Privacy Policy

Introduction
Welcome to the website of Duvetica International s.r.l., present at the URL www.duvetica.com (hereinafter the "Site").

At each access to the Site, even regardless of the purchase of the Products, information and personal data concerning you are collected. For this reason, in accordance with the provisions of European Regulation no. 2016/679 (the "Regulation") and the applicable national legislation, this document was created in order to describe which personal data are collected, the purposes and methods of their processing and the security measures that are adopted to protect them. The Regulation guarantees that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as respecting the dignity of the interested party, with particular reference to confidentiality and personal identity.

1. Data controller
Duvetica International s.r.l., with registered office in Via Nino Bixio n. 7 20129 Milano (MI), Italy (hereinafter "DUVETICA" or the "COMPANY" or the "Owner") is the independent owner of the processing of personal data of users who surf the Site. The owner can be contacted by sending a communication to the following address: privacy@duvetica.com.

The Company has appointed Triboo Digitale s.r.l., with registered office in Viale Sarca, 336, 20126 Milan, Italy, as data controller, limited to the sale of products through the Site. The manager can be contacted by sending a communication to the following address: triboodigitale@legalmail.it.

2. The personal data being processed and the purpose of the processing
We inform you that as a result of browsing the site, different types of personal data will be collected and processed, for different purposes and in different ways. Your personal data may be collected both because they are voluntarily provided by you and automatically when using the Site.

The personal data processed through the Site and the purposes of their treatment are as follows:

(i) personal data relating to navigation within the website www.duvetica.com (clickstream analysis), processed in order to allow the correct functioning of the Site. In this regard, we invite you to read the "Cookie Policy" on the Site;
(ii) personal data provided voluntarily by the user (name and surname, telephone number, e-mail address, date of birth, country of residence, shipping and billing address, password provided by filling in the form registration etc.), or otherwise conferred during the use of the Site and/or through the interaction with customer care and processed to meet the user's requests and offer the services, assistance and information requested about the products for sale on the Site and more generally for the management of customer relations;
(iii) the personal data provided by the user as part of the product purchase processes on the Site for the conclusion of transactions, for the functional and instrumental activities for the sale and more generally for the management of orders as well as for any necessary pre-assistance and after-sales;
(iv) personal, personal and contact data, processed by the Company - with express consent - for purposes of promotion and advertising, i.e. to send the user (via newsletter, e-mail, sms, mms and smart messages, push notifications, banners, telephone, the Company's official social media pages) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by the Company or its commercial partners;
(v) personal data relating to the purchases made and the preferences expressed through the Site - processed by the Company with the express consent of the user - for purposes of analysing consumer habits, whishlists, browsing, in order to make products, initiatives and the individual commercial proposals that best meet the tastes and needs of the users of the Site;
(vi) personal and contact data communicated by the Company - with express consent - to third parties belonging to the Fashion categories for their own marketing activities.

3. Legal reference for processing
The legal references used to process your personal data, according to the purposes indicated in the previous article 2, are as follows:

a) the legitimate interest of the Company to provide the services of the Site and to respond to any requests from users, with reference to the points (i) and (ii) of article 2 above;
b) the fulfilment of the sales contract and the obligation to fulfil the pre and post contractual obligations, for all the activities referred to in point (iii) of article 2 above;
c) the consent provided by the user for the purposes referred to in points (iv), (v) and (vi);

4. Sources of personal data
The personal data collected are provided directly by the user (through registration on the Site or as part of the sales process), except for the navigation data referred to in point 2 (i) above, for the data collected in the event of registration and access via social profile, as indicated in point 2 (ii) above and for the sales data referred to in point 2 (v) above.

5. Methods of processing personal data
The personal data collected through the Site are processed both on paper and through IT and telematic tools and in any case always in compliance with the security requirements required by the applicable legislation so as to minimize the risk of destruction or loss, even accidental, of data themselves, of unauthorized access or treatment not allowed or not in accordance with the collection purposes as indicated in this privacy policy.

6. Compulsory or optional provision of data
Except for browsing data (governed by the "Cookie Policy" to which reference is made), the provision of personal data collected through the Site both to meet user requests, and for marketing purposes, to study habits and consumer preferences and for communication to third parties is free, optional and optional. Failure to provide them does not limit the use of the Site, however it may make it impossible, for example, to deal with requests for information and questions, or send informative material, updates, newsletters, invitations to events, etc.

The provision of personal data, in particular master data, e-mail address, postal address, telephone number and bank details (in case of payments by credit card) is necessary with regard to the conclusion of the contract to purchase products through the Site. In case of failure to provide, therefore, it may be impossible to complete the purchase through the Site. Some of the aforementioned personal data may be necessary for the supply of other services rendered on the Site and related to the sale (pre and post-sale services) or to fulfil obligations deriving from laws or regulations (for example tax and regulatory obligations ). Failure to transmit data may therefore constitute a legitimate reason not to execute the contract for the purchase of products on the Site and/or the supply of the services connected to it.

