Privacy policy


Who is the Data Controller?

Alessi S.p.A., with registered office in Via Privata Alessi, 6 – 28887 Omegna (VB) (VAT number: 00465840031) (hereinafter, “Owner”)

How can I contact him?

The company contact details are:

Pec: alessispa@legalmail.it 

Address: Via Privata Alessi, 6 – 28887 Omegna (VB)

Which are the contact details of the DPO?

The company has designated, as its DPO, Lawyer Angela Lo Giudice, who can be contacted at the email: dpo@alessi.com

1. Introduction

Pursuant to the European regulation on personal data protection (GDPR), legal persons are not considered interested parties and therefore the European regulation does not apply. However, if in the context of the collection of corporate data personal data referring to a natural person is entered, this person will be considered interested pursuant to the aforementioned regulation with consequent applicability of the relevant legislation.


2. What treatments are carried out through the site? And what are the legal bases, purposes and storage times?


  • REGISTRATION

PURPOSE

The purpose is to register on the site and be able to make purchases more easily.

LEGAL BASIS

Consent of the interested party

In the event of a dispute, the data will be processed to act and/or defend oneself in court based on the legitimate interest of the Data Controller.

STORAGE TIMES

If the account remains inactive for 7 years, we will send you an email to find out if you are still interested in keeping it active; alternatively, the account will be deleted.

The data will be processed for a longer period in the event of a dispute.

OTHER INFORMATION

The provision of data is optional since purchases can also be made in "guest" mode.


  • PURCHASE

PURPOSE

The main purpose of data processing is to allow you to purchase and receive the purchased product. Furthermore, the data is necessary for the fulfilment of legal obligations (including of an accounting and tax nature).

Lastly, they could be useful in the event of disputes raised regarding the correct fulfilment of the contract.

LEGAL BASIS

Execution of a contract and consequent fulfilment of the legal obligations incumbent on the data controller.

In the event of a dispute, the data will be processed to take action or defend oneself in court and this corresponds to the legitimate interest of the data controller.

STORAGE TIMES

The data will be deleted 10 years after the fulfilment of the contract.

They could be kept longer only in the event of disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller.

OTHER INFORMATION

The provision of data is mandatory and in case of refusal to provide it, it will not be possible to purchase the requested products.

 

  • PURCHASE WITH QUICK CHECKOUT

PURPOSE

The main purpose of data processing is to allow you to purchase and receive the purchased product. Furthermore, the data is necessary for the fulfilment of legal obligations (including of an accounting and tax nature). Lastly, they could be useful in the event of disputes raised regarding the correct fulfilment of the contract.

LEGAL BASIS

Execution of a contract and consequent fulfilment of the legal obligations incumbent on the data controller.

In the event of a dispute, the data will be processed to take action or defend oneself in court and this corresponds to the legitimate interest of the data controller.

STORAGE TIMES

The data will be deleted 10 years after the fulfilment of the contract.

They could be kept longer only in the event of disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller.

OTHER INFORMATION

In the case of purchases through quick checkout, the personal, shipping, billing and contact data will be imported from Paypal, ShopPay and GooglePay (art. 14 GDPR)

 

  • NEWSLETTER/DEM also with automated methods (email, sms, WhatsApp, social) or traditional methods

PURPOSE

The purpose of data processing is to send you newsletters and DEMs through traditional methods or also through automated methods (email, SMS, WhatsApp, social networks).

LEGAL BASIS

Consent is given by the interested party pursuant to the articles. 6, co. 1, letter. a) GDPR and 130 co. 1-2 Legislative Decree 196/03

STORAGE TIMES

5 years from the last sending.

OTHER INFORMATION

Consent may be revoked at any time. The User has full freedom to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide the data reported as essential, the Data Controller will not be able to achieve the indicated purpose.

