HERITAGE HERITAGE
NOW NOW
TOMORROW TOMORROW
English English Italiano Italiano

PRIVACY POLICY

WEBSITE

DATA PROTECTION INFORMATION

Information provided pursuant to art. 13 of Regulation (EU) no. 2016/679
of the European Parliament and the Council

Welcome to the www.colmar.com website (hereinafter, the “Website”). This Website is managed by Manifattura Mario Colombo & C. S.p.A. and Digital Boite S.r.l.

This Privacy Policy explains how the independent data controllers, Manifattura Mario Colombo & C. S.p.A. and Digital Boite S.r.l., process personal data that is collected automatically or provided by the user when accessing the Website, browsing it and using its services (hereinafter, the “ Services”).

When signing up for services provided by third parties, users are therefore advised to carefully read these third parties’ privacy policies. Manifattura Mario Colombo & C. S.p.A. and Digital Boite S.r.l. are unable to check these third-party policies and cannot be held liable for them.

1. DATA CONTROLLER

The data controllers for their respective areas of responsibility are Manifattura Mario Colombo & C. S.p.A. (tax ID 00763670155 and VAT no. 00691110969), with registered offices at Via Olimpia n. 3, Monza, Italy, email address infoedatabreach@mmcol.it, certified email address amministrazionemmc@legalmail.it (hereinafter, “Manifattura”) and Digital Boite S.r.l. (tax ID and VAT no. 03796760365), with registered offices at Via Cusani n. 5, Milan, Italy, email address privacy@digitalboite.com, certified email address digital.boite@pec.it (hereinafter, “Digital Boite”), (hereinafter jointly the “Data Controllers”).

2. DATA PROTECTION OFFICER

The Data Protection Officer appointed by Manifattura is Simone Bongiovanni, a lawyer with offices at Via Susa n. 31, Turin, Italy, who can by contacted by emailing dpo@mmcol.it; the Data Protection Officer appointed by Digital Boite can be contacted by emailing dpo@digitalboite.com.

3. TYPE OF PERSONAL DATA THAT IS PROCESSED

“Personal data” means any information about the user and any information that refers to the user.

To enable users to browse the Website and use its Services (for example, creating a user account, placing orders, sending an unsolicited job application or contacting Manifattura), the following data may be processed:

Browsing Data

When users access and browse the Website, Manifattura and Digital Boite collect browsing data – in general and in their respective areas of responsibility – through cookies and other tracking technologies.

As part of their standard operation, the IT systems and software used to run this website acquire certain personal browsing data that is transmitted automatically when using the Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used to connect to the Website, the URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file that is sent in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters regarding the user’s operating system and computer environment.

This data, which is necessary in order to access and use the Website, is aggregated and processed anonymously for the sole purpose of obtaining statistical information on the use of the Services (for example, which pages have the most visitors, how many visitors there are per hour or per day, where the users are located) and for checking that they are working properly.

The browsing data is stored for no more than 7 (seven) days and is immediately deleted once it has been aggregated, without prejudice to the need of the judicial authorities to access the data to establish whether a crime has been committed.

Data provided voluntarily by the user

The Data Controllers also process personal data that is provided voluntarily by the user when interacting with the Website’s Services. In certain specific sections of the Website where user data is collected (such as the Work With Us, Newsletter subscription and Loyalty Programme subscription sections), specific privacy policies are published pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “ Regulation ”); In all other cases, the content of this document applies. The data provided voluntarily by the user is as follows:

  • email address, date of birth and data relating to the user’s biological sex, when subscribing to the newsletter;
  • first name, surname, place and date of birth, address, nationality, telephone number and email address, as well as any additional data included in the user’s CV (for example, educational background, professional experience, personal interests, photos), in their cover letter and/or in their application form, including data that discloses their race or ethnicity or that relates to their health, when submitting a job application;
  • first name, surname, email address, telephone number, order number and any additional data provided when filling in the contact form or over the telephone, when requesting support or contacting customer care;
  • first name, surname, date of birth, data relating to the user’s biological sex, telephone number, email address, password and any additional data provided when filling in the user’s profile details, when creating a user account;
  • first name, surname, nationality, residential address, delivery address, telephone number, email address, data relating to the product that has been chosen and purchased, data concerning the chosen payment method (for example, type of credit/debit card, card number, expiry date), when purchasing the chosen product or fulfilling the related legal and contractual obligations;
  • first name, surname, email address, date of birth and any additional data provided when filling in the user’s profile details (for example, residential address, telephone number, favourite sport, number of family members and sex), cumulative total volume of spending, and data concerning any purchases that have been made (for example, product category, colour and size), when signing up to the “Colmar Club Alta Quota” programme;

(hereinafter jointly the “Data”).

