JOINT DATA CONTROLLER AGREEMENT
The EXOR Group, consisting of companies operating under the name ‘Tiziana Fausti’ and ‘10 Corso Como’, considers the protection of personal data of its Users to be of fundamental importance, respecting the rights recognised under Regulation (EU) 2016/679 (hereafter ‘the Regulation’) and other applicable personal data protection regulations.
The following are the individual companies belonging to the EXOR Group and their respective websites:
EXOR INC. SRL
10CC GLOBAL SHOP SRL
Each of these companies is the Data Controller, as defined in Article 4, Paragraph7 of the Regulation, ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data’ for the handling of personal data relating to the use of the Websites, while also acting as Joint Data Controller pursuant to and for the purpose of Article 26 of the Regulation exclusively for marketing and profiling purposes (primarily for sending newsletters and specific marketing communications.
To this end, the Joint Data Controllers have entered into a joint ownership agreement which provides for:
- the joint definition of how to process the personal data of data subjects for marketing and profiling purposes
- the joint definition of the procedures for providing timely feedback concerning the exercising of rights as provided for in Articles 15, 16, 17, 18, 20 and 21 of the Regulation
In order to facilitate the relationship between the Data Subject and each Data Controllers in terms of the exercising of the rights and for the aforementioned purposes, the Exor Group has established a ‘privacy contact person’ who can be contacted using the following email address: firstname.lastname@example.org
In any case, the ‘Privacy’ section of the Websites, which contains all the informations concerning the use and processing of personal data, the references for each website and information about contact and channels of communication made available to the Data Subjects by the Data Controller, will be available for consultation at all times.
PROCESSING OF PERSONAL DATA
Pursuant to and for the purposes of Article 13 of European Regulation 2016/279 on the protection of natural persons with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR), as required by the General Data Protection of the European Union (GDPR 2016/679, Article 13), before proceeding with processing, the Data Subject (user of the website www.10corsocomo.com ) is informed that the personal data collected through this site is subject to processing by the Company using IT and/or telematic tools for the purposes indicated in this policy.
The Data Controller of this personal data is 10CC GLOBAL SHOP SRL , with its registered in Portici Sentierone, 43 – 24121, Bergamo, Italy, e-mail email@example.com
For further information regarding the rights of the Data Subject, please see the ‘Rights of the Data Subject’ section of this policy.
INFORMATION ABOUT DATA PROCESSING
The personal data being processed is collected directly by 10CC GLOBAL SHOP SRL or third parties expressly authorised for this purpose or communicated by the Company to said third parties for the pursuit of the purposes described below.
LEGAL BASIS AND PURPOSES OF DATA PROCESSING
Personal data provided by users when browsing the website 10CORSOCOMO.COM are processed by the Data Controller in compliance with current personal data protection regulations. The legal basis of this processing is the provision of services by the company itself in the management and consultation of the website, as well as the management and facilitation of the website and the establishment, execution and possible termination of online sales concluded between the parties and under the obligations of this policy or directly and/or indirectly relating to and/or arising from this policy. The processing of personal data by 10CC GLOBAL SHOP SRL is carried out in pursuit of the following purposes:
Subscription to the Newsletter
in the event that the user decides to subscribe the “Newsletter”, personal data, after receiving explicit consent, will be processed only by the Data Controller for the sending of commercial or promotional communications, relevant updates, etc. To unsubscribe to the newsletter, simply click the unsubscribe link at the bottom of any email received from the email address firstname.lastname@example.org
Registration on www.10corsocomo.com
in the event that a user decides to register on 10corsocomo-theshoponline.com website, only after giving explicit consent, personal data will be processed by the Data Controller for the purposes of registration on www.10corsocomo.com. In particular, by providing name, surname, email address and having set the login password, these will be processed for the creation of a personal account in order to speed up the purchasing process, allow users to view the status of orders and receive updates on any purchases made, change personal settings and update their account, view their returns history and request for goods to be returned, save favourite items to their Wishlist and offer the possibility of joining the loyalty programme if the user so wishes
On-line shopping activities
personal data provided will be used for the setting, management, execution and/or termination of an online sales contract, including the possibility for the seller to send an email to the Customer in the event of failure to finalise the purchase for technical reasons or for shopping cart abandonment. Data provided will be processed by the Data Controller for the purposes of managing the purchase order with reference, for example, to the activities of payment, shipment, receiving any returns, customer support, administrative and accounting purposes relating to the management of the order and to comply to the current regulations and legislation. In case of payment by credit card, the essential information necessary for carrying out the transaction (credit/debit card number, expiry date, security code) will be processed by Banca Sella PayPal or, where appropriate, by companies responsible for anti-fraud checks by means of an encrypted protocol and without third parties having access to it in any way. This information will never be displayed or stored by 10CC GLOBAL SHOP SRL
Profiling of the Individual
only after giving eventual and explicit consent, personal data provided may be processed by the Data Controller and/or Joint Controller for the purposes of profiling user activity or analysing preferences in order to create personalised content and offers.
