Browsing Data Policy
Identity and contact data of the Data Controller
Calzaturificio S.C.A.R.P.A. S.P.A., henceforth “SCARPA” or “Data Controller”, head offices at 1 Via Enrico Fermi, Asolo (TV) 31011, which can be contacted via email at info@scarpa.net, certified email (PEC) at calzaturificioscarpaspa@legalmail.it or via telephone at +39 0423 5284.
Purpose and legal basis
A. Verification of the proper functioning of the services and thereby allowing use of the website: as part of their normal operation, the IT systems and software procedures which ensure the functioning of this website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of computers and the devices used by users, the addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
B. Statistics: information which provides insight into how visitors interact with the website is acquired with the scope of obtaining statistics.
C. Profiling: visitor tracking data is obtained in order to create a profile based on the interest manifested while using the website and, as a consequence, to present advertisements which are in-line with previously identified preferences.
D. Responses to communications conveyed through published contact details: when users contact the Data Controller via one of the means of contact published on the website, the information which is transmitted of the user’s own accord is collected in order to process and fulfil the request.
E. Legal defence: the Data Controller may need to process personal data for the management of disputes and litigation, in or out of court.
|
Purpose |
Legal basis (general data) |
|
A. |
Contract fulfilment |
|
B. |
Consent |
|
C. |
Consent |
|
D. |
Completion of pre-contractual activities; Legitimate interest of the Data Controller to respond to requests received. |
|
E. |
Legitimate interest of the Data Controller to establish, exercise or defend a right. |
Cookies
Some of the purposes listed above may be carried out through the use of temporary markers (cookies). For more information, please see the “Cookie policy”
Storage of data
|
Purpose |
Duration of storage |
|
A. |
Please refer to the information found in the Cookies section |
|
B. |
Please refer to the information found in the Cookies section |
|
C. |
Please refer to the information found in the Cookies section |
|
D. |
The time period necessary to fulfil the requests received and all subsequent interactions. |
|
E. |
10 years from the definitive resolution of the dispute. |
Nature of the data transfer and consequences of refusal
|
Purpose |
Nature |
Consequences |
|
|
A. |
Necessary |
Inability to access and use the website. |
|
|
B. |
Optional |
Inability of the Data Controller to carry out processing for statistical purposes. |
|
|
C. |
Optional |
Inability of the Data Controller to carry out analytical processing to understand user preferences and for users to receive advertisements which align with their demonstrated interests. |
|
|
D. |
Necessary |
Inability to receive the requested information. |
|
|
E. |
Necessary |
Inability to manage disputes. |
|
Scope of disclosure
All data collected and processed may be transmitted to in-house employees authorized to process data in accordance with their respective duties, as well as to the following categories of external parties, in relation to the distinct purposes of processing:
|
Purpose |
External recipient categories |
|
A. |
Entities other than the Data Controller listed in the “Cookies” section |
|
B. |
Entities other than the Data Controller listed in the “Cookies” section |
|
C. |
Entities other than the Data Controller listed in the “Cookies” section |
|
D. |
Agents, commercial consultants. |
|
E. |
Law firms; Judicial authorities. |
Because data are processed with methods that include the use of computerized tools, they may also be accessed by individuals who provide assistance/maintenance for said systems.
Data transfers to third countries or international organizations
The Data Controller transfers personal data to the countries listed below, under the following conditions:
|
Purpose |
Country |
Lawfulness of the transfer derives from |
|
A. |
Please refer to the information found in the “Cookies” section |
|
|
B. |
||
|
C. |
||
|
D. |
|
|
|
E. |
|
|
Rights of the Data Subject
The individual to whom the personal data refers to has the following rights:
Access: data subjects can find out whether or not their personal data are being processed and, where that is the case, access the personal data and obtain a copy.
Rectification: the data subject can request that their personal data be updated, corrected (if inaccurate) and completed, if incomplete.
Erasure: data subjects can obtain the erasure of their personal data when certain conditions are met (for more information, contact the Data Controller).
Restriction: data subjects can request that their data are marked so as to limit their future processing, when certain conditions are met (for more information, contact the Data Controller).
Objection: it is possible, on grounds relating to one’s individual situation, to object to the processing of personal data when said processing is necessary for the purposes of legitimate interests or for the completion of a task in the public interest or connected to the exercise of public powers vested in the Data Controller.
Portability: data subjects can receive, in a structured format, the personal data provided to the Data Controller and request that said data be transmitted to another data controller when the processing is based on consent or on a contract and is carried out by automated means.
Withdrawal of consent: it is possible to withdraw consent for the purposes for which it was requested, without prejudice to the lawfulness of the processing carried out before withdrawal.
The concrete rights which can be exercised relative to personal data processing which has been carried out are:
|
Purpose |
Right |
||||||
|
|
Access |
Rectification |
Erasure |
Restriction |
Objection |
Portability |
Withdrawal of consent |
|
A. |
X |
X |
X |
X |
|
X |
|
|
B. |
X |
X |
X |
X |
|
X |
X |
|
C. |
X |
X |
X |
X |
|
X |
X |
|
D. |
X |
X |
X |
X |
X |
|
|
|
E. |
X |
X |
X |
X |
X |
|
|
To exercise the aforementioned rights, please fill in the form found at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and send it to privacy@scarpa.net. Data subjects can use that same email address to learn more about the information listed herein (e.g., the “balancing test” for legitimate interests or the list of data processors).
It is possible to submit a complaint to the Data Authority. In Italy, that authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it).