4. PURPOSE AND LEGAL BASIS FOR THE PROCESSING, AND NATURE OF THE PROVISION OF DATA

I Dati sono trattati per le seguenti finalità:

a) The Data is processed for the following purposes:

a. to allow users to browse the Website, to collect anonymous statistical information about its use, to check that the Website is working properly, and to ascertain liability in the event of a computer crime (hereinafter, “Browsing the Website”). The legal basis for the processing performed by Manifattura is the legitimate interest of Manifattura (Article 6(1)(f) of the Regulation);

  • b. to process the user’s order of the chosen products, and to fulfill the contract of sale and all of the related legal and contractual obligations, including administrative, accounting and tax obligations (hereinafter, “Purchasing Products”). The legal basis for the processing performed by Digital Boite is the performance of the contract (Article 6(1)(b) of the Regulation) and fulfilling the related obligations (Article 6(1)(c) of the Regulation);c. to provide customer care, including responding to any requests and/or complaints and processing returns (hereinafter, “Customer Care”). The legal basis for the processing performed by the Data Controllers is the performance of the contract and pre-contractual measures (Article 6(1)(b) of the Regulation);

    d. to allow users to subscribe to the newsletter and to send informative and promotional messages about Colmar products, services and events (hereinafter, the “Newsletter”). The legal basis for the processing performed by Manifattura is the consent granted by the user (Article 6(1)(a) of the Regulation);

    e. to send marketing and promotional messages about Colmar products and services related to the products and services that have been purchased (hereinafter, “Electronic Mail Marketing”). The legal basis for the processing performed by the Data Controllers is the legitimate interest of the Data Controllers (Article 6(1)(f) of the Regulation);

    f. to analyse the interests, shopping habits and tastes of the user so that the company can customise its range of products and services, and to send future messages that match the user’s interests (hereinafter, “Profiling”). The legal basis for the processing performed by Manifattura is the consent granted by the user (Article 6(1)(a) of the Regulation);

    g. to register in the “My Account” area, create a user profile and use the services reserved exclusively for registered users (hereinafter, the “User Account”). The legal basis for the processing performed by Manifattura is the consent granted by the user (Article 6(1)(a) of the Regulation);

    h. to sign up to and take part in the “Colmar Club Alta Quota” programme, to manage any strictly related obligations (for example, awarding discounts, benefits, experiences and special dedicated initiatives) and to fulfill any additional legal and contractual obligations (hereinafter, the “Loyalty Programme”). The legal basis for the processing performed by Manifattura is the performance of the contract (Article 6(1)(b) of the Regulation) and fulfilling the related obligations to which it is subject (Article 6(1)(c) of the Regulation);

    i. to provide personalised support and advice when purchasing products at stores participating in the “Colmar Club Alta Quota” programme (hereinafter, “Personalised Assistance”). The legal basis for the processing performed by Manifattura is the legitimate interest of Manifattura (Article 6(1)(f) of the Regulation);

    j. to check that the purchaser and the cardholder are the same (hereinafter, “Fraud Prevention Activities”). The legal basis for the processing performed by Manifattura is the legitimate interest of Manifattura (Article 6(1)(f) of the Regulation);

    k. to assess the professional profile and to manage any selection process aimed at establishing an employment relationship or a professional collaboration (hereinafter, “Selection”). The legal basis for the processing performed by Manifattura is the implementation of pre-contractual measures (Article 6(1)(b) of the Regulation) and the consent granted to process any personal data that may be provided (Article 6(1)(a) of the Regulation).

    l. to exercise and defend the rights of the Data Controllers in any court, including legal and administrative courts, and in arbitration and/or mediation and conciliation processes (hereinafter, “Defence”). The legal basis for the processing performed by the Data Controllers is the legitimate interest of the Data Controllers (Article 6(1)(f) of the Regulation).

