This policy (hereinafter “Policy”) is provided pursuant to EU Regulation 679/2016 and subsequent national adjustment legislation (hereinafter collectively “GDPR”) and describes how the company identified in the following paragraph collects and processes users’ or customers’ Personal Data (the term “Personal Data” means all the categories of data listed in point 3 below, considered jointly). This Policy applies to all activities for collecting and subsequently processing Personal Data – both online and offline – through various channels, such as the websites owned or operated by Loft Italy srls, in particular www.Loft-Italy.com (“Website”), apps, social networks and, more generally, all the activities described in this Policy.
Loft Itay srls is the data controller of Personal Data (hereinafter the “Data Controller”). Loft Italy srls pays the utmost attention to the security and confidentiality of the Personal Data processed while performing its activities, which include, among others, the following:
– operating e-commerce activities carried out through the Website and mobile app (managing purchases of products and services from the virtual store and related activities);
– operating the Website (e.g.managing and developing the Website and services for users, including the management and functioning of cookies);
WHAT PERSONAL DATA MAY BE COLLECTED
As part of its activities described above, the Data Controller will be able to collect the following categories of Personal Data:
– Contact data – first name, surname, address, phone number, email address and any other data you voluntarily provide within the Website to proceed with online orders and to register;
– Payment data – information relating to the purchase you made and the related payment (e.g. credit/debit card number, IBAN). This data will be processed to the extent necessary for periodic payments, and if you have not objected to the processing by changing your settings in the “My Account” section on the Website, saved in the “Payment Methods” section for subsequent purchases;
– Use of the website – information on how you use the Website, open or forward communications from the Data Controller, including information collected via cookies;
– Data provided by third parties (e.g. postal service company, couriers, data entry company) – all Personal Data that the Data Controller receive from other sources to perform their services;
– Social Log-In – information relating to your Social account as well as other data you have provided to the Social Network used to log in to the Website, which can be communicated based on the privacy preferences you have set on that Social Network.
Loft Italy srls will not normally process Personal Data concerning personal beliefs, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information related to health, sex life or sexual orientation (hereinafter “Special Categories of Data“). If it is necessary to process Special Categories of Data, Loft Italy srls undertake to process such data in accordance with the applicable legislation. The legal basis for this processing is, as a rule, the fulfilment of a legal obligation, it being understood that Loft Italy srls will request your explicit consent if there is no concrete legal obligation for processing such Data.
HOW WE COLLECT YOUR PERSONAL DATA
The Data Controller can collect and process your Personal Data, in the following ways:
– if you register on the Website or through apps, social networks or other websites owned by or available to the Data Controller;
– if you make online purchases;
– if you contact Customer Service;
– if you provide your Personal Data in physical events (e.g.in the context of promotional activities, during participation in courses and events, etc.).
THE COMPULSORY OR OPTIONAL NATURE OF PROVIDING DATA AND THE CONSEQUENCES OF ANY REFUSAL TO PROVIDE IT
The Personal Data required to register on the Website or identified with an asterisk in the forms for various activities is necessary to enable registration itself; similarly, the data is necessary when required to allow use of the purchase and/or booking and/or online ordering functionality, or to provide the specific service requested. Unnecessary Personal Data is not identified with an asterisk in the various forms and does not entail any consequences if not provided.
WHAT PURPOSES YOUR PERSONAL DATA MAY BE USED FOR
The Data Controller may process your Personal Data for one or more of the purposes set out below and on the basis of the legal prerequisite indicated from time to time. All the purposes indicated below concern both Data Controller except when one of the two company is specifically indicated.
Prerequisite for processing: fulfilment of contractual obligations, to allow you to register on the Website, it being understood that you are not obliged to use the Social Log-In to complete the registration.
Use of the Website does not require the creation of a personal account; however, to access some pages reserved for registered users, you must create one and thereby become a registered user. The Personal Data you provide may be processed by the Data Controller to manage your personal account on the Website.
Prerequisite for processing: execution of pre-contractual measures requested by the data subject and execution of a contract to which they are party. Provision is mandatory in order to create and manage the account; otherwise we will not be able to proceed.
Your contact data may be processed by Loft Italy srls for marketing and advertising communication purposes, and also personalised after analysis of your choices, habits and purchasing preferences, by using email, text messages and other mass messaging tools, etc. or traditional contact methods (e.g. ordinary mail, phone call with operator), or for market research and statistical surveys.
Prerequisite for processing: the data subject’s consent.
The absence of consent to marketing activities does not have consequences for contractual relationships. The consent can be revoked at any time via the contact details indicated below in the section “Your data protection rights”. Users can also modify or remove their preferences at any time visiting the “My Account” section on www.Loft Italy srls.net, expressing their consent to be contacted about offers regarding specific stores or products of interest.
Loft Italy srls may, where possible also in aggregate and anonymous form, use your Personal Data, including that relating to your use of the Website, your choices, habits and purchase preferences, geographical area of reference, level of expenditure incurred, active services and frequency of use, for internal statistical research and improvements to the services offered, as well as for customer care and customer satisfaction activities, complaint management, administrative and accounting management, etc.
