Onea.

Time to shop! Find your favorite product, check the latest collection & don’t miss out the best discounts with Onea!

#Instagram

Newsletter

Contact Us

156-677-124-442-2887 onea@elated-themes.com 184 Street Victoria 8007
Back to top
  /  Privacy

Privacy

Data Policy Disclosure on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679
CAMICERIA SANFORT SRL., as Data Controller (hereinafter: “Camiceria Sanfort” or “Data Controller”) pursuant to Regulation (EU) 2016/679 (so-called The General Data Protection Regulation, hereinafter referred to as the “Regulation”) and Italian Legislative Decree no. 196/2003 (so-called Data Privacy Code, hereinafter the “Code”) – considers privacy and the protection of personal data as one of its primary business purposes. Consequently, we request you to carefully read this Privacy Policy before disclosing any personal data to the Data Controller, because it contains important information regarding the protection of your personal data.
This Privacy Policy:
• refers to the websites https://www.giannettoportofino.it/shop/ and https://www.giannettoportofino.it/en/shop/ (hereinafter referred to as the “Website”);
• it is an integral part of the Website and the services we offer;
• pursuant to Articles 13 and 14 of the Regulation, it applies to those who interact with the Website services, both during simple consultation and the use of specific services made available through the Website (by way of example, the purchase of products, the compilation of online information request forms or newsletter subscriptions), as well as the use of other services provided through the Website (telephone assistance and assistance via WhatsApp and Live Chat).
***
The processing of personal data shall be governed by the principles of lawfulness, fairness and transparency, purpose and retention limitation, accuracy, integrity and confidentiality, as well as the principle of accountability, pursuant to Article 5 of the Regulation. Your personal data will therefore be processed in compliance with personal data protection legislation and the envisaged confidentiality obligations.
“Personal data processing” means any operation or set of operations which is carried out on personal data or sets of personal data, by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
CONTENTS
Below is the contents preview of this Privacy Policy so that you can easily find the information on the processing of your personal data that concerns you.
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
2. PERSONAL DATA PROCESSED
a. Browsing data
b. Data voluntarily provided by the user
c. Data processed to fulfill services rendered online
d. Third-party data voluntarily provided by the user
e. Specific data categories f. Cookies3. PURPOSES OF DATA PROCESSING
4. LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF PROCESSING
5. RECIPIENTS OF PERSONAL DATA
6. TRANSFER OF PERSONAL DATA
7. RETENTION OF PERSONAL DATA
8. RIGHTS OF DATA SUBJECTS
9. COMPLAINT TO THE DATA PRIVACY GUARANTOR AUTHORITY
10. AMENDMENTS
11. CONTACT US
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Camiceria Sanfort srl. with registered office in Andria (BT, Italy), Via Zanella n. 45 76123
Data Protection Officer can be contacted at the headquarters of the Data Controller at the address indicated above and by email at the address info@giannettoportofino.it
2. PERSONAL DATA PROCESSED
We inform you that the personal data we process may consist of an identifier such as a name, an identification number, location data, an online ID or one or more characteristic elements of physical, physiological, physical, financial, cultural or social identity, capable of identifying a data subject or making him/her identifiable, according to the type of services requested (hereinafter simply “personal data”). The following personal data is processed through the Website:
a. Browsing data
During their normal course of operations, the computer systems and software procedures used to operate this Website acquire certain personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified users but, by its nature, it could lead to the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users who connect to the Website, URI addresses (Uniform Resource Identifiers) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters regarding the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website to check its correct functionality, to identify anomalies and/or abuses; in any case, they are deleted immediately after processing. The data may be used to ascertain responsibility in the event of computer crimes against the Website.
b. Data voluntarily provided by the user
Except for references to specific information that may be available in the various sections of the Website, this Privacy Policy also addresses the processing of data voluntarily entered by you in the various forms envisaged within the Website itself, such as:
– the information request form in the “Contact Us” section, in which you will be asked to enter your name, your surname and your contact details – email address and telephone number – as well as to submit your specific request, which itself may contain further personal data;
– the chat and instant messaging service, through which you may connect with an operator who will be able to assist you by responding in real time to your requests for information.
Regarding such data, we request you to enter in the aforementioned forms and in chat and instant messaging exchanges, only the personal data strictly necessary for the purposes of managing your request, thus excluding irrelevant information and/or details that may fall within the special categories of personal data pursuant to Article 9 of the Regulation ([…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to the person’s health, sexual behavior or sexual orientation).
c. Data processed to fulfill services rendered online
With the exception of references to specific information that may be available in the various sections of the Website, this Privacy Policy also addresses the processing of data voluntarily provided by you for the purpose of performing the services rendered online, with particular reference to the following:
– registration and access to your personal area which stores your personal and contact details, enabling processing (according to the data you have saved) of your shipping addresses, your credit card information and your product preferences. Details of any credit cards saved in your personal area will be handled through an external service provider, in compliance with PCI Regulations;
