Datenschutz und Sicherheit

Last updated: November 2018

Keeping your data secure and confidential is one of our priorities.

Through the site www.fratellirossetti.com/it (“Site”), Fratelli Rossetti S.p.A. (“Fratelli Rossetti”, “we”, “our”) collects certain information about you (“Personal Data”).

In accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (“Regulation”) and the applicable Italian legislation regarding the protection of personal data, this policy (“Policy”) aims to describe in greater detail which Personal Data we collect when you visit the Site, the purposes they are used for, and the methods we use to process them.

DATA CONTROLLER

Pursuant to this Policy and the data processing that it has taken into consideration, the Data Controller (pursuant to art. 4, no. 7 of the Regulation) is Fratelli Rossetti S.p.A., whose registered office is in Italy, Via Cesare Cantù 24, 20015 Parabiago - Milan, VAT no. 10791930158.

WHAT TYPE OF PERSONAL DATA WE COLLECT AND PROCESS ABOUT YOU

- Data provided to us by you
We collect certain Personal Data about you when you decide to fill out the form in our Stores and on our Site. In particular, we collect and process your Personal Data:

  1. When you decide to register at Fratelli Rossetti Stores

    Data processed: name, surname, and date of birth, postal address, telephone number, email address, language (only your preferred language for receiving our notifications) and your preference about a specific Fratelli Rossetti Collection.

    Processing purposes and legal basis: The Personal Data you provide to us are processed for the following purposes:
    o sending newsletters and marketing notifications via email, SMS, or through a telephone operator employed by us for this purpose, or by post. This may include promotional materials about new unique products, promotions, new products on offer that are similar to those you have already purchased, special initiatives, or events. This processing is in accordance with the legitimate interests of Fratelli Rossetti, if your data were provided whilst making a purchase at our store and you are therefore one of our customers;

    o sending marketing notifications (via email, SMS, or through a telephone operator employed by us for this purpose, or by post), which may also include products sold by Fratelli Rossetti that are different to the ones you have already purchased. Your consent is required for this data to be processed;
    Subject to receiving your specific consent, marketing activities (whether you are one of our customers or not) may take into consideration the preferences you have shown with regard to Fratelli Rossetti products (profiling), allowing us to send you personalised notifications, so that we can always keep you updated on our products that are most closely in line with your personal interests and tastes. If you do not consent to your data being processed for marketing and/or profiling purposes, this shall have no effect on your ability to proceed with making purchases.
    If the telephone number you provided is registered in a public directory, we may send you marketing notifications without your consent. In any case, please be reminded that you may ask to stop receiving messages from Fratelli Rossetti at any time, by selecting the link available in every email (Newsletter) sent by Fratelli Rossetti, or by contacting us using one of the methods specified in the “How to Contact Us” section or, with regards to telephone communications, by registering on the appropriate public opt-out register governed by Presidential Decree 178/2010. Furthermore, you have the right to object at any time to the profiling that we put in place;

    o giving you the possibility to access the reserved area on our Website www.fratellirossetti.com. You will receive an e-mail containing a temporary password, in accordance with the legitimate interests of Fratelli Rossetti

    o allowing us to respond to your requests to purchase any of our products that are currently unavailable, or for carrying out repairs or any other interventions related to our products, if needed.

  2. When you decide to register onto our Site

    Data processed: name, surname, and date of birth, postal address, telephone number, email address, language (only your preferred language for receiving our notifications) and your preference about a specific Fratelli Rossetti Collection.

    Processing purposes and legal basis: some of the data requested from you when you register onto our Site are marked with an asterisk (name, surname, address, and contact details). These details are required by us and are processed to allow us to process your order if you decide to proceed with buying one or more of our products online, and to recognise you should you make any purchases in the future. Subject to having asked for your consent to do so, the data that you provide us when filling in the registration form are also processed for marketing purposes, and, in particular, you will be asked if you wish to receive notifications related to products, commercial and promotional information (e.g. discounts, sales, etc.), invites to shows or events, notifications about special initiatives, satisfaction checks, etc., which may also be sent via email, SMS, or through a telephone operator employed by us for this purpose. With regard to this processing for marketing purposes, you will also be asked if you wish to receive personalised notifications, which will be based according to profiling activities that allow us to better understand your tastes and to always keep you updated on our products that are most closely in line with your personal interests. The fields on the form that are not marked with an asterisk (*) are not required and are only processed for marketing purposes and/or for profiling your interests if you have provided your consent. If you do not consent to your data being processed for marketing purposes (the same goes for profiling too), this shall not have any effect on your ability to be able to proceed with making purchases. In any case, please be reminded that, afterwards, you may ask to stop receiving messages from Fratelli Rossetti by clicking on the link available in every email (Newsletter) sent by Fratelli Rossetti, or by sending us an email to retail@rossetti.it, specifying that you do not wish to continue receiving any kind of communication.

