(EFFECTIVE AS 09.04.2020)
The lespiecesuniques.com website (hereinafter “Website”) is managed by MDM Occhiali S.r.l., in its quality of Data Controller (hereinafter “MDM”) in the processing of the personal data outlined herein.
This policy illustrates how MDM, directly or through its subsidiaries, processes personal data information of the users of the Website (hereinafter, “user”, “users” or “you”) according to art. 13 of the Italian Legislative Decree no. 196/2003 (hereinafter “Italian Privacy Code”) and art. 13 of the EU General Data Protection Regulation 2016/679 (hereinafter, the “GDPR”) and how this information is used, shared and how may be accessed, changed or deleted. As proof of its commitment towards privacy, MDM has defined this policy within the wider scope of a global management model on privacy, to ensure total compliance with privacy as the foundation of MDM’s company culture. All personal information supplied by you through this Website is used exclusively for the objectives described below.
2. SOURCE AND TYPE OF PERSONAL INFORMATION
MDM processes different types of information on the user collected from different sources, such as:
- information provided directly by the user;
- information obtained from automatic tracking systems when using the Website and its services.
More specifically, MDM may process the following identification personal data of the user:
a) Information provided by the user during the registration process or when completing the order (e.g. name and surname; e-mail address; password; gender; country (nation); postal address and phone numbers for deliveries, credit card and financial information and, with your prior consent, in case of purchase of prescription glasses through the site the health data contained in the prescription to be provided prior to the purchase (hereinafter the “Prescription Information”) and other information contained in any correspondence or requests sent by the user. MDM may also ask the user to provide some information if problems with our service on the Website are reported;
b) Information relating to the user’s social network profile, if public and if MDM allows the user to log in to the Website through social network applications or to link his/her MDM account to the user’s public profiles available on social networks, and share his/her actions through the Website on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.), some data published by the user on his/her social network will be collected by the Website and processed for the corresponding functions. The use of the said plug-in entails sharing the corresponding actions and information on the related social networks;
c) Information relating to the use of the Website by the user. For security purposes we process the log files related to each session when the user logins into his/her account, as well as information on payment transactions that will be processed through our provider;
d) Navigation information. When the user surfs the Website, MDM uses some technologies (cookies, see below for more information) that automatically collect certain items of information relating to the way in which the user uses our products and services, such as the IP address or other unique code of the device (computer, mobile or other devices) employed by the user to browse the Website, identification as registered user or not, technical information that may include the URL from where a user originates, browser information, language. This information helps us to continuously improve the browsing experience and the mechanisms of purchase of our products and services, and to monitor the correct operations of the Website. This information only includes statistical data relating to the actions performed by the user, and is not intended to be associated with the user’s identifying data. However, Navigation data may identify you, only when matched with your identification personal information;
e) Image provided by the user (both registered and unregistered users), if he/she takes part in a Virtual Try-On experience and he/she authorizes the storage of his/her image in MDM’s servers.
All the identification data abovementioned are hereinafter jointly defined “information”.
3. PURPOSES OF THE PROCESSING
- 3.1 Contractual purposes
Save for the Prescription Information, the information collected by MDM are used for the following contractual purposes without prior users’ consent according to art. 24 Italian Privacy Code and art. 6 GDPR:
- to allow users’ to register to the Website;
- to provide the services available through the Website (e.g. management of the registration process and access to the account, account management);
- to take part to a Virtual Try-On experience and to register, upon users’ request, his/her image in MDM’s servers;
- to manage online orders, to supply products and services, to process payments and e-payments, to transmit orders, products, services;
- for the technical management of the Website and its operational functions (including logistics), including solving any technical problems, statistical analysis, tests and research;
- to prevent or uncover fraudulent activities or misuse that is damaging to our website or threatening the security of the transactions;
- to comply with the requirements of the laws, regulations, protocols and national and EU legislation;
- for the implementation of decisions of public Authorities;
- to protect the safety of an individual;
- for MDM’s defence in court, for example, in case of violations by the web-users, or in order to protect the rights and the property of MDM;
- to fulfil the user’s requests (e.g. management of requests for information);
- to send to users operational communications related to the supply of the service or products, sales and after sales assistance.
In relation to the Prescription Information, this can be processed by MDM only with the user’s prior consent pursuant to Article 26 of the Italian Privacy Code and Article 9 of the GDPR and will be used only for the purposes of performing the contract of purchase of prescription glasses bought by the users through the Website.
- 3.2 Marketing purposes
The information collected by MDM are used, with the exclusion of Prescription Information, for the following marketing purposes with users’ prior consent according to Article 23 Italian Privacy Code and art. 7 GDPR:
- to participate in and manage promotions and contests as available from time to time on the Website, if any;
- to send commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to MDM’s products, services, initiatives and events;
- for the purpose of conducting, by post, telephone or e-mail, statistical analyses, surveys and market research relating to MDM’s products and services.