– conclusion and execution of purchase contracts (including the order status verification service), in the context of which your personal data, contact details and information related to the delivery address of purchased products will be processed as well as any information concerning the Your shopping experience. The latter includes confirmation of payment through Apple Pay or PayPal. In regard to the latter, please note that, should you choose the Apple and PayPal payment methods, as independent data controllers, these entities notify the payment parameters to Camiceria Sanfort together with information necessary for the shipment of the order;
– handling any returns, in the context of which we shall process your personal data, contact details and information regarding the returned products collection address, as well as any information related to your purchase and return experience;
– customer-specific assistance to meet requests for guidance on sizes, product categories in the women’s and man’s collections, body fit, new arrivals or other information;
– the ‘wishlist’ service, through which you can add items to your list of desired items to purchase.
Furthermore and in general, the Data Controller will process any information relating to your purchases (type of product, date of purchase, amount spent as well as, in general, your purchase choices, your preferences and your browsing behavior on the Website) and, for profiling purposes, data obtained from your Website online activities, with and without personalized consequences, as better specified below. The Data Controller will also process information deriving from your choices for personalizing newsletter content.
d. Third-party data voluntarily provided by the user
Third parties may process personal data you disclose to Camiceria Sanfort when you use Website services, (such as information provided for the purchase of products to be sent to third parties; data related to payments concluded referencing the bank details of third parties; billing information; details you may provide when requesting information in the Website’s “Contact Us” section). In such cases, you become the independent data controller, assuming all the applicable legal obligations and responsibilities. To this effect, you fully indemnify us against any dispute, claim, request for compensation for processing-related damages etc. the Data Controller may receive from third parties whose personal data has been processed, through your use of the Website’s services, in violation of the applicable the personal data protection rules. In any event, if you provide or otherwise process personal data of third parties when using the Website, you hereby and henceforth guarantee that such possible data processing scenario shall be based, where necessary, on the prior acquisition – by yourself – of the third parties’ consent to the processing of their information and you accept all related liability.
e. Cookies and other tracking technologies
Information about cookies used on the Website is available here.
3. PURPOSES OF DATA PROCESSING
Your personal data will be processed, with your consent where necessary, for the following purposes, where applicable:
3.1. to enable navigation of the Website, registration in private areas, the deactivation of your account – following your request – for a maximum of 12 months and the provision of all other associated services provided by the Data Controller (such as, by way of example but not limited to, online sales, product returns and the service assuring product warranty management, the ‘wish list’ service, the “Contact us” section in relation to your customer care requests, the verification of order status, the saving of the preferred delivery addresses of the goods purchased on the Website etc.). The above includes the management of Website security, as well as contractual, administrative, accounting and after-sales services. Please note that the Website provides additional assistance services to the Customer, including, in particular, the telephone assistance services through which you can submit specific requests and receive assistance from Camiceria Sanfort’s customer service.
3.2. to follow up specific requests addressed to the Data Controller, also in relation to after-sales situations, including requests for Customer Service and information (for example in relation to product warranty handling) sent by completing the relevant contact forms on the Website as well as through the chat and instant messaging services;
3.3. to fulfill any obligations under applicable laws, regulations or EU legislation, or to satisfy requests from authorities;
3.4. to provide for direct sending via post and email of advertising and promotional material in relation to products or services similar to those purchased by you, pursuant to Article 130, paragraph 4 of the Code and the Provision of the Data Privacy Guarantor Authority of 19 June 2008, unless you deny your consent to receive such material, which you can express during registration on the Website or on subsequent occasions;
3.5. to send you announcements and commercial proposals, including newsletters (the contents of which you can customise), through automated tools (SMS, MMS, email, instant messaging and chat) and otherwise (post, telephone). Please note that the Data Controller collects a single consent declaration for the marketing purposes described here, pursuant to the General Provision of the Data Privacy Guarantor “Guidelines on promotional activities and counteracting spam” of 4 July 2013. If, in any case, you wish to oppose the processing of your data for marketing purposes carried out with the means indicated here, you can do so at any time by contacting the Data Controller at the addresses indicated in the “Contacts” section of this disclosure, without prejudice to the lawfulness of the processing undertaken prior to your opposition;
3.6. to analyze your personal data, your purchasing choices, preferences, Website browsing behavior to enable us to send you personalized announcements and commercial proposals as well as, in general, for profiling activities;
3.7. or general profiling purposes, without personal implications, by means of generalized analyses (including predictive or strategic orientation) aimed at creating statistical processing and calculation models representative of the entire customer base. This purpose implies the processing of your data on an aggregate basis, in pseudonymised form, as a direct prerequisite and instrumental means for the pursuit of the purposes referenced in sections 3.5 and 3.6 of this disclosure albeit distinct from them;
