Italian Women shoes and sandals


Luzzi Shoes

Privacy & Cookie Policy

Privacy Policy pursuant to art. 13 of Regulation (EU) no. 679/2016 ("GDPR")

The owner of the domain protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation.

As required by the European Union Regulation no. 679/2016 ("GDPR"), and in particular to art. 13, below we provide the user ("Data Subject") with the information required by the law relating to the processing of their personal data.

SECTION I

Who we are and what data we process (art. 13, 1st paragraph letter a, art. 15, letter b GDPR)

The owner of the domain indicated at the bottom of the page, in the person of his legal representative and owner, operates as Data Controller of personal data and can be contacted at the email address indicated at the bottom of the page and collects and / or receives the information concerning the Data Subject, such as:

Personal Data: name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, tax code, VAT number, address / es e-mail

Bank Data: IBAN and bank / postal data (except for the credit card number)

Telematic traffic data: Log, IP address of origin.

The owner of the domain does not require the Data Subject to provide so-called "special" data, or, according to the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person.

In the event that the service requested from the owner of the domain required the processing of such data, the Data Subject will receive a specific information notice in advance and will be asked to give their consent.

At any time it is possible to request information on your data from the contacts indicated.

SECTION II

For what purposes we need the data of the Data Subject (art. 13, 1st paragraph GDPR)

The data are used by the Data Controller to follow up on the request for registration and the contract for the supply of the chosen Service, manage and execute the contact requests submitted by the Data Subject, provide assistance, comply with the legal and regulatory obligations to which the Data Controller is subject according to the activity carried out. Under no circumstances does the owner of the domain resell the personal data of the Data Subject to third parties or use them for undeclared purposes.

In particular, the Data Subject's data will be processed for:

a) registration and requests for contact and / or information material

The processing of the personal data of the Data Subject takes place to carry out the preliminary and subsequent activities to the request for registration, to the management of requests for information and contact and / or sending of information material, as well as to the fulfillment of any other obligation arising from.

The legal basis for these treatments is the fulfillment of the services related to the request for registration, information and contact and / or sending of information material and compliance with legal obligations.

b) the management of the contractual relationship

The processing of the personal data of the Data Subject takes place to carry out the preliminary and subsequent activities to the purchase of a Service, the management of the related order, the provision of the Service itself, the related invoicing and the management of the payment, the handling of complaints and / or reports to the assistance service and the provision of assistance itself, the prevention of fraud and the fulfillment of any other obligation arising from the contract.

The legal basis for these treatments is the fulfillment of the services related to the contractual relationship and compliance with legal obligations.

c) promotional activities on Services similar to those purchased by the Data Subject (Recital 47 GDPR)

The data controller, even without your explicit consent, may use the contact details communicated by the Data Subject, for the purpose of direct sale of its Services, limited to the case where these are Services similar to those subject to the sale, unless the Data Subject explicitly objects.

The legal basis for these treatments is the consent given by the Data Subject prior to the treatment itself, which can be revoked by the Data Subject freely and at any time (see Section III).

d) IT security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the Data Subject relating to traffic to the extent strictly necessary and proportionate to ensure the security of networks and information, i.e. the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.

The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data without prejudice to the obligations arising from the provisions of art. 33 of the GDPR relating to personal data breach notifications.

The legal basis for these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out treatments related to the purposes of protection of the company's assets and security of the premises and systems of the owner of the domain and its suppliers.

e) The owner of the domain does not carry out any type of profiling based on the data acquired and stored

f) fraud prevention (recital 47 and art. 22 GDPR)

the personal data of the data subject, excluding those particular (Art 9 GDPR) or judicial (Art 10 GDPR) will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that perform a verification in an automated and preliminary way to the negotiation of Services;

The negative outcome of these checks will result in the impossibility of carrying out the transaction; the Data Subject may in any case express their opinion, obtain an explanation or challenge the decision by motivating their reasons directly with the owner of the domain via the email indicated at the bottom of the page

the personal data collected for the sole purpose of anti-fraud, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.

g) the protection of minors

The Services / Products offered by the Data Controller are reserved for subjects who are legally capable, based on the national reference legislation, of concluding contractual obligations.

