Macaron de Lancel
Personal Data Processing Policy
pursuant to European Regulation 2016/679 of the European Parliament and Council of 27 April 2016,
concerning the protection of natural persons with regard to personal data processing (in short “GDPR”)
Piquadro S.p.A (hereinafter referred to as "PQ"), Parent Company of the "Piquadro Group", together with The Bridge S.p.A. (hereinafter referred to as "TB") and Lancel Sogedi S.A. (hereinafter referred to as "LC"), as Joint Data Controllers, consider the privacy and protection of personal data fundamental and invite their users and customers to carefully read this Policy which contains important information on Data Processing (in short , "Information").
The logical and physical security of the data and, in general, the confidentiality of the personal data processed will be safeguarded by taking all technical and organizational measures necessary to guarantee their security.
A) Identity and contact information of the joint Controllers
Località Sassuriano, 246
Silla di Gaggio Montano (40041 - Bologna, Italy)
Tax Code and VAT No. 02554531208
The Bridge S.p.A.
registered office in Scandicci (50018 - Florence, Italy),
Via E. Codignola 14/16,
Tax Code and VAT No. 04253320487
Lancel Sogedi S.A.
registered office in 75017, France
48-50 rue Ampere Paris
Ape Code 4772 b - TVA code Fr 20,612,036,376
B) What data we collect and how we collect them
While using the Website and in general the services offered by the Group companies, we may ask you to provide us with certain personal data or personal information that might be used to identify you, for example by e-mail or online form, through the form to subscribe to the Memberships and our Services or through another type of request.
This information may include personal details and contact details, such as your name, surname, address, e-mail address and telephone number, and some information such as gender and profession.
Brief explanatory notes will be provided or appear on the web pages or through appropriate forms for specific optional services.
In the course of normal operation, the websites may acquire some personal data of the user whose transmission is implicit in the use of internet and mobile phones communication protocols.
These data are collected through the use of systems capable of storing text or information files, such as Cookies or SDK (Software Development Kit).
This information may include navigation and functional indications, statistical and technical information, and, if clicked, some information about the user's preferences to improve their browsing or geolocation experience for the identification of the nearest store.
Moreover, you can manage the preferences through the appropriate online section.
Some information is necessary in order to provide the services connected to the Site and to the Group activities, and failure to collect them would make it impossible to provide the aforementioned services or involve the partial operation of the Site. The optional information does not affect the operation of the services and can be freely managed by the user.
The forms expressly indicate the mandatory items (with the symbol * or ü).
Explicit consent will always be required, by specific request, where necessary.
C) Purpose of personal data processing and relevant legal grounds
Your personal data will be processed:
(i) without obligation of consent for the following purposes:
The processing above meets the following legal grounds, respectively:
The granting of data marked on the form with (*) for the purposes described in foregoing section (i) is mandatory and the absence of the data and/or express refusal to processing them shall make it impossible for the Data Controller to execute the contract or execute the pre-contractual measures, fulfil the obligation with possible non-fulfilment and responsibility of the data subject also for sanctions contemplated by the law (e.g. impossible issue of the relevant invoice).
(ii) with your consent (Art. 7, GDPR) for the following purposes:
The granting of data for the purposes explained in foregoing section (ii) is optional, meaning that you may decide to not give your consent, or to revoke it at any time. Automated processes using software that in any case require human decision-making intervention to prevent undesirable consequences for the data subject are used for this processing; they are always and, in any case, limited to receiving communications from the Data Controller.
D) Intragroup data sharing
This policy briefly indicates how the Piquadro Group companies share the information internally, regulated in detail by mutual co-ownership agreements.
Piquadro, as Parent Company, in order to better rule the Group's strategies and implement the company business efficiently and effectively, has decided to aggregate and unify the administrative management and the commercial and marketing management, both with regard to offline and online activities performed through websites and e-commerce platforms.
Therefore, Piquadro receives information from the companies of the Group and shares it with them.
The information collected by each company of the Group is shared and used reciprocally by the other companies, in order to make the services and offers available as well as to provide, improve, understand, personalize, support and market them, including the products and the respective Piquadro/The Bridge/Lancel brands and therefore within the predefined Group purposes referred to in item C.
Further information on the Group and its additional legal entities is available on the website https://www.piquadro.com/it/struttura-del-gruppo.
In the event that the Group is involved in a merger, acquisition, reorganization, or sale of all or some of the assets, the information will be shared with the following entities or new owners as part of the transaction in accordance with applicable laws on data protection.
E) Categories of recipients of personal data
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible:
You can receive the complete and updated list of the Data Processors by sending a written request to the address firstname.lastname@example.org.
F) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to third parties duly appointed Data Processors.
The data transfer abroad to countries not belonging to the European Economic Area (EEA) takes place exclusively in the context of intra-group communications for the purposes indicated above or to contractual partners, in any case in accordance with the provisions contained in Chapter V, articles 45 and 46 GDPR.
Your personal data will not be disclosed.
G) Personal data retention period
Personal data collected for the purposes specified under paragraph (C), section (i) above will be processed and stored for the entire term of the contractual relationship, if any.
The data will be stored for the duration of the applicable ex lege limitation period, i.e. 10 years, starting from the date said relationship ends for any reason or cause.
The personal data collected for the purposes explained under foregoing paragraph (C), section (ii) shall be processed and stored for the time necessary to fulfil said purposes and however for a period no longer than 3 months from the date we receive your consent.
Upon termination of the aforementioned terms of retention, the data will be destroyed, cancelled or made anonymous.
F) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified therein and in particular:
The request can be addressed indifferently to each of the Joint Controllers by simply sending an e-mail to one of the following addresses: email@example.com / firstname.lastname@example.org / email@example.com.
In particular, reference is made to the following measures:
Last update: 31 March 2021