Privacy Policy
Please read carefully this Privacy Policy (hereinafter, "Privacy Policy"), which is intended for users of the website Vibram.com (hereinafter, the "Site"), prepared pursuant to Articles 13-14 of the General Data Protection Regulation n. 2016/679 (hereinafter, also "GDPR"), in which we provide you with all the details regarding the processing of your personal data (hereinafter also, "Data") and their use.br>
It should be noted that the Privacy Policy is intended to apply only to the processing of Data carried out on the Site and not to processing carried out on different and additional websites, although accessible through links within the Site itself.
1. Data controller and contact details
The Data Controller is Vibram S.p.A., via Cristoforo Colombo n. 5, 21014, Albizzate (VA) (hereinafter “Controller” o “Company”). e-mail: [email protected]
2. Contact details of the Data Protection Officer (DPO)
You may contact the Data Protection Officer (DPO) by writing to: dpo @vibram.com
3. Types of Data processed
3.1 Navigation Data
We collect the following Data through the services you use.
Technical Data
This category of Data includes IP addresses or the domain names of the computers used by the users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These Data are used only for statistical information (therefore they are anonymous), to check the correct functioning of the Site, and are deleted immediately after processing. The Data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Site.
Cookies
The Site collects Data using cookies or similar technologies. For further information, please visit the Site's “Cookie Policy”.
3.2 Data voluntarily provided by the user
The Site offers users the opportunity to voluntarily provide personal information through, for example, the compilation of the forms "Create Account", "Checkout", present on the Site or to allow you to receive "newsletters" (for which appropriate information will be provided pursuant to art. 13 of the Regulation).
4. Services offered by the Site
Below is a brief description of the services offered by the Site. For each of the services offered, the following are indicated: the purposes, for which the Data is processed, the legal basis for such processing, and the storage period of the processed Data.
4.1 E-commerce
Through the Site, it is possible to purchase Vibram's products online. In order to proceed with the purchase of such products, you may:
a. Create your own account and also access additional services offered by the Site;
b. Select the various items and checkout as a "Guest".
Purpose of processing: to provide e-commerce services for the online purchase and sale of Vibram's products and to ship the purchased products.
Legal basis of processing: art. 6, paragraph 1, letter b) of the GDPR, "execution of a contract to which the Data subject is a party or execution of pre-contractual measures taken at the request of the same".
Retention period: personal Data will be retained for the entire duration of the contract and, after termination, for the ordinary prescription period.
4.2 Site Registration and Account Creation
The Site offers the possibility to create a personal account to keep track of orders placed, manage your personal Data, and manage your payment methods registered within the Site.
Purpose of processing: Registration and account creation on the Site.
Legal basis of processing: art. 6, paragraph 1, letter b) of the GDPR, "execution of a contract to which the Data subject is a party or execution of pre-contractual measures taken at the request of the same".
Retention period: personal Data will be retained for the entire duration of the contract and, after termination, for the ordinary prescription period.
4.3 Newsletter
The Site offers you the opportunity to subscribe to our newsletter to receive updates on products, promotions and events promoted by Vibram.
Purpose of processing: Sending newsletters
Legal basis of processing: Consent of the Data subject ex art. 6, paragraph 1, lett. a) of the GDPR, "the data subject has given consent to the processing of his/her personal Data for one or more specific purposes".
Retention period: personal Data will be retained until consent is revoked by the user.
5. Further processing purposes
As part of the processing of personal Data carried out through the Site, the Data Controller pursues the following additional specific purposes:
5.1 Compliance with legal obligations.
The Owner, where necessary, processes the personal Data of the interested parties, collected through the Site, in order to ensure compliance with legal obligations, regulations and Community standards to which it is subject.
Legal basis of processing: art. 6, paragraph 1, letter c) of the GDPR, "the processing is necessary to comply with a legal obligation to which the Data Controller is subject".
Retention period: personal Data will be stored for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which the same is subject.
5.2 Ascertaining, exercising and defending rights in court
The Owner, where necessary, processes the personal Data of the interested parties, collected through the Site, in order to ascertain, exercise or defend their rights in court or whenever the jurisdictional authorities exercise their jurisdictional functions.
Legal basis of processing: art. 6, paragraph 1, letter f) of the GDPR, "processing is necessary for the purposes of pursuing the legitimate interests of the data controller".
Retention period: personal Data will be retained for the period strictly limited to the duration of the litigation, until the time limit for appeals is exhausted.