The owner of the domain, in order to prevent illegal access to its services, implements preventive measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the identification data of the identity documents issued by the competent authorities.

e) Communication to third parties and categories of recipients (art. 13, 1st paragraph GDPR)

Third party suppliers: Provision of services (assistance, maintenance, delivery / shipping of products, provision of additional services, network and electronic communication service providers) connected to the requested performance

Credit and digital payment institutions, Banking / postal institutions: Management of collections, payments, refunds connected to the contractual performance

External professionals / consultants and Consulting Companies: Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery

Financial administration, Public bodies, Judicial authority, Supervisory and control authorities: Fulfillment of legal obligations, defense of rights; lists and registers kept by public authorities or similar bodies based on specific legislation, in relation to the contractual performance

Subjects formally delegated or having a recognized legal title: Legal representatives, curators, guardians, etc.

The owner of the domain imposes on the Third party suppliers and the Data Processors the respect of security measures equal to those adopted towards the Data Subject, restricting the perimeter of action of the Data Processor to the treatments connected to the requested performance.

The owner of the domain does not transfer your personal data to countries where the GDPR (non-EU countries) is not applied, unless otherwise indicated for which you will be informed in advance and if necessary your consent will be requested.

The legal basis for these treatments is the fulfillment of the services related to the established relationship, compliance with legal obligations and the legitimate interest of the owner of the domain to carry out treatments necessary for these purposes.

SECTION III
What happens if the Data Subject does not provide his data identified as necessary for the execution of the requested performance? (Art. 13, 2nd paragraph, letter e GDPR)

The collection and processing of personal data is necessary to follow up on the requested services and / or the provision of the requested Service and / or Product.

If the Data Subject does not provide the personal data expressly provided as necessary within the order form or the registration form, the owner of the domain will not be able to follow up on the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

What happens if the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services / Products different from those purchased?

In the event that the Data Subject does not give his consent to the processing of personal data for these purposes, this processing will not take place for the same purposes, without this having any effect on the provision of the requested services, nor for those for which he has already given his consent, if required.

In the event that the Data Subject has given his consent and should subsequently revoke it or oppose the processing for commercial promotion activities, his data will no longer be processed for these activities, without this having consequences or prejudicial effects for the Data Subject and for the requested services.
How we process the Data Subject's data (art. 32 GDPR)

The owner of the domain provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the personal data of the Data Subject and imposes similar security measures on third party suppliers and Data Processors.

Ecco la traduzione in inglese del testo che mi hai inviato:

Where we process the Data Subject's data

The personal data of the Data Subject are stored in paper, computer archives located at the owner of the domain indicated at the bottom of the page subject to the GDPR (EU countries).
How long do we keep the Data Subject's data? (art. 13, 2nd paragraph, letter a GDPR)

Unless he expressly expresses his will to remove them, the personal data of the Data Subject will be kept until they are necessary with respect to the legitimate purposes for which they were collected.

In particular, with regard to the management and provision of the services related to the contact requests submitted by the Data Subject, such data will be kept for no longer than a maximum period of 12 months; also, in the case of joining the contract, they will be kept for the entire duration of the contract itself and in any case for no longer than a maximum period of 12 (twelve) months from the last of the active Services and connected to it, or if, within this term, there are no active Services and / or purchased Products through the contract.

In the case of data provided by the owner of the domain for the purposes of commercial promotion for services different from those already acquired by the Data Subject, for which he initially gave his consent, these will be kept for 24 months, unless the consent given is revoked.

It should also be added that, in the event that a user submits to the owner of the domain personal data not requested or not necessary for the purpose of executing the requested service or providing a service strictly connected to it, the owner of the domain cannot be considered the owner of these data, and will proceed to their cancellation as soon as possible.

