Twinset S.p.A., a sole shareholder company (hereinafter “Twinset” or “Company”), considers your privacy and the security of your personal data to be of paramount importance and consequently they are collected and processed with the utmost care and attention, adopting specific technical and structural measures to guarantee complete security of the data processing. In compliance with art. 13 of Regulation (EU) 2016/679 (“Regulation”) and of Italian Legislative Decree 196/2003 (Italian Privacy Code), as recently amended by Italian Legislative Decree 101/2018 (“Privacy Legislation”), we hereby inform you that your data will be processed in line with appropriate procedures that ensure the security and confidentiality of the data, using paper and/or electronic media, in accordance with that set out in this Policy.
Personal data : means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Processing : means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special categories of personal data : refer to personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Data controller: means the natural or legal person, or the public authority, agency, or other body that, either individually or together with others, determines the purpose for which and the means by which personal data are processed.
Processor : means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.
In accordance with and pursuant to the Privacy Legislation, your personal data will be processed by Twinset in its capacity as the Data Controller, who may contacted for any matter related to the processing of your personal data at the following addresses:
Twinset only processes personal data from users such as: IP address, identifying particulars (name, surname, email address) provided while browsing and when making purchases on the website. These data are required by the Data Controller in order to manage the website and its e-commerce, as well as to provide you with any information requested. Special category personal data pertaining to you will not be processed.
Your personal data, once collected, will be processed for the following purposes:
A - Marketing (newsletters, sending promotional and advertising materials regarding news, initiatives and offers in relation to Twinset's products or services and/or for market research). In order to process personal data for these purposes, the specific consent of the data subject is required.
B - Profiling: i.e. the compilation of User profiles by Twinset, on the basis of analyses of Users' habits and purchasing choices, with a view to improving the company's commercial offering and services. In order to process personal data for this purpose, the specific consent of the data subject is required.
C - Administration, accounting and managing online orders placed on the institutional websites and/or in the sales outlets and/or for the provision of warranties for the products or services purchased. The legal basis for the data processing is provided by the contract entered into by the Parties and the obligations imposed by law.
The provision of your Processor:data is:
The data may be collected, recorded, stored and processed using both paper and electronic means. The data will be collected, processed, shared and stored for the period strictly necessary to achieve the purposes described. With regard to profiling, the data may be processed using electronic systems, which may also be automated, in order to create your profile. Based on the information collected, Twinset may send you commercial information regarding discounts and promotions in line with your preferences. The data collected will be securely stored at Twinset. The data may be shared with subsidiaries, parent companies, affiliates or other bodies that are in any case associated with the Company. The data will be shared within the limits strictly necessary in order to fulfil the obligations, perform the tasks and achieve the purposes described. Under no circumstances may the data be disseminated. Your personal data will be processed by Twinset systems and personnel specifically authorised in accordance with art. 4, paragraph 10 of the EU Regulation and appointed in accordance with art. 2 quaterdecies of Italian Legislative Decree 196/2003. Said personnel process the data as specifically instructed by the Data Controller.
The Data Controller may make use of third parties in order to perform certain activities which may entail the processing of your personal data, appointing them as Data Processors in accordance with art. 28 GDPR and providing them with specific instructions. Said parties may pertain to the following categories: financial operators; internet providers; IT services firms, consultancy firms. A detailed, up-to-date list of said parties is available at the office of the Data Controller and may be consulted upon the request of the data subject. Your data may be transmitted to the police and administrative authorities, in compliance with the law, in order to pursue criminal investigations, to prevent any threat to public safety, and to allow Twinset to exercise or protect its own rights or those of third parties before the competent authorities, as well as for other reasons related to the protection of the rights and freedoms of others, in compliance with that established also by art. 2-sexies of Italian Legislative Decree 101/2018.
Some of the parties referred to in paragraph 6 may be located in countries that are not part of the European Union but which nonetheless have an adequate level of data protection, as established by the European Commission through the issuance of a so-called “adequacy decision”.
Your personal data will be transferred to persons resident or located in countries outside of the European Union which do not ensure an adequate level of protection only with your consent or subject to the conclusion between Twinset and said persons of specific agreements containing appropriate clauses to guarantee the protection of your personal data (so-called “standard contract clauses”), which must also be approved by the European Commission, or if the transfer is necessary in order to conclude and execute a contract between you and Twinset or in order to manage your requests.
Your data will be retained for a limited period of time, for the purposes indicated in paragraph 4, and in any case for a period not exceeding:
You may exercise your rights at any time in relation to the specific processing of your personal data by Twinset by sending a specific request to the addresses indicated in paragraph 3.
Further information on the rights of data subjects may be obtained from the Data Controller by requesting a copy of the unabridged extract of the articles referred to above. Without prejudice to the above, we would like to remind you that the aforementioned rights may be exercised by whosoever has a personal interest, or who acts on your behalf, in the capacity as your representative, or for justifiable reasons of family protection, pursuant to art. 2-terdecies of Italian Legislative Decree 101/2018.
Twinset has adopted appropriate security measures to protect the confidentiality, integrity, completeness and availability of the personal data of the data subject. Technical, logistical and organisational measures have been put in place in order to prevent any loss, including accidental, alteration, or improper or unauthorised use of the data processed, or any damage to the same.
We regularly test and assess the effectiveness of the security measures in order to ensure the continuous improvement of the security of the data processing.
It is recommended therefore that you check the content of this policy from time to time. Where possible, we will seek to promptly inform you of any changes made and the relative consequences. In any case, in the event of any change to the purposes of the processing, we will ask you to renew your consent.