Imperial Fashion Commercial App

IMPERIAL PRIVACY

Privacy statement for the app Imperial Commercial

This privacy statement is governed by Italian law and pursuant to article 13 of legislative decree no. 196/2003 “Personally Identifiable Information Protection” issued to whoever accesses and uses the App…., created by Imperial S.p.A. for professionals.

This privacy statement has been specifically compiled for the App and users are advised to consult the company’s general policy at www.imperialfashion.com, owned by Imperial S.p.A., for comprehensive overview of its policies and services.

Imperial S.p.A. (hereinafter, the “Company”), considers the privacy of the users of its App of the utmost importance and it shall do all in its power, including the use of the most advanced technologies available, to guarantee that the handling of users’ personally identifiable information is conducted in full respect of users’ dignity, rights and fundamental liberties. Consequently, the Company has drawn up a privacy statement to explain how and why Company collects, stores and uses personally identifiable information as well as the choices open to users regarding the manner with which such collection and handling may take place.

Data Controller

The use of the App enables the Company to handle data referring to identified or identifiable persons.

The Data Controller is Imperial S.p.A., VAT number 00666471206, Via Dei Lanaioli 42, Blocco 11, I-40050, Centergross – Funo di Argelato (Bologna- Italy), Tel. +39 0516646072, Fax +39 051863482, email: web@imperialfashion.com, PEC imperial@pec.imperialfashion.com, in the person of its legal representative pro tempore.

Concurrently with the acquisition of products and/or access to services, it may, at present, happen that, depending upon the service requested, the personally identifiable information provided will be handled in conformity to law by the following data-handling managers:

1. Imperial SPA, whose remit is the handling of data necessary for forwarding, delivering and returning products acquired through the site;

2. Imperial SPA who performs data handling in respect of the management and maintenance services for Imperial S.p.A’s servers;

3. Imperial SPA, who handles the data necessary for the supply of call-centre services and customer-care to users.

Purposes of data handling

The personally identifiable information of users of the App Imperial Commercial is handled for the following purposes and in the following manner: to the degree necessary to provide the service and respond to purchase requests advanced by users; to maintain relations with users by means of promotional communications, the monitoring of levels of customer satisfaction, market surveys, and economic/statistical analysis; to perform marketing activities, forward commercial information and carry out analyses and the monitoring of App users’ behaviour.

Data handling policy

Imperial S.p.A. attaches great importance to confidentiality, as also to the safeguarding and security of the personally identifiable information of the subjects with whom it comes into contact. Consequently, with regard to data handling, the Company abides by the following principles:

1. personally identifiable information shall only be handled for the purposes stated and with the procedures indicated in the privacy statement illustrated at the time of its collection;

2. personally identifiable information can only be used for purposes additional to the purposes for which it is provided if the former are compatible with the latter;

3. making personally identifiable information available to third-party companies for purposes strictly allied to the provision of the service requested and within the remit of the manager appointed to oversee its handling; such information shall not be communicated or transferred to third parties who intend to handle it for their own account without first informing users and obtaining their consent;

4. dealing with requests for cancellation, modification and supplements to the personally identifiable information provided as also with a refusal to allow Imperial S.p.A. to make use of the information in order to forward commercial and advertising information;

5. ensuring that personally identifiable information is correctly and lawfully handled and in such a manner as to safeguard users’ privacy, and, secondly, that appropriate security measures are adopted to protect the confidentiality, integrity and availability of the information provided.

Place of data handling

The handling of the personally identifiable information collected by the App shall take place at the registered office of Imperial S.p.A. and by subjects (salaried and non-salaried staff, national and foreign) specifically appointed for this task by Imperial S.p.A. or by other companies managed and coordinated by parent companies or by third-party companies specifically tasked to perform the activities necessary to achieve the objectives for which the information is collected and handled.

Data handling procedures

The handling of the personally identifiable information collected by the App for the foregoing purposes shall take place by manual and electronic storage and in compliance with the minimum-security measures stated in Annex B of legislative decree 30 June 2003, no. 196.

The personally identifiable information may be communicated to companies subject to management and coordination by Imperial S.p.A. in Italy and/or abroad as well as to third-party companies that perform activities required for the achievement of the data handling objectives on Imperial S.p.A.’s behalf but without prejudice to the levels of security involved and the purposes for which the information is handled.

