NUMERO 8

PRIVACY POLICY (WWW.NUMERO8.IT)

This privacy policy of website www.numero8.it (hereinafter, the "Website") is provided pursuant to Article 13 EU Reg. 2016/679 (General Data Protection Regulation or, simply, "GDPR") and Legislative Decree no. 196/2003 ("Privacy Code") as amended by Legislative Decree no. 101/2018. The Data Controller undertakes to keep this notice updated.

1. data controller

The Data Controller is Numero 8 S.r.l., with registered office in Via Copernico 14, Noventa di Piave (VE), P. IVA 03591110279, Tel. + 39 0421/220249, registered e-mail amministrazione@numero8-pec.it (hereinafter, also “Data Controller”).

2. type of personal data collected and purpose of processing

The personal data (hereinafter also “Data”) provided shall be processed for the following purposes:

a. Contact form and other user contact requests: in the event that the Website user contacts the Data Controller to request support or information, the Data provided by the user, such as e-mail address, Country, brand in which the user is interested, personal data and company profile, shall be processed only to satisfy the user’s request.

b. Newsletter and other marketing communications: the user’s e-mail address provided with the subscription to the Data Controller’s newsletter service shall be process to send sale and/or marketing communications regarding Data Controller’s clothing products bearing the trademark SUN68, CYCLEJEANS and SOCKSBURGERANDFRIES or any other trademarks belonging with the Data Controller, even on the basis of a licence, as long as they are employed to distinguish clothing products and similar items, as well as to conduct market surveys, also by relying on third parties to send such materials. These third parties shall be appointed Data Protection Officer for this purpose (“Direct Marketing”). If the user gives his or her consent, marketing communications may be based also on the Data provided by filling in the forms, in order to provide a more targeted marketing service, it being understood that such data processing will be carried out by automated methods ("Profiling");

c. Automatically collected information: the computer systems and software procedures used to operate the Website acquire, during their ordinary operation, some personal data whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users’ identification. This category of data includes, for example, the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information concerning the use of the Website, due to security reasons, and to check its proper functioning, and is deleted immediately after processing.

3. Processing legal basis and Consequences in the event data are not provided

The Data Controller processes Data only in the event that the requirements provided by the applicable law are met, and in particular, the Data are processed:

  • to execute a contract in which the user is involved as party or give execution to precontractual activities requested by the Website user pursuant to art. 6, par. 1, lett. b), GDPR.

    This legal basis allows the Data processing conducted during the following activities:

    a. Dealing with user’s information requests and/or requests for support;

    b. sending newsletters to the user on the brands of interest to the user and, possibly, on the basis of the data provided by filling in the relevant forms

    Providing this Data for such activities is a contractual obligation. The user is free to communicate his data or not, but without the required data it shall not be possible to conclude or give execution to the user's requests. This means that the user will not be able to use the services of the Data Controller and that the Data Controller will not be able to deal with user's requests;

  • to carry out a legal obligation pursuant to art. 6, par. 1, lett. c), GDPR.

    In the event of a contract execution for the purchase of goods on the Website, your data will be processed in order to fulfil the legal obligations to which the Data Controller is subject in accordance with the tax and other regulations to which the Controller is subject. The user is free to communicate his/her data or not, but if this data is provided, they shall be processed in order to fulfil the legal obligations to which the Data Controller shall comply;

  • to pursue a legitimate interest of the Data Controller in accordance with art. 6, par. 1, lett. f), GDPR. The Data may also be processed to prevent and pursue any fraudulent activities, counterfeiting or abusive conducts (committed also by third parties) in contrast with the applicable laws, the contractual provisions applicable to the Website and to the relevant services, the rules of fairness and good faith.

    In this event, the processing of the Data responds to a legitimate interest of the Controller.

  • if the user consent to the Data processing pursuant to art. 6, par. 1, lett. a), GDPR.

    Prior user’s explicit consent, the Data Controller shall process the data as follows:

    a. To send by e-mail the Data Controller newsletter (communications regarding new products and commercial initiatives);

    b. To conduct marketing polls and surveys;

    c. To send by e-mail any information required by the user by filling in the relevant contact forms.