Regardless of the determination of the Data Subject to their removal, the personal data will be stored according to the terms established by current legislation and / or national regulations, for the sole purpose of guaranteeing the specific fulfillments, typical of some Services (by way of example but not exhaustive, Certified Electronic Mail, Digital Signature - in this regard see the relevant section).

Also, the personal data will be stored for the fulfillment of the obligations (eg tax and accounting) that remain even after the termination of the contract (art. 2220 c.c.); for these purposes the Data Controller will keep only the data necessary for their pursuit.

Without prejudice to the cases in which the rights deriving from the contract and / or the registration are asserted in court, in which case the personal data of the Data Subject, exclusively those necessary for these purposes, will be processed for the time necessary for their pursuit.

What are the rights of the Data Subject? (articles 15 - 20 GDPR)

The data subject has the right to obtain from the data controller the following:

a) confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:

1.
the purposes of the processing;
2.
the categories of personal data concerned;
3.
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients of third countries or international organizations;
4.
where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
5.
the existence of the right of the data subject to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to their processing;
6.
the right to lodge a complaint with a supervisory authority;
7.
where the data are not collected from the data subject, any available information as to their source;
8.
the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of such processing for the data subject.
9.
the adequate guarantees that the third country (non-EU) or an international organization provides for the protection of data possibly transferred

b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In case of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay

d) the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, if there are reasons provided for by the GDPR in art. 17, for example, if they are no longer necessary for the purposes of the processing or if this is assumed to be unlawful, and always if the conditions provided for by law exist; and in any case if the processing is not justified by another equally legitimate reason;

e) the right to obtain from the data controller the restriction of processing, in the cases provided for by art. 18 of the GDPR, for example if you have contested its accuracy, for the period necessary for the owner of the domain to verify its accuracy. The Data Subject must be informed, in reasonable time, also of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself revoked;

f) the right to obtain communication from the data controller of the recipients to whom the requests for any rectifications or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.

g) the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her and the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided them, in the cases provided for by art. 20 of the GDPR, and the right to obtain direct transmission of personal data from one data controller to another, if technically feasible.

For any further information and in any case to send your request you must contact the Data Controller at the address indicated at the bottom of the page.

In order to ensure that the rights mentioned above are exercised by the Data Subject and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when can the Data Subject object to the processing of his personal data? (Art. 21 GDPR)

For reasons related to the particular situation of the Data Subject, he or she may object at any time to the processing of his or her personal data if it is based on legitimate interest or if it takes place for commercial promotion activities, by sending the request to the owner of the domain at the address indicated at the bottom of the page.

The Data Subject has the right to have his or her personal data deleted if there is no overriding legitimate reason for the Data Controller than the one that gave rise to the request, and in any case if the Data Subject has objected to the processing for commercial promotion activities.

Without prejudice to any other administrative or judicial action, the Data Subject may lodge a complaint with the competent supervisory authority on the Italian territory (Garante per la protezione dei dati personali) or to the one that performs its tasks and exercises its powers in the Member State where the GDPR violation occurred.

Any update of this Information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the Data Subject's data for purposes other than those set out in this Information before proceeding and following the manifestation of the Data Subject's consent if necessary.

NAVIGATION DATA

During the navigation on this site, some navigation data will be acquired, in the normal exercise, which are implicitly transmitted in the use of internet communication protocols. These data relate to the telematic traffic that by their nature are not immediately associated with identified interested parties, but through processing or associations with data held by third parties could allow to identify the users / visitors of the site (such as, for example, IP addresses, type of browser and operating system used by the user, time of access request to web pages). These data are used for anonymous statistical information on visits to the site or to verify its correct functioning, these are stored by the owner of this website for the period strictly necessary and in any case in compliance with the current regulations in force.

