Privacy policy

Who is the Data Controller?*

Alessi S.p.A., with registered office in Via Privata Alessi, 6 – 28887 Omegna (VB) (VAT Number: 00465840031) (hereinafter, “Controller”). *According to Article 4 n.7 GDPR: the data controller is the one who determines the purposes and means of the processing of personal data and its responsibilities are identified by Article 24 GDPR.

How can I contact them?

The company's contact details are:

Pec: alessispa@legalmail.it

Address: Via Privata Alessi, 6 – 28887 Omegna (VB)

Has a DPO been appointed? What are their contact details?

The company has appointed Avv. Angela Lo Giudice as its DPO, who can be reached at the following address: dpo@alessi.com. The DPO can be contacted for the exercise of the rights of data subjects and for any information relating to the processing of personal data.

1. Introduction

According to the European regulation on the protection of personal data (GDPR), legal persons are not considered data subjects and therefore the European regulation does not apply. However, if personal data relating to a natural person is included in the context of the collection of company data, the latter shall be considered a data subject within the meaning of the aforementioned regulation, with the consequent applicability of the relevant legislation.

2. What processing is carried out through the site? And what are the legal bases, purposes and storage times?

- Registration:

Purpose: The purpose is to register on the site and be able to make purchases more easily; exercise or defend a right in the event of a dispute.

Legal basis: Data subject's consent. In the event of a dispute, the data will be processed to take action and/or defend oneself in court based on the legitimate interest of the Controller.

Storage times: If the account remains inactive for 7 years, we will send you an email to find out if you are still interested in keeping it active; otherwise the account will be deleted. The data will be processed for a longer period in the event of a dispute.

Other information: The provision of data is optional, as purchases can also be made in "guest" mode.

- Purchase:

Purpose: The main purpose of the data processing is to allow you to purchase and receive the purchased product. Furthermore, the data is necessary for the fulfilment of legal obligations (including accounting and tax obligations). Lastly, they may be needed in the event of disputes regarding the correct fulfilment of the contract.

Legal basis: Performance of a contract and consequent fulfilment of the legal obligations incumbent on the data controller. In the event of a dispute, the data will be processed to take action or defend oneself in court, and this corresponds to the legitimate interest of the data controller.

Storage times: The data will be deleted 10 years after the fulfilment of the contract. They may be kept longer only in the event of disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller.

Other information: The provision of data is mandatory and in case of refusal to provide the data, it will not be possible to purchase the requested products.

- Purchase with quick checkout:

Source and categories of data processed: In the case of purchase through quick checkout, the personal, shipping, billing and contact data will be imported from Paypal, ShopPay and GooglePay (Article 14 GDPR)

- Marketing via email:

Purpose: The purpose of the data processing is to send you newsletters and DEMs using traditional methods or also using automated methods (email, social networks).

Legal basis: Consent given by the Data Subject pursuant to Articles 6, paragraph 1, letter a) GDPR and 130 paragraphs 1-2 Legislative Decree 196/03

Storage times: 1 year from the last sending or until revocation of consent.

Other information: Consent may be revoked at any time. The User is completely free to provide the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data indicated as essential, the Data Controller will not be able to achieve the indicated purpose.

- Marketing via SMS:

Purpose: The purpose of the data processing is to send you marketing communications via SMS.

Legal basis: Consent given by the Data Subject pursuant to Articles 6, paragraph 1, letter a) GDPR and 130 paragraphs 1-2 Legislative Decree 196/03

Storage times: 1 year from the last sending or until revocation of consent.

Other information: Consent may be revoked at any time by sending a message with the word “STOP” to the number from which the communications are sent. The User is completely free to provide the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data indicated as essential, the Data Controller will not be able to achieve the indicated purpose.

- Newsletter/DEM “Softspam” via email:

Purpose: The purpose of the data processing is to send you newsletters and DEMs. If you purchase our product, your data will be exported to a CRM for sending commercial information on products similar to those covered by the purchase.