7. Recipients of personal data
The personal data of users of the Site, within the limits permitted by law and in accordance with what is indicated below, may be shared with the following subjects:

- subjects who typically act as authorized persons to process personal data, that is: persons, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, legal, tax, financial and credit recovery matters relating to the provision of Services;
- subjects with whom it is necessary to interact for the provision of technical and organizational services connected to the Site (for example logistics services, IT services, customer care services and marketing services);
- subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks);
- persons authorized to process personal data necessary to carry out activities strictly related to the internal organization of company activities (e.g. .employees of the Data Controller);
- companies of the
Duvetica Group for internal administrative purposes;
- subjects, bodies or authorities to whom it is mandatory to communicate personal data to fulfil any legal obligations, to prevent and/or identify any fraudulent activities or abuses in the use of the Site and therefore allow the Data Controller to protect himself in court;
- third parties in order to execute the contract for the purchase of products on the Site (e.g. credit institutions for the execution of remote electronic payment services by credit / debit card).
Given the international presence of Duvetica, it is possible that your personal data are transferred abroad, even to recipients who are located outside the European Economic Area, for contractual, marketing or IT services purposes. Even in this case, all suitable measures will be taken to ensure maximum data protection. In this regard, transfers will be made through adequate guarantees by adopting / stipulating the necessary standard contractual clauses approved by the European Commission or others.

8. Data storage period
We keep your personal data for a limited period of time, which differs depending on the type of activity that involves the processing of your personal data. After this period, your data will be permanently deleted or irreversibly anonymous.

Your personal data is stored are compliance with the terms specified below:

- the personal data collected to conclude and execute the purchase contracts for the products on the Site are kept for a period not exceeding 10 years from the purchase, in compliance with tax and civil legislation and subject to special needs (e.g. to take legal action ) that should result in a storage for a longer time.
- The data provided by the user to request assistance, information and feedback are kept for the time necessary to satisfy the requested feedback and any subsequent activity of any further iteration with the customer necessary to fully manage the request and / problem.
- The personal data provided for marketing and profiling purposes are kept for the period necessary for the specific processing and up to a maximum of 7 years, also in consideration of the interest shown by the customer to receive updates on products.
To know the storage period and the persistence of cookies, we invite you to read the Cookie Policy.

9. Rights of the user regarding his personal data
At any time the user can exercise the rights provided for by the legislation on the processing of personal data.

Below are the rights that the law guarantees to the user:
- Right of access: it is the right to know if your personal data is being processed and, if this is confirmed, to obtain a copy of such data and be informed about: the origin of the data; the categories of personal data processed; the recipients of the data; the purposes of the processing; the existence of an automated decision-making process, including profiling; the data retention period; the rights provided for by the Regulations.
- Right of rectification: it is the right to obtain the rectification of one's data or to integrate data that are incomplete. We remind you that when the user communicates his data to use our services, he guarantees their truthfulness and accuracy.
- Right of deletion: it is the right to request the deletion of personal data if they are no longer necessary for the purpose for which they were collected or if we are no longer authorized to process them.
- Right to limitation of processing: it is the right to obtain the limitation of processing in the following cases:

a) when the accuracy of personal data is contested. It is possible to request the limitation of processing for the period during which we will verify the accuracy of the user's data;
b) when we are not authorized to process personal data and, instead of deleting them, the user requests us to limit their use;
c) if the data we have - even if they are no longer necessary for us for the purposes for which they were collected - are necessary for the user to ascertain, exercise or defend a right in court;
d) when the user has opposed a processing based on our legitimate interest. Pending verification of the prevalence of our legitimate reasons with respect to those belonging to the user as an interested party, the latter may request the limitation of processing.
Right to withdraw consent: it is the right to withdraw one's consent in relation to all the processings that are based thereon.

Right to data portability: in the event that we process personal data on the basis of the user's consent or in execution of a contract, or the processing is carried out by automated means, the user can exercise the right to data portability. You may therefore receive the personal data you have communicated in a structured format, commonly used and readable by an automatic device. You may also request to transmit your data directly to another company, provided that this is technically possible.

Right to object: it is the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling.

The rights listed above can be exercised by contacting the Data Controller, by writing to privacy@duvetica.com.

We also wish to inform the user that, should he believe that the processing of personal data concerning him is carried out in contrast with the provisions of EU Regulation 2016/679, he has the right to lodge a complaint with the competent supervisory authority on data protection. (Guarantor Authority for the Protection of Personal Data).