Welcome to the website patriziapepe.com
The Data Controller, pursuant to and in accordance with arts. 4 and 24 of the GDPR, is Tessilform S.p.A. (hereinafter “Tessilform”), with registered office in Via Gobetti 7/9 – 50013 Capalle – Florence - Italy.
Data Protection Officer (DPO)
The DPO appointed by Tessilform can be contacted at email@example.com
The Controller for data processing on this website is Tessilform S.p.A., with registered office in Italy, Via Gobetti 7/9 – 50013 Capalle – Firenze, VAT 01580850970,
Data Protection Officer
The DPO designated by Tessilform S.p.A. can be contacted at the e-mail address firstname.lastname@example.org.
• Browsing data . During their normal functioning, the IT systems and software procedures used for the operation of the website may acquire some data whose transmission is implicit in the use of Internet communication protocols. This category of data may include the IP addresses or domain names of the devices used, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the User’s operating system and IT environment.
• “Contact us” section and other customer support channels . Through the “Contact us” form, via e-mail, telephone, live chat, WhatsApp or other messaging tools made available on the website, the following information may be acquired: name, surname, contact data and any other information Users share with us in their requests. In this case, personal data are processed only for the purpose of providing assistance and support. such as home address, e-mail address, telephone number;
• Signing up for the Newsletter. To sign up for our Newsletter, all that is required is the e-mail address of the User. The system automatically recognizes the language so that the newsletter can be sent in the language used by the User when browsing the website.
• habits and profiles, such as purchasing data (purchasing history, including the points of sale where the purchase was made, type of products purchased), purchasing habits and preferences (wishlist, products preferred categories, sizes of items purchased);
• Registering as a Customer.
• Purchasing and payment data.
• “Order verification”. Customers are asked to provide their order number and the e-mail address used for purchases on a dedicated form, which can then be used by the Customer to check the status of the order once it is placed.
• Purchasing preferences and habits. Both when browsing this website and when visiting our stores, information may be collected regarding Customers’ purchasing preferences and habits. This can be obtained from the Customer’s purchasing history (for example, type, amount and price of products purchased, categories preferred, colors, sizes and materials), or from other information Clients may decide to share with us (for example, profession, education, hobbies and lifestyle).
Instagram: Instagram Data Policy | Instagram Help Center
Sina Weibo: https://weibo.com
• “Virtual Sales Assistant” service. To book a video call with one of our Sales Assistants, Users must provide their information and contact details, such as name, surname, e-mail address and telephone number, through the service made available on our website by Calendly. Once an available slot has been booked, the User will receive an e-mail containing the link to the appointment on Google Meet. Please remember that the personal data acquired will necessarily also be processed by Calendly and Google Meet, as independent data controllers. For further information on the data processing carried out by the aforementioned platforms, please refer to their respective privacy policies:
Google Meet: https://apps.google.com/intl/it/meet/how-it-works/#security
• “WhatsApp for you!” serviceUsers can use this service to receive information, photos and promotions regarding the Patrizia Pepe collections, remaining in contact with us through this quick, simple to use channel. When Users use WhatsApp to contact the telephone numbers of the stores, provided on the website or in loco, they must be aware they are providing their telephone number and the name associated with their WhatsApp profile, as well as any information, including photos and videos, that they decide to share with us. In addition to the opportunity to send specific requests, Users may periodically receive news from us via this channel; they are entitled, at any time, to stop receiving messages, by replying “NO”.
Purposes and legal bases for processing
Data are processed for the following purposes:
• to respond rapidly and effectively to the questions posed by Users through the Contact section or other channels made available to the User; to provide information on goods and services similar to those previously purchased, as well as notifications regarding, for example, stores visited (“soft spam”), provided the User has not opposed such processing; to identify the level of satisfaction with the quality of the services used; for statistical purposes and market analyses.
The legal basis is the legitimate interest of the Data Controller (article 6, letter f), GDPR) in boosting efficiency, providing information on the services offered and in improving and developing new products and services.
• to process and ship orders, manage payments, provide assistance and support to Customers and to guarantee returns and refunds; to allow Users to use particular services offered (registration with the website, “Virtual Sales Assistant” and “WhatsApp for you!” and similar services).
The legal basis is the execution of contractual and pre-contractual measures adopted at the request of the customer (article 6, letter b), GDPR) and the fulfillment of legal obligations of a fiscal, accounting or administrative nature (article 6, letter c), GDPR).