Legal basis: In the case of purchase, your consent is not necessary pursuant to Article 130 paragraph 4 Legislative Decree no. 196/03.

Storage times: 1 year from the last sending.

Other information: It is possible to exercise the output at any time.

- Transactional emails:

Purpose: The purpose of the data processing is to send you information in relation to the purchase made.

Legal basis: Contractual execution.

Storage times: Until the order is delivered.

Other information: Transactional emails are sent to allow better order management and to provide the Customer with confirmation in relation to the purchase and shipment.

- Back in stock:

Purpose: The purpose of the data processing is to inform you when a product that is out of stock becomes available for purchase again.

Legal basis: Execution of pre-contractual measures taken at the request of the Data Subject.

Storage times: The data will be kept for 18 months.

Other information: The User is completely free to provide the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data indicated as essential, the Data Controller will not be able to achieve the indicated purpose.

- Marketing and profiling through digital platforms:

Purpose: The purpose of the data processing is to show marketing content based on your interests, as identified by your interactions on our site or social media. This includes the use of digital platform retargeting tools to spread targeted advertising messages.

Legal basis: Consent that can be acquired through various methods: 1) Through Cookies on our Site: Your consent to marketing and profiling cookies is collected through the cookie settings on our site. 2) For Custom Audience CRM Campaigns (Prospecting and Retargeting): For these campaigns, we obtain your explicit consent to use your contact data (e.g. email address) for marketing purposes. Interaction with Social Pages: If you have given your consent to the use of profiling cookies on our Site, we may process your contact data and the information communicated during interaction with the Social Pages. We use this information, in accordance with your privacy settings on social media, to show personalized marketing ads.

Storage times: The data will be stored until the consent is revoked through the cookie settings.

Other information: 1) Consent acquired through Cookies on our Site: The User can manage or revoke this consent at any time, as described in our Cookie Policy. We also inform you that cookies can be both first-party and third-party and therefore installed, through us, directly by Meta. 2) Consent acquired for Custom Audience CRM Campaigns (Prospecting and Retargeting): This consent allows us to process your data to identify similar audiences (lookalike) and to show targeted advertising on social media and other digital platforms. In the case of simple user segmentation, your consent is not required.

- Chat:

Purpose: The purpose of the data processing is to receive information and assistance via chat; exercise or defend a right in the event of a dispute.

Legal basis: Consent. Exclusively in the event of a dispute, the data will be processed based on the legitimate interest of the Controller.

Storage times: We will process the data for the time necessary to respond to requests and subsequently delete the data. They may be kept longer only in the event of possible disputes and therefore to exercise or defend a right based on the legitimate interest of the data controller. The obsolescence of the data is checked every 12 months.

Other information: The provision of data is optional and not always necessary. It is clear that in case of failure to provide the data, where requested, it will not be possible to provide assistance to the User.

- Contact us:

Purpose: The purpose is to offer the User or Customer the opportunity to contact the Data Controller; exercise or defend a right in the event of a dispute.

Legal basis: Contractual execution and fulfilment of pre-contractual measures taken at the request of the data subject. In the event of a dispute, the legitimate interest of the Data Controller.

Storage times: The data will be kept for 3 years or for a longer period in the event of a dispute.

Other information: The provision of data is mandatory and in case of refusal to provide the data, it will not be possible to contact the Data Controller.

- Abandoned cart:

Purpose: The purpose of the data processing is to be able to send 3 emails in 72 hours to invite the user to finalize the purchase interrupted on the site.

Legal basis: Legitimate interest of the Data Controller in the conclusion of the purchase.

Storage times: 72 hours

Other information: The provision of data is automatic and follows the partial completion of the shopping cart.

- Abandoned cart via SMS:

Purpose: The purpose of the data processing is to be able to send 3 SMS in 72 hours to invite the user to finalize the purchase interrupted on the site.

Legal basis: Data Subject's consent.

