Skip to Content (Press Enter) Skip to Footer (Press Enter)
Enjoy free shipping and return on all orders

Privacy Policy

Privacy Policy

1. Introduction

Gianvito Rossi S.r.l. takes your privacy and the security of your personal data very seriously; this is why we collect and process them with the utmost care and attention, adopting specific and appropriate technical and organisational measures to ensure that their processing is fully secure.

This Privacy Policy (“Policy”) describes how your personal data will be processed in ways that ensure their security and confidentiality and – on paper, by computer and electronically, in accordance with the various data protection laws that may apply, such article 13 of European Regulation 2016/679 (the General Data Protection Regulation – "GDPR” or “Regulation”) and the Data Protection Code (“DP Code”), as amended by Legislative Decree 101/2018 (jointly, “Legislation”), or the California Consumer Protection Act (“CCPA”) (collectively “Data Protection Laws”).

The Policy applies:

A) if you visit our website, whether you decide simply to browse and use our services, without purchasing any of our products, or decide to purchase one or more products (“Online”);

B) if you give us your personal data when visiting GIANVITO ROSSI's physical stores and/or when making purchases in those stores (“In-Store”).

The Policy applies to both Online and In-Store processing, unless indicated otherwise.

If you have not already done so, please also read our General Terms of Sale and our Cookie Policy.

2. Definitions

«personal data»: any information relating to an identified or identifiable individual (the «data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It also includes any information that is defined as “personal data” or “personal information” or a similar term under applicable Data Protection Laws;

«processing»: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

«profiling»: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

«controller»: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

«processor»: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

«consent of the data subject»: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

«sell»: the exchange of personal data for monetary or other valuable consideration.

«share»: the disclosure of personal data for the purposes of targeted advertising, where “targeted advertising” means displaying to a data subject an advertisement that is selected based on personal data obtained or inferred over time from the data subject’s activities across non-affiliated websites, applications, or online services to predict the data subject’s preferences or interests.

3. Controller

Your personal data will be processed, manually or using automated systems, by Gianvito Rossi S.r.l. (“GIANVITO ROSSI” or the “Controller”), with registered office at Via dell’Indipendenza 15, 47030 San Mauro Pascoli (FC), in its capacity as the Controller in accordance with the Data Protection Laws.

Should you have any questions or requests concerning the processing of your personal data, you can contact the Company at any time by sending your query to:

Controller

Company name: Gianvito Rossi S.r.l.

Registered office address: Via dell’Indipendenza 15, 47030 San Mauro Pascoli (FC)

E-mail address: privacy@gianvitorossi.com

Data Protection Officer’s address: dpo@gianvitorossi.com

4. Type of data processed; purposes and legal basis of the processing

The personal data that our company will process are those that you provide to us:

A) (Online) while you browse or use the online services offered by our company through our website www. gianvitorossi.com; meaning details such as your name, surname, date and place of birth, residence/domicile and tax code; your telephone number/email address, IP address, shipping address, clothing size, and naturally your access credentials, the purchases you make and the services you request, as well as the products you look at and/or place in your shopping basket, and your browsing history.

B) (In-Store) when you visit our physical stores, or when you come into direct contact with our staff; meaning details such as your name, surname, date and place of birth, residence/domicile and tax code; your telephone number/email address, IP address, shipping address, clothing size, and naturally your personal preferences and purchase history.

We will not process any special categories of data, as referred to in article 9 GDPR, or any personal data relating to criminal convictions and offences, as referred to in article 10 GDPR.

The following chart table identifies:

  • The categories of personal data collected
  • The purpose for which it used
  • The legal basis for such processing
  • The source from which it is collected
  • The categories of third parties to whom it is disclosed
  • Whether it is shared for cross-contextual advertising purposes.

Personal data collected

Purpose

Legal basis

Context

Sources

Third Parties

Shared

A

Online identifiers, internet protocol address, internet and electronic network activity

To find out what your experience of our website and services has been like, and to ensure that our web pages and their contents function properly.

The processing of data for these purposes is based on a legitimate interest of the Controller and does not require the specific consent of the data subject.

Online

Automatically from your use of the online services

Service providers

No

B

Name, email address, postal address

To do direct marketing such as the promotion of product sales, by letter, telephone, automated communication systems (messaging app), email and so on as well as market and customer satisfaction surveys.

The processing of data for these purposes is subject to the user’s freely given and specific consent. An exception is made for marketing messages about products and/or services similar to those already purchased and/or signed up for by the user; in such cases the processing is based on a legitimate interest of the Controller (so-called "Soft Spam").