5.3 Direct marketing activities
Your personal Data, subject to your free and specific consent, will be processed by the Owner to update you on promotional, commercial and advertising initiatives, events, initiatives in accordance with the provisions of the provision of the Guarantor Authority for the protection of personal Data "Guidelines on promotional activities and contrast to spam - July 4, 2013 [2542348]". We inform you that these activities may be carried out by means of paper mail, telephone contact by operator (c.d. "traditional methods"), e-mail, sending text messages, push notifications and use of social networks (c.d. "automated methods"). In the absence of your specific consent for this purpose, we will not be able to process your personal Data for direct marketing purposes and therefore we will not be able to inform you of new products and/or current promotions.
Legal basis for processing: Consent of the Data subject pursuant to Art. 6, paragraph 1, letter a) of the GDPR, "the data subject has given consent to the processing of his/her personal Data for one or more specific purposes".
Retention period: personal Data will be stored until the user revokes consent. Purchase Data for marketing purposes will be kept for 24 months. In any case, it is without prejudice to the possibility for Data Controllers to retain the user's personal Data in order to demonstrate compliance with the principle of accountability under Article 5 GDPR.
5.4 Profiling Subject to your free, optional and specific consent, we will process your personal Data for profiling purposes. In particular, by monitoring the products and services you have purchased through the Site as well as your behaviors and interactions, we will assess your behavior in greater detail and analyze your preferences, interests and consumption habits. In the absence of your specific consent for this purpose, we will not be able to process your personal Data for profiling purposes.
Legal Basis for Processing: Consent of the Data Subject pursuant to Article 6(1) (a) of the GDPR, "the data subject has given consent to the processing of their personal data for one or more specific purposes".
Retention period: personal Data will be stored until the user revokes consent. Purchase Data for profiling purposes will be kept for 12 months. In any case, it is without prejudice to the possibility for Data Controllers to retain the user's personal data in order to demonstrate compliance with the principle of accountability under Art. 5 GDPR.
6. Recipients and transfer of personal Data
The Data may be processed by subjects operating as autonomous Data controllers, such as, by way of example: authorities and supervisory and control bodies and, in general, subjects, public or private, entitled to request the Data.
Data may also be processed, on behalf of the Company, by external subjects designated as Data Processors (pursuant to art. 28 of the GDPR), who are given appropriate operating instructions. These subjects are essentially included in the following categories:
a. companies that offer e-mail sending services;
b. companies that offer services instrumental to the pursuit of the purposes indicated in this statement (media agency, IT suppliers, shippers ...);
c. companies that offer online financial services;
d. companies that perform the service of management and / or maintenance of the website of the Company;
e. companies that offer support in carrying out market studies;
f. companies that offer shipping services;
Data may be transferred to non-EU countries whose level of Data protection has been deemed adequate by the European Commission under Article 45 of the GDPR (e.g., Japan).
Your Personal Data may also be transferred as a result of signing the Standard Contractual Clauses (Standard Contractual Clauses) provided for in Article 46(2) (c) of the GDPR (e.g., USA and China).
7. Persons authorized to process data
The Data may be processed by employees and/or collaborators of the Data Controller and/or Manager assigned to the pursuit of the purposes indicated above, who have been expressly authorized to process the data and who have received adequate operating instructions.
8. Withdrawal of consent and exercise of Data subjects' rights
Interested parties may contact the Data Controller:
• - by ordinary mail to the following address: via Cristoforo Colombo n. 5
• - by e-mail at the following addresses:
o [email protected]
o [email protected]
The interested parties may ask the owner for access to the Data concerning them, their cancellation, the rectification of inaccurate Data, the integration of incomplete Data, and the limitation of processing in the cases provided for by art. 18 GDPR, as well as the opposition to the processing, for reasons related to their particular situation, in cases of legitimate interest of the owner.
If you exercise your right to cancellation, the Data Controller will remove the Data referring to you not only from the Website, but also from all the company's databases. In consideration, therefore, of the impact that such deletion could have on you, the Data Controller may adopt procedures better aimed at ascertaining your identity.
Furthermore, Data subjects, in the event that the processing is based on consent or contract and is carried out by automated means, have the right to receive in a structured, commonly used and machine-readable format the Data, as well as, if technically feasible, to transmit them to another Data controller without hindrance, pursuant to Article 20 of the GDPR.
Data subjects have the right to revoke the consent given at any time for marketing purposes and/or profiling and/or Data transfer/communication. The possibility remains for the interested party who prefers to be contacted exclusively through traditional means, to oppose the processing for marketing purposes only in relation to the receipt of communications through automated means.
Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State in which they usually reside or work, or in the State in which the alleged breach occurred.
It should be noted that the Privacy Policy is intended to apply only to the processing of Data carried out on the Site and not to processing carried out on different and additional websites, although accessible through links within the Site itself.
1. Data controller and contact details
The Data Controller is Vibram S.p.A., via Cristoforo Colombo n. 5, 21014, Albizzate (VA) (hereinafter “Controller” o “Company”). e-mail: [email protected]
2. Contact details of the Data Protection Officer (DPO)
You may contact the Data Protection Officer (DPO) by writing to: dpo @vibram.com
3. Types of Data processed
3.1 Navigation Data
We collect the following Data through the services you use.
Technical Data
This category of Data includes IP addresses or the domain names of the computers used by the users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These Data are used only for statistical information (therefore they are anonymous), to check the correct functioning of the Site, and are deleted immediately after processing. The Data could be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Site.
Cookies
The Site collects Data using cookies or similar technologies. For further information, please visit the Site's “Cookie Policy”.
3.2 Data voluntarily provided by the user
The Site offers users the opportunity to voluntarily provide personal information through, for example, the compilation of the forms "Create Account", "Checkout", present on the Site or to allow you to receive "newsletters" (for which appropriate information will be provided pursuant to art. 13 of the Regulation).
4. Services offered by the Site
Below is a brief description of the services offered by the Site. For each of the services offered, the following are indicated: the purposes, for which the Data is processed, the legal basis for such processing, and the storage period of the processed Data.
4.1 E-commerce
Through the Site, it is possible to purchase Vibram's products online. In order to proceed with the purchase of such products, you may:
a. Create your own account and also access additional services offered by the Site;
b. Select the various items and checkout as a "Guest".
Purpose of processing: to provide e-commerce services for the online purchase and sale of Vibram's products and to ship the purchased products.
Legal basis of processing: art. 6, paragraph 1, letter b) of the GDPR, "execution of a contract to which the Data subject is a party or execution of pre-contractual measures taken at the request of the same".
Retention period: personal Data will be retained for the entire duration of the contract and, after termination, for the ordinary prescription period.
4.2 Site Registration and Account Creation
The Site offers the possibility to create a personal account to keep track of orders placed, manage your personal Data, and manage your payment methods registered within the Site.
Purpose of processing: Registration and account creation on the Site.
Legal basis of processing: art. 6, paragraph 1, letter b) of the GDPR, "execution of a contract to which the Data subject is a party or execution of pre-contractual measures taken at the request of the same".
Retention period: personal Data will be retained for the entire duration of the contract and, after termination, for the ordinary prescription period.
4.3 Newsletter
The Site offers you the opportunity to subscribe to our newsletter to receive updates on products, promotions and events promoted by Vibram.
Purpose of processing: Sending newsletters
Legal basis of processing: Consent of the Data subject ex art. 6, paragraph 1, lett. a) of the GDPR, "the data subject has given consent to the processing of his/her personal Data for one or more specific purposes".
Retention period: personal Data will be retained until consent is revoked by the user.
5. Further processing purposes
As part of the processing of personal Data carried out through the Site, the Data Controller pursues the following additional specific purposes:
5.1 Compliance with legal obligations.
The Owner, where necessary, processes the personal Data of the interested parties, collected through the Site, in order to ensure compliance with legal obligations, regulations and Community standards to which it is subject.
Legal basis of processing: art. 6, paragraph 1, letter c) of the GDPR, "the processing is necessary to comply with a legal obligation to which the Data Controller is subject".
Retention period: personal Data will be stored for the period strictly necessary to allow the Data Controller to fulfill the legal obligations to which the same is subject.
5.2 Ascertaining, exercising and defending rights in court
The Owner, where necessary, processes the personal Data of the interested parties, collected through the Site, in order to ascertain, exercise or defend their rights in court or whenever the jurisdictional authorities exercise their jurisdictional functions.
Legal basis of processing: art. 6, paragraph 1, letter f) of the GDPR, "processing is necessary for the purposes of pursuing the legitimate interests of the data controller".
Retention period: personal Data will be retained for the period strictly limited to the duration of the litigation, until the time limit for appeals is exhausted.