    With the exception of browsing data (collected automatically by the system), the provision of data is:

    • necessary for the purposes referred to in Article 4(b), (c), (j), (k) and (l) above. Therefore, should the user fail to provide the Data marked (*), the Data Controllers will be unable to fulfill the request (for example, to process the order, to fulfill the legal and contractual obligations, to respond to any support requests or complaints, or to start the selection process). However, should the user fail to provide the Data not marked (*), the Data Controller’s ability to fulfill the request, in accordance with in the aforementioned purposes, will not be affected;
    • optional for the purposes referred to in Article 4(d), (f), (g), (h) and (i) above. Therefore, should the user fail to provide the Data, the Data Controllers will be unable to respond to the user’s request (for example, to send the newsletter, to carry out profiling, to create a user account, or to sign for up and take part in the “Colmar Club Alta Quota” programme), without prejudice to the pursuit of the purposes referred to in Article 4(b), (c), (j) and (k) and the use of the Website.

5. COOKIES

The Website uses technical, analytical and profiling cookies, as well as third-party cookies. Further information about the characteristics of the cookies used on the Website can be found in the Cookies Policy.

6. PROCESSING METHOD

For the purposes indicated in Article 4, the Data will be mainly processed using electronic and automated means, as well as on paper, in accordance with the legal provisions concerning personal data processing, and using adequate security measures.

In order to guarantee the appropriate level of security and confidentiality and to avoid the risks of loss and/or destruction and access by unauthorised parties, the Data is processed by in-house staff at Manifattura and Digital Boite (employees, system administrators and any partners) who have been duly authorised, trained and instructed.

7. DISCLOSURE OF DATA

The Data will not be shared. Strictly within the limits of the purposes indicated in Article 4, the Data may be disclosed to:

  • third parties from outside the Data Controllers’ organisations that, as independent data controllers or processors pursuant to Article 28 of the Regulation, are involved in the data processing operations, for example, banks, internet providers, hauliers, marketing companies, IT infrastructure, management and maintenance companies, system security and fraud prevention companies, website management companies, tax advisors, call centre management companies, and companies that manage physical points of sale;
  • eligible parties pursuant to the law or regulations, for example, the competent public authorities and legal authorities.

An updated list of all data processors can be requested from the Data Controllers by emailing infoedatabreach@mmcol.it and privacy@digitalboite.com.

8. DATA RETENTION PERIOD

The Data Controllers will retain the Data for the period strictly necessary to fulfill the respective purposes for which the Data was collected. Specifically, the Data will be retained for the following periods:

  • Data processed for Purchasing Products will be retained for the duration of the relationship and, in any case, until the end of the limitation period arising from said relationship;
  • Data processed for Customer Care will be retained for the period strictly necessary to fulfill the purpose;
  • Data processed for sending the Newsletter will be retained until the user withdraws their consent;
  • Data processed for Electronic Mail Marketing will be retained until the user exercises their right to object to their data being processed;
  • Data processed for Profiling will be retained for a maximum of 12 (twelve) months from the date on which the Data is collected;
  • Data processed for the User Account will be retained until the user closes the account, which they may request at any time;
  • Data processed for the Loyalty Programme and Personalised Assistance will be retained for the duration of the user’s participation in the “Colmar Club Alta Quota” programme and, in any case, until the end of the limitation period arising from said participation;
  • Data processed for Selection will be retained for a period of one year from the date on which the Data is collected.

The above is without prejudice to the right to withdraw consent for processing on the grounds of this legal basis, the right to object to processing, compliance with the specific retention obligations laid down by the law, and the exercise of the right of defence in the case of a dispute.

9. RIGHTS OF THE DATA SUBJECT

As indicated in the Regulation and without prejudice to the provisions and limitations of Legislative Decree No 196/2003 (Part I – Title I – Chapter III), the user may contact Manifattura and Digital Boite to exercise the following rights regarding the Data:

  • access to the data, in the cases stipulated in Article 15 of the Regulation;
  • rectification of inaccurate data and the completion of incomplete data (as per Article 16 of the Regulation);
  • erasure of data on the grounds stipulated in Article 17 of the Regulation, for example, where it is no longer necessary for the aforementioned purposes or where it is not being processed in accordance with the Regulation;
  • restriction of processing in the situations listed in Article 18 of the Regulation, such as where the accuracy of the personal data is contested and its accuracy must be verified by the controller;
  • data portability, i.e. the right to receive the data in a structured, commonly used and machine-readable format and to transmit this data to another controller, in the cases listed in Article 20 of the Regulation;
  • the right to object to processing, in the cases stipulated in Article 21 of the Regulation.

