Privacy & Cookie Policy

At Xerjoff Group S.p.A. the security of user/data subject data is important and we want you to always feel protected and adequately informed about the types of processing carried out. 

When the user/data subject visits and interacts with our website www.xerjoff.com, with banners, landing pages or services attributable to the same domain (hereinafter only "website" or "platform"), communicates with us, visits our promotional pages and newsletters in addition to other activities further described in the complete Privacy Policy, we may collect, use, share and process personal information ("personal data"). Pursuant to the General Data Protection Regulation (GDPR - Reg. (EU) 2016/679), the undersigned organisation, data controller, informs of the following:

INFORMATION NOTICE PURSUANT TO ART. 13 OF THE GENERAL DATA PROTECTION REGULATION ("GDPR") 

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER 

The data controller is Xerjoff Group S.p.A., in the person of its pro tempore legal representative. 

Xerjoff Group S.p.A. (hereinafter only "Xerjoff") is a company with legal residence in Via Tenivelli 29 - 10024 Moncalieri (TO), REA Number: TO 106649 - C.F./P. IVA 09547650011. The operational headquarters of the company is in Via Leonardo da Vinci 29 - 10095 Grugliasco (TO). The owner can be contacted by writing to the e-mail address gdpr@xerjoff.com or certified mail pec@pec.xerjoff.com or by contacting the telephone number (+39) 011 4143616.

2. DATA PROTECTION SUPERVISOR 

Based on art. 37 of EU regulation no. 679/2016, Xerjoff Group has designated a Data Protection Officer. The data protection officer can be contacted by writing to the e-mail address dpo@xerjoff.com or by contacting the telephone number (+39) 011 5534737. 

3. TREATMENT OF PERSONAL DATA 

The website offers numerous services for which it is not necessary to register or provide personal data. In order to be able to offer users/data subjects a wide range of services (eg. The creation of a user account and e-commerce), we need to collect some personal information. The personal data processed by Xerjoff are collected directly from users/data subjects and provided by them directly and freely. 

a) INFORMATION AUTOMATICALLY COLLECTED THROUGH THE WEBSITE: 

(1) navigation data collected automatically by the Platform: the computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified users/data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. These data or part of them (IP addresses, device identifiers, etc.) may be processed by the Data Controller - subject to specific, preventive, free and optional consent of the user/data subject - in order to track your activity on the website, to process market analysis and statistics also to improve Xerjoff products and services and make them more responsive to the needs of the user/data subject, as well as to send more targeted information and offers that may be of greater satisfaction and interest to the user/data subject.

(2) The website uses a technology commonly referred to as "cookies" to make navigation on the website easier and more intuitive. Cookies are small text files sent from the website to the interested party's terminal (usually to the browser), where they are stored before being re-transmitted to the website at the next visit by the same user/data subject. Cookies, showing us how our users navigate on the website, provide us with information making the browsing experience easier and more efficient. Xerjoff uses different types of cookies. For more information on all the cookies used and how to give consent to the relative acceptance/refusal, the user/data subject can consult the website's cookie policy.

 b) INFORMATION PROVIDED BY THE USER/DATA SUBJECT:

(3) Website contact forms: the optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of the sender's address, needed in order to respond to requests, as well as any other personal data entered in the e-mail. Even the explicit and voluntary sending of the forms that can be filled in on the website containing data of the data subject involves processing to follow up on the pre-contractual obligations or the execution of the services provided for by sending the forms. This information in the forms may contain personal data, contact details, contact details, telephone numbers, e-mail addresses of the interested parties and of identified and identifiable third parties having cause with the user of the website. 

(4) Newsletter and Mailing List: The e-mail contacts used to send communications from the website come from voluntary subscriptions by the user/data subject to whom a confirmation request is always submitted, as well as from information acquired in a context for the sale of the Owner’s products or services. This includes the sending of information, promotional communications and material. It is emphasised that contacts are not acquired from public directories of subscribers. In the event that the communications are not of interest to the recipient, it is possible to avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the contact details at the bottom, exercising your right to unsubscribe from the newsletter. 

