Cipriani Industria s.p.a. with registered office at Losson della Battaglia – Meolo (VE) – Via Capo d’Argine 45, and CIPRIANI USA, INC., a Delaware Corporation, with registered office at 110 East 42nd Street, New York, New York 10017 (the “Company” or “Cipriani”) are the data controllers, which determine the means and purposes of processing the personal data of all users (the “User”) of the website www.cipriani.com (the “Website”).
Personal Data (or Data)
Personal Data means any and all information which, directly or indirectly or jointly to any other information, identify or make a person identifiable.
The Website automatically collects information, including, but not limited to: IP address or domain name of the personal computer used by the User to browse the Website, URI (Uniform Resource Identifier), timing, the method used to connect to the server, dimension of the file requested, code number indicating the status of the request, the country of the User, information on the browser and the operating system of the User, the type of product added to cart and/or purchased, timing of the access to the Website and timing of browsing, details on the itinerary through the Website, with focus on the sequence of the pages viewed, and parameter of the operative system and the IT environment of the User.
Users are any and all persons using the Website which, otherwise defined, is also the Interested Party.
The Interested Party is the person to which refers the collected Personal Data.
Cipriani Industria S.p.A. with registered office at Losson della Battaglia – Meolo (VE) – Via Capo d’Argine 45, C.F. e P. IVA 01836320273.
CIPRIANI USA, INC., a Delaware Corporation, with registered office at 110 East 42nd Street, New York, New York 10017.
The Website www.cipriani.com, through which Users’ Personal Data are collected.
The Service supplied by the Website, as defined under the Website Terms and Conditions.
2. DATA CONTROLLER AND DATA PROCESSOR
Cipriani Industria S.p.A. with registered office at Losson della Battaglia – Meolo (VE), tax code 01836320273 and CIPRIANI USA, INC., a Delaware Corporation, with registered office at 110 East 42nd Street, New York, New York 10017 are Data Controllers. Data Controllers may appoint a Data Processors in order to process Personal Data for the purposes indicated below and a Data Protection Officer or DPO, who will assess the protection of the personal data. Users may contact the Data Controller at any time, sending a question or request regarding their Personal Data by sending an email to this email address: email@example.com.
3. TYPE OF DATA COLLECTED
The Personal Data collected through the Website, directly or through third parties, include but is not limited to: email address, name, surname, date of birth, gender, address for delivery, phone number, cookies. If the User uses social media to register, Cipriani will have access to certain Personal Data (including name, surname, email etc.) included in the User social media account in accordance to the social media terms and conditions of use.
Personal Data may be directly provided by the User or collected automatically during the use of the Website through the Cookies.
If not otherwise indicated, all Personal Data required by the Website are mandatory. If the User refuses to communicate the Personal Data, Cipriani could not be able to provide the Service. In case the Website indicates some Personal Data as optional, the Users may avoid communicating those Personal Data, without any consequence on the availability or function of the Service. The Users may contact the Data Controller, in order to verify which Personal Data are mandatory.
Users represent and warrant that they own the Personal Data and they are referred to the User itself. Users are being liable of such representation and keep the Data Controller harmless from any liability toward third parties.
4. STORAGE OF THE COLLECTED DATA
Data processing methods
Data Controller uses specific security methods in order to guarantee that data processing is compliant to the regulation on the protection of personal data and in order to avoid the access, the unauthorized disclosure, the manipulation or destruction of the Personal Data.
The Personal Data collected on the Website are stored in Italy and are not disclosed, they will not be sold, or transferred to third parties, save if it is provided by the law and except for the transfer of Personal Data to the entities appointed by the Data Controller to perform specific activities and/or, more in general, in their favour if they act as independent Data Controller and/or Data Processor, and the notification and/or disclosure of Personal Data required by the law, or authorities, courts, or other public entities for the aim of defence or State security or prevention, assessment or repression of crime.
As an example, Data Controller may communicate the Interested Party’s Personal Data to:
Employees, staff, suppliers of the Company, for the purpose of their related mansion and/or contractual obligation concerning the relations with the Interested Party;
Legal counsel, administrative and tax counsel that advise the Company in the performance of its activity;
Bank institute for managing proceeds and payments arising from the agreement executed with the Interested Party;
Sub-supplier and sub-contractors involved in activities connected to the execution of the agreement between Users and the Company, in their quality as external Data Processors;
Public entities and/or judicial authorities and/or supervisory bodies, in case of their request, in their quality as independent data controllers; and
IT Service suppliers or cloud systems;
other company of the Cipriani Group.
The complete list of the data processors is available, any time, upon request of the Interested Person to the mail address indicated below.
Storage and transfer
The Personal Data are processed at the Data Controller registered offices.
Personal Data might be transferred out of the UE to be stored in server used by Cipriani or external Data Processors specifically appointed. The transfer of Data is made by Cipriani, subject to execution of standard contractual agreement which shall be compliant to the forms used by the European Commission with server suppliers and/or service suppliers, or upon registration of the external data processor in the “Privacy Shield” system.
The Data are processed and stored for the time required by the specific purpose of the collection, always taking into account the minimization principle and for a period not longer than the time required for the purposes of the collection and processing.
In general, the Data shall be stored until the first date among:
the fifth anniversary from the last use of the Website by the User or from the last interaction of the User with Cipriani;
the fifth anniversary after the User’s account cancellation.