    Buy Online: When you are finalising your purchase, you will be asked to provide the details of your chosen payment method to allow the Bank or any other payment service provider responsible for processing these details to proceed with processing the payment, which is needed to complete the order. These data are not processed or stored by Fratelli Rossetti, but exclusively by the Bank or by any other payment service provider chosen by you..

    Storage time: The amount of time that Personal Data are stored for shall be no longer than the amount necessary for carrying out the purposes they were collected for, and, in any case, no longer than the amounts of time stipulated by law or in order to protect one of our own rights.

  3. When you decide to subscribe to our newsletter

    Data processed: email address

    Processing purposes and legal basis: your Personal Data will only be processed for sending newsletters to you containing notifications related to products, commercial and promotional information (e.g. discounts, sales, etc.), invites to shows or events, notifications about special initiatives, satisfaction checks, etc. To this end, when you fill in the fields to subscribe to our newsletter, you will be asked for your consent. In any case, please be reminded that, afterwards, you may ask to stop receiving messages from Fratelli Rossetti at any time by clicking on the link available in every email (Newsletter) sent by Fratelli Rossetti, or by sending us an email to retail@rossetti.it, specifying that you do not wish to continue receiving any kind of communication.

    Storage time: Your Personal Data that are used for sending our newsletter will be stored for no longer than the amount necessary for carrying out the purposes they were collected for, and, in any case, no longer than the amounts of time stipulated by law or in order to protect one of our own rights.

  4. When you decide to contact us

    Data processed: when you decide to contact us via the email addresses or telephone numbers listed on our Site or via any other means, you may provide us with other Personal Data. When an optional, explicit, and voluntary email is sent to these listed addresses, the sender’s address is subsequently obtained, which is necessary for responding to their requests, as well as any other Personal Data that may be included in the message.

    Processing purposes and legal basis: these data, sent by you voluntarily, will only be used to respond to your request.

    Storage time: your Personal Data will only be stored for the amount of time necessary to respond to your request.

- Data collected whilst you are browsing on our Site
When a user visits a page on the Site, we collect the following browsing data, anonymously, and ask for your prior consent whenever necessary:

  1. Technical information, such as information about the devices being used by visitors to the Site, browsers, and operating systems, etc
  2. Information on how you browse on the Site, such as the URL of the pages visited and the activities carried out on each page (for example, those in relation to the products that you have viewed or bought), browsing dates and times, the amount of time you have spent on the Site, and clickstreams.

This information is collected to ensure that our Site works correctly, so that it can be managed, maintained, and improved, as well as to ensure that you can browse securely. It also enables us to identify the people responsible when there are cyber security breaches. It is also used to allow us to obtain statistical analyses on how the Site is used, and we can also analyse this data using an aggregated format.

Subject to you providing your consent by accepting our cookie policy, we may also process your browsing data to identify which products interest you the most, so that we can display advertising to you that is genuinely relevant, or how you have used some of the interactive functions of the Site, such as those linked to social networks (so-called social plug-ins). Regarding the methods used to protect privacy and how the Personal Data collected by these social networks are processed, which allow these aforementioned interactions, please refer to the webpages of the individual social networks.

You are always free to decide whether you want to provide us with your browsing data. However, if you refuse to provide the information necessary for browsing, this could make it impossible to carry out activities that are closely connected with browsing itself.

We only store these data for the amount of time strictly necessary to carry out the purposes they were collected for.

Browsing data are collected through the use of cookies. To learn more about how cookies work, and how to activate and disable them, please consult our cookie policy.

PROCESSING METHODS

Personal Data are processed using computerised, online, and/or paper tools in compliance with the principles of correctness, lawfulness, transparency, accuracy, integrity, data minimisation, and restricting the purposes of their use and how long they are stored for. This is also in accordance with the provisions of the Regulation and the current legislation regarding the protection of personal data, as well as with the adoption of appropriate security measures. Data will be processed by the Data Controller and/or employees duly appointed, instructed, and trained by the Data Controller, and/or third parties expressly appointed as Data Processors by the Data Controller, where necessary, and/or by independent Data Controllers who undertake to process data in compliance with current legislation.

WHO WE SHARE YOUR PERSONAL DATA WITH

We believe that any information about yourself, your orders, and your purchases is strictly confidential, and we are committed to not sharing or selling any information held by us to external companies for promotional purposes.