NATURE OF DATA PROCESSING
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to its processing is optional. Failure to provide consent prevents 10CC GLOBAL SHOP SRL to allow a user to subscribe to the “Newsletter” or to receive promotional communications and receiving updates relating to the latest trends, new arrivals, exclusive offers, special events and promotions.
If the user decides to subscribe to the newsletter through the section of the website solely dedicated to this, the provision of personal data and consent to its processing is compulsory.
In relation to the purposes in point 2) of the previous paragraph, the provision of personal data and consent to its processing is compulsory. Failure to provide consent will prevent 10CC GLOBAL SHOP SRL to allow registration on www.10corsocomo.com, create a personal account in order to speed up the purchasing process, view the status of order and receive updates on any purchases made, change personal settings and update the account, save favourite items to the Wishlist and join the loyalty programme if the user so wishes.
In relation to the purposes in point 3) of the previous paragraph, the provision of personal data and consent to the processing is compulsory. Failure to provide consent will prevent 10CC GLOBAL SHOP SRL to proceed with the setting, management, execution and/or the finalisation of the online sales contract and with activities related to the payment, shipment, receiving any returns, customer support, administrative and accounting purposes to the management of the order and to comply with the current legislation.
In relation to the purposes referred in point 4) of the previous paragraph, the provision of personal data and consent to the processing is optional.
Failure to provide consent will prevent 10CC GLOBAL SHOP SRL to carry out profiling activities or the analysis of preferences aimed at creating personalized content and offers.
Personal data processed by the Data Controller are those provided by users when browsing the website www.10corsocomo.com, after registering/signing up to any services/programmes offered by 10CC GLOBAL SHOP SRL and/or for the purchasing of products offered. This data includes information such as the user’s name, surname and email address, as well as the data necessary for providing online sales services, such as data necessary for executing payments and the shipping/exchange of purchased products.
METHODS OF DATA PROCESSING AND STORAGE
The processing of personal data is carried out by the Data Controller in compliance with the provisions of current Privacy legislation. The Data Controller will process personal data using IT and/or telematic tools and using organisational and logical methods strictly relating to the pursuit of the purposes listed in this policy, as well as taking appropriate security measures to prevent unauthorised access to or the disclosure, change or destruction of personal data or their loss and misuse. However, 10CC GLOBAL SHOP SRL cannot guarantee that the measures taken for the security of the website and the transmission of data and information on the website can limit or prevent all risk of unauthorised access or leaking of data by devices belonging to the user. Users of the website are therefore advised to ensure that their computer is equipped with software suitable for the protection and transmission of data within a data network (such as up-to-date antivirus software) and that their Internet Provider has taken appropriate measure for the security of data transmission over this network. 10CC GLOBAL SHOP SRL undertakes also to process data in compliance with the principles of correctness, lawfulness and transparency, to collect it to the exact extent necessary for processing and to restrict its use to only authorised staff. The management and storage of any personal data acquired will be carried out in archive storage facilities or servers located within the European Union owned by the Data Controller and/or third-party companies appointed as External Data processors currently located in Italy.
Regarding the different purposes for which they are collected, personal data will only be kept just long enough to achieve these purposes and will ultimately be processed in accordance with the applicable legal provisions.
Anyway, 10CC GLOBAL SHOP SRL will take care to avoid the use of data indefinitely by proceeding, on a regular basis, to verify appropriately the effective permanence of the interest of the User to which such data refer to.