    The users are free to provide or not their Data for these purposes, but if they do not, the Data Controller will not be able to carry out marketing activities and dealing with requests for information and support.

4. Categories personal data and Data processors

All Data collected may be communicated to internal staff memebers authorised to process such Data by virtue of their respective duties, as well as to external third parties to whom providing the Data may be necessary. These persons, should they process Data on behalf of the Controller (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), will be designated as Data processors with a specific contract or other legal act. The data of third parties will be communicated by the Controller upon request.

The Data will not be disclosed under no circumstances.

5. Safety measures

The Website processes users’ Data in a lawful and appropriate manner, adopting adequate safety measures to prevent unauthorised access, disclosure, modification, or destruction of data. The Data processing is carried out by means of computer and/or telematic tools, using appropriate organisational, technical, and administrative measures to protect personal data within our company, and with the only aim to fulfil the abovementioned purposes. However, no data transmission and no storage system can be guaranteed to be 100% secure. If users have reasons to believe that their interaction with the Website is no longer safe, we strongly encourage them to report the problem immediately.

6. transfer of personal data abroad

Data management and storage take place on servers located within the European Union, owned by and/or available to the Data Controller and/or third party companies duly appointed as Data processors. The Data may also be transferred for the purposes set out in art. 2 to entities based in countries outside the European Union, provided that they guarantee an adequate level of protection pursuant to art. 44 et seq. of the GDPR.

7. data storage

The Data will be stored for limited period which may vary on the basis of the type of activity this Data were collected for. Once this time period has expired, the Data will be delated completely or anonymised in an irreversible way, without prejudice to circumstances in which the data must be stored for a longer period of time due to possible disputes and competent authorities’ requests and pursuant to the applicable law.

In particular, the Data are stored in accordance with the terms and criteria set out below:

a. data related to requests for information and/or requests for support: data useful for processing the user's request will be stored until the request is satisfied;

b. data used for commercial communication activities with users who have voluntarily subscribed to the Data Controller's newsletter, opinion polls, market research and satisfaction surveys: these data are stored until the conclusion of the activity or the request to stop the activity (withdrawal of consent) and in any case within 2 (two) years from the user's last interaction, of any kind, with the Website and/or the Data Controller. It is understood that the user may, at any time, independently unsubscribe by simply clicking on the relevant link at the bottom of each e-mail;

c. data used to customise the Website and to show the user customised commercial offers: until the user requests the termination of the activity and in any case within 2 (two) years from the last interaction of any kind with the Data Controller;

d. Data collected through cookies will be retained for the period of time determined for each single cookie. For any further information, please refer to the cookie policy.

8. Rights of the Data Subject

Users are entitled to exercise the following rights at any time with reference to the specific Data processing activities conducted by the Data Controller:

1. right to access, which is the right to obtain from the Data Controller a confirmation as to whether or not the Data are being processed and, if such is the case, to obtain access to them;

2. right to rectification and eresure, which is the right to obtain the rectification of inaccurate Data and/or the integration of incomplete Data or the deletion of Data for legitimate reasons;

3. right to restrict processing, which is the right to ask to limit or to suspend the processing activities if legitimate reasons are present;

4. right to data portability, which is the right to receive in a structured, commonly used and readable format the Data, as well as the right to transmit the Data to another data;

5. right to object to the processing, which is the right to object to the processing of the Data if there are legitimate reasons, including the processing of Data for marketing and profiling purposes;

6. right to withdraw the consent at any time without prejudice to the legitimacy of the processing activities carried out on the basis of the consent given before its withdrawal;

7. right to file a claim to the competent authority in the event of an illicit processing of the Data or to take legal action in the appropriate courts.

In order to exercise the aforesaid rights, users can send their request by e-mail to privacy@sun68.com, or by registered mail to the following address: Numero 8 S.r.l., via Via Copernico 14 - 30020 Noventa di Piave (VE).

9. Updates

This privacy policy may be subject to changes and amendments in due course, which may also be necessary with reference to new legislation on the protection of personal data; therefore, we strongly recommend to check its contents periodically.

The updated version of this privacy policy, however, will be published on this web page, specifying the date of its last update.

This privacy policy was last updated on 09/06/2022.