Search
HelpFind a store
Country / language: /

Country

Language

Shopping Bag

Your cart is empty

Account Registration Policy

This policy supplements the website use policy with the aim of illustrating in detail how the Data Controller will process the data collected via this form. For that reason, users are asked to read the Browsing Data Policy.


Identity and contact data of the Data Controller


Calzaturificio S.C.A.R.P.A. S.P.A., henceforth “SCARPA” or “Data Controller”, with head offices at 1 Via Enrico Fermi, Asolo (TV) 31011, which can be contacted via email at info@scarpa.net,  and certified email (PEC) at calzaturificioscarpaspa@legalmail.it or via telephone at +39 0423 5284.


Data categories and their sources


SCARPA processes general personal data (e.g. personal information, contact information, etc.). This information is be collected from the data subject directly and/or from third parties (e.g., companies which provide authentication tools such as Shopify).

 

Purpose and legal basis


A.    User registration management: personal data is processed to enable the creation of an account and the subsequent ability to log in to said account.
B.    Social Media Marketing: contact details are shared with digital platform operators that enable the Data Controller to reach a "similar audience", i.e. one with characteristics of interest similar to those of the data subject.
C.    Legal defence: the Data Controller may need to process personal data for the management of disputes and litigation, in or out of court.

 

Purpose

Legal basis (general data)

Legal basis (specific data)

A.

Contract fulfilment

/

B.

Legitimate interest in promoting or raising awareness about its products and services to other people who may have similar interests as the data subject.

/

C.

Legitimate interest of the Data Controller to establish, exercise or defend a right.

Establish, exercise or defend a right.

 

Storage of data

Purpose

Duration of storage

A.

Until the user requests erasure.

B.

Until the right to object is exercised.

C.

10 years from the definitive resolution of the dispute.

 

 

Nature of the data transfer and consequences of refusal

Purpose

Nature

Consequences

A.

Necessary

Inability to create a user account and receive the additional services provided to registered users.

B.

Optional

Inability of the Data Controller to reach a similar audience.

C.

Necessary

Inability to manage disputes.

 

 

Scope of disclosure


Data are processed by in-house employees who have been authorized to carry out specific tasks and shared with external parties pursuant to the following rules

Purpose

External recipient categories

A.

External consultants, companies which offer hosting and/or management services for technological platforms and companies which provide authentication tools.

B.

Companies that operate digital platforms such as Google and Meta.

C.

Law firms; Judicial authorities.

 

Because data are processed with methods that include the use of computerized tools, they may also be accessed by individuals who provide assistance/maintenance for said systems.


Data transfers to third countries or international organizations


The Data Controller does not transfer personal data outside of the European Economic Area.


Rights of the Data Subject 


The individual to whom the personal data refers to has the following rights:


Access: data subjects can find out whether or not their personal data are being processed and, when that is the case, access the personal data and obtain a copy.
Rectification: the data subject can request that their personal data be updated, corrected (if inaccurate) and completed (if incomplete).
Erasure: data subjects can obtain the erasure of their personal data when certain conditions are met (for more information, contact the Data Controller).
Restriction: data subjects can request that their data are marked so as to limit their future processing, when certain conditions are met (for more information, contact the Data Controller).
Objection: it is possible, on grounds relating to one’s individual situation, to object to the processing of personal data when said processing is necessary for the purposes of legitimate interests or for the completion of a task in the public interest or connected to the exercise of public powers vested in the Data Controller.
Portability: data subjects can receive, in a structured format, the personal data provided to the Data Controller and request that said data be transmitted to another data controller when the processing is based on consent or on a contract and is carried out by automated means.
Withdrawal of consent: it is possible to withdraw consent for the purposes for which it was requested, without prejudice to the lawfulness of the processing carried out before withdrawal.

The concrete rights which can be exercised relative to personal data processing which has been carried out are:

 

Purpose

Right

 

Access

Rectification

Erasure

Restriction

Objection

Portability

Withdrawal of consent

A.

X

X

X

X

 

X

 

B.

X

X

X

X

X

 

 

C.

X

X

X

X

X

 

 

 

 

To exercise the aforementioned rights, please fill in the form found at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and send it to privacy@scarpa.net. Data subjects can use that same email address to learn more about the information listed herein (e.g., the “balancing test” for legitimate interests or the list of data processors).


It is possible to submit a complaint to the Data Authority. In Italy, that authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (www.garanteprivacy.it).