(5) E-Commerce, creation of a personal account and purchase of products or services of the Owner: This is the data processed for the management of carts, orders, any of the registered user ‘s profiles and includes personal data, addresses, data tax and invoicing, purchase list, reports and notes. The personal data provided and processed through delegated third-party companies (e.g. CRM, administrative and accounting services, delivery companies or couriers) for the administrative management of orders and purchases; the management of any participation in loyalty programmes; the processing of anonymous statistics related to the detection of purchasing behaviour; sending advertising material relating to products and offers by possibly using email or telephone messages. 

(6) Work with us: The data collected by Xerjoff through the sending of curriculum vitae, professional profile evaluation interviews or reporting by third parties such as name, surname, place and date of birth, social security number, telephone number, postal address, educational qualification and other elements of personal identification, sent in relation to any open positions or spontaneous application, fall into the category of "personal data" pursuant to Article 4, paragraph 1 and paragraph 15 of the GDPR and will be subject processing exclusively for the purpose of evaluating the aptitudes and professional skills of the candidates themselves, according to the open position and for which a selection procedure is underway or for future needs to expand the company staff (recruitment or internship). 

(7) CHAT WITH US: the live chat widget is an interaction service provided by Smartsupp.com s.r.o, VAT ID CZ0366868. In the case of sending messages through the Smartsupp messaging system to request information or a commercial contact, the following data will be collected: name, surname, telephone number, e-mail address. 

4. PURPOSE AND LEGAL BASIS 

The personal data acquired through the website will be processed by the Data Controller for the following purposes: 

(1) the improvement of navigation and the usability of the website, collection of aggregate and anonymous statistical information on the use of the website by users (number of visitors, pages visited, time spent, keywords, etc.); 

(2) purposes strictly connected and instrumental to the management of relationships with users/data subjects, such as to provide feedback to a contact request and/or request for information from the user/data subject;

(3) purposes strictly related to the performance and implementation of the services requested by the user/data subject, including the execution of a contract of which the data subject is a party or the execution of pre-contractual measures adopted at the request of the same; 

(4) purposes connected with obligations established by law, as well as by provisions issued by authorities legitimated by the law;

(5) for the assessment, exercise or defence of a right in and out of court (legitimate interest) of the undersigned organisation; 

(6) purposes related to the selection of personnel and evaluation of applications in order to establish an employment relationship.

 Furthermore, only and exclusively in the presence of specific and free consent of the user/data subject, the Data Controller may process personal data for the following additional purposes functional to the activity in which the data subject has the right to express or deny his consent: 

(7) sending commercial and promotional communications, direct marketing purposes, invitations to events, detecting the degree of customer satisfaction, both through traditional contact methods (i.e. paper mail and telephone calls with an operator) and through automated contact methods (i.e. automated telephone calls and similar methods such as fax, e-mail, SMS, MMS, etc.); 

(8) profiling purposes of user/data subject, data which involve, in addition to the processing of common data referred to in paragraph 3.b.3. above, also the processing of the user's/data subject’s date of birth; 

(9) purposes of tracking navigation and purchasing choices of the user/data subject in order to improve the marketing offer, commercial promotions and to detect the degree of customer satisfaction. This activity is also carried out through the use of technologies such as cookies (for more information, see the "Cookie Policy" section of the website); 

The legal basis that legitimise the processing are: 

- the legitimate interest of the data controller (par.4.1, 4.5, 4.6);

- the fulfilment of legal obligations to which the data controller is subject (par. 4.4). 

- the execution of a contract of which the user/data subject is the execution of pre-contractual measures adopted at the request of the same (par. 4.2 and 4.3); 

- the consent of the data subject (par. 4.7, 4.8, 4.9). 