The user also has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or that similarly significantly affects them, where they have not explicitly granted their consent in advance (Article 22 of the Regulation). This category includes, but is not limited to, any form of automated data processing aimed at analysing or predicting aspects concerning the user’s consumption and purchasing choices, economic situation, interests, reliability and behaviour.

Where the processing is based on the user’s consent, they have the right to withdraw this consent at any time, without rendering unlawful any processing that took place before the consent was withdrawn.

All of the aforementioned rights may be exercised as follows:

  • For Manifattura, by emailing infoedatabreach@mmcol.it or by sending a registered letter to Via Olimpia n. 3, Monza, Italy;
  • For Digital Boite, by emailing privacy@digitalboite.com or by sending a registered letter to Via Cusani n. 5, Milan, Italy.

In both cases, the user should specify their first name, surname, any order number, the details of their request, and their contact details.

To stop receiving the newsletter, the user may click the “cancel subscription / unsubscribe” button, which can be found at the bottom of every message.

10. COMPLAINTS

If the user believes that the processing breaches the provisions of the Regulation, they may lodge a complaint with the supervisory authority as indicated in Article 77 of the Regulation

11. TRANSFER OF DATA TO THIRD COUNTRIES

In order to provide the Services, Data may be transferred to third countries. In this case, the Data Controllers undertake to ensure that the transfer of Data to said countries complies with the provisions of the Regulation and, specifically, that adequate safeguards are in place (adequacy decisions, standard contractual clauses approved by the European Commission, etc.).

Further information may however be requested by contacting the Data Controllers at the e-mail addresses infoedatabreach@mmcol.it and privacy@digitalboite.com”.

MINORS

Minors under the age of 16 (sixteen) are explicitly forbidden from using the Services on the Website. In view of the available technologies and the Services provided, the Data Controllers have adopted personal data verification systems intended to check that the person with parental responsibility has granted their consent to or authorised the processing of the minor’s personal data. By registering on or by purchasing products from the Website, the user confirms that they are of legal age in their country of residence.

POLICY DATA BREACH

Manifattura has adopted a procedure for managing any personal data breaches and has appointed an in-house team (the Crisis Team) that will be responsible for analysing any such breaches and assessing the level of risk. The purpose of this team is to identify whether or not a breach has occurred and to meet all of the obligations laid down in Articles 33 and 34 of the Regulation.

In particular, where the breach involves a high level of risk to the rights and freedoms of users, Manifattura will be required not only to notify the supervisory authority within 72 hours of becoming aware of the breach, but also to inform all affected users so that they may take appropriate measures to minimise the potential damage arising from the breach.

In its message to users, Manifattura must indicate:

  • the name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
  • the likely consequences of the personal data breach;
  • the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

This message will not be required: i) if Manifattura has implemented appropriate technical and organisational protection measures that have been applied to the personal data affected by the breach; ii) if Manifattura has taken subsequent measures that prevent new high risks to users’ rights and freedoms; and iii) if it would involve a disproportionate effort. In such a case, Manifattura may issue a public statement or take a similar measure.

In view of the tight deadline for notifying the supervisory authority, Manifattura invites:

  • the persons appointed as data processors or sub-processors pursuant to Article 28 of the Regulation to report the breach within 24 and 12 hours of its discovery respectively;
  • anybody who becomes aware of a personal data breach to promptly report it by emailing infoedatabreach@mmcol.it so that the Crisis Team can take action.

NEWSLETTER

Policy regarding the processing of personal data, in accordance with Article 13 of European Regulation no. 2016/679

Pursuant to Art. 13 of European Regulation no. 2016/679 (hereinafter “Regulation”), we are providing the following information relating to the processing of personal data that you provide us with for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.

1. Data Controller

The Data Controller is Manifattura Mario Colombo & C. S.p.A. (Tax code. 00763670155 and VAT no. 00691110969), with registered office in Monza, Via Olimpia no. 3; email address: infoedatabreach@mmcol.it; PEC email address: amministrazionemmc@legalmail.it (hereinafter referred to as the “Company”).

2. Data Protection Officer

The Data Protection Officer appointed by the Company can be contacted by sending an email to dpo@mmcol.it (hereinafter referred to as “DPO”).

3. Personal Data

Personal data is any information about you that can be traced back to you. Specifically, the processing will involve the following data: name, surname, email address, DOB, country and biological sex (hereinafter “Data”).

4. Processing Purpose

Your data will only be used for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.

