Folli Follie Group LogoFolli Follie Group Logo
en

Privacy Policy

1. Background

1.1. FOLLI FOLLIE GROUP S.P.A. (Tax Code 93040550209, VAT No. 02022230201, CEM: follifolliegroup@legalmail.it) with registered office in 46100 - Mantova (MN), Italy, Via Chiassi, n. 103, (hereinafter "Company"), as owner of the website linked to the internet domain name “follifolliegroup.it” (hereinafter referred to as "Site"), with this Privacy Policy (hereinafter referred to as "Privacy Policy"), made pursuant to EU Regulation 679/2016 (hereinafter referred to as "GDPR") and applicable national data protection legislation, informs Users browsing the Site (hereinafter “Users”) how their personal information is handled (hereinafter, "Data") and allows them to give an express and informed consent to the processing of Data where requested.

1.2. The information is provided only for the Site and not for third party websites that may be consulted by the User through links on the pages of the Site.

1.3. By accessing and using the Site, the User acknowledges that he has carefully read this Privacy Policy and accepts its purposes and methods of processing. If not in agreement with what is stated in this Privacy Policy, the User is invited to leave the Site and, in any case, not to use its contents and/or services.

1.4. All Data sent by the User (name, surname, e-mail address, telephone number, etc.) are acquired, saved, and processed exclusively in accordance with the GDPR.

1.5. Processing of Data means any operation or complex of operations, carried out even without the aid of electronic tools, concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction of data, even if not recorded in a database (hereinafter referred to as "Processing").

2. The Data Controller

2.1. The Company is the Controller of the Data Processing. The contact details of the Company are as follows:

Company name: FOLLI FOLLIE GROUP S.P.A..
Registered address: 46100 - Mantova (MN), Italy (IT), Via Chiassi, n. 103
E-mail address: privacy@follifolliegroup.it
CEM address: follifolliegroup@legalmail.it
Tax Code 93040550209
VAT No. 02022230201

3. Data subject to processing

3.1. The following Data are processed:

  1. Navigation data: the hardware and software of the Site acquire certain Data whose transmission is implicit in the use of Internet communication protocols. This information could, through processing and association with data held by third parties, allow to identify the Users. This category of data includes the IP addresses of the computers used by users who connect to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the User. We may also receive information about your geographical location and your electronic device. This Data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and is deleted immediately after processing. The Data may be used to ascertain liability in the event of hypothetical computer crimes against the site: save this eventuality, the Data on web contacts do not persist for more than seven days. Your Geographic Location Data may be used to provide information, proposals, and other localization-based personalized content. If you do not want to share information about your location, you will have to disable location services on your device.
  2. Data provided voluntarily by the User: Data entered on the Site by the User (when subscribing to the newsletter or contacting by filling in the form) as well as the Data sent by the User by e-mail to the e-mail addresses indicated on the Site (including the sender’s e-mail address and any other Data entered in the letter).
  3. Cookies: The Site uses cookies to make the User’s navigation easier, faster, intuitive and to allow a better functioning of the Site. For more information about the cookies on the Site, please refer to the Extended Cookie Policy (hereinafter, "Cookie Policy").

4. Purpose of Processing

4.1. The Company processes Users Data for the following purposes (hereinafter, "Purpose"):

  1. for the creation of a database of Users interested in the Site and the services offered by it;
  2. for the management of Users' requests, technical, commercial and other;
  3. to comply with legal obligations (including those of a fiscal nature) and protect their prerogatives;
  4. for marketing purposes, including sending newsletters and/or other promotional messages via email;

5. Legal basis for processing

5.1. The Company treats the Data:

  1. for the fulfillment of contracts to which the User is a party and for the execution of pre-contractual measures taken at the request of the User, as provided by art. 6 paragraph 1, lett. b) GDPR;
  2. for the fulfilment of a legal obligation to which the Company is subject, pursuant to art. 6, letter c) GDPR;
  3. on the basis of the Company’s legitimate interest, pursuant to art. 6, letter f) GDPR;
  4. subject to the User’s consent, pursuant to art. 6, letter a) GDPR, for marketing purposes.

6. Method and place of Data Processing

6.1. The Data are processed with automated tools for the time strictly necessary to achieve the Purpose for which they were collected.

6.2. The Company has adopted technical solutions and security measures that guarantee the security of the Data and prevent their alteration, loss, Incorrect treatment, or unauthorized access.

6.3. The Processing related to the services of the Site may take place on servers of third parties that will offer hosting services on behalf of the Company, including cloud.

6.4. In case of transfer of data outside the European Union, such transfers will take place ensuring adequate levels of data protection, in accordance with the applicable provisions on the protection of personal data, pursuant to art. 45 and 46 of the GDPR.

7. Communication of Data to third parties

7.1. The Data collected and stored in the Company’s databases will be processed by its employees and/ or collaborators in charge of the processing of such Data (hereinafter, "Data Processors").

7.2. The User’s data may also be processed by third parties, which the Company uses to carry out activities on its behalf (for example, analyzing data, storing data, sending newsletters or other commercial and other communications, aiding Users, etc.).

7.3. The Company provides these parties with only the Data necessary to perform the agreed activities and they act as data processors (hereinafter, "Data Processors"). These subjects have been selected because they are considered to have adequate experience, ability and reliability and are suitable to ensure full compliance with current privacy regulations. The User may request the list of Data Processors by writing to privacy@follifolliegroup.it.