RECIPIENTS AND DATA PROCESSORS
The data collected will not be distributed or disseminated in any way, but they will be processed within the limits and for the purposes described by Company employees on the basis of appropriate operating instructions (these including administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties appointed as External Data Processors, which Data Controller uses or can use in order to manage the contractual relationship, the provision of the services offered and for the organisational needs of its business activities. In particular, the data can be communicated to
- public and private entities that can access this data in accordance with the law, regulations or EU policies within the limits established by said rules
- entities or persons who require access to the data for purposes related to the contractual relationship between the parties, to the extent necessary for the performance of ancillary tasks (these including banks and credit institutions, technical service providers, IT companies, communication agencies, postal services and shipping companies)
- advisors to the extent necessary for carrying out their professional duties
The updated list of External Data Processors and other approved data processors is kept at the registered office of the Data Controllers and is available to the Data Subject upon request via email at email@example.com or firstname.lastname@example.org
TRANSFER OF DATA ABROAD
The management and storage of personal data will be done on severs belonging to the Data Controller and/or third-party companies appointed as External Data Processors located within the European Union.
Personal data may be transferred abroad in accordance with the provisions of current legislations, even to countries outside the European Union. Transfers to non-EU countries, apart from cases in which this is guaranteed under European Commission Adequacy Decisions, are carried out in such a way as to provide appropriate and pertinent guarantees pursuant to Articles 46, 47 or 49 of the Regulation.
RIGHTS OF DATA SUBJECTS
As a Data Subject, a user may at any time exercise the rights provided for in Articles 15, 16, 17, 18, 20 and 21 of the GDPR, which more specifically confer the right to:
- obtain confirmation from the Data Controller, pursuant to Article 15, that personal data is being processed or not and, if so, obtain access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data has or will be communicated, particularly if the recipients are located in Third Countries or International Organisations; (iv) when possible, the planned retention period of the personal data or, if not possible, the criteria used to determine this period
- obtain from the Data Controller, pursuant to Article 16, the correction of any inaccurate personal data concerning them without undue delay; taking into account the purposes of the data processing, the Data Subject has the right to have their incomplete personal data completed, including by means of providing a supplementary statement
- obtain from the Data Controller, pursuant to Article 17, the deletion of personal data concerning the data subject without undue delay. The Data Controller is obliged to delete personal data without undue delay if one of the reasons listed in Paragraph 1 of Article 17 is applicable
- obtain from the Data Controller, pursuant to Article 18, a restriction of the data processing when one of the hypothesis governed by Paragraph 1 of Article 18 applies
- obtain from the Data Controller, pursuant to Article 20, the portability, i.e. receiving this is in a structured, commonly used format that is readable by an automatic device, of any personal data concerning the Data Subject provided to a Data Controller. The Data Subject also has the right to transfer this data to another Data Controller without the obstruction of the first Data Controller to whom they provided this data, if the conditions listed in Article 20 Paragraph 1 are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if this is technically feasible
- object, pursuant to Article 21, in whole or in part to the processing of personal data concerning the Data Subject.
To exercise their rights, users can send a request to email@example.com or to firstname.lastname@example.org
It should be noted that the Data Subject has the right to revoke their consent at any time without prejudice to the legality of the data processing based on the consent given before the revocation, without prejudice to the aforementioned consequences regarding any refusal to provide said personal data. The Data Subject also has the right to a file a complaint with a Supervisory Authority.
10CC GLOBAL SHOP SRL undertakes to respond to the Data Subject’s requests within the period of one month, except in particularly complicated cases which may take up to a maximum of three months. In any case, the Data Controller will provide the Data Subject with evidence of the reasons for the delay within one month of the request. The outcome of the request will be provided in writing or electronically. In the event of a request for modification, deletion or limitation of processing, the Data Controller undertakes to communicate the results of the requests received from the Data Subject to each recipient of their data, unless this proves to be impossible or requires disproportionate effort.
The Company specifies that a possible contribution may be requested to the Data Subject if the applications are manifestly unfounded, excessive or repetitive; in this regard the Company shall track the User’s requests for intervention.