5.Legal Basis of Processing

The legal basis for the processing of your data for the purposes indicated in paragraph 4) lies in the express consent you have provided, pursuant to Article 6.1, let. a) of the Regulation, by actively selecting the “Subscribe/Send” button.

6. Processing methods

With regard to the purposes outlined in section 4) above, and in compliance with the principles of lawfulness, correctness, transparency, accuracy and relevance, and without excessive processing, your data will be processed by electronic means, in compliance with legal provisions regarding the processing of personal data, and appropriate security measures shall be adopted. The processing of your data will be carried out by specially trained and instructed personnel to ensure adequate security and confidentiality, and to avoid the risk of loss and / or destruction and access by unauthorised individuals.

7. Disclosure and Sharing of Data

Your data will not be disclosed. Within limits applied strictly to the purpose outlined in section 4) above, your data may be disclosed to specially designated persons within the Company who carry out activities linked to and instrumental to the sending of Company communications containing information and promotional and/or advertising content (for example, sales personnel, staff working in the marketing department, etc.). Where necessary to carry out activities relating to the management and maintenance of computer systems and the website, Data may be processed by the subjects/entities in charge, which have been specifically appointed as Data Processors.

8. Data Retention Period

Your Data will be stored until you revoke your consent. This includes unsubscribing in the manner referred to in section 9) below..

9. Rights of the Data Subject

With regard to your data, you have the right to ask the Company, in the ways specified by the Regulation and without prejudice to the provisions and limitations of Legislative Decree no. 196/2003 (Part I – Title I – Chapter III), to:

  • l’accesso, nei casi previsti (art.15 Regolamento);
  • la rettifica dei Dati inesatti e l’integrazione di quelli incompleti (art. 16 Regolamento);
  • la cancellazione dei Dati per i motivi previsti (art. 17 Regolamento), come ad esempio quando non siano più necessari rispetto alle finalità sopra indicate o non siano trattati nel rispetto del Regolamento;
  • la limitazione di trattamento per le ipotesi previste (art. 18 Regolamento), come nel caso si contesti l’esattezza dei Dati e occorra verificarne la correttezza;
  • la portabilità, vale a dire il diritto di ricevere, nei casi previsti (art. 20 Regolamento), in un formato strutturato di uso comune e leggibile da dispositivo automatico i Dati e di trasmettere detti Dati ad un altro titolare del trattamento;
  • l’opposizione al trattamento, nei casi previsti (art. 21 Regolamento).

In relation to the purpose referred to in section 4) above, you also have the right to revoke your consent at any time without prejudice to the lawfulness of processing carried out before withdrawal of consent. You may exercise any of the rights listed above by sending an email to the Company (infoedatabreach@mmcol.it) or by registered letter to the Company’s address: Monza, Via Olimpia no. 3. Also, if you no longer wish to receive communications from the Company containing information and promotional and/or advertising content, you can click on the link at the bottom of each communication, or send an e-mail to infoedatabreach@mmcol.it, with “Cancel subscription” in the subject line.

10. Complaints

If you believe that the processing of your data contravenes the provisions set out in the Regulation, you have the right to complain to the Italian Data Protection Authority, in accordance with Art. 77 of the Regulation.

11. Nature of Data Provision

The provision of your personal data is required to enable us to send communications containing information and promotional and/or advertising content about our products, services and events. Failure to provide even certain parts of your data will make it objectively impossible to send these communications.

12. Transferring Data Abroad

Your Data will not be transferred abroad and is stored at the Company’s registered office and on servers located within the European Union. The Company also uses cloud services provided by third country companies recognised as adequate in terms of security by the European Commission, in accordance with Art. 45.3 of the Regulation.

LOYALTY PROGRAM

Membership of and participation in the “Colmar Club Alta Quota” program in the ways described in the “Regulations of the Loyalty Program – Colmar Club Alta Quota” entails the processing of the personal data of customers by Manifattura Mario Colombo & C. S.p.A.. Pursuant to art. 13 of EU Regulation no. 2016/679, Manifattura Mario Colombo & C. S.p.A. gives the following information on the personal data provided.

1. Data Controller

The Data Controller is Manifattura Mario Colombo & C. S.p.A. (Tax number 00763670155 and VAT Reg. no. 00691110969), registered office Via Olimpia 3,Monza, e-mail infoedatabreach@mmcol.it, Certified email amministrazionemmc@legalmail.it (hereinafter “Company”).