• for marketing purposes, to send news on products, services, promotions and invitations to events organized by the company by e-mail, SMS, telephone, WhatsApp or other communication channels; for profiling purposes, to send personalized notifications - based on the interests, purchasing habits and preferences demonstrated - via the aforementioned channels. The legal basis is the specific consent given by the User, requested separately for the various marketing and profiling purposes (article 6, letter a), GDPR). Users may, at any time, withdraw the consent previously given, or indicate the means of contact they prefer.
• to consider applications for a position of employment in the company.
The legal basis is the execution of pre-contractual measures adopted at the request of the data subject (article 6, letter b), GDPR).The processing of any “special” data is lawful on the basis of the Measure adopted by the Supervisory Authority on 5 June 2019, which supplements and amends General Authorization no. 1/2016.
• to comply with legal obligations binding upon the Data Controller, including the regulations to combat money laundering, and to comply with any requests made by the competent Authorities.
The legal basis is compliance with legal obligations (article 6, letter c), GDPR).
Provision of personal data
The mandatory or optional nature of said provision is specified on a case-by-case basis, for each kind of information requested; mandatory information is indicated with an asterisk (*). Refusal to provide the data indicated as mandatory will make it impossible for the Data Controller to execute the contract or provide the services available. The provision of other data is optional.
Means of processing
Personal data are processed by the Data Controller both on paper and electronically, using in-house staff specifically authorized for the purpose. Adequate security measures are adopted to minimize the risk of deliberate or accidental destruction or loss of data, unauthorized access and processing that is not permitted or not compliant with the purposes of collection.
Data are processed for the time necessary to carry out the service requested by the User, until the purposes for which the data were collected have been achieved. Some data may be retained for longer periods of time, in accordance with obligations regarding procedures of a fiscal, administrative or accounting nature (for example, 10 years, in accordance with art. 2220 of the Italian Civil Code) The data of our registered customers are retained on our systems until cancellation of the pertinent account/file has been requested. For marketing and profiling purposes, the retention period is 36 months from the last useful interaction, or until the Data Controller receives notification of the withdrawal of the consent previously given. Data concerning applications for employment with us are retained for a maximum of 24 months. Once the purposes of processing contemplated have been achieved or have expired, the personal data will be deleted or anonymized permanently.
Communication of personal data
Users’ personal data will not be disclosed to unspecified subjects; they may, however, be shared with our subsidiaries, affiliates and business partners, including those located abroad and acting under our management and control as data processors. This is to allow Customers to use the same services in all of our stores. The aforementioned subjects will process personal data only in relation to the functions entrusted to them. Data may also be disclosed to external suppliers, individual and legal persons that provide the Data Controller with outsourcing services of a technical and organizational nature, such as IT services, communication services, e-mail marketing services, logistics services, etc. These subjects will act as data controllers, joint data controllers or data processors, duly appointed, in full compliance with the regulations in force indicated above; they will be provided only with the information required to carry out the functions entrusted to them. As part of marketing campaigns, we will be able to take advantage of the features provided by digital platforms (e.g., Meta), which will simply process the data on our behalf while guaranteeing its confidentiality, including by means of special encryption (hashing) systems. The complete and up-to-date list of data processors and parties involved in various capacities is available upon request. Please remember that data may be made available to subjects entitled to access them by virtue of legal, regulatory or European measures, within the limits of and for the purposes contemplated by said regulations, as well as banks, credit institutions, credit recovery companies and insurance agencies.
Any transfer of personal data to non-EU countries that may be necessary to execute the contract in existence with the User, or to guarantee the services offered (for example in the case of suppliers headquartered in third countries), is carried out in compliance with arts. 44 et seq. of the GDPR, using dedicated tools to guarantee adequate protection of data.
Rights of the Data Subject
Pursuant to arts. 15 et seq. of EU Regulation no. 679/2016, the User may, at any time, exercise the following rights:
• to obtain confirmation as to whether or not personal data concerning him or her are being processed, and access to the personal data;
• to obtain indications regarding the origin of data, the purposes of processing, the categories of personal data, the recipients or the categories of recipients to whom the personal data have been or will be transmitted and the period of retention provided for, or the criteria used to determine said period;
• to request the rectification, restriction of processing or deletion of data, provided that deletion is compatible with the legal and fiscal obligations of retention by which the Data Controller must abide;
• to object to processing;
• to request data portability, where possible;
• to withdraw consent, without prejudice to the lawfulness of processing carried out based on the consent given prior to withdrawal;
• to file a claim with the data protection supervisory authority.
These rights, except for letter g), may be exercised by sending a request to email@example.com If the data subject believes there has been a breach of the regulations governing personal data protection, they may contact the Data Protection Officer (DPO) at firstname.lastname@example.org.
Updates and amendments
This document was updated on 29/03/2021.