Free standard shipping on new collection.

Virtual Sales Assistant: Book your appointment.

Thanks for checking Patrizia Pepe, we hope our customer service can make your shopping a little more enjoyable today.

Privacy Policy

< Welcome to the website patriziapepe.com
This privacy policy describes - pursuant to and in accordance with art. 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, hereinafter “GDPR”) - the ways in which the Data Controller processes the personal data collected or provided by Users, both while browsing this website, regardless of whether products are purchased, and during visits to our stores. This document is an integration to any information on the processing of personal data provided to our Users during the various occasions on which we interact. The processing of personal data is based on observance of the principles of lawfulness, transparency and protection of the privacy and rights of the data subject, always in compliance with the national and European regulations currently in force.

Data Controller
The Data Controller, pursuant to and in accordance with arts. 4 and 24 of the GDPR, is Tessilform S.p.A. (hereinafter “Tessilform”), with registered office in Via Gobetti 7/9 – 50013 Capalle – Florence - Italy.
e-mail: privacy@patriziapepe.it

 
Data Protection Officer (DPO)
The DPO appointed by Tessilform can be contacted at dpo@patriziapepe.it

Data Controller 
The Controller for data processing on this website is Tessilform S.p.A., with registered office in Italy, Via Gobetti 7/9 – 50013 Capalle – Firenze, VAT 01580850970,
e-mail:privacy@patriziapepe.it.
 

Data Protection Officer
The DPO designated by Tessilform S.p.A. can be contacted at the e-mail address dpo@patriziapepe.it.

Origin and type of data collected

•    Browsing data . During their normal functioning, the IT systems and software procedures used for the operation of the website may acquire some data whose transmission is implicit in the use of Internet communication protocols. This category of data may include the IP addresses or domain names of the devices used, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the User’s operating system and IT environment.
•    “Contact us” section and other customer support channels . Through the “Contact us” form, via e-mail, telephone, live chat, WhatsApp or other messaging tools made available on the website, the following information may be acquired: name, surname, contact data and any other information Users share with us in their requests. In this case, personal data are processed only for the purpose of providing assistance and support. such as home address, e-mail address, telephone number;
•     Signing up for the Newsletter. To sign up for our Newsletter, all that is required is the e-mail address of the User. The system automatically recognizes the language so that the newsletter can be sent in the language used by the User when browsing the website.
•    habits and profiles, such as purchasing data (purchasing history, including the points of sale where the purchase was made, type of products purchased), purchasing habits and preferences (wishlist, products preferred categories, sizes of items purchased); 
•    Registering as a Customer.

  1. “Log in” and “Create Account” section. For the purpose of registering with the website, Users use the dedicated form to provide their name, surname, e-mail address and telephone number. Please remember that the operations performed by Users logged onto the website – for example, products saved or purchases made - are memorized in order to make it quicker to use the services connected with website registration. Users must keep their log-in credentials private and confidential. The Data Controller may not be held liable for any loss of confidentiality of log-in credentials due to the conduct of the User.
  2. Customer Card. Users may also register as customers by filling out the Customer Card form, available in our stores. We will ask for identification and contact data, as well as other optional personal information that will help us learn more about our customers. Customers will be asked to complete the Customer Card form in full, ticking Yes or No for the consent requests, and dating and signing the form at the bottom. It may not be possible to complete registration if the form is filled in incorrectly or incompletely. We will record the store where Users register, and each time they use the website as a registered customer, we will memorize their purchases and the stores they frequent. Please note that the data collected via the Customer Card form may be used not only for marketing and profiling purchases (if the Customer has given their specific consent), but also for other purposes included under the basis of the legitimate interest of the Data Controller (for example, sending of communications regarding services used, stores frequented and level of satisfaction, or for statistical or market analyses), provided the Data Subject does not oppose processing. For further information, see the paragraph below entitled “Purposes and legal bases of processing”.

•    Purchasing and payment data.

  1. "Checkout” section.When our products are ordered and purchased, also by Guest Users, there is a dedicated form that collects identification and contact data, as well as data regarding shipping, the means of payment selected and invoicing;
  2. In-store purchasesWhen customers purchase products in our stores, we process personal data regarding the payment tools used and invoicing, as well as information regarding the sale, returns and refunds. If required for tax reasons or by the anti-money-laundering regulations, ID may be requested.

