Introduction

    At www.vittoriasella.com, we consider the protection of privacy to be both an obligation and a fundamental value. We are committed to safeguarding the privacy of our website visitors and customers. We do not disclose information about our customer users to third parties except when necessary for product sales operations.

    Crossbiz S.r.l., the owner of the Vittoria Sella brand with its registered office at Via Giovanni Battista Tiepolo 11, 00196 Rome, Italy, operates as an independent data controller (hereinafter referred to as the “Data Controller”). This Privacy Policy (hereinafter referred to as the “Policy”) is intended to inform you about the collection and processing of personal data (hereinafter referred to as “Personal Data”), which includes any information enabling the identification of a person (hereinafter referred to as “User/s”) collected from the website www.vittoriasella.com (hereinafter referred to as the “Site”). This is in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and Legislative Decree no. 196/2003 and subsequent amendments (the “Privacy Code”).

    We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

    Please note that the Policy may be updated, and in case of significant changes, we will communicate them via email and/or by posting updates on the Privacy Policy page of the Site. We invite you to read this policy carefully to understand how your data will be treated.

    By “processing of Personal Data,” we mean any operation or set of operations, whether automated or not, that is applied to personal data or sets of personal data. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available in any other way, alignment or combination, restriction, erasure, or destruction of data.

    Personal Data collected from the Site www.vittoriasella.com

    Content and Information Provided Voluntarily by the User:

    • Contact Details and Contents: these are personal data voluntarily provided by the User during their use of the Site. This includes personal data, contact information, access credentials for services and/or products, personal interests, preferences, and other personal content. This information may be provided during account creation or in the “Contacts” section, where you may be asked to provide specific requests that may contain additional personal data. The chat service allows you to communicate your requests. We will also process your preferences for customizing newsletter content.
    • Personal Data Collected by Social Media: Users can share data from their social media accounts with the Site. Users have the right to control the Personal Data that the Site can access through the privacy settings on the respective social media platforms. By associating social media accounts with the Site and authorizing the Data Controller to access such Personal Data, Users consent to the acquisition, processing, and storage of this data in accordance with this Privacy Notice.

    Failure by the User to provide Personal Data, when there is a legal or contractual obligation to do so or when such information is necessary for the use of the service or the conclusion of a contract, will make it impossible for the Data Controller to supply products and/or provide its services, either in whole or in part.

    Users who provide the Data Controller with the Personal Data of third parties are directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.

    Data and Content Acquired Automatically During Site Use

    • Technical Data: The computer systems and software procedures used to operate this Site may automatically collect certain Personal Data during their normal operation. This information is not collected to identify Users but could, by its nature, allow User identification when associated with data held by third parties. This category includes IP addresses, domain names used by Users who connect to the Site, URL (Uniform Resource Identifier) addresses of requested resources, time of the request, method used to submit the request to the server, file size obtained, and more.
    • Usage data: Personal Data relating to the User’s use of the Site may also be collected. This includes the pages visited, actions performed, features and services used.
    • Geolocation Data:The Site may collect Personal Data related to the User’s location, which may include GNSS (Global Navigation Satellite System, e.g., GPS) data, as well as data identifying the nearest repeater, Wi-Fi, and Bluetooth hotspots. This data is collected when location-based products or features are enabled.

    Personal Data Collected Through Cookies or Similar Technologies

    The Site uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data about the pages visited, links clicked, and other actions taken while using our services. These technologies store information for future access by the same User. You can review our complete Cookie Policy at www.vittoriasella.com/cookie-policy.