3.8. to meet any defensive needs;
3.9. for statistical assessment and monitoring purposes. This purpose implies an analysis of aggregate information not referable to identified or identifiable natural persons and which, therefore, does not constitute personal data and does not in any way enable the Data Controller to trace your identity.
Specific security measures have been implemented to prevent data loss, illicit or incorrect use of data and unauthorised access.
4. LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF PROCESSING
The legal basis for the processing of personal data for the purposes referenced in sections 3.1 and 3.2 is Article 6, par. 1, point b of the Regulation ([…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of services. With specific reference to the telephone assistance service referenced in section 3.1, please note that the recording of calls to check the quality of the service can be disabled upon your request. The provision of personal data for these purposes is optional, but failure to provide it would make it impossible to activate the requested services themselves.
The purpose referenced in section 3.3 represents a legitimate processing of personal data pursuant to Article 6, par. 1, point c) of the Regulation ([…]processing is necessary for compliance with a legal obligation to which the controller is subject). In fact, once the personal data has been submitted, the processing must comply with the legal obligations incumbent on the Data Controller.
The processing performed for the purposes referenced in sections 3.5 and 3.6 is based on your consent pursuant to Article 6, par. 1, point a ([…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and to Article 22, par. 2, point c of the Regulation. This consent can be revoked at any time without prejudice to the lawfulness of the processing carried out prior to the revocation in accordance with the provisions of Article 7 of the Regulation.
Therefore, the provision of your personal data for these purposes is entirely optional and does not affect the use of the services. If you wish to object to the processing of your data for marketing, profiling or communication purposes, you may contact the Data Controller, at any time, using the contact details provided in the Contact us section of this Privacy Policy disclosure or, where available, via the Privacy Settings found within your Personal Area. With reference to the purpose referenced in point 3.4, please note that if the Data Controller uses details provided by the data subject via post or email for the purposes of direct sales of its products or services. In doing so, it may, pursuant to Article 130, paragraph 4 of the Code, refrain from requesting the consent of the data subject, provided that the products or services are similar to those purchased by the data subject who is properly informed and does not refuse such use, initially or on the occasion of subsequent communications.
The processing referenced in section 3.7 is carried out in order to pursue the legitimate interest of the Data Controller pursuant to Article 6, par. 1, point f of the Regulation.
It is also specified that the processing referenced in section 3.8 is carried out to meet any defensive needs of the Data Controller pursuant to Article 6.1.f of the Regulation.
It should be noted that the processing referenced in section 3.9, since it does not address personal data, does not fall under the scope of personal data protection regulations and can therefore be freely undertaken by the Data Controller.
5. RECIPIENTS OF PERSONAL DATA
Your personal data may be shared, for the purposes set out in section 3 of this Privacy Policy disclosure, by:
5.1. persons authorised by the Data Controller to process personal data pursuant to Articles 29 and 2-quaterdecies of the Code (e.g. staff operating in sales, administration and accounting, after-sales assistance, CRM and IT systems management);
5.2. third parties who, in the provision of services (by way of example: technological services, assistance and consultancy services in accounting, administrative, legal, tax and financial matters, technical maintenance, transport services, banking and insurance services), typically act as data processors pursuant to Article 28 of the Regulation. The Data Controller keeps an up-to-date list of the appointed data processors and guarantees that the same may be viewed by the data subject at the aforementioned office or upon request to the addresses indicated above.
5.4. third parties responsible for carrying out the activities referenced in this Privacy Policy Disclosure with which Camiceria Sanfort has entered into commercial agreements;
5.5. individuals, entities or authorities who require the disclosure of your personal information as mandated by law or by order of the authorities.
These subjects are collectively defined as “Recipients”.
6. TRANSFERS OF PERSONAL DATA
Some of your personal data is shared with Recipients who may be situated outside the European Economic Area. The Data Controller ensures that these Recipients process your personal data in compliance with Articles 44–49 of the Regulation. With regard to the transfer of personal data to third countries, the Data Controller declares that the processing will be undertaken according to one of the methods permitted by current legislation, such as the consent of the concerned party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programmers for the free dissemination of data or operating in countries considered as secure by the European Commission based on an adequacy decision. Further information is available by sending a written request to the Data Controller at the addresses indicated in the Contact us section of this Privacy Policy Disclosure.
7. RETENTION OF PERSONAL DATA
Your personal data will be entered and stored, in accordance with the principles of minimization and retention limitation pursuant to Article 5.1.c and e of the Regulation, in the information systems of the Data Controller, whose servers are located within the European Economic Area.
The personal data processed for the purposes referenced in sections 3.1 and 3.2 will be retained for the time strictly necessary to achieve those same purposes, i.e. for the time necessary for the execution of the contract, for the provision of legal or conventional guarantees, in accordance with the conservation required by law (see also, in particular, Article 2946 et seq. of the Italian Civil Code).