Storage times: 72 hours

Other information: The provision of data is optional and consent can be revoked at any time by sending a message with the word “STOP” to the number from which the communications are sent.

Navigation data:

Purpose: Site security

Legal basis: We will process the data based on the company's legitimate interest in IT security and the fulfilment of legal obligations. The legal basis for the processing of cookies other than those necessary is consent

Storage times: 24 months

Other information: For the rules on cookies, please refer to the appropriate information.

3. What else do I need to know?

The data will be processed lawfully, fairly and with the utmost confidentiality, in compliance with adequate security measures as required by the Code and the Regulation. The processing will be carried out using digital means. The data will not be publicly disclosed. Furthermore, the user will not be subjected to automated decision-making processes such as profiling unless they consent to this through the installation of cookies or other tracking tools for which reference is made to the appropriate information.

4. Who will my data be communicated to?

The Data Controller may communicate the data to all those subjects to whom communication is mandatory by law for the fulfilment of the purposes provided for by law. The Data Controller also uses some companies or IT tools that carry out processing activities on the personal data of data subjects in the exclusive interest of the data controller, all adequately appointed as data processors pursuant to Article 28 GDPR. The data will also be communicated to payment gateways as independent data controllers. The list of data processors is available at the headquarters. In the event of a merger, sale or any other corporate change and/or in the event of the organisation of one of these operations, your data may be shared. Furthermore, if the company owned by the Data Controller or part of it is sold to a third party, the latter may continue to use your data, always in the manner provided for in this privacy policy.

5. What is the place of storage and transfer of data?

The management and storage of personal data will take place on servers located inside and outside the EU. The Data Controller guarantees that the extra-EU transfer takes place in accordance with Articles 44-47 Chapter V of the GDPR through the subscription of standard contractual clauses and/or through the adequacy decision of 10 July 2023.

6. What are my rights and how can I exercise them?

a) Rights of the data subject

The user, in his/her capacity as data subject, has the rights referred to in Article 15 et seq. of the Regulation and specifically:

1. Right of access (Article 15 GDPR)

The data subject has the right to obtain confirmation of whether or not personal data concerning him/her exists, even if not yet recorded, and its communication in intelligible form.

2. Right to rectification (Article 16 GDPR)

The data subject has the right to obtain the rectification of inaccurate personal data concerning him/her and also the integration of incomplete personal data.

3. Right to cancellation (Article 17 GDPR)

The data subject has the right to obtain the cancellation of personal data in the presence of particular reasons such as the revocation of consent, opposition to processing or if the data are no longer necessary with respect to the purposes for which they were collected and processed or in the event of unlawful processing. It will not always be possible to proceed with cancellation but the data controller will certainly be responsible for providing adequate motivation.

4. Right to limitation of processing (Article 18 GDPR)

The data subject has the right to obtain the limitation of processing in the presence of particular hypotheses such as, for example, in the case of a request for rectification or opposition during the time of assessment of the requests.

5. Right to portability (Article 20 GDPR)

If the processing is based on consent or on a contract and is carried out with automated tools, the data subject can receive them in a structured, commonly used and machine-readable format or ask for them to be transmitted to another data controller.

6. Right to opposition (Article 21 GDPR)

The data subject has the right to object, in whole or in part:

a) for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;

b) to the processing of personal data concerning him/her for the pursuit of purposes not contemplated by Article 2.

The user can formulate a request to oppose the processing of his/her personal data pursuant to Article 21 of the GDPR in which he/she must provide evidence of the reasons justifying the opposition: the Controller reserves the right to evaluate the request, which would not be accepted in the event of the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the user.

7. Right to lodge a complaint

The data subject has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if he/she believes that the processing of his/her data is contrary to the legislation in force.

b) How to exercise your rights:

The data subject can exercise the rights referred to in the previous article at any time by contacting the DPO at the following address: dpo@alessi.com

Last updated: 07/02/2025

Country

Language