•    “Order verification”. Customers are asked to provide their order number and the e-mail address used for purchases on a dedicated form, which can then be used by the Customer to check the status of the order once it is placed.
•    Purchasing preferences and habits. Both when browsing this website and when visiting our stores, information may be collected regarding Customers’ purchasing preferences and habits. This can be obtained from the Customer’s purchasing history (for example, type, amount and price of products purchased, categories preferred, colors, sizes and materials), or from other information Clients may decide to share with us (for example, profession, education, hobbies and lifestyle).
•    Data collected via social networks.Through the social networks, we process the images and personal information Users decide to share with us on our social media pages. This privacy policy refers only to the website patriziapepe.com, and not to other websites and social media platforms that may be reached by links and social media buttons present on the website with the icons of the main social networks. For further information on the data processing carried out by these external subjects, please refer to their respective privacy policies.

Facebook:https://facebook.com/about/privacy
Instagram: Instagram Data Policy | Instagram Help Center
YouTube: Privacy Policy - Privacy and Terms of Service - Google
LinkedIn: https://privacy.linkedin.com/it-it?lr=1
Sina Weibo: https://weibo.com
WeChat: https://www.wechat.com/it/privacy_policy.html

•    “Virtual Sales Assistant” service. To book a video call with one of our Sales Assistants, Users must provide their information and contact details, such as name, surname, e-mail address and telephone number, through the service made available on our website by Calendly. Once an available slot has been booked, the User will receive an e-mail containing the link to the appointment on Google Meet. Please remember that the personal data acquired will necessarily also be processed by Calendly and Google Meet, as independent data controllers. For further information on the data processing carried out by the aforementioned platforms, please refer to their respective privacy policies:
Calendly: https://calendly.com/pages/privacy
Google Meet: https://apps.google.com/intl/it/meet/how-it-works/#security

•    “WhatsApp for you!” serviceUsers can use this service to receive information, photos and promotions regarding the Patrizia Pepe collections, remaining in contact with us through this quick, simple to use channel. When Users use WhatsApp to contact the telephone numbers of the stores, provided on the website or in loco, they must be aware they are providing their telephone number and the name associated with their WhatsApp profile, as well as any information, including photos and videos, that they decide to share with us. In addition to the opportunity to send specific requests, Users may periodically receive news from us via this channel; they are entitled, at any time, to stop receiving messages, by replying “NO”.
For further information on the data processing methods used by the WhatsApp platform, please refer to the pertinent privacy policy https://www.whatsapp.com/privacy/

•    “Work with us - Careers” section. When Users send an application for employment, using the dedicated form, their identification and contact data are collected, as well as any other personal information, including information of a special nature, contained in the CV or cover letter uploaded. The complete privacy policy can be consulted on the dedicated page of the website.

Purposes and legal bases for processing
Data are processed for the following purposes:

•    to respond rapidly and effectively to the questions posed by Users through the Contact section or other channels made available to the User; to provide information on goods and services similar to those previously purchased, as well as notifications regarding, for example, stores visited (“soft spam”), provided the User has not opposed such processing; to identify the level of satisfaction with the quality of the services used; for statistical purposes and market analyses.

The legal basis is the legitimate interest of the Data Controller (article 6, letter f), GDPR) in boosting efficiency, providing information on the services offered and in improving and developing new products and services.

•    to process and ship orders, manage payments, provide assistance and support to Customers and to guarantee returns and refunds; to allow Users to use particular services offered (registration with the website, “Virtual Sales Assistant” and “WhatsApp for you!” and similar services).

The legal basis is the execution of contractual and pre-contractual measures adopted at the request of the customer (article 6, letter b), GDPR) and the fulfillment of legal obligations of a fiscal, accounting or administrative nature (article 6, letter c), GDPR).

•    for marketing purposes, to send news on products, services, promotions and invitations to events organized by the company by e-mail, SMS, telephone, WhatsApp or other communication channels; for profiling purposes, to send personalized notifications - based on the interests, purchasing habits and preferences demonstrated - via the aforementioned channels. The legal basis is the specific consent given by the User, requested separately for the various marketing and profiling purposes (article 6, letter a), GDPR). Users may, at any time, withdraw the consent previously given, or indicate the means of contact they prefer.

•    to consider applications for a position of employment in the company.
The legal basis is the execution of pre-contractual measures adopted at the request of the data subject (article 6, letter b), GDPR).The processing of any “special” data is lawful on the basis of the Measure adopted by the Supervisory Authority on 5 June 2019, which supplements and amends General Authorization no. 1/2016.