2. Data Protection Officer

The Data Protection Officer appointed by the Company may be contacted by sending an email to the address dpo@mmcol.it (hereinafter “DPO”).

3. Personal Data

Personal data means any information that can be referred to the customer. Specifically, the processing will concern the following data:

  • – First name, surname, email address, date of birth and any further information provided through filling in the personal profile (such as, for example, address, telephone number, favourite sport, number of members of the household and gender);
  • – Total amount progressively spent, as well as the information related to the purchases made by the customer (such as, for example, the category of goods of the product purchased, the colour and the size);

4. Purposes of the processing

Your data will only be used for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.

  • a. Membership of and participation in the “Colmar Club Alta Quota” program and creation of the personal profile;
  • b. Management of the obligations closely connected with the membership of and participation in the “Colmar Club Alta Quota” program, such as the attribution of discounts, advantages, experiences and special dedicated initiatives;
  • c. Fulfilment of the legal and contractual obligations connected with participation in the “Colmar Club Alta Quota” program, also including those of an administrative character;
  • d. Inclusion and/or updating of the names of the customers of the “Colmar Club Alta Quota” program;
  • e. Sending communications with informative content and closely connected with the “Colmar Club Alta Quota” program (such as, by way of example and not exhaustively, the welcome letter, notification of reaching and going past the levels, etc.);
  • f. Registration for the Company’s newsletter and sending communications with informative and promotional content on the products of the Colmar brand, services and events;
  • g. Analysis of the interests, of the purchasing habits and tastes of the customer to allow the Company to personalize the offer of its products and services, as well as to send further communications in line with the customer’s interests;
  • h. Assistance and personalized advice during the purchase of products in the stores belonging to the “Colmar Club Alta Quota” program;
  • i. Exercise and defence of the Company’s rights in every seat, including judicial and administrative, in arbitration and/or mediation and reconciliation procedures.

5. Lawfulness of the processing

The processing of the Data for the purposes shown in point 4) above is lawful:

  • – As for letters a), b), c) and e) in the execution of the contract (art. 6.1 b) Regulation), as well as in the compliance with obligations connected with it to which the Company is subject (art. 6.1 c) Regulation);
  • – As for letters d), h) and i) in the legitimate interest of the Company (art. 6.1 f) Regulation);
  • – As for letters f) and g) in the consent expressed by the customer (art. 6.1 a) Regulation).

6. Methods of processing

As part of the purposes shown in point 4) above, the processing of the Data will take place using electronic and automated instruments, in the respect of the legislation on the processing of personal data, adopting the appropriate safety measures. The processing of the Data will be carried out by personnel who perform activities that are connected with and instrumental to the management of the “Colmar Club Alta Quota” program (such as, for example, the sales assistants in the stores, the administrative personnel, the personnel of the marketing department and the IT department), who are specially authorized, trained and instructed, in order to guarantee the appropriate security and confidentiality, as well as in order to avoid risks of loss and/or destruction and access by unauthorized subjects.

7. Communication and diffusion of the Data

The Data will not be diffused. Within the limits strictly pertinent to the purposes shown in point 4) above, the Data may be communicated to :

  • – subjects legitimates pursuant to law or regulation, such as by way of example the competent public authorities and the judicial authority;
  • – subjects specifically appointed Data processing managers (natural persons or companies that process data on the documented instruction of the Company such as, by way of example, the subject that manages and maintains the IT systems, as well as the website and the CRM – Customer Relationship Management – system, companies which manage the points of sale where the “Colmar Club Alta Quota” program is active). The updated list of names of the Processing Managers can be requested from the Company, by sending an email to infoedatabreach@mmcol.it.

8. Period of storage of the Data

The Data will be stored for the period of time strictly necessary for the pursuit of the purposes for which the aforementioned Data have been collected. Specifically, the Data processed:

  •  For the purposes as per point 4) letters a), b), c), d), e) and i) above, will be kept for the entire duration of the participation in the “Colmar Club Alta Quota” program and, in any case, until the rights deriving from the relationship reach the limitation period. Cancellation of the “Colmar Club Alta Quota” program will allow the customer, in any case, to keep their personal profile active until its closure is explicitly requested;
  • – For the purposes as per point 4) letter f) above, the data will be kept until the revocation of consent;
  • – For the purposes as per point 4) letter g) above, they will be kept for a maximum period of 12 (twelve) months from the date on which they were collected;
  • – For the purposes as per point 4) letter h) above, they will be kept for a maximum period of 12 (twelve) months from the date on which they were collected.