    Purposes

    This Privacy Policy covers the processing of data that you voluntarily provide for the purpose of online service delivery. Personal Data collected may be used for the following purposes:

    • User Registration and Authentication: If the User creates a personal account, their data will be processed to enable registration on the Site and the management of their private area. A personal account requires the use of authentication credentials known only to the User, who must handle them with care and take full and exclusive responsibility for them. Creating an account is not mandatory for purchases but offers advantages such as promotional offers.
    • Conclusion and Execution of Purchase Contracts and Returns: At this stage, contact details for the delivery address, product purchase specifications, and information related to the shopping experience will be processed. To complete the transaction, the Data Controller may require confirmation of payment from independent data controllers such as PayPal and Stripe.
    • Communication and Commercial Proposals: During this phase, we collect communications and commercial proposals, including personalized newsletters. Automated tools may be used for communications, including emails, newsletters, SMS, MMS, chat, instant messaging, and phone calls.
    • External Management of Payments: External payment platforms may be used to manage User payments by credit card, bank transfer, or other instruments. These platforms acquire payment data without the Data Controller having access.
    • Archiving, Hosting, and Backend Infrastructure Management:Technical infrastructure is managed for the storage of User data.
    • Statistical Analysis with Anonymous Data:We may perform statistical analysis using aggregated data or data that does not allow User identification.
    • Personalization and Profiling of User Experience:To modify and adapt the Site to the User’s needs.

    Processing Methods

    The processing of Personal Data is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the specified purposes. In some cases, individuals involved in the organization of the Data Controller, such as personnel management employees, sales personnel, system administrators, etc., or external subjects, such as IT companies, service providers, postal couriers, hosting providers, etc., may have access to Personal Data. These parties may be appointed as Data Processors by the Data Controller and may access User Personal Data when necessary, being contractually obligated to maintain the confidentiality of such data.

    An updated list of Data Processors can be requested by emailing privacy@vittoriasella.com

    Legal Basis of Processing

    The processing of Personal Data is based on the following legal bases:

    • User consent for communications and commercial proposals.
    • Processing necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures.
    • Processing necessary to fulfill a legal obligation to which the Data Controller is subject.
    • Processing necessary for the legitimate interests pursued by the Data Controller or third parties.

    You can request clarification regarding the legal basis for each processing operation by emailing privacy@vittoriasella.com

    Location

    Personal Data is processed at the operating offices of the Data Controller and in any other locations where the parties involved in the processing are located. Personal Data may also be transferred to third countries (outside the EU) for the purpose of selling Products or providing requested services, in compliance with the provisions of articles 44-49 of the European Privacy Regulation.

    Security Measures

    The Data Controller processes Personal Data in a manner and with suitable tools to ensure the security and confidentiality of Personal Data. The Data Controller has implemented appropriate technical and organizational measures to ensure that processing complies with relevant legislation and can be demonstrated.

    Data Retention Period

    Personal Data will be retained for the duration necessary to fulfill the purposes for which it was collected. Specifically, Personal Data will be kept throughout the contractual relationship, including the fulfillment of related and subsequent obligations, compliance with applicable legal and regulatory obligations, and for defense purposes, whether for the Data Controller or third parties. If Personal Data processing is based on the User’s consent, the Data Controller may retain Personal Data until consent is revoked. Personal Data may be retained for a longer period if required by a legal obligation or at the request of an authority. All Personal Data will be deleted or stored in a form that does not allow User identification within 30 days of the end of the retention period. After this period, the right to access, delete, rectify, and request the portability of Personal Data can no longer be exercised.

    Automated Decision-Making Processes

    No Personal Data collected will be subject to automated decision-making processes, including profiling, that produce legal effects concerning individuals or significantly affect them.

    User Rights

    Users have certain rights with regard to Personal Data processed by the Data Controller. In particular, Users have the right to:

    • Withdraw consent at any time.
    • Object to the processing of their Personal Data.
    • Access their Personal Data.
    • Verify and request rectification.
    • Obtain restriction of processing.
    • Obtain erasure of their Personal Data.
    • Receive their Personal Data or have it transferred to another controller.
    • File a complaint with the supervisory authority for the protection of Personal Data and/or take legal action.

    To exercise their rights, Users can submit a request to the contact details of the Data Controller provided in this document. The Data Controller will process requests promptly, in any case within 30 days.

    Data Controller of the Processing

    The Data Controller is Crossbiz S.r.l., with its registered office at Via Giovanni Battista Tiepolo 11, 00196 Rome, Italy, Tax Code / VAT Number 15063071003, email address privacy@vittoriasella.com