This Privacy Policy provides information on how the Data Controller collects and processes your data and applies to the following website: www.propugno.com
hereinafter referred to as the "Site".
Privacy Policy, in accordance with the provisions of EU Regulation 679/2016
1. Types of Data Collected
The following personal data is collected and processed by the Data Controller for the purposes set out below:
1.1 Identification and personal data: such as name and surname, date of birth, identity document, payment information for online purchases, and voice recordings during customer service calls.
1.2 Interaction data: such as data collected when participating in events, making online purchases, signing up for loyalty programs, or when returning or exchanging products, including date of birth, age group, profession, telephone number, email address, photo, nationality, gender, language, favorite product categories, details of purchased products, measurements, price, discounts, statistically attributed spending levels, abandoned shopping carts, how users use our services, preferences regarding our collections, and responses to contact requests.
1.3 Data collected during browsing or use of media applications, such as user behavior data recorded through cookies or similar technologies, as detailed in the Cookie Policy, or data contained in the "My Favorites" list".
Personal data is provided directly by the user, for example, by creating an account on one of our websites/apps, when making purchases, or by contacting our Customer Service, or collected passively, for example, through tracking tools such as browser cookies, or through third parties, such as social media platforms. If the user provides information relating to third parties, the user declares that they are authorized to provide such information and agrees to share the contents of this policy with them.
2 Purposes of Processing
The Data Controller processes the Data you provide for the following purposes:
2.1 To enable navigation on its Website.
2.2 For contractual purposes, i.e., to manage the sale of its products and provide sales and after-sales services, including, for example, fraud prevention, returns, product warranties, and customer support; as part of online activities, to create and maintain your personal account and provide the services offered through its websites; and to respond to your requests for information.
2.3 To comply with legal obligations.
2.4 For marketing and profiling purposes, i.e., to send you, with your prior consent, commercial communications relating to products and services via tools such as email, text messages, chat, or postal mail; to offer personalized sales services, including, but not limited to, personal shopping services and free customer support; and to measure satisfaction with the products and/or services offered in order to improve the service offered.
2.5 To send you communications and commercial offers, including newsletters.
2.6 To analyze your personal data, purchasing choices, preferences, and browsing behavior on the Site in order to send you personalized communications and commercial offers.
2.7 For any defensive needs.
2.8 For statistical evaluation and monitoring purposes.
3 Provision of Data
The provision of personal data in relation to the purposes referred to in Sections 21 and 2.2 is mandatory. Failure to provide such data will prevent the Data Controller from providing the requested services. The purpose referred to in Section 2.3 constitutes a legitimate processing of personal data; processing is necessary to fulfill a legal obligation to which the Data Controller is subject.
Once the personal data has been provided, processing is indeed necessary to fulfill the legal obligations to which the Data Controller is subject. For the purposes set out in sections 2.4 and 2.5, provision of data is free and optional, and the use of the data is subject to the data subject's consent. Any refusal to provide data will prevent the Data Controller from pursuing the purposes indicated therein. Providing personal data for the purposes set out in section 2.6 is optional; however, failure to provide it may jeopardize or limit the effectiveness of the service.
Provision of the services offered. The processing referred to in Section 2.7 is carried out to satisfy any defensive needs of the Data Controller. Please note that the processing referred to in Section 2.8, since it does not involve personal data, does not fall within the scope of the personal data protection legislation and can therefore be freely performed by the Data Controller.
4 Processing Methods
Personal data will be processed using computerized tools and/or manual processing for the time necessary to achieve the purposes for which they were collected. In particular, personal data collected for the purposes referred to in paragraph 2 may also be processed with the aid of automated tools, according to procedures and logic strictly related to the purposes indicated above.
5 Recipients of Personal Data
Your personal data may be shared, for the purposes referred to in Section 2 of this Privacy Policy, with:
5.1 Persons authorized by the Data Controller to process personal data, such as: Sales, administration and accounting, after-sales service, CRM, and information systems management personnel.
5.2 Third parties who, in providing services such as accounting, administrative, legal, and tax support and consultancy, technical maintenance, transportation services, and banking services, typically act as data processors. The Data Controller maintains an updated list of appointed data processors and ensures that the data subject has access to it upon request via email.