 

  • NEWSLETTER/THE “Softspam”

PURPOSE

The purpose of data processing is to send you newsletters and DEMs.If you purchase our product, your data will be exported to a CRM for sending commercial information on products similar to those purchased.

LEGAL BASIS

In the case of purchase, your consent is not necessary based on the art. 130 c. 4 Legislative Decree no. 196/03.

STORAGE TIMES

5 years from the last sending.

OTHER INFORMATION

It is possible to exercise the output at any time.

 

  • TRANSACTIONAL EMAILS

PURPOSE

The purpose of data processing is to send you information in relation to the purchase made.

LEGAL BASIS

Contract execution

STORAGE TIMES

Until the order is delivered or for a longer period in the event of a dispute

OTHER INFORMATION

Transactional emails are sent to allow better management of orders and to provide the Customer with confirmation in relation to purchase and shipping.

 

  • MARKETING AND PROFILING THROUGH DIGITAL PLATFORMS

PURPOSE

The purpose of data processing is to display marketing content based on your interests, as identified by your interactions on our website or social media. This includes the use of retargeting tools on digital platforms to disseminate targeted advertising messages. The purpose of data processing is to send you information in relation to the purchase made.

LEGAL BASIS

Consent can be acquired through various methods:


1. Through Cookies on our Site: Your consent to marketing and profiling cookies is collected through the cookie settings on our site.


2. For Custom Audience CRM Campaigns (Prospecting and Retargeting): For these campaigns, we obtain your explicit consent to use your contact data (e.g. email address) for marketing purposes.


Interaction with Social Pages: If you have given consent to the use of profiling cookies on our Site, we may process your contact details and the information communicated during interaction with Social Pages. We use this information, in accordance with your social media privacy settings, to display personalized marketing ads.

STORAGE TIMES

The data will be stored until the consent is revoked through the cookie settings

OTHER INFORMATION

  1. Consent acquired through Cookies on our Site: The User can manage or revoke this consent at any time, as described in our Cookie Policy. We also inform you. that cookies can be both first and third-party and therefore installed, through us, directly by Meta.


  1. Consent acquired for Custom Audience CRM Campaigns (Prospecting and Retargeting): This consent allows us to process your data to identify similar audiences (lookalikes) and to show targeted advertisements on social media and other digital platforms.


In the case of simple User segmentation, your consent is not required.

 

  • BACK IN STOCK

PURPOSE

The purpose of data processing is to inform you when a finished product is available for purchase again

LEGAL BASIS

Execution of pre-contractual measures carried out at the request of the interested party.

STORAGE TIMES

 18 months. 

OTHER INFORMATION

The User has full freedom to provide the requested data, as there is no legal obligation to provide them. However, if the user chooses not to provide the data reported as essential, the Data Controller will not be able to achieve the indicated purpose.


  • CHAT

PURPOSE

The purpose of data processing is to receive information and assistance via chat.

LEGAL BASIS

Consent.
Exclusively in the event of a dispute, the data will be processed based on the legitimate interest of the Data Controller.

STORAGE TIMES

We will process the data for the time necessary to respond to the requests and will subsequently delete the data.

They could be kept longer only in the event of possible disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller.

The data obsolescence is checked every 12 months.

OTHER INFORMATION

The provision of data is optional and not always necessary.
It is clear that in case of failure to provide, where requested, it will not be possible to provide assistance to the User.


  • CONTACT US

PURPOSE

The purpose is to offer the User or Customer to contact the Data Controller

LEGAL BASIS

Contractual execution and fulfilment of pre-contractual measures carried out at the request of the interested party

STORAGE TIMES

 3 years from the last sending.

OTHER INFORMATION

The provision of data is mandatory and in case of refusal to provide it, it will not be possible to contact the Data Controller

 

  • ABANDONED CART

PURPOSE

The purpose of data processing is to be able to send 3 emails in 72 hours to invite the user to finalize the interrupted purchase on the site.

LEGAL BASIS

The legitimate interest of the Data Controller in completing the purchase.

