PRIVACY POLICY
Our company SABATINI CALZATURE S.R.L., with its registered office in Spoleto (PG), San Giovanni di Baiano Via Curiel 8, R.E.A. of Perugia n. 226833, Tax Code and VAT no.: 02572540546, PEC: amministrazione@pec.sabatinicalzature.com, considers the protection of personal data and the privacy of our users to be of utmost importance.
This document, drafted pursuant to Article 13 of the GDPR, provides all the necessary information to enable the user to understand what data we collect, why we collect it, and how we use it, in compliance with the applicable regulations.
Therefore, such data is collected by SABATINI CALZATURE S.R.L. (hereinafter the “Company”) through access and/or registration to the website www.hergos.it/en/ (hereinafter, the “Site”), as well as through purchases made on the site and/or requests for support or customer care services of the site (collectively, “Site Services”).
The Company operates on the site, of which it is the owner, as a provider of the registration and sales services. Additionally, the site hosts a technological platform that allows the Company to connect with buyers for the purposes of physical and online sales of goods and/or services (“Platform”).
The Platform hosts the e-commerce site, i.e., the virtual space created and managed by the Company, where the Company offers and sells its Sabatini Calzature products and concludes the relevant purchase contracts with users (“Shop“). On the Site, therefore, users, after registering, can purchase the Company’s products sold by a third-party seller.
The user’s personal data is also processed by the Company in case of online purchases.
For further questions, you can contact us at the following email address: info@sabatinicalzature.com, and we will respond as quickly as possible.
- CONTROLLER
The data controller for the personal data collected through access and/or registration to the website www.hergos.it/en/, as well as through purchases on the site and/or requests for support or customer care services of the site by users is: SABATINI CALZATURE S.R.L., with its registered office in Spoleto (PG), San Giovanni di Baiano Via Curiel 8, R.E.A. of Perugia n. 226833, Tax Code and VAT no.: 02572540546, PEC: amministrazione@pec.sabatinicalzature.com.
- DATA PROCESSED
2.1 Data collected through the Services
The Company collects only personal data that the user voluntarily provides by registering or using the Services offered. Among the personal data voluntarily provided by the user through the use of the Services, the following may be collected:
- Name;
- Surname;
- Tax code;
- Residence address;
- Date of birth;
- Email address;
- Profession;
- Industry.
2.2 Data collected through the Site
For the consultation of the “public – free access” part of the Site (i.e., the part freely accessible by any user), no personal data is required.
By merely browsing the publicly accessible pages of the Site, some browsing data may automatically be collected, including:
- IP addresses;
- URI (Uniform Resource Identifier) addresses of the requested resources;
- Time and method used to make the requests to the server;
- Numeric code regarding the status of the server’s response (successful, error, etc.).
Browsing data pertains to the user’s operating system and computing environment, and its transmission is implicit in the use of Internet communication protocols. The Company uses third-party tools (Google Analytics) for purely statistical and marketing purposes. However, the data is managed in a completely anonymized manner. Although this information is not collected to be associated with identified users, it may allow user identification through processing and association with data held by third parties. This data is used solely to obtain anonymous statistical information on the use of the Site and to ensure its correct operation and is deleted immediately after processing.
Additionally, the Company may transmit data to social media platforms (e.g., Facebook, YouTube, Instagram, etc.) for advertising or commercial communications reserved for its users, as well as to interact with the user on these platforms, but only after obtaining the necessary consent.
For access to the reserved content section of the Site, or for any contact with the Company by the user, for example, through emails sent to the Company’s contacts listed on the Site, the user’s data will be acquired and processed in full compliance with current regulations. This data may include those provided during the registration to the Site and use of reserved areas, such as (in addition to the personal data already mentioned) username, password, security questions and answers, uploaded identity documents, etc.
