PRIVACY POLICY ARTICLE 13 OF REGULATION (EU) 2016/679

 

 

"Aeffe Retail S.p.A.", as the Controller of your personal data, informs you that, following the agreements for the merger by absorption in accordance with articles 2501 and following of the Italian Civil Code, your personal data of administrative, accounting and economic nature resulting from existing contractual, company and employment relationships will be disclosured, transmitted, and shared with the partner involved in the corporate transaction: AEFFE S.p.A. with registered office at Via delle Querce 51 - 47842 San Giovanni in Marignano (RN)-Italy.

The purpose of this disclosure, transmission, and sharing of personal data is to ensure the correct management and synchronization of records for accounting and administrative purposes and the related economic-financial data related to them, as well as all operations resulting from the legal provisions governing such corporate transactions.

The technical operational methods of informing data subjects will take place in accordance with the provisions of the Italian Supervisory Authority in application of the " Prescrizioni in materia di operazioni di fusione e scissione fra società - 8 aprile 2009 (G.U. n. 106 del 9 maggio 2009)", therefore this information will be published on the website of the AEFFE Group www.aeffe.com, as well as made available to all data subjects.

Furthermore, as a result of the merger by absorption in accordance with articles 2501 and following of the Italian Civil Code, all parties that have had relationships with Aeffe Retail S.p.A. as customers, suppliers, their respective contacts, employees, commercial contacts, or partners will be able to access the information on the processing of personal data by AEFFE S.p.A., as the Controller under Regulation (EU) 2016/679, on the website www.aeffe.com.

Data processing operations will be carried out in accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”), ensuring lawfulness, fairness, transparency and protection of your rights and freedoms.

Purpose and legal basis for the processing:

  • Compliance with obligations arising from the merger by absorption under articles 2501 and following of the Italian Civil Code;
  • Alignment of databases for the management of administrative and accounting data.

Legal basis: contractual measures for the merger by absorption - art. 6 par.1 - letter b) of GDPR.

The processing of data necessary for the performance of these contractual obligations is necessary for the proper management of activities.

Processing methods: the processing is carried out with manual and/or IT and telematic tools, in order to guarantee the security, integrity and confidentiality of the data in compliance with the technical and organisational measures provided for by the provisions in force, in order to reduce to a minimum the risks of destruction or loss, unauthorised access, modification and unauthorised disclosure in compliance with the methods set out in the articles. 5, 32 of the GDPR.

Recipients: In order to perform certain activities or provide support for functioning and organization of the activity, some data may be disclosed or communicated to recipients. These subjects can be categorized as follows:

Third parties: (communication to: natural or legal persons, public authorities, agency or other body other than the data subjects, the data controller, the data processor and the authorized persons responsible for the processing) including:

  • Banks;
  • Companies managing traditional or computerized postal services;
  • Consultants and professionals, including those associated with legal, tax, accounting matters, , who are not data processors;
  • Subjects/Entities, whose right to access or obtain your data is recognized by legal obligations;
  • Companies of the AEFFE Group in the context of legitimate intragroup communications;
  • Any other parties whose communication of personal data is necessary to achive the aforementioned

 

Processors: (the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller):

  • Companies and other subjects, consultants and professionals who have been entrusted with mandates for the management of tax, administrative, accounting, legal advice, etc.;
  • Suppliers of computer, web or other services necessary for the achievement of the purposes necessary for the management of the relationship;

Within the company structure, your data will be processed only by personnel expressly authorised by the Controller, with assurance of adoption of a confidentiality agreement.

Dissemination: Your personal data will not be disclosed in any way.

Transfers of personal data to third countries: Personal data may be transferred to non-EU countries as part of legitimate intragroup communications (AEFFE Group). The Controller ensures the adoption of guaranteed measures for the transfer towards the recipients, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification the adoption of any additional measures to implement recommendation 01/2020 EDPB. As an exception to these guarantees, for data processing (in reference to art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the data subjects or consent to the transfer is verified.

Retention period: We inform you that, in compliance with the principles of lawfulness, purpose limitation, data minimisation, as provided in art. 5 of the GDPR, the retention period for your personal data necessary to perform the requested activities is established for a period not exceeding the achievement of the purposes for which they are collected and processed. If there is a contract or a verbal agreement in effect, the retention period may end with the expiration or termination of the contract or agreement. The same data may be stored, where applicable, for an additional period of approximately 1 year from the end of the agreement to ensure the best possible approach for any further interventions on the services provided or for the management of any disputes. The legal basis for this retention is the performance of pre- contractual agreements or contractual obligations, and for disputes, the legitimate interest of the Controller. Similarly, the data may be stored for a period of time in accordance with the requirements of applicable laws, such as tax regulations, for at least 10 years after the last interaction.

Controller: The Controller, before the merger by absorption, is "Aeffe Retail S.p.A." with registered office at Via delle Querce 51 - 47842 San Giovanni in Marignano (RN)-Italy. After the merger by absorption, the Controller will be AEFFE

S.p.A. with registered office in Via delle Querce 51 - 47842 San Giovanni in Marignano (RN)- Italy, email: privacy@aeffe.com. All data subjects can continue to contact the same previous interlocutors.

The Data Protection Officer ("DPO") is Studio Paci & C. Srl (contact person: Dr. Gloriamaria Paci), who can be contacted at the following address: dpo.aeffe@studiopaciecsrl.it and phone number: +39 0541 1795314.

EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Data Subject's rights

  1. The data subjects has the right to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in an intelligible form.

 

  1. The data subjects has the right to obtain the indication:
    1. the origin of the personal data;
    2. of the purposes and methods of processing;
    3. of the logic applied in case of processing carried out with the aid of electronic instruments;
    4. the identification details of the controller, processors and representative designated pursuant to article 5, paragraph 2;
    5. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representatives in the territory of the State, processors or person acting under the authority of the controller or of the

 

  1. The data subjects has the right to obtain:
    1. updating, rectification or, when interested, integration of data;
    2. the erasure of personal data or restriction of processing;
    3. the certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right;
    4. data

 

  1. The data subjects has the right to object, in whole or in part:
    1. for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
    2. to the processing of personal data concerning him for the purposes of sending advertising material or direct sales or for carrying out market research or commercial

 

The data subjects, if the conditions are met, also have the right to lodge a complaint with the Supervisory authority according to the established procedures. For any further information, and to assert the rights recognized to you by the European Regulation, you can contact the data controller at the references above.

Complaint: The data subjects, if the conditions are met, also have the right to lodge a complaint with the Supervisory authority according to the established procedures. For any further information, and to assert the rights recognized to you by the European Regulation, you can contact the data controller at the references above.