Your Personal Data may be shared with the third parties mentioned in this paragraph if doing so is strictly necessary for accomplishing the purposes described in this Policy. We require these third parties to adopt measures to ensure the confidentiality of any personal data that they may receive from Fratelli Rossetti in order to carrying out their activities, which are in line with our own Policy, and we ask them not to use this information for any other purpose. Your Personal Data may be shared with:

  • couriers or shipping agents responsible for delivering products purchased through the Site;
  • banks and other companies that manage national or international payment circuits, which are used to make online payments for products purchased through the Site;
  • consultants or other professionals who may be employed by the Data Controller to provide their services (for example, the provision of e-commerce services through Ecommerce Outsourcing s.r.l., Site management, managing marketing activities, managing hardware and software, franchises, etc.);
  • public and/or private individuals, natural and/or legal entities (legal, administrative, and tax consultancy firms, Chambers of Commerce, etc.), if providing this information is necessary or functional for correctly complying with the contractual obligations taken on, as well as with any obligations stipulated by law;
  • other companies within the corporate group;
  • third parties during potential operations related to mergers or acquisitions that may concern the corporate group, provided that this is strictly necessary to carry out the operation in accordance with legitimate interests, and in any case, to the extent permitted by the applicable legislation

HOW WE PROTECT YOUR DATA

Personal Data are processed and stored using the appropriate methods and tools to ensure the security and confidentiality of these data, in accordance with the provisions of the Regulation. In particular, adequate technical, IT, organisational, logistical, and procedural security measures will be adopted, allowing access only to individuals that have been appointed by the Data Controller to process them, or Data Processors designated by the Data Controller.

The Personal Data that we collect may be shared, for purposes related to carrying out services, with certain companies within the corporate group that are located outside of the European Economic Area. In this case, if the European Commission has not made an adequacy decision regarding a Third Country where data are being transferred to, the protection of your Personal Data is guaranteed through the application of the standard contractual provisions adopted by the European Commission.

WHAT YOUR RIGHTS ARE AND HOW TO EXERCISE THEM

In accordance with the applicable legislation, and in particular with the provisions of the Regulation, your rights in relation to the Personal Data that we process pursuant to this Policy are as follows:

  • Access: you can obtain information about how your Personal Data are processed and a copy of these Personal Data;
  • Rectification: if you believe that your Personal Data are inaccurate or incomplete, you can ask for these data to be rectified or modified in accordance with your instructions;
  • Erasure: with the exception of certain cases stipulated by the applicable legislation, you have the right to ask for your Personal Data to be erased, when: (i) the data are no longer necessary for the purposes they were collected and processed for; (ii) you withdraw your consent to them being processed; (iii) you object to your data being processed for direct marketing purposes or for pursuing other purposes, and there are no prevailing legitimate grounds for them to continue being processed; (iv) your data have been unlawfully processed; (v) their erasure is required by law;
  • Restriction: you can ask for the processing of your Personal Data to be restricted;
  • Objection: Your right to object to your data being processed for direct marketing purposes is unconditional and can be exercised at any time using the methods described in the section “How to Contact Us”. Your objection to your data being processed using automated tools is also valid for any processing carried out using traditional tools
  • Withdrawal of consent: if the processing of your Personal Data required you to provide your consent, you have the right to withdraw this consent at any time;
  • Data portability: if your consent was required to process your data, you have the right to receive the Personal Data that you provided us in a structured, commonly used format that can be read by automatic devices and, if technically feasible, your Personal Data can be securely sent to another data controller.

HOW TO CONTACT US

To exercise your rights or if you have any queries regarding how your Personal Data are processed and used in accordance with this Policy, you can contact us by sending an email to: retail@rossetti.it. If you decide to contact us, all data that you provide us will only be processed in order to provide you with a quick response and to ensure your request is handled correctly.

PROTECTION OF YOUR RIGHTS

To protect your rights and your Personal Data, you may, at any time, decide to file a complaint with an appropriate supervisory authority, i.e. the Italian Data Protection Authority, or to bring an action before the competent national courts.

Provided that it is your right to do so, we always kindly ask that you contact us to exercise your rights.

PRIVACY POLICY

This Privacy Policy is not valid for any other third-party site that may be consulted via the links available on the Site.

CHANGES TO THIS POLICY

This Policy is subject to being periodically updated. To this end, we state the date it was last updated at the beginning of the Policy.

If you have already submitted your Personal Data, any changes that may have a substantial effect on the processing of this Personal Data will be communicated to you through the appropriate channels. This will always be done in a way that ensures you effectively know how your data will be processed, with a view to providing full transparency regarding the processing itself and full and adequate protection of your rights.