PRIVACY POLICY

This Privacy Policy provides users of stelecalzaturificio.it ( the “Site” ) with the most complete and clear information on the processing of their personal data through the Site pursuant to the General Data Protection Regulation (GDPR) (EU 2016/679) and the Personal Data Protection Code (DL 196/2003). Pursuant to legal requirements, this Privacy Policy also indicates:

• the nature of the personal information processed;
• the purposes and means of processing personal information;
• the identity and contact details of the data controllers;
• The contact details of the Data Protection Officer (DPO);
• any third parties involved in the processing activities;
• the period for which the personal information will be retained;
• the security measures adopted to protect personal information;
• users' privacy rights.

This Privacy Policy applies solely to the Site and does not concern any website or platform to which the Site may link.

Users under the age of 16 (sixteen) cannot give consent to the processing of personal data without parental authorization.

Data controller

Under the GDPR, the data controller is the entity that, alone or jointly with others, determines the purposes and means of the processing of personal information.

The data controller for the processing of data relating to the activities of the Site is:

• STELE SHOE FACTORY by Galletti Stefania – Via Marina 61- 63821 Porto Sant' Elpidio, FM- Italy

(“DATA CONTROLLER”).

Pursuant to art. 26 of the GDPR, the data controller determines “their respective responsibilities for compliance with the obligations arising from this Regulation, with particular regard to the exercise of the rights of the data subject, and their respective functions for communicating the information referred to in Articles 13 and 14, by means of an internal agreement.”

There is a Data Protection Officer designated to ensure that the Site processes personal information in accordance with the GDPR. The Data Protection Officer can be contacted for any request at the following email address: stele@stelecalzaturificio.it

Personal information. Purpose of processing.

The term “Personal Information” means any information relating to users that personally identifies them, either alone or in combination with other information.

Personal information is collected automatically by the Site or received through multiple sources: forms, chat, email, apps, devices, social media and other means.

The Site processes personal information in various forms for the following purposes:

NAVIGATION DATA

The Site collects non-sensitive navigation data by automatic means in order to enable and improve the user's navigation (for example IP address, date/time of the visit and its duration, any reference URLs, pages visited on the Site, device used and other information).

The processing of such information allows users to access the Site and take full advantage of its features and services. Furthermore, navigation data can be used to verify that the Site is functioning correctly.

From time to time, navigation data is processed anonymously for statistical purposes.

It is unlikely that navigation data will allow the identification of the data subject. However, by their very nature, navigation data may allow the identification of users if associated with other information.

The navigation data described above are stored only temporarily in accordance with applicable law.

ORDERS

At the time of verification, the Site asks users to provide personal information for the essential purpose of fulfilling their purchase orders and complying with contractual obligations (for example, name and surname, e-mail address, delivery address, etc.).

Such personal information is also essential to allow Customer Service to assist customers with requests and any related needs, before or after the sale (for example, regarding the delivery status of the order or product returns).

Personal information relating to orders will be retained for as long as necessary to comply with contractual obligations and applicable tax and financial reporting obligations.

The Site may also verify payment instruments used by customers for purchases on the Site (e.g. credit or debit card, etc.) primarily to prevent fraudulent activities or pursuant to applicable anti-money laundering laws. Since full trust is given to third-party payment processors for payment verification, the Data Controllers do not process or store financial information belonging to customers.

Failure to provide the personal information requested at checkout will prevent users from completing an order on the Site.

Based on its legitimate interest in improving customer relations, the Site will send customers email communications with product suggestions, discounts, feedback requests or other updates. Customers are always free to unsubscribe from such email communications (for example, by clicking on the “unsubscribe” link at the bottom of each email).

REGISTRATION ON THE SITE

When users choose to register for a Personal Site account, they are asked to submit personal information (e.g., date of birth, gender, etc.). The Site clearly indicates what personal information is required (or not) to set up a Site account.

Users must provide true and accurate personal information when registering and are encouraged to keep their personal information up to date (if any changes occur) by logging into their personal account to make any changes.

Users who choose to activate or log in to their Site account through a social media account should be aware that when they connect their Site account to a social media account, the Site collects certain personal information that the user has already provided to that social media account (for example, their email address and public Facebook profile).

The Data Controllers do not oversee or control such social media services or your profiles on these services and do not establish privacy settings or rules regarding how your personal information is used on such services. You are strongly encouraged to read all applicable social media service policies and notices for more information about how they process your personal information.

NEWSLETTER AND MARKETING COMMUNICATIONS

On the Site, users can choose to receive newsletters and commercial communications.

The Site always collects the explicit, free and unequivocal consent of users before sending newsletters and marketing communications to said users or, more generally, before undertaking electronic marketing initiatives dedicated to them.

In such cases, users may be asked to provide personal information in addition to their email address (e.g., gender, country of residence, etc.) in order to receive marketing communications and newsletters that are personalized to the user profile.

Users can always easily revoke their consent to receiving newsletters and commercial communications in the following ways:

• via their account settings;
• by clicking on the “unsubscribe” link in any such email;

PROFILING

Based on the user's explicit consent, the newsletter and marketing communications may be adapted to the user's “profile”, based on the personal information that the Site collects or receives about the user concerned.