Without prejudice, however, to the right of opposition to processing, the right of revocation of the consent for those types of processing which are lawful, to be exercised according to the methods better described in point 9) below, as well as compliance with specific obligations of storage according to law and the exercise of the right of defence of the Company in the event of dispute

9. Rights of the data subject

With reference to the Data, the data subject has the right to ask the Company with the ways shown by the Regulation and without prejudice to the provisions and limitations as per Legislative Decree no. 196/2003 (Part I – Chapter I -Section III):

  • Access, in the cases foreseen (art. 15 Regulation);
  • The correction of inexact Data and the completion of incomplete Data (art. 16 Regulation
  • The cancellation of the Data for the reasons considered (art. 17 Regulation) such as for example whey they are no longer necessary with respect to the purposes shown above or are not processed in the respect of the Regulation;
  • The limitation of treatment for the hypotheses considered (art. 18 Regulation), as in the case in which the exactness of the Data is contested and their correctness has to be checked;
  • Portability, i.e. the right to receive the Data, in the cases foreseen (art. 20 Regulation), in a structured form of common use and legible by an automatic device and to transmit the aforementioned Data to another Data Controller;
  • Opposition to the processing, in the cases foreseen (art. 21 Regulation).

In relation to the purposes as per point 4) letters f) and g) above, the right is also recognized to revoke consent, at any time whatsoever and without prejudicing the lawfulness of the processing done before being revoked. All the rights listed above may be exercised by sending to the Company an email to the address infoedatabreach@mmcol.it or by registered letter to the address of the Company: Via Olimpia n. 3, Monza. In addition, in order to no longer receive communications from the Company with an informative and promotional content on products with the Colmar brand, services and events, it will be possible to cancel registration by clicking on the appropriate link at the bottom of each communication.

10. Complaint

In the case that the processing of the Data infringes the provisions in the Regulation, there is the right to file a complaint with the Supervisory Authority for the protection of personal data according to the provisions of art. 77 of the Regulation..

11. Provision of personal data

Provision of the Data is compulsory and is strictly necessary for the pursuit of the purposes shown in point 4) letters a), b), c), d), e) and i) above. Therefore, failure to provide, including only partially, the Data entails the objective impossibility of participating in the program and satisfying what is requested. The provision of the Data shown as optional in the personal profile (such as, for example, address, telephone number etc.) as well as of the Data for the pursuit of the purposes as per point 4) letters f), g) and h) above, is, on the other hand, optional. However, failure to provide, including only partially, the Data entails the objective impossibility for the Company to proceed with registration for the newsletter, with the analysis of interests, habits and tastes, as well as the activity of personalized advice and assistance, but without prejudicing the participation in the “Colmar Club Alta Quota” program.

12. Transfer of Data abroad

The Data are stored at the registered office of the Company and on servers located in the European Union. In the event that the Data have to be transferred to countries not belonging to the European Union, the Company undertakes to ensure that this transfer takes place in the respect of the adequate guarantees for the protection of the Data, according to the provisions of articles 46 and 47 of the Regulation.

WORK WITH US

In the event of a breach of personal data, Manifattura Mario Colombo & C. has set up a crisis team and provided for specific intervention procedures, in order to swiftly resolve the problem and alert the user so that he or she can adopt suitable precautions to reduce to a minimum the potential damage that may caused by the breach.

 

The information provided to users in the event of a breach will specifically indicate:

  • the name and contact data of the Data Protection Officer, or any other contact that can provide information;
  • the measures adopted or proposed by the Legal Representative to remedy the breach of personal data and, if appropriate, to limit the possible negative effects.

Manifattura Mario Colombo & C. will issue a public communication, or take similar measures, and will not be obliged to inform the user if adequate technical and organisational measures are implemented to protect the data affected by the breach, if measures are subsequently adopted to prevent the user’s rights being placed at high risk again, or when the communication would require a disproportionate effort. In any case, Manifattura Mario Colombo & C. will consider whether it is opportune – even if it is not strictly compulsory – to keep the user informed.

Where necessary, Manifattura Mario Colombo & C. will also inform the Data Protection Authority of the breach within 72 hours.

For this reason, if a breach comes to the attention of a Data Processor, or another processor appointed thereby, he or she must notify the violation, within 12 and 24 hours respectively of discovery.

Any breaches of personal data may be notified by writing to infoedatabreach@mmcol.it.