Information notice on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 679/2016 (“GDPR”)
Your privacy is important to us, so please read the following information carefully.
We wish to disclose in a complete and transparent way how your personal data, provided by you and/or collected in the context of your interactions with us, will be processed by SA SU PHI.
- visiting the website https://www.sasuphi.com/ (hereinafter the “Site”) and/or the other websites referring to the brand, interacting with our pages on the social networks (e.g., Facebook, Instagram, etc.);
- contacting our Customer Service.
1. Who collects your personal data
The company collecting and processing personal data as autonomous data controller is SA SU PHI Srl with registered office in Italy, Milan (Mi), Piazza della Repubblica 5, telephone +39 345 1528642, email firstname.lastname@example.org.
To facilitate your understanding of the processing activities carried out by SA SU PHI, we have prepared this document.
Please consider that the above mentioned processing activities are not intended for minors and the Data Controller do not knowingly collect or solicit personal data from anyone under the age of 16. This does not affect the applicable contract law such as the rules on the validity, formation or effect of a contract with a child.
2. What personal data we process
SA SU PHI collects different categories of personal data.
Below we specify which categories of personal data are collected by SA SU PHI
- Biographical Data: name, middle name, surname, date of birth, gender;
- Contact Data: address of residence (street, city, province, state, cap code), domicile, email address, telephone number, mobile number;
- Sales Data: shipping and billing address, method of delivery and payment, name of the credit card holder and expiry date of the card, information requested by the customer service, VAT number and/or tax code, passport number (the passport number will be used only for purposes related to payment were required by law and within the limits of that law), Global Blue card number;
- Tracking of Newsletters and Actions Data: information relating to the opening of newsletters or links;
- Purchase Data: detail of the purchased products (e.g., size, price, discount, model, collection, calculated spending level, abandoned cart, etc.);
3. For what purposes we process your personal data
SA SU PHI is the company that designs and promotes the Brand’s products. SA SU PHI will process Personal Data for the following purposes.
Only with your consent, SA SU PHI will process the Biographical Data, Contact Data and Purchase Data for marketing purposes, that is for advertising on social networks to which you are registered or sending advertising or direct sales material, carrying out market research, commercial communication with automated contact methods (e-mail, newsletter, SMS, MMS, online messaging platforms, etc.) and traditional contact methods (mail).
Legal basis: this processing is based on the consent you have given.
You can at any time withdraw your consent to receive the above-mentioned communications by clicking on the appropriate option in each marketing email received or by writing to email@example.com, or contacting the company at the addresses indicated in our Contacts.
b. Sales activities and response to other requests made by customers
If you purchase SA SU PHI’s products through the e-commerce service on the Site, SA SU PHI will process your Biographical Data, Contact Data and Purchase Data to conclude the sale, as well as for all activities strictly connected and related to it, such as delivery or other administrative and accounting obligations.
Similarly, SA SU PHI may need to process your Biographical Data or Contact Data to respond to any further requests that you may formulate through the Site or through the Customer Service, through telephone or chat, such as information or assistance requests.
Legal basis: this processing is based on the performance of a purchase contract to which you are a party; the Personal Data is necessary for this purpose, since otherwise SA SU PHI will unable to process your request.
c. Customer profiling
With your consent, SA SU PHI will be entitled to process Biographical Data, Contact Data, Sales Data, the Purchase Data, Tracking of Newsletters Data and Actions Data and the Navigation Data for profiling purposes and for business analysis, that is for analysis on your purchase preferences consisting of automated processing of the above mentioned Personal Data. This processing is aimed at analytically predicting your purchasing preferences also in order to create customer profiles and better customize the commercial offer in line with your preferences.
Legal basis: this processing is based on the consent you have given.
You will be entitled at any time to withdraw your consent to be subject to profiling by writing to firstname.lastname@example.org or by contacting SA SU PHI at the addresses indicated in our Contacts.
d. Sales related services
SA SU PHI may need to process your Biographical Data, Contact Data and certain Sales Data (tax code and/or VAT number, passport number and Global Blue card number) to manage your purchase when concluded by phone or other methods provided by SA SU PHI Affiliate, or issue an invoice, should you request it.
Legal basis: this processing is based on the performance of a contract to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise SA SU PHI Affiliate will not be able to process your request.
e. After-sales services
SA SU PHI Affiliate may collect your Biographical Data and Contact Data to process specific requests that you may formulate in the e-shop, during post-sales; for example, to arrange a repair, a customization, a home delivery or to manage a return.
Legal basis: this processing is based on the performance of a contract of which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise SA SU PHI Affiliate will not be able to process your request.
f. Purposes related to the obligations established by laws or regulations, by decisions/requests of competent authorities or by supervisory and control bodies
SA SU PHI may process your Personal Data to comply with a legal obligation to which it is subject.
Legal basis: compliance with a legal obligation
The provision of data for this purpose is mandatory because in the absence of data SA SU PHI will not be able to comply with its legal obligations.
g. Defence of rights during judicial, administrative or extra-judicial proceedings and in disputes arising in connection with the services offered
Your Personal Data may be processed by SA SU PHI to defend their rights or take legal action or make claims against you or third parties, including the prevention of fraud.