5.3 Direct marketing activities
Your personal Data, subject to your free and specific consent, will be processed by the Owner to update you on promotional, commercial and advertising initiatives, events, initiatives in accordance with the provisions of the provision of the Guarantor Authority for the protection of personal Data "Guidelines on promotional activities and contrast to spam - July 4, 2013 [2542348]". We inform you that these activities may be carried out by means of paper mail, telephone contact by operator (c.d. "traditional methods"), e-mail, sending text messages, push notifications and use of social networks (c.d. "automated methods"). In the absence of your specific consent for this purpose, we will not be able to process your personal Data for direct marketing purposes and therefore we will not be able to inform you of new products and/or current promotions.
Legal basis for processing: Consent of the Data subject pursuant to Art. 6, paragraph 1, letter a) of the GDPR, "the data subject has given consent to the processing of his/her personal Data for one or more specific purposes".
Retention period: personal Data will be stored until the user revokes consent. Purchase Data for marketing purposes will be kept for 24 months. In any case, it is without prejudice to the possibility for Data Controllers to retain the user's personal Data in order to demonstrate compliance with the principle of accountability under Article 5 GDPR.
5.4 Profiling Subject to your free, optional and specific consent, we will process your personal Data for profiling purposes. In particular, by monitoring the products and services you have purchased through the Site as well as your behaviors and interactions, we will assess your behavior in greater detail and analyze your preferences, interests and consumption habits. In the absence of your specific consent for this purpose, we will not be able to process your personal Data for profiling purposes.
Legal Basis for Processing: Consent of the Data Subject pursuant to Article 6(1) (a) of the GDPR, "the data subject has given consent to the processing of their personal data for one or more specific purposes".
Retention period: personal Data will be stored until the user revokes consent. Purchase Data for profiling purposes will be kept for 12 months. In any case, it is without prejudice to the possibility for Data Controllers to retain the user's personal data in order to demonstrate compliance with the principle of accountability under Art. 5 GDPR.
6. Recipients and transfer of personal Data
The Data may be processed by subjects operating as autonomous Data controllers, such as, by way of example: authorities and supervisory and control bodies and, in general, subjects, public or private, entitled to request the Data.
Data may also be processed, on behalf of the Company, by external subjects designated as Data Processors (pursuant to art. 28 of the GDPR), who are given appropriate operating instructions. These subjects are essentially included in the following categories:
a. companies that offer e-mail sending services;
b. companies that offer services instrumental to the pursuit of the purposes indicated in this statement (media agency, IT suppliers, shippers ...);
c. companies that offer online financial services;
d. companies that perform the service of management and / or maintenance of the website of the Company;
e. companies that offer support in carrying out market studies;
f. companies that offer shipping services;
Data may be transferred to non-EU countries whose level of Data protection has been deemed adequate by the European Commission under Article 45 of the GDPR (e.g., Japan).
Your Personal Data may also be transferred as a result of signing the Standard Contractual Clauses (Standard Contractual Clauses) provided for in Article 46(2) (c) of the GDPR (e.g., USA and China).
7. Persons authorized to process data
The Data may be processed by employees and/or collaborators of the Data Controller and/or Manager assigned to the pursuit of the purposes indicated above, who have been expressly authorized to process the data and who have received adequate operating instructions.
8. Withdrawal of consent and exercise of Data subjects' rights
Interested parties may contact the Data Controller:
• - by ordinary mail to the following address: via Cristoforo Colombo n. 5
• - by e-mail at the following addresses:
o [email protected]
o [email protected]
The interested parties may ask the owner for access to the Data concerning them, their cancellation, the rectification of inaccurate Data, the integration of incomplete Data, and the limitation of processing in the cases provided for by art. 18 GDPR, as well as the opposition to the processing, for reasons related to their particular situation, in cases of legitimate interest of the owner.
If you exercise your right to cancellation, the Data Controller will remove the Data referring to you not only from the Website, but also from all the company's databases. In consideration, therefore, of the impact that such deletion could have on you, the Data Controller may adopt procedures better aimed at ascertaining your identity.
Furthermore, Data subjects, in the event that the processing is based on consent or contract and is carried out by automated means, have the right to receive in a structured, commonly used and machine-readable format the Data, as well as, if technically feasible, to transmit them to another Data controller without hindrance, pursuant to Article 20 of the GDPR.
Data subjects have the right to revoke the consent given at any time for marketing purposes and/or profiling and/or Data transfer/communication. The possibility remains for the interested party who prefers to be contacted exclusively through traditional means, to oppose the processing for marketing purposes only in relation to the receipt of communications through automated means.
Data subjects have the right to lodge a complaint with the competent supervisory authority in the Member State in which they usually reside or work, or in the State in which the alleged breach occurred.