Furthermore, according to art. 130, c. 4 of the Italian Privacy Code, if the user is already our customer, MDM may send him/her commercial emails on similar products, events, fairs and services already provided by MDM. The users may opt out at any time by following the instructions available in every communication.
4. PROCESSING MODALITIES
The processing of users’ information is made only within the limits necessary to pursue the purposes outlined above and is carried out by means of operations indicated in Article 4 Italian Privacy Code and 4 GDPR and namely: collection, registration, organisation, storage, consulting, processing, modification, selection, extraction, comparison, use, interconnection, access and communication, blocking, erasure and destruction of the data. Users’ data is processed electronically and manually through the Website and the servers in which it is stored.
5. CATEGORIES OF PERSONS WHO CAN ACCESS INFORMATION
Any personal information given or collected by connecting to the Website will be processed by MDM as Data Controller. Personal information will be processed by the MDM staff deputed to the processing of the personal information being collected:
- employees and consultants authorised to manage the Website and supply the related services (e.g. customer services, management of MDM Computer Systems, management of IT sytems, storage of images in case the users take part in the Virtual Try-On experience, etc.), in their quality of persons in charge of the processing and/or systems administrators and/or internal data processors;
- with the exclusion of Prescription Information, employees and consultants in the marketing, finance, administration, accounting and other relevant department of MDM, in their quality of persons in charge of the processing and/or internal data processors.
- suppliers of services to manage the Computer Systems and the Website (e.g. hosting providers, market and analyst service providers, database management and maintenance services);
- suppliers of online payment services, who may access; credit card information and other user’s financial information;
- suppliers of order entry related services, shipping of products and/or other services available through this Website;
Finally, Information may be accessed by the companies of MDM group, in their quality of external data processors, for management of intra-group services (e.g. commercial communications) and the fulfillment of the contractual purposes set forth above, including dispatching the products, managing any claim, analysing data, supplying marketing assistance. In carrying out the activities provided by the subjects above, MDM gives operating instructions.
6. THIRD PARTIES TO WHICH INFORMATION CAN BE COMMUNICATED
In addition, user’s information may be communicated to third parties for the following reasons:
- to permit to third companies a merger, acquisition or sale of all or part of MDM’s assets;
- to fulfill the obligation provided by the law, regulations, protocols and national and EU legislation;
- to implement laws required by public Authorities;
- to allow MDM’s defence in court, for example, in case of violations by the web-users.
The said parties shall process the information in their quality of autonomous data controllers.
7. DATA TRANSFER OUTSIDE THE EU
8. NATURE OF PROVIDING PERSONAL INFORMATION AND THE CONSEQUENCES OF THE REFUSAL
In relation to the Prescription Information, this can be processed for contractual purposes necessary to perform the purchase of prescription glasses through the Website, only with the free consent from the relevant users. However, if users deny their consent to , it will not be possible for them to purchase through the Website prescription glasses. Providing information for the marketing purposes is voluntary and optional. Users’ may freely decide not to provide information for the marketing purposes, as well as they may subsequently revoke their consent to process information already provided: in this case users’ information will not be processed for the marketing purposes listed at section 3.2.
MDM undertakes to protect users’ information. MDM advises that the password is one of the protection mechanisms of the account, therefore users are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on their own computers and browsers, disconnecting it after having visited the site. MDM undertakes to protect the information received from users. All personal information supplied is kept on secure servers and within its internal systems. MDM uses adequate safety measures to protect information from non-authorised access or non-authorised changes, and from the circulation or distribution of data. To prevent non-authorised access, to maintain the accuracy of the data and guarantee the proper use of information, MDM uses adequate physical, electronic and managerial procedures to safeguard and protect the information and data stored in our system. Information on purchase transactions (e.g. credit card number) is handled securely through selected suppliers that guarantee that they have adopted the most adequate security measures. Furthermore, a secure system for authorising credit card payments and identifying fraudulent activities is used. MDM uses the standard SSL (Secure Sockets Layer) to protect the confidentiality of your personal information. Although no computer system is completely secure, MDM believes that the measures it has implemented reduce the possibility of security problems to an appropriate level for the type of data involved.