Online /

In-Store

Directly from you

Service providers

No

C

Identifiers such as name, postal address, online identifiers, and other similar identifiers; commercial information, including records of products or services purchased; internet or other electronic network activity information such as browsing history; Inferences drawn from all the foregoing

To profile customers, also through automated data processing, in order to analyse the personal preferences and choices of users.

The processing of data for these purposes is subject to the user freely and specifically consenting to it.

Online /

In-Store

Directly from you; Automatically from your use of the online services

Service providers

No

D

Identifiers such as name, postal address, online identifiers, and other similar identifiers; commercial information, including records of products or services purchased.

To manage the pre-contractual and contractual relationship, including registration on the website, the preparation of the offer, the completion of sales and the handling of payments, also through external partners.

The processing of data for these purposes is based on the contractual and pre-contractual relationship established with the customer and does not require the specific consent of the data subject.

Online /

In-Store

Directly from you.

Service providers

No

E

Identifiers such as name, postal address, online identifiers, and other similar identifiers; commercial information, including records of products or services purchased.

To comply with statutory obligations, especially administrative, accounting and tax formalities.

Statutory requirements and obligations

Online /

In-Store

Directly from you.

Service providers, legal authorities

No

Although you may freely decide whether or not to provide us with your personal data, we point out that:

  • the provision of data for purposes A), B) and C) above is optional, and failure to provide them might not make it impossible to use the services offered by the company;
  • the provision of data for purposes D) and E) above is necessary. Failure to provide them might make it impossible to use the services offered by the company.

Lastly, please note that after purchasing one of our products you might receive, at the email address you gave us when making the purchase, messages presenting our commercial offers for products and services similar to those purchased.

The legal basis for the above processing is the legitimate interest of the Controller, in cases where, in accordance with article 130(4) of the DP Code, the processing carried out for this purpose does not require your specific consent. You may, however, object to the processing at any time (when giving us your data or when receiving subsequent messages) in order to stop such messaging.

5. Processors and recipients of the data

Your personal data will be processed exclusively by specifically authorised and designated company staff in accordance with article 4(10) of the Regulation and article 2-quaterdecies of the DP Code. These staff have received adequate training in privacy legislation and, when processing data, follow precise instructions from the Controller.

Your personal data will also be sent to the third parties whose services we use to ensure the smooth roll-out of our services and products, and to other companies of the corporate group headed by GIANVITO ROSSI. In some cases, these service providers may collect your personal data directly on our behalf. For example, if you make a purchase online, a third-party payment processor will collect your personal and financial data directly in order to complete the payment process.

These third parties have been properly selected by us and offer adequate assurances that they will comply with the rules on the processing of personal data.

Where these third parties process personal data for which GIANVITO ROSSI is the Controller under Legislation, they have been appointed as Processors in accordance with article 28 of the Regulation. In performing their duties they must follow the instructions of the company, under its supervision.

These third parties may be:

  • GIANVITO ROSSI's subsidiary and/or associate companies (such as Gianvito Rossi Coast LLC and Gianvito Rossi West Coast LLC);
  • collaborators or suppliers of the Controller, in the course of duties and/or contractual obligations arising in the performance of contractual relationships with data subjects; examples of the Controller's suppliers are banks and credit institutions, insurance companies and legal advisors; shippers; suppliers of software and related assistance;
  • the tax authorities and other national and/or international bodies to which it is compulsory to report.

An up-to-date list of these third parties is available at the Controller's registered office and can be consulted upon request.

Your personal data will not be disclosed to third parties so that they can use them for their own marketing purposes and they will not be circulated in any way, except to those parties whose right to access the data is recognised by law.

6. Transfer of data outside the EU

Your personal data will be processed mainly within the European Union; however, it may happen that they are transferred, for the purposes described in section 4 above, to parties located in third countries (outside the EU).

Your personal data will be transferred to third parties resident or located in non-EU countries that do not ensure adequate levels of protection only if:

‒ you consent to this, or

‒ the company and said third parties enter into special agreements that contain appropriate safeguards and guarantees to protect your personal data – so-called "standard contractual clauses", approved by the European Commission, or

‒ the transfer is necessary in order to execute and perform a contract between you and the company or to handle your requests.

