GENERAL PERSONAL DATA PROCESSING POLICY
Piquadro S.p.A (hereinafter referred to as "PQ"), Parent Company of the "Piquadro Group", together with The Bridge S.p.A. (hereinafter referred to as "TB") and Lancel Sogedi S.A. (hereinafter referred to as "LC"), as Joint Data Controllers, consider the privacy and protection of personal data fundamental and invite their users and customers to carefully read this Policy which contains important information on Data Processing (in short , "Information").
The logical and physical security of the data and, in general, the confidentiality of the personal data processed will be safeguarded by taking all technical and organizational measures necessary to guarantee their security.
- is provided for all the companies belonging to the Piquadro Group, which share data with each other for joint and common purposes;
- is deemed valid for the websites https://www.piquadro.com, https://www.thebridge.it and https://www.lancel.com (hereinafter: “Site/Sites”);
- it refers to the adaptation for the mobile application called "Piquadro" (hereinafter referred to as the "App")
- it forms an integral part of the Platform and the services offered by the Group companies;
- is provided pursuant to article 13 of the Regulation, to those who interact with the web services of the Website and the joint Controllers, either by simple consultation or through the use of specific services made available by the Group companies.
- it is intended exclusively for natural persons of age to whom the services of the Group companies are addressed.
A) Identity and contact information of the joint Controllers
Località Sassuriano, 246
Silla di Gaggio Montano (40041 - Bologna, Italy)
Tax Code and VAT No. 02554531208
The Bridge S.p.A.
registered office in Scandicci (50018 - Florence, Italy),
Via E. Codignola 14/16,
Tax Code and VAT No. 04253320487
Lancel Sogedi S.A.
registered office in 75017, France
48-50 rue Ampere Paris
Ape Code 4772 b - TVA code Fr 20,612,036,376
B) What data we collect and how we collect them
- Data voluntarily provided by the data subject
While using the Website and in general the services offered by the Group companies, we may ask you to provide us with certain personal data or personal information that might be used to identify you, for example by e-mail or online form, through the form to subscribe to the Memberships and our Services or through another type of request.
This information may include personal details and contact details, such as your name, surname, address, e-mail address and telephone number, and some information such as gender and profession.
Brief explanatory notes will be provided or appear on the web pages or through appropriate forms for specific optional services.
- Automatically collected data
In the course of normal operation, the websites may acquire some personal data of the user whose transmission is implicit in the use of internet and mobile phones communication protocols.
These data are collected through the use of systems capable of storing text or information files, such as Cookies or SDK (Software Development Kit).
This information may include navigation and functional indications, statistical and technical information, and, if clicked, some information about the user's preferences to improve their browsing or geolocation experience for the identification of the nearest store.
Moreover, you can manage the preferences through the appropriate online section.
Some information is necessary in order to provide the services connected to the Site and to the Group activities, and failure to collect them would make it impossible to provide the aforementioned services or involve the partial operation of the Site. The optional information does not affect the operation of the services and can be freely managed by the user.
The forms expressly indicate the mandatory items (with the symbol * or ü).
Explicit consent will always be required, by specific request, where necessary.
- Data collected through the tracking device "Connequ"
If in use and connected according to the device's instructions, the App may automatically collect certain personal data related to the User during its normal operation, for the purpose of the requested tracking service.
Specifically, this includes data regarding the geographical location of the Users when they wear the Products and the Products themselves in case of loss, the MAC address of the Tracker, and the history of detections.
Furthermore, if the User has the Application open in the background on their device with the location function active, the Application will collect data regarding the location of the device used by the User even when the User is not directly interacting with the Application.
The presence of the application in the background is notified to the User based on their device settings. Such information is necessary in order to provide the services connected to the Application, and the failure to collect them would make it impossible to provide said services.
C) Purpose of personal data processing and relevant legal grounds
Your personal data will be processed:
(i) without obligation of consent for the following purposes:
- to ensure the complete and correct site operation, online account registration, PQClub/TBClub membership, Connequ App membership, management of orders, purchases, sales and deliveries of the products and their monitoring, customer service management, management of payments, management of returns and repairs, management of contacts with customers, management of allowances and discounts;
- administrative-accounting management and related fulfillments (issue of receipts, invoices, preparation of payments), protection of credit positions and defense before the court;
- for internal statistics, corporate economic analysis and management
- as concerns the contact data provided at the time the contract was signed, sending of advertising of similar products with the right to immediate erasure upon request;
The processing above meets the following legal grounds, respectively:
- fulfilling a contract or pre-contractual measures, satisfying a request of the data subject - condition laid down by law in Art. 6, letter b) GDPR;
- legal obligation of the Data Controller - condition laid down by law in Art. 6, letter c) GDPR - or for the ascertainment, exercise or defense of a right before the court;
- pursuing a legitimate interest of the Data Controller - condition laid down by law in Art. 6, letter f) GDPR - regarding improvement of the company’s operations and market surveys, improvement of the services supplied to its customers,
- pursuing a legitimate interest of the Data Controller - condition laid down by law in Art. 6, letter f) GDPR and Legislative Decree no. 130 dated 3 June 2003, no.196 (“Privacy Code”)- the so called “Soft spam” - direct marketing and customer retention.
The granting of data marked on the form with (*) for the purposes described in foregoing section (i) is mandatory and the absence of the data and/or express refusal to processing them shall make it impossible for the Data Controller to execute the contract or execute the pre-contractual measures, fulfil the obligation with possible non-fulfilment and responsibility of the data subject also for sanctions contemplated by the law (e.g. impossible issue of the relevant invoice).