Personal data processed for the purposes set out in section 3.3 will be retained for the time stipulated by the specific obligation or applicable law.

For the purposes set out in section 3.4, your personal data will be processed until you present an objection to its processing.

Conversely, for the purposes referenced in sections 3.5 and 3.6, your personal data will be retained until the revocation of your consent and, in any case, limited to the purpose referenced in section 3.6 and the activities connected to it, for no more than seven years, starting from their registration, in accordance with the provisions of the provision of the Data Privacy Guarantor Authority for the protection of personal data in acceptance of the preliminary verification request presented by the Data Controller. Likewise, for the purposes referenced in Article 3.7, your data will be retained for no more than seven years from registration. Upon revocation of consent or expiry of the seven-year retention period (if preceding), the data processed for the purposes referenced above will be permanently deleted or anonymised.
In general and in any case, the Data Controller reserves the right to retain your data for the time necessary to fulfill any regulatory obligation to which it is subject or to meet any defensive needs. In any case, the Data Controller may retain your personal data for the time provided and allowed for by Italian law to protect their interests (Article 2947 of the Italian Civil Code).

It should be noted that, if your account is deactivated, your personal data will continue to be processed in compliance with the criteria and principles highlighted above for the entire period coinciding with this deactivation (equal to 12 months). It should also be noted that, compatibly with the aforementioned criteria and principles, will retain such data also after the expiry of this term and in the event of total removal of your account. Therefore, please note that the expiry of the aforementioned term and the total removal of your account will not necessarily involve the deletion of your personal data or the revocation of the privacy consents legitimately provided by you. For more information regarding requests for data cancellation and withdrawal of consent, please refer to point 8 “Rights of data subjects” of this Data Privacy Disclosure.

Further information regarding the data retention period and the criteria used to determine this period may be requested via a written request sent to the Data Controller at the addresses indicated in the “Contact Us” section of this Privacy Policy.
8. RIGHTS OF DATA SUBJECTS
As a Data Subject, you can exercise the rights referenced in Articles 15–22 GDPR and revoke the consent given at any time without prejudice to the lawfulness of the processing undertaken before the revocation.
In particular, you may request access to your Personal Data pursuant to Article 15 GDPR, its rectification pursuant to Article 16 GDPR, cancellation of the same pursuant to Article 17 GDPR, restriction of processing in the cases envisaged by Article 18 of the GDPR as well as to obtain the portability of data related to you in the cases envisaged by Article 20 of the GDPR.
You may submit a request for opposition to the processing of your Personal Data pursuant to Article 21 of the GDPR, in which you may evidence the reasons justifying the opposition: the Data Controller reserves the right to assess your request, which may not be accepted if there are legitimate compelling reasons to proceed with the processing that prevail over your interests, rights and freedoms.
Requests should be sent in writing to the Data Controller at the addresses indicated in the “Contact Us” section of this Privacy Policy Disclosure.
9. COMPLAINT TO THE DATA PRIVACY GUARANTOR AUTHORITY
If you believe that the processing of your personal data by the Data Controller is undertaken in violation of the provisions of the Regulations, you have the right to lodge a complaint with the Data Privacy Guarantor Authority, as envisaged by Article 77 of said Regulation, or to seek redress through the appropriate legal channels (Article 79 of the GDPR).
10. AMENDMENTS
The Data Controller reserves the right to modify or simply update its content, wholly or partially, also as a result of variations in the applicable legislation. Therefore, the Data Controller invites you to regularly visit this section to keep up-to-date with the most recent and updated version of the Privacy Policy in order to always be informed on the data collected and how Camiceria Sanfort uses it.
11. CONTACT US
To exercise the above rights or for any other requests, please write to the Data Controller at the physical address indicated above, or via email preferably writing “request for the exercise of privacy rights” in the subject field.

You don't have permission to register

#