Welcome to the www.colmar.com website (hereinafter, the “Website”). This Website is managed by Manifattura Mario Colombo & C. S.p.A. and Digital Boite S.r.l.
When signing up for services provided by third parties, users are therefore advised to carefully read these third parties’ privacy policies. Manifattura Mario Colombo & C. S.p.A. and Digital Boite S.r.l. are unable to check these third-party policies and cannot be held liable for them.
3. TYPE OF PERSONAL DATA THAT IS PROCESSED
“Personal data” means any information about the user and any information that refers to the user.
To enable users to browse the Website and use its Services (for example, creating a user account, placing orders, sending an unsolicited job application or contacting Manifattura), the following data may be processed:
When users access and browse the Website, Manifattura and Digital Boite collect browsing data – in general and in their respective areas of responsibility – through cookies and other tracking technologies.
As part of their standard operation, the IT systems and software used to run this website acquire certain personal browsing data that is transmitted automatically when using the Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used to connect to the Website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file that is sent in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters regarding the user’s operating system and computer environment.
This data, which is necessary in order to access and use the Website, is aggregated and processed anonymously for the sole purpose of obtaining statistical information on the use of the Services (for example, which pages have the most visitors, how many visitors there are per hour or per day, where the users are located) and for checking that they are working properly.
The browsing data is stored for no more than 7 (seven) days and is immediately deleted once it has been aggregated, without prejudice to the need of the judicial authorities to access the data to establish whether a crime has been committed.
Data provided voluntarily by the user
The Data Controllers also process personal data that is provided voluntarily by the user when interacting with the Website’s Services. In certain specific sections of the Website where user data is collected (such as the Work With Us, Newsletter subscription and Loyalty Programme subscription sections), specific privacy policies are published pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “ Regulation ”); In all other cases, the content of this document applies. The data provided voluntarily by the user is as follows:
- email address, date of birth and data relating to the user’s biological sex, when subscribing to the newsletter;
- first name, surname, place and date of birth, address, nationality, telephone number and email address, as well as any additional data included in the user’s CV (for example, educational background, professional experience, personal interests, photos), in their cover letter and/or in their application form, including data that discloses their race or ethnicity or that relates to their health, when submitting a job application;
- first name, surname, email address, telephone number, order number and any additional data provided when filling in the contact form or over the telephone, when requesting support or contacting customer care;
- first name, surname, date of birth, data relating to the user’s biological sex, telephone number, email address, password and any additional data provided when filling in the user’s profile details, when creating a user account;
- first name, surname, nationality, residential address, delivery address, telephone number, email address, data relating to the product that has been chosen and purchased, data concerning the chosen payment method (for example, type of credit/debit card, card number, expiry date), when purchasing the chosen product or fulfilling the related legal and contractual obligations;
- first name, surname, email address, date of birth and any additional data provided when filling in the user’s profile details (for example, residential address, telephone number, favourite sport, number of family members and sex), cumulative total volume of spending, and data concerning any purchases that have been made (for example, product category, colour and size), when signing up to the “Colmar Club Alta Quota” programme;
(hereinafter jointly the “Data”).
9. RIGHTS OF THE DATA SUBJECT
As indicated in the Regulation and without prejudice to the provisions and limitations of Legislative Decree No 196/2003 (Part I – Title I – Chapter III), the user may contact Manifattura and Digital Boite to exercise the following rights regarding the Data:
- access to the data, in the cases stipulated in Article 15 of the Regulation;
- rectification of inaccurate data and the completion of incomplete data (as per Article 16 of the Regulation);
- erasure of data on the grounds stipulated in Article 17 of the Regulation, for example, where it is no longer necessary for the aforementioned purposes or where it is not being processed in accordance with the Regulation;
- restriction of processing in the situations listed in Article 18 of the Regulation, such as where the accuracy of the personal data is contested and its accuracy must be verified by the controller;
- data portability, i.e. the right to receive the data in a structured, commonly used and machine-readable format and to transmit this data to another controller, in the cases listed in Article 20 of the Regulation;
- the right to object to processing, in the cases stipulated in Article 21 of the Regulation.
The user also has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or that similarly significantly affects them, where they have not explicitly granted their consent in advance (Article 22 of the Regulation). This category includes, but is not limited to, any form of automated data processing aimed at analysing or predicting aspects concerning the user’s consumption and purchasing choices, economic situation, interests, reliability and behaviour.