The information shall not be disclosed or communicated to third parties, with the exception of the circumstances stated above as also whenever required by the law in force.

Providing personally identifiable information

The symbol (*) placed at the side of the information requested indicates that its provision is mandatory and a natural consequence of the user’s adhesion. In the event of refusal to provide Imperial S.p.A. with any information indicated as mandatory, it will be impossible to achieve the principal purpose for which the requested information is collected. Moreover, the refusal may impede Imperial S.p.A. from performing a purchase contract or providing other services.

However, we must also point out that the IT systems and software procedures necessary for the App’s implementation can, in the course of ordinary operations and by virtue of the Internet communication protocol adopted, acquire personally identifiable information on the User as also information on the smartphones and devices used. This category of information includes, but is not limited to, the user’s geographical position, the identity of the mobile phone, the user’s contacts, emails, contacts in his/her agenda, and microphone and transmission devices including the camera of the device used.

Purpose of data handling – its mandatory or optional nature and the consequences of refusal

The information is exclusively collected and handled for the following purposes:

The provision of information for the purposes stated in the stated points nos. 1 and 2 ( ), namely to execute sales orders and make delivery of products or services acquired, is mandatory and any refusal to allow the handling of the information will prevent the performance of services regarding the acquisition of goods and services and registration with the site.

1. Registration or adhesion to services offered by Imperial Fashion, such as, for example, the advantages offered to customers;

2. The fulfilment of orders and related activities;

3. The management of payments, including anti-fraud checks in the event of credit/debit card payments (in this case, the data provided during the purchasing process shall be submitted to the manager responsible for anti-fraud checks);

4. The management of requests: technical, commercial, status of on-going orders and requests for information in general;

5. The dispatch of commercial information, subject to users’ consent and for marketing purposes, through electronic and internet means. Article 130, subsection 4, of legislative decree 196/2003 lays down that the data controller can use personally identifiable information to send advertising emails on products and services similar to those previously purchased unless the user refuses to give his/her consent to its use for this purpose.

Personally identifiable information shall be handled according to the principle of strict necessity and only disclosed to third parties with the user’s consent, unless its communication is required by law or necessary for purposes laid down by law and for which the interested party’s consent is not required. In these cases, personally identifiable information may be made available to third parties that will handle it autonomously and uniquely for the purposes stated above.

The rights of the interested party

The interested party to which the personally identifiable information refers can, at any time, exercise the right to be informed if his/her personally identifiable information is being held and the right to ascertain its content and origin, verify its exactness, request supplements, updates, or corrections, or its cancellation pursuant to the provision of article 7, legislative decree 196/03, by writing directly to the Data Controller.

Article 7. Right to access personally identifiable information and other rights

1. The interested party has the right to be informed if personally identifiable information regarding him or her is being kept, even if it not registered and its transmission to him/her in an intelligible format.

2. The interested party has the right to be informed as to:

a) the origin of the personally identifiable information;

b) the purposes for and the manner in which it is handled;

c) the methodology used if and when such information is handled by electronic equipment;

d) the personal details of the data controller, the persons in charge and the designated representative pursuant to article 5, subsection 2;

e) The subjects or types of subjects to whom the personally identifiable information can be disclosed or who may access it in their capacity as designated representative in the territory of the state, whether managers or appointees.

3. The interested party has the right to obtain:

a) the update, correction or, if required, the supplement of the information;

b) the cancellation, anonymization or the barring of illegally handled information, including information whose conservation is not necessary for the purposes for which the information was first collected or subsequently handled;

c) the attestation that the operations indicated under subparagraphs a) and b) have been brought to the attention, as regards their content, of the subjects to whom the information has been communicated or disclosed, unless this compliance is found to be impossible or entails a manifestly disproportionate use of resources with respect to the right to be safeguarded;

4. The interested party has the right to disallow, either wholly, or in part:

a) the handling of the personally identifiable information that concerns him or her for legitimate reasons, even if the reason for which it was collected still pertains;

b) the handling of the personally identifiable information that concerns him or her if it serves the purpose of forwarding advertising material, direct sales or conducting market surveys or commercial communications.

Users may exercise these rights simply by sending a non-formal request to the Data Controller either directly or through an appointee with power of attorney, which will be promptly followed by an appropriate reply.