- PURPOSE OF DATA PROCESSING
The Company processes the personal data provided by the user through the Services or the Site solely in connection with the use of the Services or the Site itself. Specifically, the user’s personal data may be used for the following purposes:
- a) To enable registration on the site and use of services reserved for registered users, including the ability to purchase online through the site, communicate with the Company, and use support and customer care services;
- b) To enable the conclusion of a purchase contract through the site and the proper execution of the obligations arising from such contract, including, for example, the delivery and payment (also online) of products and/or services purchased;
- c) To respond to the requests submitted by the user;
- d) For the processing of payment and billing data: the Company will process the user’s personal data only to facilitate purchases related to the Service and to process payments made, including through the Site. In no way will the Company acquire the user’s banking data, as all payments will be processed via PayPal;
- e) In case of a purchase on the e-commerce site, the Company, while retaining ownership of all purposes indicated in this privacy policy, will process the user’s personal data to fulfill the sales contract concluded through the site. The legal basis for such processing is the performance of the contract pursuant to Article 6.1.b) of the Regulation;
- f) With the user’s explicit consent, to send informational and promotional communications, including newsletters, events, and special offers related to its own products and/or services, as well as for direct marketing purposes and market research via email, social media;
The legal basis for this processing is the user’s express consent as established by Article 6.1.a) of the Regulation;
- g) With the user’s explicit consent, in an automated manner, to:
- Monitor and track user behavior on the site, collecting and recording browsing data (e.g., pages visited, categories of products viewed, whether the user purchased or not, abandoned carts, access devices) and purchase data (e.g., type of product purchased, purchase frequency, amounts spent, payment methods);
- Analyze and process this data, along with other user information (such as, for example, gender, order status, postal code, date of birth, IP address) to identify correlations between user behaviors and categorize users into various “clusters” or groups of customer types that may have common characteristics;
- Send personalized offers via email or post, and/or display them on the site, tailored to the cluster to which the user belongs and therefore presumed to be of specific interest to the user.
All phases of processing, including the final decision regarding which promotional communication to send or display to the user based on the cluster to which they belong, are carried out fully automatically, without any human intervention, based on an algorithm with predefined parameters.
The decision based solely on automated processing, including profiling, produces legal effects concerning the data subject and is permitted under the exemption clause in Article 22.2.a) of the GDPR, as it is necessary for the execution of the contract between the data controller and the data subject and/or related to the validity and effectiveness of the contract;
- h) For general assistance and customer care activities, such as responding to user information requests, complaints, reports, or disputes, and to allow the user, if desired, to leave a review.
The legal basis for this processing is the execution of pre-contractual measures taken at the request of the data subject (Article 6.1.b) last paragraph of the Regulation) or, as applicable, the Company’s legitimate interest[1] (Article 6.1.f) of the Regulation);
- i) To fulfill administrative, accounting, and tax obligations related to the provision of Site Services and/or the purchase contract concluded through the site, such as, for example, bookkeeping and issuing the sales invoice. This type of processing will be carried out by the Company.
The legal basis for this processing is compliance with legal obligations to which the Company is subject. The provision of data for the purpose mentioned in point i) is mandatory, as its processing is necessary to allow the Company to fulfill its legal obligations. Any refusal for these purposes will prevent the user from using the Site Services and, in particular, from concluding the purchase contract through the site;
- j) In case of purchase, to:
- Respond to requests for exercising the right of withdrawal and/or legal warranty of conformity and/or other rights arising from the purchase contract concluded on the site and/or provided by law concerning such contract and/or, concerning the Company, in relation to the provision of Site Services;
- Carry out the necessary activities as a result of exercising these rights and proceed, if applicable, with related refunds;
- Receive and respond to requests for exercising data protection rights under the Regulation and perform all related activities.
This operation will be carried out by the Company.
The legal basis for this processing is compliance with legal obligations to which the Company is subject (Article 6.1.c) of the Regulation);
- k) To assert, exercise, or defend a right in all competent venues.
The legal basis for this processing is the legitimate interest[2] (Article 6.1.f) of the Regulation).
The Company will not use the data provided for purposes other than those listed above, to which the user has adhered, and only within the limits indicated in any additional specific privacy policy related to a different, specific service requested by the user. The user’s data will never be sold, rented, or otherwise transferred by the Company to third parties. The user is the sole owner of their data and may request its modification or deletion at any time; see section 8 “User Rights” below.
- STORAGE OF PERSONAL DATA
The Company will retain user information within the time limits required by applicable laws and, in any case, for as long as necessary to provide the requested services.
After this period, the user’s data will be permanently deleted, except for legal obligations.