The data subject will have the possibility to revoke the consent given to the Data Controller at any time by accessing the reserved area of the webwebsite www.xerjoff.com or by clicking on the appropriate cookie bar which can be found on the footer of the website. This revocation will in no way affect the lawfulness of the processing based on the consent given prior to the revocation. If the Data Controller intends to further process personal data for a purpose other than what they were collected for, before such further processing, the user/data subject will be provided with information about the particular purpose and any other relevant information.

5. NATURE OF DATA PROCESSING 

The provision of personal data is mandatory only for the processing necessary for the provision of services (execution of pre-contractual or contractual measures or processing based on the fulfilment of legal obligations to which the Data Controller is subject). Any refusal for the purpose of providing the service makes it impossible to finalise the purchase of online services in addition to registering and accessing some reserved areas of the website, compromising the completion of contractual agreements or pre-contractual measures requested by the data subject. For all other types of data, the provision is optional and any refusal by the data subject will not have any negative consequences on the provision of the services offered through the website. 

6. RECIPIENTS 

The personal data of users/data subjects will not be disclosed but may be communicated and processed: 

a) within the company among staff with particular reference to employees and collaborators who deal with the specific activities in which the data is processed, and who have been authorised for processing; 

b) from third parties that deal with providing services that are instrumental to satisfying the requests of the user/data subject (for example, hosting platforms, credit institutions or credit card issuers to manage payments for services) or to those that allow us to more effectively manage contact with the user/data subject(for example Hubspot), companies that provide marketing services and activities, the managers of the e-mail and SMS sending platforms (eg. Mailchimp), messaging through social network tools) or to whom the communication of data is necessary to comply with laws or regulations. Where required by law, these subjects will be qualified as Autonomous Data Controllers (if functional to the fulfilment of the contract) or Data Processors. The user/data subject may request a complete list of data processors by writing to gdpr@xerjoff.com. 

The data may also be made accessible to internet platforms and Internet service providers and cloud computing companies that have established a contractual relationship with the Data Controller for the provision of services and that have provided adequate guarantees in relation to the security of processing in accordance with the GDPR. 

7. PLACE AND METHOD OF TREATMENT 

The website is hosted on Amazon AWS servers (hosting provider), the data centres are located in Paris, within the European Economic Area. The hosting provider has obtained ISO 9001, ISO 27001, ISO 27017, ISO 27701, ISO 27018 security certifications. Personal data will also be stored in electronic format on adequately protected magnetic media stored at the offices of Informaconfede. If for technical and/or operational reasons it is necessary to make use of subjects or companies (e.g. cloud provider or cloud services) located outside the European Union, we inform as of now that these subjects will be appointed as Data Processors pursuant to and for the effects of art. 28 of the Regulation and the transfer of Personal Data to these subjects, limited to the performance of specific activities of Processing, and will be regulated in accordance with the provisions of Chapter V of the Regulations. All necessary precautions will therefore be taken in order to ensure the most complete protection of the personal data of the interested party. The Company also uses cloud services provided by third country companies recognised as adequate in terms of confidentiality, integrity and availability of data. 

8. PROFILING 

Through the website, the Data Controller carries out activities such as analysing the purchasing habits and consumption choices of users/data subjects, mainly through the processing of the data provided when creating specific user profiles on the website. The information thus obtained allows the Data Controller to create - with the consent of the user/data subject- profiles (individual and/or aggregated), to process market analyses and statistics to also improve their products and services and make them more responsive to the needs of their own customers, as well as to carry out targeted promotional campaigns of greater satisfaction and interest to users/data subjects who have given specific consent. With reference to the newsletters and landing pages sent, the system records the navigation data relating to the opening, reading, views, passages, clicks, areas of interest as well as any further actions relating to each communication sent by preparing historicised profiles of interest and preferences aimed at a greater understanding of the needs of the user/data subject to propose targeted commercial offers and to prepare single and/or aggregate purchase statistical analysis reports. The /data subject has the possibility to modify or revoke their consent to the processing for profiling purposes by accessing, at any time, their reserved area of the "permission" section of the website, or by sending an email to gdpr@xerjoff.com. 