COOKIES

Cookies are small text strings that the sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the next visit by the same user. During the navigation on a site, the user may receive on his terminal cookies that are sent by different sites or web servers (so-called "third parties"), on which some elements may reside (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the site that he is visiting. Cookies, usually present in users' browsers in very large numbers and sometimes even with characteristics of wide temporal persistence, are used for different purposes: execution of computer authentication, monitoring of sessions, storage of information on specific configurations concerning users who access the server, etc. In order to arrive at a correct regulation of these devices, it is necessary to distinguish them since there are no technical characteristics that differentiate them from each other based on the purposes pursued by those who use them. In this direction, moreover, the same legislator moved, in implementation of the provisions contained in Directive 2009/136 / EC, has brought back the obligation to acquire the prior and informed consent of users to the installation of cookies used for purposes other than purely technical ones (see art. 1, paragraph 5, letter a), of Legislative Decree 28 May 2012, n. 69, which amended art. 122 of the Code). In this regard, and for the purposes of the provision indicated, two macro-categories are therefore identified: "technical" cookies and "profiling" cookies.

The user can independently manage his own cookie policy through the setting present on his browser, at the expense in some cases of a correct and usable navigation on the website. You can consult the manual of your device or the "Help" or "Help" function of your internet browser regarding this.

We indicate the links related to the most popular internet browsers for managing cookies:



    - Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies

    - Google Chrome: https://support.google.com/chrome/answer/95647

    - Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie

    - Opera: http://help.opera.com/Windows/10.00/it/cookies.html

    - Safari: https://support.apple.com/kb/PH19255


    TECHNICAL COOKIES

Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service" (see art. 122, paragraph 1, of the Code). They are not used for further purposes and are normally installed directly by the owner or manager of the website. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website (allowing, for example, to make a purchase or authenticate to access restricted areas); analytics cookies, similar to technical cookies when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site; functionality cookies, which allow the user to navigate according to a series of criteria selected (for example, the language, the products selected for purchase) in order to improve the service provided to the same. For the installation of these cookies, the prior consent of users is not required, while the obligation to provide information pursuant to art. 13 of the Code, which the site manager, if he uses only such devices, can provide in the manner he deems most appropriate.

THIRD PARTY COOKIES (NOT PRESENT)

During the navigation on the pages of the sites of this site, technical or profiling cookies may be released, managed by third parties and not directly by the owner of this site; Third party cookies are used to detect information on user behavior on the site. The detection takes place anonymously, in order to monitor the performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users, in order to propose advertising messages in line with the choices expressed by the users themselves.

The use of these cookies is governed by the rules prepared by the third parties themselves, therefore, described in the privacy policies indicated below, together with the indications to manage or disable the cookies themselves:



    Per cookie di Google e Youtube : https://www.google.com/intl/it/policies/privacy/

    Per cookie di Facebook: https://www.facebook.com/privacy/explanation

    Per cookie di flickr https://policies.yahoo.com/ie/it/yahoo/privacy/index.htm

    Per cookie di addthis.com http://www.addthis.com/privacy/privacy-policy

    Per cookie di pinterest.com https://about.pinterest.com/it/privacy-policy

Email

Sending and receiving email:

Sending email from this email domain:

Unless otherwise communicated, it is to be considered for the private use of the recipient; therefore, according to the PROTECTION OF PERSONAL DATA (D.L. 196/2003 and 354/2003).
This communication contains confidential information and may also be privileged.
It is for the exclusive use of the intended recipient.
If you are not the intended recipient, please note that any distribution, copying or use of this communication and / or the information contained therein is strictly prohibited.
If you have received this communication by mistake, please inform the sender immediately and then destroy all copies.

Receiving email to this email domain:

Unless otherwise communicated, it is to be considered for commercial use, therefore subject to the privacy policy described above.

You can exercise the rights recognized by the privacy legislation, such as cancellation from the lists etc. by contacting the contacts indicated on the website, whose owner is the depositor.