Legal basis: this processing is based on the legitimate interest pursued by SA SU PHI to protect their rights.
4. What processing activities we carry out when you are using our site without being logged in
The Site is managed by SA SU PHI. It is possible to browse the Site without having to actively communicate your Personal Data if you are not logged in. In this case, while browsing the Site, the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not directly associated with identified users could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the Site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, access information, location information, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the information regarding the user’s visit including data clickstream of the URL, within and from the Site, the duration of the visit on some pages and the interaction on these pages and other parameters relating to the operating system and the user’s IT environment.
The data collected while browsing the Site will be processed to (i) manage the Site and resolve any operating problems, (ii) make sure that the content of the Site is presented in the most effective way for its devices, developing, testing and making improvements to the Site, (iii) as far as possible, to keep the Site safe and secure, (iv) to obtain anonymous statistical information on the use of the Site and to check its correct functioning, (v) identify anomalies and/or abuses in the use of the Site. The data could also be used to ascertain responsibility in case of possible computer crimes committed against the Site or third parties and may be presented to the Judicial Authority, if this makes an explicit request.
5. What happens if you do not provide personal data
Some Personal Data requested during the registration is necessary for the completion of the purchase contract and for administrative and accounting purposes.
In the description of the purposes in paragraph 3, we have specified when it is necessary to provide Personal Data. Where not expressly indicated as mandatory, the provision of Personal Data is optional and there will be no consequences if you do not provide it, apart the impossibility for SA SU PHI to act as described (for example, the impossibility to carry out marketing activities).
6. How and how long we will process personal data
The Personal Data provided to and/or collected by SA SU PHI is processed and stored by automated tools and, in some cases, may be processed and stored on paper back-up. In particular, the Personal Data processed for marketing purposes and Customer profiling will be entered and stored in the CRM systems (Customer Relationship Management).
The Personal Data will be stored for the time necessary to achieve the purposes for which they were collected. In particular:
- data collected to perform purchase contracts on the Site, including payments, administrative and accounting obligations. In England, these billing data will be kept for a period of 7 years from the billing date;
- data related to subjects’ requests will be stored until the request is satisfied;
- if you have provided your consent, the data processed for marketing and profiling will be stored for a period of 7 years, unless you revoke your consent. In this case, upon withdrawal of your consent, we will delete your data.
In any case, for technical reasons, the termination of the processing and the cancellation or irreversible anonymization of the related Personal Data will be definitive within thirty days from the terms indicated above.
With particular reference to the judicial protection of our rights or in case of requests from the Authority, the data processed will be stored for the time necessary to process the request or to protect the right.
7. Where personal data may be transferred
For the purposes above, we may also transfer your Personal Data to third countries, not belonging to the European Union, which may possibly do not guarantee the same level of protection. The transfer to third countries will always take place in accordance with the provisions of the GDPR, adopting any other measures necessary to ensure the security of the Personal Data being transferred. These measures possibly include agreements incorporating the so-called “standard contractual clauses” issued by the European Commission or your consent.
8. Who will process personal data
Personal Data will be processed by:
- employees and collaborators of data processing data under the authority of the SA SU PHI;
- employees and collaborators of the Data Processors designated by the SA SU PHI, including (i) the companies managing the online store and who will be entitled to view, modify and update the Personal Data entered in the CRM systems through which the Data Controllers or the Joint Controllers carry out the processing activities for marketing and profiling purposes (ii) the companies managing the storage of the Personal Data of SA SU PHI based on agreements or local regulations;
- third parties established in the European Union and also outside the European Union, Data Processors, used by SA SU PHI in particular for services of: Personal Data acquisition and data entry, shipping, mailing of promotional material, after sales assistance and Customer Service, market research, management and maintenance of the CRM systems through which SA SU PHI carry out processing activities for marketing and profiling purposes and of the other corporate information systems of SA SU PHI.
Personal Data may also be disclosed to third parties, independent Data Controllers, in particular to freelancers or companies providing legal or tax advice and assistance and to companies managing payments made by debit or credit cards or for fraud prevention and management activities.
Personal Data will not be disseminated in any way.
9. Your rights
Pursuant to Chapter III of the GDPR, you have the right to ask SA SU PHI:
- to access to your Personal Data,
- to receive the copy of the Personal Data you provided us (so-called “data portability”)
- the rectification of the Personal Data in our possession,
- the erasure of any Personal Data in relation to which we no longer have any legal basis for processing,
- the limitation of the way in which we process your Personal Data, within the limits set by the applicable law data protection law.
Right to object: in addition to the rights listed above, you always have the right to object at any time to the processing of your Personal Data carried out by SA SU PHI for the pursuit of its legitimate interest. You have the right to object to direct marketing, including profiling. If you prefer that the processing of your Personal Data is carried out solely through traditional contact methods, you can object to the processing of your Personal Data carried out through automated contact methods.