Prerequisite for processing: Loft Italy srls’s legitimate interest.
Within the limits of the provisions of Article 21 of the GDPR, you have the right to object to the processing of personal data concerning you performed by Loft Italy srls in pursuit of its legitimate interest. The objection must be sent to the following address: firstname.lastname@example.org.
Your Personal Data will not be used to profile you for commercial and marketing purposes, except with your prior consent collected pursuant to the provisions of point E) above. Only in this case can the profiling activity described also be performed to send personalised commercial communications as per point E) above.
Your Personal Data may be processed by the Data Controller to defend their rights or act or even make claims against you or third parties.
Prerequisite for processing: the Data Controller’s legitimate interest to protect their rights.
HOW WE KEEP YOUR PERSONAL DATA SECURE
The Data Controller use suitable security measures to improve the protection, security, integrity and accessibility of your Personal Data. All your Personal Data is stored on our protected servers (or suitably archived hard copies) or those of our suppliers and is accessible and usable according to our standards and security policies (or equivalent standards for our suppliers).
HOW LONG WE KEEP YOUR DATA FOR
The Data Controller keeps your Personal Data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Your Personal Data that is no longer necessary, or for which there is no longer a legal basis to keep it, will be irreversibly anonymised or safely destroyed.
Below are the storage times for the different purposes listed above:
WHO WE CAN SHARE YOUR PERSONAL DATA WITH
The other company of Loft Italy srls – meaning all the company directly or indirectly controlled by Loft Italy srls – may have access to your Personal Data as autonomous Data Controller and/or processors by virtue of intra-group agreements and in connection with needs and activities carried out within the group, along with consultants and external suppliers such as: cloud service provider, IT provider or hosting provider, tax and legal consultants etc. appointed – if they do not act as independent Data Controller – as data processors.
Furthermore, where requested, your Personal Data and information about transactions and other activities carried out through the Website can be made available to the judicial authorities and police in compliance with procedural rules or other State administrations, where expressly requested.
TRANSFER OF DATA TO NON-EU COUNTRIES
The Data Controller may transfer your Data to countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (hereinafter “Third Countries”), whose data protection laws may have lower standards than those of the EEA. In the latter case, the Data Controller will ensure that all your data accessible outside the EEA is processed with appropriate safeguards. The Data Controller will provide adequate guarantees and protections for such cross-border transfers, in accordance with the provisions of the legislation on personal data protection; these include the use of Standard Contractual Clauses approved by the European Commission, Codes of Conduct and/or Binding Corporate Rules. These clauses impose similar data protection obligations directly on the recipient, unless we are allowed by applicable data protection law to transfer data without such formalities. Some third countries, such as Canada and Switzerland, have been authorised by the European Commission as they provide protection similar to that of the EEA data protection legislation, and therefore additional legal protections are not necessary.
The contact details of the Data Controller are as follows:
– Loft Italy srls, with registered office in Milan (MI),via Imperia 43, 20142, Tax Code/VAT Number: 12136190969
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address: email@example.com
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
In accordance with Articles 15-21 of the GDPR, you have the right to request:
– access to your personal data and the purposes and logic of the processing activity carried out by the Data Controller ;
– a copy of the Personal Data you have provided to us (so-called portability);
– the correction of your Personal Data held by the Data Controller ;
– the erasure of your Personal Data when: (i) the Personal Data is no longer necessary with respect to the purposes for which it was collected or otherwise processed; (ii) the Personal Data is unlawfully processed; (iii) you have legitimately opposed the processing and there is no prevailing legitimate reason for the data to be kept; (iv) the Personal Data must be erased to fulfil a legal obligation. However, the Data Controller has the right to disregard the request for erasure if the right to freedom of expression and information prevails, or to exercise a legal obligation or defend their rights in court;
– revocation of your consent, if the processing is based on consent;
– limitation of the processing (i) for the period necessary for the Data Controller to verify the accuracy of your Personal Data in the event of a dispute; (ii) in the event of unlawful processing of your Personal Data when you object to its erasure, requesting a limitation of the processing; (iii) in the event that, although the data is no longer necessary and should be deleted, you need it to be processed to assess, exercise or defend a right in court; (iv) for the period necessary to verify any prevalence of the Data Controller’ legitimate reasons with respect to your request to oppose the processing.
Furthermore, you have the right to object to the Data Controller processing your Personal Data for reasons related to your particular situation, except where the existence of the Data Controller’ legitimate binding reasons prevails for continuing the processing, or there is a need to keep your Personal Data to assess or defend a right in court.
The Data Controller will take into consideration any complaints or reports about how your Personal Data is processed and will make every effort to respond to your requests. However, you can forward complaints or reports to the competent supervisory authority which is also the so-called “lead authority” with respect to all European company of the Loft Italy srls group: the Data Protection Authority – Email: firstname.lastname@example.org –
Last updated, March 2022