for by the European Regulation and the technical and organizational measures prepared by the Data Controller to guarantee an adequate level of security.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The entire processing of personal data takes place in Switzerland and in countries within the borders of the European Union.
For the provision of its Services, the Data Controller may transfer personal data to third countries. In this case, we commit ourselves to:
- make sure that the country in which your personal data will be sent guarantees an adequate level of protection, as required by article 45 of the European Regulation; or
- use the standard contractual clauses for the protection of personal data approved by the European Commission for the transfer of personal information outside the EEA (these are the clauses approved pursuant to Article 46.2 of the European Regulation); or
- make sure, if we transfer your personal data to the United States, that the third party is registered in the Privacy Shield.
For more information on data transfer rules to third countries, click here.
7. ANY AUTOMATED DECISION MAKING PROCESSES
FANCY LUX does not use automated decision-making processes, including the profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation, without its consent. If you consent to profiling, the data you provide may be used to analyze or predict your tastes and preferences, in order to be able to customize the content of commercial communications and offer only products and services dedicated to you and in line with your tastes and preferences.
In particular, the number, type, value and frequency of product purchases made through the Site over 12 months could be detected and analyzed.
Following this analysis, which may also take place in an automated manner, the interested party may be classified in one or more groups with different characteristics and receive personalized communications from FANCY LUX that FANCY LUX believes to be in line with its tastes and preferences. For example, if the interested party purchases, within 12 months, only certain types of products for a certain value (eg bags with a cost equal to or greater than Fr. 500), it may be possible to receive promotional communications in the future only for similar products in a similar price range. On the contrary, the interested party may not receive communications concerning other types of products (eg accessories) if he / she has not purchased bags during the 12 months, as the system assumes that it is not a product of his / her interest.
In relation to this treatment, FANCY LUX has conducted a specific impact assessment on data protection to ensure that profiling is attenuated with impartiality, accuracy, effectiveness and without harmful consequences for the data subject. It is possible at any time to request a copy of a summary of this evaluation or ask for clarification by writing to firstname.lastname@example.org
8. RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, pursuant to the European Regulation, the interested party has the right to:
- withdraw consent to the processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before the revocation, as provided for by the art. 7, paragraph 3, of the European Regulation;
- ask the Data Controller for access to personal data, as required by art. 15 of the European Regulation;
- obtain from the Data Controller the rectification and integration of personal data deemed inaccurate, even providing a simple supplementary declaration, as required by art. 16 of the European Regulation;
- obtain from the Data Controller the deletion of personal data if only one of the reasons envisaged by art. 17 of the European Regulation;
- obtain from the Data Controller the limitation of the processing of personal data if one of the hypotheses envisaged by art. 18 of the European Regulation;
- receive from the Data Controller the personal data concerning him / her in a structured format, commonly used and readable by an automatic device,
- request the Data Controller to transmit personal data to another data controller without hindrance, as provided for by art. 20 of the European Regulation;
- object at any time, for reasons connected to your particular situation, to the processing of personal data carried out pursuant to art. 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions, as required by art. 21 of the European Regulation;
- not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning it, if it has not previously and explicitly consented, as provided for by art. 22 of the European Regulation; furthermore, in relation to the automated processing, the interested party has the right to obtain human intervention by FANCY LUX, to express his opinion or to contest the decision, as provided for by art. 22, paragraph 3 of the European Regulation.
- lodge a complaint with a supervisory authority (art. 77) or take appropriate judicial proceedings (art. 79), if it considers that the treatment concerning you violates the European Regulation. The complaint can be brought in the Member State where he habitually resides, works or in the place where the alleged violation occurred.
To exercise each of your rights, you can contact the Data Controller, in the person of the legal representative, by sending an email to the address email@example.com providing the following personal data: Name, surname and postal address; Details of the request; Purchase code; Photocopy of a valid identity document.
9. CONSENT OF CHILDREN IN RELATION TO THE INFORMATION SOCIETY SERVICES
It is explicitly forbidden to children under the age of sixteen (16) to use the services provided through the Site. By registering or purchasing on the Site, you confirm that you have reached the legal age of your country of residence.
10. HOLDER OF THE DATA COLLECTION
The holder of the data collection that includes your personal data is: FANCY LUX SA, VAT number CHE-450.454.084, registered office in Via Nassa 40 - 6900 Lugano (Switzerland)