- the purposes for which they were collected;
- the consent received from the user;
- applicable privacy regulations
Personal information is kept and deleted in accordance with MDM security policy for the time necessary to achieve the purposes for which data were collected and further processed, including any retention period required under the applicable legislation (e.g. retention of accounting documentation). MDM will process users’ information for contractual purposes (section 3.1 a-d) for 10 years after the termination of the contract, but Prescription Information will be held for 10 years from the date of the purchase of the prescription glasses the Website when the Prescription Information was provided; for Virtual Try-On experience (section 3.1. e) for 14 days from the storage of the image, in case of unregistered user, or for a maximum of 24 months from the storage of the image in case of registered users; for 24 months for marketing purposes from the collection of the said information. Users’ information is processed at the premises of MDM and in the places where the servers are located. In case of EU citizens, the servers are based in EU, while of the other users servers are based in their relevant country of residence. For further information, contact MDM to the details below.
To improve browsing on the Website, MDM uses “cookies”. A cookie is a small file, generally made up of letters and numbers, which is downloaded onto a computer when the user logs onto specific websites. Cookies permit a website to recognize the user’s computer, to trace its browsing through several pages of a website and to identify those users who return to a website. Cookies do not contain information that personally identifies the user, but the personal information that MDM records on the user may be linked to information retained in the cookies and taken from them.
Cookies can be technical, analytics and profiling:
a) Technical cookies are used to carry out and to facilitate your browsing, to provide you and to allow you to use the services of the Website. The Cookies allow you, during a second access, for example, not having to re-enter data such as the username for the login.
b) Analytic cookies are used to analyze and to monitor the way you use the Website (e.g. number of accesses and page viewed), in order to enable us to make constructive amendments to the Website in the functioning and browsing.
c) Profiling cookies are used to track your browsing on the Website and to create profiles about your tastes, habits, choices, etc. These cookies can be used to send you advertising messages in line with the preferences that you have already shown in the online browsing.
- 10.1 Use of proprietary technical cookies
The Website uses the following technical proprietary cookies.
This cookie is created on the first request processed by WebSphere Commerce runtime
This cookie contains the value of the store ID of the session. This value is used to select the store to execute the command, if one is not specified on the URL.
This is a user session cookie that flows between the browser and server over either SSL or non-SSL connection. It is used for user identification over non-SSL connections. It contains user session values such as login timeout, session identifier, etc.
This cookie only exists if it is a generic user (-1002) session. This cookie stores the session values such as storied, langid, contracts, etc.
WebSphere Commerce uses a secure authentication cookie to manage authentication data. An authentication cookie flows only over SSL, and has a timestamped signature for increased security. This cookie is used to authenticate the user over SSL-connections.
This cookie is used to persist user ID, language ID, and currency for each store ID visited in the session. Multiple sets of identifiers can exist if the user visits more than one store.
- 10.2 Third party analytical cookies
MDM utilizza i seguenti cookie analitici:
a) Google Analytics
This Website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on users’ computer and enable an analysis of their usage of the Website. The information about the use of this Website generated by the cookie is generally transferred to a Google server in the USA and stored there. If IP anonymization is activated on this Website, then users’ IP address will first be shortened by Google, however, within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transmitted to a Google server in the USA and shortened there. Google uses this information on behalf of the operator of this Website to evaluate users’ Website usage, to compile reports on the Website activities, and to provide additional services connected with the Website and Internet usage to the Website operator. The IP address transmitted from users’ browser as part of Google Analytics will not be combined with other Google data. Users’ can authorize the use of Google analytics cookies, continuing the browsing on the website after having read the banner on the site. However, users’ can prevent the storage of cookies by a corresponding setting of the browser software, however, in this case, users’ may not be able to fully use all of the functions of this Website. Users’ can also prevent Google from recording the data generated by the cookie and those referring to users’ usage of the Website (including IP address) and from processing these data by downloading and installing the browser plug-in provided under the following link http://tools.google.com/dlpage/gaoptout?hl=itde.
Users can prevent data-recording by Google Analytics by clicking the following link. An Opt-Out-Cookie is set which prevents the future recording of your data when you visit this website. Then click here: Deactivate Google Analytics
More detailed information on the conditions of use and data protection can be found at http://www.google.com/analytics/terms/it.html or at https://www.google.de/intl/it/policies/.
MDM points out that Google Analytics was expanded on this Website to include the code “anonymizeIp” to ensure anonymized recording of IP addresses (referred to as IP-Masking).
b) Adobe Analytics
This Website uses Adobe Analytics, a web analysis service of Adobe. (“Adobe”).
The information about the use of this Website generated by the cookie is generally transferred to an Adobe server in the USA and stored there.
More detailed information on the conditions of use and data protection can be found at https://www.adobe.com/privacy/optout.html#4
c) MobileApp Tracking This Website uses MobileApp Tracking, a web analysis service of Tune Inc. (“Tune”).
The information about the use of this Website generated by the cookie is generally transferred to a Tune server in the USA and stored there.
d) Google Maps
MDM receives no information on the content of the data transmitted and its usage by Google.