Where the processing is based on the user’s consent, they have the right to withdraw this consent at any time, without rendering unlawful any processing that took place before the consent was withdrawn.
All of the aforementioned rights may be exercised as follows:
- For Manifattura, by emailing firstname.lastname@example.org or by sending a registered letter to Via Olimpia n. 3, Monza, Italy;
- For Digital Boite, by emailing email@example.com or by sending a registered letter to Via Cusani n. 5, Milan, Italy.
In both cases, the user should specify their first name, surname, any order number, the details of their request, and their contact details.
To stop receiving the newsletter, the user may click the “cancel subscription / unsubscribe” button, which can be found at the bottom of every message.
11. TRANSFER OF DATA TO THIRD COUNTRIES
In order to provide the Services, Data may be transferred to third countries. In this case, the Data Controllers undertake to ensure that the transfer of Data to said countries complies with the provisions of the Regulation and, specifically, that adequate safeguards are in place (adequacy decisions, standard contractual clauses approved by the European Commission, etc.).
Further information may however be requested by contacting the Data Controllers at the e-mail addresses firstname.lastname@example.org and email@example.com”.
Minors under the age of 16 (sixteen) are explicitly forbidden from using the Services on the Website. In view of the available technologies and the Services provided, the Data Controllers have adopted personal data verification systems intended to check that the person with parental responsibility has granted their consent to or authorised the processing of the minor’s personal data. By registering on or by purchasing products from the Website, the user confirms that they are of legal age in their country of residence.
POLICY DATA BREACH
Manifattura has adopted a procedure for managing any personal data breaches and has appointed an in-house team (the Crisis Team) that will be responsible for analysing any such breaches and assessing the level of risk. The purpose of this team is to identify whether or not a breach has occurred and to meet all of the obligations laid down in Articles 33 and 34 of the Regulation.
In particular, where the breach involves a high level of risk to the rights and freedoms of users, Manifattura will be required not only to notify the supervisory authority within 72 hours of becoming aware of the breach, but also to inform all affected users so that they may take appropriate measures to minimise the potential damage arising from the breach.
In its message to users, Manifattura must indicate:
- the name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
- the likely consequences of the personal data breach;
- the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
This message will not be required: i) if Manifattura has implemented appropriate technical and organisational protection measures that have been applied to the personal data affected by the breach; ii) if Manifattura has taken subsequent measures that prevent new high risks to users’ rights and freedoms; and iii) if it would involve a disproportionate effort. In such a case, Manifattura may issue a public statement or take a similar measure.
In view of the tight deadline for notifying the supervisory authority, Manifattura invites:
- the persons appointed as data processors or sub-processors pursuant to Article 28 of the Regulation to report the breach within 24 and 12 hours of its discovery respectively;
- anybody who becomes aware of a personal data breach to promptly report it by emailing firstname.lastname@example.org so that the Crisis Team can take action.
Policy regarding the processing of personal data, in accordance with Article 13 of European Regulation no. 2016/679
Pursuant to Art. 13 of European Regulation no. 2016/679 (hereinafter “Regulation”), we are providing the following information relating to the processing of personal data that you provide us with for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.
1. Data Controller
The Data Controller is Manifattura Mario Colombo & C. S.p.A. (Tax code. 00763670155 and VAT no. 00691110969), with registered office in Monza, Via Olimpia no. 3; email address: email@example.com; PEC email address: firstname.lastname@example.org (hereinafter referred to as the “Company”).
2. Data Protection Officer
The Data Protection Officer appointed by the Company can be contacted by sending an email to email@example.com (hereinafter referred to as “DPO”).
3. Personal Data
Personal data is any information about you that can be traced back to you. Specifically, the processing will involve the following data: name, surname, email address, DOB, country and biological sex (hereinafter “Data”).
4. Processing Purpose
Your data will only be used for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.
5.Legal Basis of Processing
The legal basis for the processing of your data for the purposes indicated in paragraph 4) lies in the express consent you have provided, pursuant to Article 6.1, let. a) of the Regulation, by actively selecting the “Subscribe/Send” button.