5.3 Third parties responsible for carrying out the activities referred to in this privacy policy, with whom the Data Controller has entered into commercial agreements.
5.4 Persons, entities, or authorities to whom it is mandatory to disclose your personal data pursuant to legal provisions or official orders.
These parties are hereinafter referred to as "Recipients."
6 Transfers of Personal Data
In order to offer users the same level of service worldwide, we specify that the "Standard Contractual Clauses" developed by the European Commission for the transfer of personal data outside the European Economic Area or other transfer conditions set forth in Articles 45 et seq. of the GDPR may be applied. Personal data is processed only by personnel authorized to access the site and assigned to this purpose or appointed as data controllers.
Your personal data may also be processed by companies that perform services on our behalf, such as companies that provide shipping/delivery services for catalogs and/or products; companies that send newsletters, advertising materials, and promotional communications; companies that provide customer support services; companies that conduct market analysis and research; companies that provide IT system maintenance services; and companies that manage tools for replaying browsing sessions to ensure an optimal end-user experience.
The data collected may also be processed by third parties acting as independent data controllers, such as banks or other companies that provide credit card payment management and Tax Free services, individuals, companies, associations, or professional firms that provide assistance and consultancy services, such as lawyers, accountants, or auditors.
7 Data Retention
The user's personal data will not be retained in a manner that allows for identification for a period longer than deemed reasonably necessary by the Data Controller to achieve the purposes for which it was collected or processed, or as established by applicable data retention legislation. The data collected for the purposes referred to in paragraphs 2.1 and 2.2 will be retained by the Data Controller for the time necessary to perform the contract, with the legal and contractual guarantees provided for this purpose, or in compliance with legal data retention obligations.
Personal data processed for the purposes referred to in section 2.3 will be retained until the time required by the specific obligation or applicable law.
For the purposes referred to in Sections 2.4 and 2.5, your personal data will be processed until you object to the processing.
For the purposes referred to in Section 2.6, your personal data will be retained until you withdraw your consent and, in any case, limited to the purpose referred to in Section 2.6 and related activities, for no longer than seven years from their recording, in accordance with the provisions of the provision of the Italian Data Protection Authority. Likewise, For the purposes referred to in Article 2.7, your data will be retained for no longer than seven years from registration. Upon withdrawal of consent or upon expiration of the seven-year retention period (if earlier), the data processed for the aforementioned purpose will be deleted or permanently anonymized.
In general, the Data Controller reserves the right to retain your data for the time necessary to fulfill any regulatory obligations to which it is subject or to satisfy any legal claims.
Please note that, if your account is deactivated, your personal data will continue to be processed by the Data Controller in accordance with the criteria and principles outlined above for the entire period of 10 months following such deactivation. Please also note that, consistent with the aforementioned criteria and principles, the Data Controller will retain such data even after the expiration of this period and in the event of complete deletion of your account; Please note, therefore, that the expiration of the aforementioned period and the complete removal of your account will not necessarily result in the deletion of your personal data or the revocation of the privacy consent you have legitimately provided. For further information regarding requests for data deletion and withdrawal of consent, please refer to Section 8 "Rights of Data Subjects" of this Policy.
8 Rights of Data Subjects
You may request information about the processing of your personal data and its methods at any time, as well as the rectification and erasure of your data, or the restriction of its processing. You may also object to the processing and/or request that your data be transmitted to another controller.
The Data Controller is required to respond to requests within the timeframes established by applicable law. It is also required to correct inaccurate data, integrate incomplete data, and update inaccurate data.Finally, upon request, it is required to delete the data and limit and/or interrupt its processing, or ensure, where technically possible, its transmission to another controller.
To exercise the above-mentioned rights provided by law, or to request any related information and/or report any issues or problems, the interested party may proceed as follows for a prompt response: send an email to support. If the response is not satisfactory, the interested party may contact the Italian Data Protection Authority.
9 Amendments
We reserve the right, at our sole discretion, to modify or replace this Privacy Policy at any time, which will be effective immediately upon posting on the Site.