9. DATA RETENTION 

The processing of personal data is carried out mainly using electronic procedures and supports (DB, CRM platforms, etc.) for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, in compliance with the principles of lawfulness, fairness, non-excess and pertinence provided for by current privacy legislation and in particular:

- the data provided by sending e-mails to the website's e-mail address will be kept for the time necessary to provide feedback; 

- the data provided when registering on the website may be processed for the entire duration of the contractual relationship and, for the sole tax purposes and management of any disputes, may be kept for up to 10 years pursuant to current legislation and articles 2220 and 2946 of the civil code; 

- tax and accounting documents are kept for 10 years from the last date of registration in accordance with the law (including tax obligations). 

- as a general rule, we will keep the data collected for marketing purposes until the permission is revoked and/or the data subject's request for deletion of data. The user/data subject has the possibility to revoke their consent to the processing for marketing purposes by accessing, at any time, their reserved area of the website in the appropriate permission" section of the website, or by clicking on the "unsubscribe" link on all communications sent by the Data Controller or by sending an email to gdpr@xerjoff.com; 

- the data acquired for analysis and profiling purposes will be kept for a maximum of 12 months. The user/data subject has the possibility to revoke his/her consent to the processing for profiling purposes by accessing, at any time, his/her reserved area of the website in the appropriate "permission" section of the website, or by sending an email to gdpr@xerjoff. com; 

- the data aimed at the selection of personnel will be processed for the period of time necessary for the pursuit of the aforementioned purposes and in any case no later than 2 years from their collection. 

10. COOKIES AND SIMILAR TECHNOLOGIES 

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified users/data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website: except for this possibility, the data on web contacts does not currently persist for more than seven days. For more details, please read the Cookie Policy on the website. 

11. LINKS TO OTHER WEBWEBSITES AND SOCIAL MEDIA 

The website can use the social plug-ins and links to external platforms. Social plug-ins are special tools that allow you to incorporate the functions of the social network directly into the website (e.g. the "like" function on Facebook). All social plug-ins on the website are marked with the respective logo owned by the social network platform (e.g. Facebook, Instagram, Twitter, LinkedIn). When you visit a page of the website and interact with the plug-in (e.g. by clicking the "Like" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform and memorised from this. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as for the methods by which to exercise their rights, please consult the privacy policy adopted by the individual, website or social network. 

12. USER/DATA SUBJECT RIGHTS ON DATA PROCESSING 

At any time, the user/data subject may exercise the rights provided for by the applicable legislation on the protection of Personal Data, including the right to: 

- receive confirmation of the existence of their Personal Data and access their content (access rights); - update, modify and/or correct their Personal Data (right of rectification); 

- request the cancellation or limitation of the processing of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or otherwise processed (right to be forgotten and right to limitation); - oppose the processing based on legitimate interest (right of opposition); 

- revoke the consent, without prejudice to the lawfulness of the processing based on the consent given before the revocation; 

- propose a complaint to the Supervisory Authority in case of violation of the rules on the protection of Personal Data; 

- receive a copy of the data in electronic format concerning the user/data subject and request that such data be transmitted to another data controller (right to data portability). 

To exercise these rights, you may at any time make a specific request to the Data Controller, by writing to Xerjoff Group S.p.A., Via Leonardo da Vinci 29 - 10095 Grugliasco (TO). The Data Controller can also be contacted by writing to the e-mail address gdpr@xerjoff.com or certified mail pec@pec.xerjoff.com or by contacting the telephone number (+39) 011 4143616  Italy. 

The user/data subject is invited to fill in and the appropriate application for the exercise of their rights as users/data subjects before transmitting it to the Data Controller and the Data Protection Officer. 

13. CHANGES TO THE PRIVACY POLICY 

The constant evolution of our services may lead to changes in the characteristics of the processing of Personal Data described so far. This privacy statement may undergo changes and additions over time, as necessary due to new regulatory interventions regarding the protection of Personal Data, or the evolution/modification of our services. We therefore invite you to periodically check the contents of our information: where possible, we will try to promptly inform you of the changes made and their consequence