6. Processing methods
With regard to the purposes outlined in section 4) above, and in compliance with the principles of lawfulness, correctness, transparency, accuracy and relevance, and without excessive processing, your data will be processed by electronic means, in compliance with legal provisions regarding the processing of personal data, and appropriate security measures shall be adopted. The processing of your data will be carried out by specially trained and instructed personnel to ensure adequate security and confidentiality, and to avoid the risk of loss and / or destruction and access by unauthorised individuals.
7. Disclosure and Sharing of Data
Your data will not be disclosed. Within limits applied strictly to the purpose outlined in section 4) above, your data may be disclosed to specially designated persons within the Company who carry out activities linked to and instrumental to the sending of Company communications containing information and promotional and/or advertising content (for example, sales personnel, staff working in the marketing department, etc.). Where necessary to carry out activities relating to the management and maintenance of computer systems and the website, Data may be processed by the subjects/entities in charge, which have been specifically appointed as Data Processors.
8. Data Retention Period
Your Data will be stored until you revoke your consent. This includes unsubscribing in the manner referred to in section 9) below..
9. Rights of the Data Subject
With regard to your data, you have the right to ask the Company, in the ways specified by the Regulation and without prejudice to the provisions and limitations of Legislative Decree no. 196/2003 (Part I – Title I – Chapter III), to:
- l’accesso, nei casi previsti (art.15 Regolamento);
- la rettifica dei Dati inesatti e l’integrazione di quelli incompleti (art. 16 Regolamento);
- la cancellazione dei Dati per i motivi previsti (art. 17 Regolamento), come ad esempio quando non siano più necessari rispetto alle finalità sopra indicate o non siano trattati nel rispetto del Regolamento;
- la limitazione di trattamento per le ipotesi previste (art. 18 Regolamento), come nel caso si contesti l’esattezza dei Dati e occorra verificarne la correttezza;
- la portabilità, vale a dire il diritto di ricevere, nei casi previsti (art. 20 Regolamento), in un formato strutturato di uso comune e leggibile da dispositivo automatico i Dati e di trasmettere detti Dati ad un altro titolare del trattamento;
- l’opposizione al trattamento, nei casi previsti (art. 21 Regolamento).
In relation to the purpose referred to in section 4) above, you also have the right to revoke your consent at any time without prejudice to the lawfulness of processing carried out before withdrawal of consent. You may exercise any of the rights listed above by sending an email to the Company (firstname.lastname@example.org) or by registered letter to the Company’s address: Monza, Via Olimpia no. 3. Also, if you no longer wish to receive communications from the Company containing information and promotional and/or advertising content, you can click on the link at the bottom of each communication, or send an e-mail to email@example.com, with “Cancel subscription” in the subject line.
If you believe that the processing of your data contravenes the provisions set out in the Regulation, you have the right to complain to the Italian Data Protection Authority, in accordance with Art. 77 of the Regulation.
11. Nature of Data Provision
The provision of your personal data is required to enable us to send communications containing information and promotional and/or advertising content about our products, services and events. Failure to provide even certain parts of your data will make it objectively impossible to send these communications.
12. Transferring Data Abroad
Your Data will not be transferred abroad and is stored at the Company’s registered office and on servers located within the European Union. The Company also uses cloud services provided by third country companies recognised as adequate in terms of security by the European Commission, in accordance with Art. 45.3 of the Regulation.
Membership of and participation in the “Colmar Club Alta Quota” program in the ways described in the “Regulations of the Loyalty Program – Colmar Club Alta Quota” entails the processing of the personal data of customers by Manifattura Mario Colombo & C. S.p.A.. Pursuant to art. 13 of EU Regulation no. 2016/679, Manifattura Mario Colombo & C. S.p.A. gives the following information on the personal data provided.
1. Data Controller
The Data Controller is Manifattura Mario Colombo & C. S.p.A. (Tax number 00763670155 and VAT Reg. no. 00691110969), registered office Via Olimpia 3,Monza, e-mail firstname.lastname@example.org, Certified email email@example.com (hereinafter “Company”).
2. Data Protection Officer
The Data Protection Officer appointed by the Company may be contacted by sending an email to the address firstname.lastname@example.org (hereinafter “DPO”).