For this reason, please refer to the Google data-protection clarification for further information: http://www.google.it/intl/it/policies/privacy/
- 10.3 Social media plug-ins
Most specifically, the Website uses:
This Website uses the so-called “G +1” button of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). The button can be recognized by the “G+1” symbol. If users are registered with Google Plus, they can use the “G +1” button to express their interest in the Website and to share its contents on Google Plus. In this case, Google stores both the information which users have given a “G +1” for one of the Website’s contents, and also information on the site which users viewed while doing so. Users’ “G +1” may be displayed with the name (and possibly a photo if available) on Google Plus in additional Google services, such as Google search or users’ Google profile.
Please refer to Google’s data-protection information for the purpose and scope of the data recording and the further processing and usage of the data by Google and users’ rights and settings options to protect users’ privacy in this regard
MDM has integrated the twitter.com web-message service on the Website. This is provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter offers the so-called “Tweet” function. This can be used to post messages of up to 140 characters in length, also with website links, on the user’s own Twitter account. If users use Twitter’s “Tweet” function on the Websites, the respective website with users’ account will be linked to Twitter and publicly disclosed there. Data are also transmitted to Twitter in this process.
MDM receives no information on the content of the data transmitted and its usage by Twitter. For this reason, please refer to the Twitter data-protection clarification for further information: http://twitter.com/privacy
Twitter offers users the option of defining the own data-protection settings under the following link: http://twitter.com/account/settings.
MDM has integrated the Pinterest service on the Website, provided by Pinterest. MDM receives no information on the content of the data transmitted and its usage by Pinterest. For this reason, please refer to the Pinterest data-protection clarification for further information: https://about.pinterest.com/en/privacy-policy
MDM has integrated the Tumblr service on the Website, provided by Tumblr. MDM receives no information on the content of the data transmitted and its usage by Tumblr. For this reason, please refer to the Tumblr data-protection clarification for further information: http://www.tumblr.com/policy/en/privacy
MDM has integrated the Instagram service on the Website, provided by Instagram. MDM receives no information on the content of the data transmitted and its usage by Instagram. For this reason, please refer to the Instagram data-protection clarification for further information: http://instagram.com/about/legal/privacy/
MDM has integrated the Youtube service on the Website, provided by Google. MDM receives no information on the content of the data transmitted and its usage by Google. For this reason, please refer to the Google data-protection clarification for further information: http://www.google.it/intl/it/policies/privacy/
MDM has integrated the Facebook service on the Website, provided by Facebook, with its likes and widget. MDM receives no information on the content of the data transmitted and its usage by Facebook. For this reason, please refer to the Facebook data-protection clarification for further information: https://www.facebook.com/policy.php
Furthermore, the Website uses the following third party analytical cookies:
- Click Tale;
- Google AdWords;
- Doubleclick floodlight;
- Commission Junction;
- Affiliate Window;
- 10.4 Use of the Web beacon
- 10.5 Enabling or disabling cookies and web beacons
- Google Chrome
- Mozilla Firefox
- Internet Explorer
Please note that refusing/disabling cookies may limit the usability and the easy navigation of the website.
11. UNDERAGE USERS’ DATA
This Website is not intended for minors of 18 years and MDM does not intentionally collect personal information from them.
If any information about minors is unintentionally recorded, MDM will provide to cancel it in a timely manner upon request of the users.
12. DATA SUBJECT’S RIGHTS IN RELATION TO PERSONAL INFORMATION
According to art. 7 Italian Privacy Code, the users have the right to obtain from MDM the confirmation about the existence of personal data referring to them and their communication in an intelligible form; users can also ask to know the source of data; the purposes and modalities of the processing; users can also obtain an update, correction or integration of data. Moreover, users may, at any time, revoke their consent, requesting the interruption of the processing, the deletion, anonymization or the block of the information being processed. Users may refuse, fully or partially, the processing:
a) for legitimate reasons on the processing data concerning them;
b) for the purpose of sending advertising material or for carrying out market researches or commercial communications.
In addition to the above, as from 25 May 2018, Users have also the rights referred to in articles 16-21 GDPR (right of confirmation, right to be forgotten, right of processing limitation, right of data portability, right to object) and the right to complain to the Supervisor Authority.
Furthermore, MDM offers tools to users to update and amend the personal information given. Indeed, every registered user may access his/her own information and update it (e.g. through user account). Besides, it is also possible for users to modify and update their preferences on how they wish to receive e-mails or other communications from MDM. Users may also request that their information on their account is deleted.
In order to exercise the rights above and to request information, users may contact us at firstname.lastname@example.org. MDM will respond within a reasonable time frame (within the limits of applicable law), after verifying users’ identity.
13. CONTACT INFORMATION
14. DATA PROTECTION OFFICER
16. LINKS TO THIRD PARTY WEBSITES