7. Data retention

Your data will be stored for a limited period of time, which varies according to the type of processing and its particular purposes, as described below:

  • Your browsing history will be deleted – unless any illegal activity is detected – no later than 48 (forty-eight) hours after the data are collected.
  • Data collected for marketing purposes will be processed for a maximum of 24 months after you give or reconfirm your consent, or after your most recent display of interest in GIANVITO ROSSI's products and/or initiatives. Information about purchases will be processed for marketing purposes (including marketing purposes based on a legitimate interest as per article 130[4] of the DP Code ‒ so-called "Soft Spam") for a maximum of 12 months after the relevant purchase.
  • Data concerning services offered on the website will be stored for the period necessary to supply the service and to verify that it has been provided; normally, therefore, data will be stored for a maximum of six months after the service is used.
  • Data concerning the contractual relationship will be stored for the duration of the contract and – solely in the case of data needed after the contract terminates – for as long as it takes to fulfil all and any statutory obligations and to provide the protections, contractual or otherwise, connected to or deriving from the contractual relationship; normally, therefore, data will be stored for a maximum of ten years after the contractual relationship ends.

At the end of those periods, your data will be permanently erased or, in any event, rendered irreversibly anonymous by the company.

8. Your rights

You may exercise the following rights in relation to the personal data covered by this information sheet; these rights are established and guaranteed by the Regulation.

  • Right of access and right to rectification (articles 15 and 16 of the Regulation): you have the right to access your personal data and request that they be corrected, amended or completed. If you wish, we will provide you with a copy of the data in our possession.
  • Right to erasure ('right to be forgotten') (article 17 of the Regulation): in the cases envisaged by law you have the right to request the erasure of your personal data. After receiving and analysing your request, we will stop the processing and delete your personal data, if the request is legitimate.
  • Right to restriction of processing (article 18 of the Regulation): you have the right to request that the processing of your personal data be restricted, if the processing is unlawful or if you contest the accuracy of the data.
  • Right to data portability (article 20 of the Regulation): in the cases described in article 20, you have the right to obtain your personal data from the Controller, in order to transmit them to another controller.
  • Right to object (article 21 of the Regulation): you have the right to object at any time to your personal data being processed on the basis of a legitimate interest of the company; your reasons for doing so must be explained; before admitting your request, the company will have to examine the grounds on which it is based.
  • Right to lodge a complaint (article 77 of the Regulation): you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data has infringed, or is infringing, your rights.

Additionally, if you are a resident of California, you also have the following rights under the CCPA:

  • Right to know. You have the right to request that we disclose a listing of the types of personal information we have collected about you, the sources of that information, how we use the data (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal data, whether that information has been sold or shared, and the specific pieces of personal information that we have collected about you in the last 12 months. The table in Section 4 sets forth the categories of personal data we have collected in the last 12 months.
  • Right to opt out. You have the right to opt out of the sale of their personal data. Note that we do not sell your personal data, and so there is no sale to opt out of.
  • Right to non-discrimination. We will not discriminate against you for making any request regarding your privacy, including, but not limited to, denying you goods or services, charging you different prices, or providing a different level of quality of goods or services. We may, however, charge a different price or provide a different level of quality of goods or services, if that difference is related to the value provided to you by your data.
  • Authorized agents. You may designate an authorized agent to make a request on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.

As regards processing carried out with your consent, you mayrevoke that consentat any time, without this affecting the lawfulness of the processing carried out before the revocation. Likewise, at any time (and thus when or after providing the data) you may express your wish not to receive marketing messages sent to you under article 130 of the DP Code ("Soft Spam") or other Data Protection Laws.

At any time you may exercise your rights with regard to specific forms of processing of your personal data by the company.

Without prejudice to any of the above, we remind you that the above rights can also be exercised by anyone acting in their own interests, or acting in order to protect you, in their capacity as your representative, or acting for family reasons that merit protection, as per article 2-terdecies of Legislative Decree 101/2018.

These rights can be exercised by emailing us at privacy@gianvitorossi.com, by writing by ordinary post to the address of the Controller indicated in section 3 above, or by directly emailing the DPO at dpo@gianvitorossi.com .

Further information about your rights can be obtained by asking the Controller for the full wording of the articles cited above.

9. Security measures

The company adopts appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. It has made technical, logistical and organisational arrangements to prevent damage to data, losses of data (even accidentally), tampering with data, misuse of data, and unauthorised use of data.

Controllers cannot be held responsible for incorrect information sent by a user (such as a wrong email or postal address), or for information supplied by a third party about a user, even fraudulently.

10. Changes to this information sheet

Because our services are constantly evolving, there may be changes in the personal data processing described above. Over time this information sheet may change or expand, to reflect changes in data protection law, or developments/changes in our services.

We invite you, therefore, to regularly check our information sheet: where possible, we will try to inform you in good time of any changes and their implications.

An up-to-date version of this information sheet will be published on the company's website and will specify the date on which it was last revised.

11. Date of last revision

11/12/2021

Top Back to top