3. Personal Data
Personal data means any information that can be referred to the customer. Specifically, the processing will concern the following data:
- – First name, surname, email address, date of birth and any further information provided through filling in the personal profile (such as, for example, address, telephone number, favourite sport, number of members of the household and gender);
- – Total amount progressively spent, as well as the information related to the purchases made by the customer (such as, for example, the category of goods of the product purchased, the colour and the size);
4. Purposes of the processing
Your data will only be used for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.
- a. Membership of and participation in the “Colmar Club Alta Quota” program and creation of the personal profile;
- b. Management of the obligations closely connected with the membership of and participation in the “Colmar Club Alta Quota” program, such as the attribution of discounts, advantages, experiences and special dedicated initiatives;
- c. Fulfilment of the legal and contractual obligations connected with participation in the “Colmar Club Alta Quota” program, also including those of an administrative character;
- d. Inclusion and/or updating of the names of the customers of the “Colmar Club Alta Quota” program;
- e. Sending communications with informative content and closely connected with the “Colmar Club Alta Quota” program (such as, by way of example and not exhaustively, the welcome letter, notification of reaching and going past the levels, etc.);
- f. Registration for the Company’s newsletter and sending communications with informative and promotional content on the products of the Colmar brand, services and events;
- g. Analysis of the interests, of the purchasing habits and tastes of the customer to allow the Company to personalize the offer of its products and services, as well as to send further communications in line with the customer’s interests;
- h. Assistance and personalized advice during the purchase of products in the stores belonging to the “Colmar Club Alta Quota” program;
- i. Exercise and defence of the Company’s rights in every seat, including judicial and administrative, in arbitration and/or mediation and reconciliation procedures.
5. Lawfulness of the processing
The processing of the Data for the purposes shown in point 4) above is lawful:
- – As for letters a), b), c) and e) in the execution of the contract (art. 6.1 b) Regulation), as well as in the compliance with obligations connected with it to which the Company is subject (art. 6.1 c) Regulation);
- – As for letters d), h) and i) in the legitimate interest of the Company (art. 6.1 f) Regulation);
- – As for letters f) and g) in the consent expressed by the customer (art. 6.1 a) Regulation).
6. Methods of processing
As part of the purposes shown in point 4) above, the processing of the Data will take place using electronic and automated instruments, in the respect of the legislation on the processing of personal data, adopting the appropriate safety measures. The processing of the Data will be carried out by personnel who perform activities that are connected with and instrumental to the management of the “Colmar Club Alta Quota” program (such as, for example, the sales assistants in the stores, the administrative personnel, the personnel of the marketing department and the IT department), who are specially authorized, trained and instructed, in order to guarantee the appropriate security and confidentiality, as well as in order to avoid risks of loss and/or destruction and access by unauthorized subjects.
7. Communication and diffusion of the Data
The Data will not be diffused. Within the limits strictly pertinent to the purposes shown in point 4) above, the Data may be communicated to :
- – subjects legitimates pursuant to law or regulation, such as by way of example the competent public authorities and the judicial authority;
- – subjects specifically appointed Data processing managers (natural persons or companies that process data on the documented instruction of the Company such as, by way of example, the subject that manages and maintains the IT systems, as well as the website and the CRM – Customer Relationship Management – system, companies which manage the points of sale where the “Colmar Club Alta Quota” program is active). The updated list of names of the Processing Managers can be requested from the Company, by sending an email to email@example.com.
8. Period of storage of the Data
The Data will be stored for the period of time strictly necessary for the pursuit of the purposes for which the aforementioned Data have been collected. Specifically, the Data processed:
- For the purposes as per point 4) letters a), b), c), d), e) and i) above, will be kept for the entire duration of the participation in the “Colmar Club Alta Quota” program and, in any case, until the rights deriving from the relationship reach the limitation period. Cancellation of the “Colmar Club Alta Quota” program will allow the customer, in any case, to keep their personal profile active until its closure is explicitly requested;
- – For the purposes as per point 4) letter f) above, the data will be kept until the revocation of consent;
- – For the purposes as per point 4) letter g) above, they will be kept for a maximum period of 12 (twelve) months from the date on which they were collected;
- – For the purposes as per point 4) letter h) above, they will be kept for a maximum period of 12 (twelve) months from the date on which they were collected.