(ii) with your consent (Art. 7, GDPR) for the following purposes:
- various types of marketing activity, including the promotion of products and services, the distribution of posters and information and promotional material, both in paper and electronic format, the sending of newsletters and sales communications by email, invitations;
- various types of profiling activity, including the analysis of behaviour for promotional purposes, the creation of lists for promotional and sales communication purposes and the sending of newsletters, processing profiles for making available targeted and personalized services for the customer’s needs.
The granting of data for the purposes explained in foregoing section (ii) is optional, meaning that you may decide to not give your consent, or to revoke it at any time. Automated processes using software that in any case require human decision-making intervention to prevent undesirable consequences for the data subject are used for this processing; they are always and, in any case, limited to receiving communications from the Data Controller.
D) Intragroup data sharing
This policy briefly indicates how the Piquadro Group companies share the information internally, regulated in detail by mutual co-ownership agreements.
Piquadro, as Parent Company, in order to better rule the Group's strategies and implement the company business efficiently and effectively, has decided to aggregate and unify the administrative management and the commercial and marketing management, both with regard to offline and online activities performed through websites and e-commerce platforms.
Therefore, Piquadro receives information from the companies of the Group and shares it with them.
The information collected by each company of the Group is shared and used reciprocally by the other companies, in order to make the services and offers available as well as to provide, improve, understand, personalize, support and market them, including the products and the respective Piquadro/The Bridge/Lancel brands and therefore within the predefined Group purposes referred to in item C.
Further information on the Group and its additional legal entities is available on the website https://www.piquadro.com/it/struttura-del-gruppo.
In the event that the Group is involved in a merger, acquisition, reorganization, or sale of all or some of the assets, the information will be shared with the following entities or new owners as part of the transaction in accordance with applicable laws on data protection.
E) Categories of recipients of personal data
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible:
- to employees and collaborators of the Controller in their capacity of staff authorized to process the data (or the so-called “data processing operators”);
- to third parties outsourced to perform the activity on behalf of the Controller in their capacity of Data Processors, including:
- suppliers of services for managing the IT system and the telecommunications networks and the company appointed to manage the e-commerce, suppliers of services to manage the filing of the hard copy and/or electronic documents, suppliers of services to managing customer service activities, also through websites (e.g. call centers, help desks, etc.), suppliers of services to manage sales communication activities;
- independent professionals, firms or companies within the scope of service and consulting relations, also for controlling corporate organization management;
- banks and credit institutions and insurance companies for carrying out the financial (payments/collections) and insurance activities;
- parties that carry out control, auditing and certification fulfilments for the activities initiated by Piquadro S.p.a., also in the interest of the customers, fraud detection and prevention bodies;
- judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign);
You can receive the complete and updated list of the Data Processors by sending a written request to the address firstname.lastname@example.org.
F) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to third parties duly appointed Data Processors.
The data transfer abroad to countries not belonging to the European Economic Area (EEA) takes place exclusively in the context of intra-group communications for the purposes indicated above or to contractual partners, in any case in accordance with the provisions contained in Chapter V, articles 45 and 46 GDPR.
Your personal data will not be disclosed.
G) Personal data retention period
The personal data automatically collected by the Website for the purposes stated in the previous paragraph 3 will be processed and stored for the time strictly necessary to achieve the purposes for which they were collected and will be automatically deleted after such period. They are in any case linked to the duration of the session or the installation.
The data will be retained for the time necessary to fulfill these purposes and, in any case, correspond to the respective periods indicated below.
Data provided by the data subject (B.1): 12 months
Data related to the User who is the Account holder: 36 months
Data related to the Customer: 60 months
Data automatically collected by the Website or App (B.2): 12 months
Data related to communication and marketing purposes: 36 months
Data related to profiling purposes: 36 months
Accounting and billing data: 10 years
Data related to any legal disputes: for the time strictly necessary or in accordance with statutory prescription periods.
After the aforementioned retention period, the data will be destroyed or anonymized.
F) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified therein and in particular:
The request can be addressed indifferently to each of the Joint Controllers by simply sending an e-mail to one of the following addresses: email@example.com / firstname.lastname@example.org / email@example.com.
In particular, reference is made to the following measures:
- Right of access - Obtain confirmation that processing of personal data concerning you is or is not in progress and, if so, receive information particularly concerning: purpose of processing, categories of personal data processed and storage period, recipients to whom they might be disclosed (Art. 15, GDPR),
- Right to correction - Obtain, without unjustified delay, correction of the incorrect personal data concerning you and the addition of incomplete personal data (Art. 16, GDPR),
- Right to erasure - Obtain, without unjustified delay, erasure of the incorrect personal data concerning you in those cases provided for by the GDPR (Art. 17, GDPR),
- Right to restriction - Obtain restriction of the processing in those cases provided for by the GDPR (Art. 18, GDPR)
- Right to portability - Receive the personal data concerning you in a structured format of common use readable by an automatic device, and obtain their transfer to another controller without impediments in those cases provided for by the GDPR (Art. 20, GDPR)
- Right to object - Objection to the processing of your personal data, unless there are legitimate reasons for the Controller to continue the processing (Art. 21, GDPR)
- Right to make a complaint to the control authority - Make a complaint to GDPD, the Italian Privacy Guarantor, Piazza Venezia n. 11, Rome - https://www.garanteprivacy.it/ - or “CNIL”: Commission Nationale de l'Informatique et des Libertés - French Privacy Guarantor - https://www.cnil.fr.
You can easily exercise these rights by simply sending a request via email to the firstname.lastname@example.org, the Data Controller's address.
The Account can be deleted through the dedicated section on the Web and App.
Last updated: May 9th, 2023