7.4. With reference to the scope of communication of the Data, the Data provided by the User or otherwise collected may be communicated to the following subjects or categories of subjects:

  1. public administrations, for the fulfilment of obligations provided by law, regulations or national or Community legislation;
  2. parent companies, subsidiaries or associates of the Company;
  3. other companies or natural persons contractually linked to the Company and specifically responsible for processing the Data on behalf of the Company.

8. Nature of data provision

8.1. Some fields requested on Site (which may be marked with an asterisk or another symbol) may be mandatory, for example, to allow a valid subscription to the Site newsletter.

8.2. By entering your Data on Site, the User guarantees that the personal information provided is correct and up to date. Furthermore, you acknowledge that you are solely responsible for the Data you provide, be it personal data, photos, comments or otherwise, disclaiming the company from any liability.

8.3. The provision of Data the Company may process for marketing and profiling purposes is optional. Failure to consent to the processing of Data for these purposes or the subsequent withdrawal of consent does not prevent the possibility of browsing the Site and making purchases through the same.

9. Withdrawal of consent

9.1. You can revoke your consent for marketing (including sending newsletters) or profiling by the Company at any time by sending an e-mail to privacy@follifolliegroup.it.

9.2. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.

10. Minors

10.1. The newsletter and contact form service of the Site is not aimed at minors under the age of 16 or minors whose age makes the processing of their Data illegal or requires parental consent for the processing of their Data pursuant to other local laws (hereinafter, "Age Limit").

10.2. The Company does not knowingly collect Data from minors below the Age Limit. The Company therefore asks those who are under the Age Limit not to subscribe to the newsletter, not to use the contact form of the Site and not to provide any personal data.

10.3. If you are a parent of a child below the Age Limit and notice that your child has provided Data to the Company, please contact us by sending an email to privacy@follifolliegroup.it. We also remind you that you can exercise the rights described in the "Rights of data subjects" section of this Privacy Policy.

10.4. If the Company becomes aware that it has collected Data from a child below the Age Limit, it will take reasonable steps to delete such Data.

10.5. In any case, by registering with the Site or on any voluntary provision of Data to the Site, the User confirms that he is above the Age Limit.

11. Data Retention Period

11.1. The Data processed during the activity are stored by the Company for the time necessary to pursue the specific purposes of each Processing and to ensure compliance with the applicable laws.

11.2. The Data processed for the fulfillment of contractual commitments, including pre-contractual activity, are stored by the Company for 10 (ten) years from the execution of the contract or, if the contract is not concluded, for as long as necessary to respond to your requests.

11.3. The Data processed in the context of the management and maintenance of the company’s accounts are kept for the time necessary to comply with the tax and record-keeping obligations.

11.4. The e-mail address collected to subscribe to the newsletter will be kept until the revocation of the User’s consent, to be exercised in accordance with the "Revocation of consent" section of the Privacy Policy.

11.5. With reference to the storage of data collected through cookies placed on the Site, please refer to the "Cookies installed on the Site" section of the Cookie Policy.

12. Rights of Users

12.1. Users can at any time exercise the rights provided by the legislation on the protection of personal data, pursuant to art. 15 - 22 of the GDPR, including the right to:

  1. obtain from the Data Controller the confirmation that a Data Processing concerning him or her is in progress and in this case, to obtain access to personal data, to know the purposes of the processing, the categories of Data processed, the recipients or categories of recipients to whom the Data have been or will be communicated, the retention period of the Data (if this is not possible, the criteria used to determine the retention period), if the Data are not collected from the data subject, all available information on their origin, the existence of automated decision-making, including profiling (Art. 15 GDPR);
  2. obtain from the Data Controller, without justified delay, the rectification of inaccurate personal data concerning him without undue delay and the integration of incomplete personal data (Art. 16 GDPR);
  3. obtain from the Data Controller, without justified delay, the cancellation of personal data concerning him (art. 17 GDPR);
  4. obtain from the Data Controller the limitation of the processing if the data subject contests the accuracy of the personal data pending the Data Controller verifies the accuracy of such personal data; the processing is unlawful and the data subject has opposed the deletion of personal data and requests that its use be restricted; personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the data subject has opposed the processing pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the data subject (art. 18 GDPR);
  5. receive from the Data Controller the personal data concerning him and transmit such data to another data controller without hindrance by the Data Controller (art. 20 GDPR);
  6. object at any time, for reasons related to its situation, to the processing of personal data concerning it pursuant to art. 6, par. 1, lett. e) and f) and for direct marketing purposes, including profiling on such bases (art. 21 GDPR);
  7. not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects that affect him or that have a similar significant impact on his person (Art. 22 GDPR);
  8. lodge a complaint with the competent supervisory authority.

12.2. Requests for the exercise of rights pursuant to art. 12.1 should be sent to the contact e-mail of the Data Controller and will be processed without undue delay, in any case, within a month of the application. This period may be extended by a maximum of 2 (two) months, if necessary, considering the complexity and number of requests. In this case, the Data Controller will inform the data subject of the extension, the reasons for the delay, within one month of receiving the request. If the Data Controller does not comply with the User’s request, the Data Controller will inform the User without delay, and at the latest within one month of receipt of the request, the reasons for non-compliance and the possibility to lodge a complaint with a supervisory authority and to bring legal proceedings.

13. Changes to the Privacy Policy

13.1. The Privacy Policy may be subject to changes and updates. Users are invited to consult it periodically.

13.2. Last revision made on: 1st March 2024.