•    to comply with legal obligations binding upon the Data Controller, including the regulations to combat money laundering, and to comply with any requests made by the competent Authorities.
The legal basis is compliance with legal obligations (article 6, letter c), GDPR).

Provision of personal data
The mandatory or optional nature of said provision is specified on a case-by-case basis, for each kind of information requested; mandatory information is indicated with an asterisk (*). Refusal to provide the data indicated as mandatory will make it impossible for the Data Controller to execute the contract or provide the services available. The provision of other data is optional.

Means of processing
Personal data are processed by the Data Controller both on paper and electronically, using in-house staff specifically authorized for the purpose. Adequate security measures are adopted to minimize the risk of deliberate or accidental destruction or loss of data, unauthorized access and processing that is not permitted or not compliant with the purposes of collection.

Data retention
Data are processed for the time necessary to carry out the service requested by the User, until the purposes for which the data were collected have been achieved. Some data may be retained for longer periods of time, in accordance with obligations regarding procedures of a fiscal, administrative or accounting nature (for example, 10 years, in accordance with art. 2220 of the Italian Civil Code) The data of our registered customers are retained on our systems until cancellation of the pertinent account/file has been requested. For marketing and profiling purposes, the retention period is 36 months from the last useful interaction, or until the Data Controller receives notification of the withdrawal of the consent previously given. Data concerning applications for employment with us are retained for a maximum of 24 months. Once the purposes of processing contemplated have been achieved or have expired, the personal data will be deleted or anonymized permanently.

Communication of personal data
Users’ personal data will not be disclosed to unspecified subjects; they may, however, be shared with our subsidiaries, affiliates and business partners, including those located abroad and acting under our management and control as data processors. This is to allow Customers to use the same services in all of our stores. The aforementioned subjects will process personal data only in relation to the functions entrusted to them. Data may also be disclosed to external suppliers, individual and legal persons that provide the Data Controller with outsourcing services of a technical and organizational nature, such as IT services, communication services, e-mail marketing services, logistics services, etc. These subjects will act as data controllers, joint data controllers or data processors, duly appointed, in full compliance with the regulations in force indicated above; they will be provided only with the information required to carry out the functions entrusted to them. A complete, updated list of data processors can be provided on request. Please remember that data may be made available to subjects entitled to access them by virtue of legal, regulatory or European measures, within the limits of and for the purposes contemplated by said regulations, as well as banks, credit institutions, credit recovery companies and insurance agencies.

Data transfer
Any transfer of personal data to non-EU countries that may be necessary to execute the contract in existence with the User, or to guarantee the services offered (for example in the case of suppliers headquartered in third countries), is carried out in compliance with arts. 44 et seq. of the GDPR, using dedicated tools to guarantee adequate protection of data.

Rights of the Data Subject
Pursuant to arts. 15 et seq. of EU Regulation no. 679/2016, the User may, at any time, exercise the following rights:

•    to obtain confirmation as to whether or not personal data concerning him or her are being processed, and access to the personal data;

•    to obtain indications regarding the origin of data, the purposes of processing, the categories of personal data, the recipients or the categories of recipients to whom the personal data have been or will be transmitted and the period of retention provided for, or the criteria used to determine said period;

•    to request the rectification, restriction of processing or deletion of data, provided that deletion is compatible with the legal and fiscal obligations of retention by which the Data Controller must abide;

•    to object to processing;

•    to request data portability, where possible;

•    to withdraw consent, without prejudice to the lawfulness of processing carried out based on the consent given prior to withdrawal;

•    to file a claim with the data protection supervisory authority.
These rights, except for letter g), may be exercised by sending a request to privacy@patriziapepe.it If the data subject believes there has been a breach of the regulations governing personal data protection, they may contact the Data Protection Officer (DPO) at dpo@patriziapepe.it.

Updates and amendments
In the future, the Data Controller may amend or simply update all or part of the Privacy Policy of the website, also in view of amendments to the laws or regulations that govern this matter and protect the rights of the data subject. Amendments and updates to the Privacy Policy shall become binding as soon as they are published on the website. We therefore invite users to view this section regularly to verify the most recent, up-to-date version of the Privacy Policy.
This document was updated on 29/03/2021.

May we help?

To offer you a better experience, this site uses profiling cookies, even from third parties. By continuing to browse our site you accept our cookie policy. Find out more