STORAGE TIMES

72 hours

OTHER INFORMATION

The provision of data is automatic and follows the partial completion of the shopping cart.

 

  • NAVIGATION DATA

PURPOSE

Site Security

LEGAL BASIS

We will process the data based on the company's legitimate interest in IT security and the fulfilment of legal obligations. The legal basis for the processing of cookies other than necessary ones is consent

STORAGE TIMES

24 months

OTHER INFORMATION

For the regulations on cookies, please refer to the specific information.



3. What else do I need to know?

The data will be processed lawfully, correctly and with the utmost confidentiality, in compliance with adequate security measures as required by the Code and the Regulations. The processing will be carried out by digital means. The data will not be disclosed to the public. Furthermore, the user will not be subjected to automated decision-making processes such as profiling unless he consents to this through the installation of cookies or other tracking tools for the regulation of which please refer to the specific information.


4. To whom will my data be communicated?

The Data Controller may communicate the data to all subjects to whom communication is mandatory by law for the fulfillment of the purposes established by law.

The Data Controller also makes use of some companies or IT tools that carry out processing activities on the personal data of the interested parties in the exclusive interest of the owner of the same, all adequately appointed as data controllers pursuant to Art. 28 GDPR.

The data will also be communicated to the payment gateways as independent data controllers.

The list of data controllers can be found on the site.


5. Where is the data stored and transferred?

The management and storage of personal data will take place on servers located within and outside the EU. The Data Controller guarantees that the transfer outside the EU takes place in compliance with the articles. 44-47 Chapter V of the GDPR through the signing of standard contractual clauses and/or through the adequacy decision of 10 July 2023.


6. What are my rights and how can I exercise them?


a) Rights of the interested party

The user, in his capacity as an interested party, has the rights referred to in the art. 15 and following. of the Regulation and precisely:

1. RIGHT OF ACCESS (art. 15 GDPR)

The interested party has the right to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in an intelligible form.

2. RIGHT OF CORRECTION (art. 16 GDPR)

The interested party has the right to obtain the rectification of inaccurate personal data concerning him or her and also the integration of incomplete data.

3. RIGHT OF CANCELLATION (art. 17 GDPR)

The interested party has the right to obtain the deletion of personal data in the presence of particular reasons such as revocation of consent, opposition to processing or if the data are no longer necessary with respect to the purposes for which they were collected and processed or in case of illicit treatment. It will not always be possible to proceed with cancellation but it will certainly be the responsibility of the data controller to provide adequate reasons.

4. RIGHT TO LIMITATION OF PROCESSING (art. 18 GDPR)

The interested party has the right to obtain the limitation of processing in the presence of particular hypotheses such as, for example, in the case of a request for rectification or opposition during the time of evaluation of the requests.

5. RIGHT TO PORTABILITY (art. 20 GDPR)

If the processing is based on consent or contract and is carried out with automated tools, the interested party can receive them in a structured, commonly used and machine-readable format or ask to transmit them to another owner.

6. RIGHT TO OBJECT (art. 21 GDPR)

The interested party has the right to object, in whole or in part:

a) for legitimate reasons for the processing of personal data concerning him, even if pertinent to the purpose of the collection;

b) to the processing of personal data concerning him for the pursuit of purposes not contemplated by the art. 2.

The user can formulate a request to object to the processing of his personal data pursuant to article 21 of the GDPR in which to highlight the reasons justifying the opposition: the Data Controller reserves the right to evaluate the request, which would not be accepted if it existed of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the user.

7. RIGHT TO SUBMIT A COMPLAINT

The interested party has the right to propose a claim to the competent supervisory authority pursuant to Article 77 of the GDPR if it considers that the processing of your data is contrary to the legislation in force.


b) Exercise methods:


The interested party can exercise the rights referred to in the previous article at any time by contacting the data controller at the addresses indicated above.


Latest version: 04/29/2024