The following categories of data may be stored for a longer time:
financial and accounting data (including invoices, payments, reimbursement etc.) are stored for the time indicated by any tax and accounting law;
all the contents generated by the users (including purchased products, behaviours on the Website) are made anonymous, but are kept available for aggregated analysis.
At the end of the storage period the Personal Data shall be cancelled. Thus, at the end of that term, the right to access, delete, modify and the right of portability of the Data shall no longer be exercised.
5. PURPOSE OF THE COLLECTION OF DATA
Users’ Data are collected for the purpose of providing and optimize the Services and also for:
the identification of the User required to access the Website and access to dedicated products and services, and also in order to properly assist the User;
the completion of the orders and processing the payments;
the handling and delivery of the orders;
the issuance of the invoices related to the orders and the related tax and administrative process;
the customer assistance after the purchase and handling the requests of assistance or support;
the enforcement of rights, including the recovery of credits; (purposes form 1 to 6, “Contractual Purposes”);
fulfilment of the obligation provided by the law, including notices to the competent authorities and supervision bodies and the compliance to the requirements coming from those entities (“Legal Purposes”); and
in case the Interested Party expressed its consent, in order to improve the experience of the Interested Party and satisfy its needs, marketing analysis and commercial communications, development of the marketing activities and better understand users’ needs in order to improve the services (including the user interface) and the selection of products offered (“Legitimate Interest Purposes”).
For any further information related to the collected Personal Data and each purpose, User may contact the Data Controller to this address: firstname.lastname@example.org.
6. NATURE OF THE CONSENT
Collection of Personal Data is mandatory:
for the execution of the agreement with regard to the Contractual Purposes;
for the compliance to law, with regard to the Law Purposes.
The Interested Party is free to provide its data and provide the consent. However, the refusal to provide the Personal Data and the related consent for the Contractual Purposes and the Law Purposes shall prevent the Company from executing the agreement and, if it has already been executed, to complete its execution. Users may deny the consent for Legitimate Interest Purposes.
Users may at any time request to the Data Controller for which purposes the Personal Data are collected and if it is legally grounded, provided by any agreement or necessary to execute the agreement with the User.
7. USERS RIGHTS
Users may enforce certain rights on the Personal Data collected by the Data Controller, including:
the right to revoke any time the consent. Users may revoke the consent previously granted for the collection of their Personal Data at any time.
the right not to be subject to a decision based solely on automatic processing. Users may object to being included in automated decision making or profiling based on their personal data (i.e. when the processing is based on a different legal ground than the consent). More details on the right of object are indicated below.
The right of access. Users have the right to access to information on their Personal Data processed by the Data Collector, on certain aspect of the processing and to obtain copy of the Data.
the right to be informed and to rectification. Users have the right to assess if incorrect data are processed and to revise or make changes to their Data.
The right to restrict processing. Upon certain conditions, Users may limit or restrict the processing of their Data. In such a case the Data Controller shall not process the collected Data but shall keep them for storage only.
The right to cancellation or deletion of Personal Data. Upon certain conditions, Users may request the cancellation or deletion of the Personal Data collected by the data Controller.
The right to data portability. Users have the right to receive their Data in a common used and readable format, ad if technically possible, obtain the portability to a different data controller. This provision applies when the Data are processed by means of automated system and the processing is based on the Users’ consent, on an agreement to which the User is a party, or according to related contractual provision.
The right to claim. Users may claim to the competent authority or start a judicial proceeding, whenever their privacy right are not being upheld.
If the Interested Person intend to exercise the right provided under this article 7, it shall contact the data Controller to the following mail address: email@example.com.
Details on the right to object
When Personal Data are processed for public interest, as execution of public powers of which the Data Controller is vested or for a legitimate interest of the Data Controller, Users have the right to object to the processing of their Data for reasons connected to their special status. Users may ask the Data Controller to stop sending newsletters at any time and with no need to provide any explanation, by following the instruction indicated in the newsletter.
How to exercise Users’ right
In order to exercise their rights, Users may address a request to the Data Controller to the contact details indicated in this document. Requests are processed by the data Controller as soon as possible.
This Website uses Cookie. Cookies are small text content that the Website sends to the Users’ device, where they are registered to be then sent back to the Website upon the following visit to the same Website.
IT Systems and software procedures of the Website register certain personal data which are common to the IP address. Those data are collected and associated to specific subjects, and for their nature may allow the identification of the User. This type of data includes IP address or domain name of personal computers used by the Users to browse the Website, the URI address (Uniform Resource Identifier), timing of the request, the method used to send the request to the server, the file dimension of the reply, the code number indicating the status of the reply form the server (successful, error) and other parameters related to the operative system and to the informatics environment of the User. This kind of data, collected in aggregated way by means of so called “analytic” cookies are used only to obtain statistics and anonymous information on the use of the Website and to control if it works correctly. Those data could be used also if necessary in order to assess any liability for IT crimes which damaged the Website.
The use of the so called “session cookies” (which are temporarily recorded on the Users’ personal computer and are cancelled upon closing) is strictly limited to data aimed to identify the session (casual numbers generated by the server) which are necessary to allow a secure and efficient use of the Website.
MORE INFORMATION ON THE PROCESSING
Users’ Personal Data may be used by the Data Controller in a proceeding or in the preliminary phases of a proceeding regarding the abuse of the Website or of the Services provided to the User.
Users acknowledge of being aware that the Data Controller might be obliged to disclose the Data upon order of a public authority.
For any further information related to the processing of Personal Data contact the Data Controller at this address: firstname.lastname@example.org.