For customers of the Site, it is in the legitimate interest of the Site to process personal information to offer more interesting products, improve the Site and personalize the products offered on the Site.

The main purpose of profiling is to propose products, services and initiatives that best meet the tastes, purchasing habits and interests of users and customers.

Personal information may also be used for remarketing, retargeting or profiling purposes, including through third parties (e.g. social networks, etc.).

Neither the Site nor the Data Controller will ever perform profiling activities relating to children.

Cookie

Information relating to the cookies used on the Store Site can be found at the following URL: COOKIE POLICY

Sharing and Transferring Personal Information

The Data Controller may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Data Processors”), in order to carry out the business operations necessary to fulfill their contractual obligations.

The Data Controllers will use their best efforts to ensure that all Processors apply their industry best practices to protect personal information and that they do not use personal information for purposes other than those agreed with the Data Controllers.

For example, the Data Controller may share personal information with the following categories of Processors:

• Couriers and postal operators;
• Fulfillment centers and warehouses;
• Advertising, digital, marketing and social media agencies;
• IT service providers;
• Customer service providers;
• Payment service providers.

In such cases, sharing personal information with the Processors is necessary to allow the Data Controllers to fulfill their contractual obligations and, furthermore, to improve the products and services of the Site.

Users can request an updated list of the Processors involved in the processing of personal information relevant to the activities of the Site by writing an email to: stele@stelecalzaturificio.it

The Data Controller shall always reserve the right to disclose personal information about users as required by law (for example, in response to law enforcement requests) and where necessary to protect the rights of the Data Controllers or their affiliates or third parties.

Furthermore, personal information may be disclosed to other companies within the same corporate group as each of the Data Controllers or to third parties in the event of a corporate restructuring process, in full compliance with applicable law.

In all other cases, the sharing of personal information will be subject to the prior and explicit consent of the user, unless the processing is permitted under an alternative legal basis.

The Data Controller will not transfer any personal information outside the European Economic Area (EEA), unless the user has explicitly authorised such transfer or the transfer of personal information outside the EEA is permitted by the GDPR on another legal basis.

Processing methods and security measures

The personal information of users is processed by the Data Controller with computerized, automated and electronic tools and, in limited cases, using documentary means. In accordance with the GDPR, specific security measures have been implemented to prevent data loss, illicit or incorrect use and unauthorized access.

Only authorized employees of the Data Controller and authorized employees of third-party suppliers, acting as Processors on behalf of the Data Controllers, have access to personal information relating to the activities of the Site. Data processing agreements are in place with the Processors to ensure that they always meet the level of security required by the GDPR when processing personal information relating to the activities of the Site.

Although the Site adopts primary security measures to prevent the loss, destruction or disclosure of personal information, at the same time it cannot exclude the security risks that are naturally inherent in the online transmission of data. The user accepts the risks inherent in providing personal information over the Internet and will not hold the Site responsible for any breach of security, unless such breach is due to the negligence or willful misconduct of the Site.

Retention of personal information

The Data Controller will retain personal information for as long as necessary to provide users and customers with the requested services or to comply with legal or tax obligations or for the minimum period prescribed by law.

In order to determine the appropriate retention period for personal information stored by the Site with the user's consent, the Data Controller will take into account multiple factors to ensure that personal information is not retained for longer than is necessary or appropriate. Such criteria will also include:

• the purpose for which the Site holds personal information;
• legal, tax and regulatory obligations related to such personal information;
• the type of ongoing relationship with the user or customer concerned (how often the user logs into their Site account, whether users continue to receive marketing communications, how regularly they browse or purchase on the Site, etc.);
• any specific request from you relating to the deletion of personal information;
• legitimate commercial interests.

The Site will promptly delete or anonymize personal information that is no longer needed or retained by law.

Connection to third-party websites or platforms

The Site may contain banners, advertisements and other links to third-party websites or platforms. The Data Controller cannot control or be held responsible for the conduct of such third-party websites or platforms in relation to privacy law. Users are encouraged to read their privacy policies to verify how they collect and process personal information.

User rights

Users have the right to receive confirmation as to whether the Data Controllers hold any personal information about them.

In this case, under the GDPR, users also have the rights to:

• • • • be informed about the collection and use of their personal information;
      • access their personal information at no cost;
      • obtain the rectification or completion of inaccurate or incomplete personal information;
      • obtain the erasure of personal information (“the right to be forgotten”);
      • under specific conditions, obtain the restriction or suppression of your personal information;
      • obtain and reuse your personal information for your own purposes across different services when the processing is based on a contract or consent and is carried out automatically (“the right to data portability”);
      • under specific conditions, object to the processing of their personal information;
      • object at any time to the use of personal information for “profiling” or “automated decision-making” purposes.
      • the right to lodge complaints regarding the collection and processing of personal information with the competent supervisory authority;
      • the right to withdraw consent to the processing of personal data at any time.

Users can contact the Site for any request and to exercise their privacy rights at the following email address: stele@stelecalzaturificio.it

CHANGES TO THIS PRIVACY POLICY

Any future changes to this Privacy Policy will be posted on the Site and, where appropriate, notified to users by email. Users are encouraged to frequently review this Privacy Policy to check for any updates or changes.

Last updated: February 14, 2022