You also have the right to withdraw, in whole or in part, the consent to the processing of Personal Data concerning you for the purpose of sending advertisements or direct selling or for carrying out market research or commercial communication with automated contact methods (e-mail, other remote communication systems via communication networks such as, for instance: SMS, MMS, messaging platforms, etc.) and traditional contact methods (mail).
The exercise of these rights, which can be done through the contact details indicated in Contcts, is not subject to formal constraints. In the event that you exercise any of the above mentioned rights, it will be the responsibility of SA SU PHI to verify if you are entitled to exercise the right and to provide you with an answer, normally within a month.
If you believe that the processing of your Personal Data is carried out in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Supervisory Authority or to start the appropriate legal actions before the competent courts.
These cookies are required for the website to run and cannot be switched off. Such cookies are only set in response to actions made by you such as language, currency, login session, privacy preferences. You can set your browser to block these cookies but this might affect the way our site is working.
|_orig_referrer||This cookie is generally provided by Shopify and is used to track landing pages.||Essential|
|_landing_page||This cookie is generally provided by Shopify and is used to track landing pages.||Essential|
|_ab||This cookie is generally provided by Shopify and is used in connection with access to the admin view of an online store platform.||Essential|
|_secure_session_id||This cookie is generally provided by Shopify and is used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected.||Essential|
|cart||This cookie is generally provided by Shopify and is used in connection with a shopping cart.||Essential|
|cart_sig||This cookie is generally provided by Shopify and is used in connection with checkout. It is used to verify the integrity of the cart and to ensure performance of some cart operations.||Essential|
|cart_ts||This cookie is generally provided by Shopify and is used in connection with checkout.||Essential|
|cart_ver||This cookie is generally provided by Shopify and is used in connection with the shopping cart.||Essential|
|cart_currency||This cookie is generally provided by Shopify and it is set after a checkout is completed to ensure that new carts are in the same currency as the last checkout.||Essential|
|checkout_token||This cookie is generally provided by Shopify and is used in connection with a checkout service.||Essential|
|storefront_digest||This cookie is generally provided by Shopify and it stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.||Essential|
|cookieconsent_status||This cookie is associated with the app GDPR/CCPA + Cookie Management and is used for storing the customer's consent.||Essential|
|cookieconsent_preferences_disabled||This cookie is associated with the app GDPR/CCPA + Cookie Management and is used for storing the customer's consent.||Essential|
|_shopify_m||This cookie is generally provided by Shopify and is used for managing customer privacy settings.||Essential|
|_shopify_tm||This cookie is generally provided by Shopify and is used for managing customer privacy settings.||Essential|
|_shopify_tw||This cookie is generally provided by Shopify and is used for managing customer privacy settings.||Essential|
|_tracking_consent||This cookie is generally provided by Shopify and is used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.||Essential|
|tracked_start_checkout||This cookie is generally provided by Shopify and is used in connection with checkout.||Essential|
Reporting and Analytics Cookies
These cookies allow us to measure visitors traffic and see traffic sources by collecting information in data sets. They also help us understand which products and actions are more popular than others.
|Reporting and Analytics Cookies|
|_s||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
|_shopify_fs||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
|_shopify_s||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
|_shopify_sa_t||This cookie is associated with Shopify's analytics suite concerning marketing and referrals.||Reporting and Analytics|
|_shopify_sa_p||This cookie is associated with Shopify's analytics suite concerning marketing and referrals.||Reporting and Analytics|
|_shopify_y||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
|_y||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
|_ga||This cookie name is associated with Google Universal Analytics||Reporting and Analytics|
|_gat||This cookie name is associated with Google Universal Analytics||Reporting and Analytics|
|_s||This cookie is associated with Shopify's analytics suite.||Reporting and Analytics|
Marketing and Retargeting Cookies
These cookies are usually set by our marketing and advertising partners. They may be used by them to build a profile of your interest and later show you relevant ads. If you do not allow these cookies you will not experience targeted ads for your interests.
|Marketing And Retargeting Cookies|
|IDE||This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange||Marketing And Retargeting|
|GPS||This cookie is associated with YouTube which collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.||Marketing and Retargeting|
|PREF||This cookie, which may be set by Google or Doubleclick, may be used by advertising partners to build a profile of interests to show relevant ads on other sites.||Marketing and Retargeting|
|BizoID||This is a Microsoft MSN 1st party cookie to enable user-based content.||Marketing and Retargeting|
|_fbp||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.||Marketing and Retargeting|
|__adroll||This cookie is associated with AdRoll||Marketing and Retargeting|
|__adroll_v4||This cookie is associated with AdRoll||Marketing and Retargeting|
|__adroll_fpc||This cookie is associated with AdRoll||Marketing and Retargeting|
|__ar_v4||This cookie is associated with AdRoll||Marketing and Retargeting|
These cookies enable our website to offer additional functions and personal settings. They can be set by us or by third-party service providers that we have placed on our pages. If you do not allow these cookies, these or some of these services may not work properly.
|_gid||This cookie name is associated with Google Universal Analytics||Functional|
DATE: JUNE 2022