In any case:
- Data provided for points a), b), and c) will be retained only for the time necessary to carry out the individual processing activities (e.g., registration data will be processed until the account is closed, taking into account the technical time required for this; purchase contract data will be processed until the product is delivered or, in the case of non-delivery, until the contract is terminated), except that, after such period, the Company may retain the data for the purposes and for the maximum retention periods established by the Regulation and/or law;
- Data under point d) will be retained for the duration of the contract and in any case no later than the following 10 years, for fiscal and accounting purposes;
- Data under point e) will be retained for the time necessary to perform the contract (for example, data necessary to execute the purchase contract will be processed until the product is delivered or, in case of non-delivery, until the contract is terminated), except that, after such periods, such data may be retained for the purposes and maximum retention periods provided under points j) and k);
- Data under point f) will be retained until consent is revoked and/or the right to object is exercised, and in any case no later than 24 months from the last contact with the user, with the Company reserving the right, before the expiration of this period, to ask the user for consent renewal and/or data update;
- Data under point g) will be retained until consent is revoked and/or the right to object is exercised, and in any case no later than 12 months from the time of collection;
- Data under point i) will be retained until the expiration of the legal deadlines provided for fulfilling each administrative, accounting, and fiscal obligation and/or for the retention periods provided by law for the retention of related documentation.
- SECURITY AND TRANSFER OF PERSONAL DATA
The transfer, storage, and processing of user data collected through the Services and the Site are ensured through appropriate technical measures. User data is collected, stored, and maintained on a secure server, using security systems suitable for ensuring the integrity and confidentiality of the user’s data.
- TRANSFER OF DATA TO THIRD PARTIES
The Company does not transfer the user’s personal data to third parties. Personal data will only be provided to the competent authorities if the Company is legally required to do so.
- TRANSFER OF DATA ABROAD
User data will not be transferred outside the European Union.
- USER RIGHTS (DATA SUBJECT)TRANSFER OF DATA TO THIRD PARTIES
The user has full rights under current legislation at any time, including the following rights:
- Access: The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, and if so, to gain access to the data and the information under Article 15 of the GDPR. In such cases, the Data Controller will provide a copy of the data undergoing processing. If the data subject requests further copies, the Data Controller reserves the right to charge a reasonable fee based on administrative costs.
- Rectification and Supplementation (Art. 16 GDPR): The data subject has the right to obtain from the Data Controller the rectification of inaccurate data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete data completed, including by providing a supplementary statement.
- Erasure: The data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, and the Data Controller has the obligation to erase such data without undue delay when one of the grounds specified in Article 17 of the GDPR applies.
- Restriction: The data subject has the right to obtain from the Data Controller the restriction of processing when one of the conditions listed in Article 18 of the GDPR is met. If the processing is restricted, the data will only be processed, other than for storage, with the data subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
- Objection (Article 20 GDPR): The right to object to the processing of one’s data if:
- (i) the processing is based on public interest or legitimate interest;
- (ii) the data is processed for direct marketing purposes, including profiling.
- Data Portability (Article 21 GDPR): The right to receive the data in a structured format (only for automated processing);
- Withdrawal of Consent (Article 13, c.2, d): The right to withdraw consent at any time, where provided as a legal basis, without affecting the lawfulness of the processing based on consent before its withdrawal;
- Complaint (Article 13, c.2, d): The right to lodge a complaint with the Data Protection Authority for any alleged violation of the GDPR.
To exercise one or more of the rights listed above, you may send a specific request to the Company – privacy section: at amministrazione@pec.sabatinicalzature.com; or via email to info@sabatinicalzature.com.
- COOKIES
For information regarding the use of cookies on the Site, the user is invited to read the Company’s Cookie Policy at the following link: www.hergos.it/en/cookie-policy/
- CONTACTS
Please send an email to info@sabatinicalzature.com if you have any questions regarding the content of this page or need any clarification or information.
[1] The Company has a legitimate interest in responding to requests for information and/or reviews and/or reports, as well as to disputes and complaints from users of the Site (to which, moreover, the Company is required to respond, also based on the regulations set out in the Consumer Code, given its role as the manager of the e-commerce site). This legitimate interest of the Company coincides with the legitimate interest of the users of the site who make the requests and/or reports and/or disputes, and complaints in question, and who, therefore, within the relationship with the Company, can reasonably be expected to have their personal data used by the Company to provide feedback.
The legitimate interest of the Company, as identified, can therefore be considered predominant over the rights and fundamental freedoms of the data subject, also in light of such reasonable expectations and the existing relationship between the data subject and the Company, as well as taking into account the nature of the data processed and the coinciding interests of the data subjects themselves.
[2] It constitutes a legitimate interest of the data controller to pursue means of recourse to ensure compliance with their contractual rights or to demonstrate that they have fulfilled the obligations arising from the contract with the data subject or imposed on the data controller by law. This legitimate interest is, in turn, grounded in the constitutionally protected right to defense. It can, therefore, be considered prevailing over the fundamental rights and freedoms of the data subject, also due to the reasonable expectations of the latter.