Without prejudice, however, to the right of opposition to processing, the right of revocation of the consent for those types of processing which are lawful, to be exercised according to the methods better described in point 9) below, as well as compliance with specific obligations of storage according to law and the exercise of the right of defence of the Company in the event of dispute
9. Rights of the data subject
With reference to the Data, the data subject has the right to ask the Company with the ways shown by the Regulation and without prejudice to the provisions and limitations as per Legislative Decree no. 196/2003 (Part I – Chapter I -Section III):
- Access, in the cases foreseen (art. 15 Regulation);
- The correction of inexact Data and the completion of incomplete Data (art. 16 Regulation
- The cancellation of the Data for the reasons considered (art. 17 Regulation) such as for example whey they are no longer necessary with respect to the purposes shown above or are not processed in the respect of the Regulation;
- The limitation of treatment for the hypotheses considered (art. 18 Regulation), as in the case in which the exactness of the Data is contested and their correctness has to be checked;
- Portability, i.e. the right to receive the Data, in the cases foreseen (art. 20 Regulation), in a structured form of common use and legible by an automatic device and to transmit the aforementioned Data to another Data Controller;
- Opposition to the processing, in the cases foreseen (art. 21 Regulation).
In relation to the purposes as per point 4) letters f) and g) above, the right is also recognized to revoke consent, at any time whatsoever and without prejudicing the lawfulness of the processing done before being revoked. All the rights listed above may be exercised by sending to the Company an email to the address firstname.lastname@example.org or by registered letter to the address of the Company: Via Olimpia n. 3, Monza. In addition, in order to no longer receive communications from the Company with an informative and promotional content on products with the Colmar brand, services and events, it will be possible to cancel registration by clicking on the appropriate link at the bottom of each communication.
In the case that the processing of the Data infringes the provisions in the Regulation, there is the right to file a complaint with the Supervisory Authority for the protection of personal data according to the provisions of art. 77 of the Regulation..
11. Provision of personal data
Provision of the Data is compulsory and is strictly necessary for the pursuit of the purposes shown in point 4) letters a), b), c), d), e) and i) above. Therefore, failure to provide, including only partially, the Data entails the objective impossibility of participating in the program and satisfying what is requested. The provision of the Data shown as optional in the personal profile (such as, for example, address, telephone number etc.) as well as of the Data for the pursuit of the purposes as per point 4) letters f), g) and h) above, is, on the other hand, optional. However, failure to provide, including only partially, the Data entails the objective impossibility for the Company to proceed with registration for the newsletter, with the analysis of interests, habits and tastes, as well as the activity of personalized advice and assistance, but without prejudicing the participation in the “Colmar Club Alta Quota” program.
12. Transfer of Data abroad
The Data are stored at the registered office of the Company and on servers located in the European Union. In the event that the Data have to be transferred to countries not belonging to the European Union, the Company undertakes to ensure that this transfer takes place in the respect of the adequate guarantees for the protection of the Data, according to the provisions of articles 46 and 47 of the Regulation.
WORK WITH US
In the event of a breach of personal data, Manifattura Mario Colombo & C. has set up a crisis team and provided for specific intervention procedures, in order to swiftly resolve the problem and alert the user so that he or she can adopt suitable precautions to reduce to a minimum the potential damage that may caused by the breach.
The information provided to users in the event of a breach will specifically indicate:
- the name and contact data of the Data Protection Officer, or any other contact that can provide information;
- the measures adopted or proposed by the Legal Representative to remedy the breach of personal data and, if appropriate, to limit the possible negative effects.
Manifattura Mario Colombo & C. will issue a public communication, or take similar measures, and will not be obliged to inform the user if adequate technical and organisational measures are implemented to protect the data affected by the breach, if measures are subsequently adopted to prevent the user’s rights being placed at high risk again, or when the communication would require a disproportionate effort. In any case, Manifattura Mario Colombo & C. will consider whether it is opportune – even if it is not strictly compulsory – to keep the user informed.
Where necessary, Manifattura Mario Colombo & C. will also inform the Data Protection Authority of the breach within 72 hours.
For this reason, if a breach comes to the attention of a Data Processor, or another processor appointed thereby, he or she must notify the violation, within 12 and 24 hours respectively of discovery.
Any breaches of personal data may be notified by writing to email@example.com.