Privacy policy

Who is the Data Controller?
Alessi S.p.A., with registered office at Via Privata Alessi, 6 – 28887 Omegna (VB) (VAT Number: 00465840031) (hereinafter, the “Controller”)

How can I contact them?
The company's contact details are:
Certified Email (PEC): alessispa@legalmail.it
Address: Via Privata Alessi, 6 – 28887 Omegna (VB)

Has a DPO been appointed? What are their contact details?
The company has appointed Adv. Angela Lo Giudice as its DPO, reachable at the following address: dpo@alessi.com. The DPO can be contacted to exercise the rights of the data subjects and for any information regarding the processing of personal data.

1. Introduction

Under the European General Data Protection Regulation (GDPR), legal entities are not considered data subjects, and therefore, the European regulation does not apply to them. However, if personal data relating to a natural person is included in the context of collecting corporate data, this person will be considered a data subject under the aforementioned regulation, with the consequent applicability of the relevant legislation.

2. What processing activities are carried out through the site? And what are the legal bases, purposes, and retention periods?

Registration

  • Purpose: The purpose is to register on the site and be able to make purchases more easily.
  • Legal Basis: Consent of the Data Subject.
  • Retention Period: If the account remains inactive for 2 years, we will send you an email to find out if you are still interested in keeping it active; alternatively, the account will be deleted.
  • Other Information: Providing data is optional, as purchases can also be made in "guest" mode.

Purchase

  • Purpose: The main purpose of data processing is to allow you to purchase and receive the purchased product. The data is also necessary for compliance with legal obligations (including accounting and tax obligations). Finally, they could be used in the event of disputes regarding the correct performance of the contract.
  • Legal Basis: Performance of a contract and consequent fulfilment of legal obligations incumbent on the data controller. In the event of litigation, the data will be processed to bring or defend a legal claim, corresponding to the legitimate interest of the data controller.
  • Retention Period: Data will be deleted 10 years after the performance of the contract. They could be kept longer only in case of disputes, in order to exercise or defend a right based on the legitimate interest of the data controller.
  • Other Information: The provision of data is mandatory, and in case of refusal to provide it, it will not be possible to purchase the requested products.

Express Checkout Purchase

  • Purpose: The main purpose of data processing is to allow you to purchase and receive the purchased product. The data is also necessary for compliance with legal obligations (including accounting and tax obligations). Finally, they could be used in the event of disputes regarding the correct performance of the contract.
  • Legal Basis: Performance of a contract and consequent fulfilment of legal obligations incumbent on the data controller. In the event of litigation, the data will be processed to bring or defend a legal claim, corresponding to the legitimate interest of the data controller.
  • Retention Period: Data will be deleted 10 years after the performance of the contract. They could be kept longer only in case of disputes, in order to exercise or defend a right based on the legitimate interest of the data controller.
  • Source and Categories of Data Processed: In the case of purchase through express checkout, personal, shipping, billing, and contact data will be imported from PayPal, ShopPay, and Google Pay (Art. 14 GDPR).

Marketing via Email

  • Purpose: The purpose of data processing is to send you newsletters and DEMs through traditional methods or through automated methods (email, social networks).
  • Legal Basis: Consent given by the Data Subject pursuant to Art. 6, paragraph 1, letter a) of the GDPR and Art. 130 paragraphs 1-2 of Italian Legislative Decree 196/03.
  • Retention Period: 1 year from the last mailing or until consent is revoked.
  • Other Information: Consent can be revoked at any time. The User has full freedom to release the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data marked as essential, the Data Controller will not be able to achieve the indicated purpose.

Marketing via SMS

  • Purpose: The purpose of data processing is to send you marketing communications via SMS.
  • Legal Basis: Consent given by the Data Subject pursuant to Art. 6, paragraph 1, letter a) of the GDPR and Art. 130 paragraphs 1-2 of Italian Legislative Decree 196/03.
  • Retention Period: 1 year from the last mailing or until consent is revoked.
  • Other Information: Consent can be revoked at any time by sending a message with the word "STOP" to the number from which the communications are received. The User has full freedom to release the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data marked as essential, the Data Controller will not be able to achieve the indicated purpose.

Newsletter/DEM “Soft-spam” via Email

  • Purpose: The purpose of data processing is to send you newsletters and DEMs. In case of purchase of our product, your data will be exported to a CRM to send commercial information on products similar to those purchased.
  • Legal Basis: In the case of a purchase, your consent is not required according to Art. 130 paragraph 4 of Legislative Decree no. 196/03.
  • Retention Period: 1 year from the last mailing.
  • Other Information: You can opt out at any time.

Transactional Emails

  • Purpose: The purpose of data processing is to send you information regarding the purchase made or registration.
  • Legal Basis: Performance of a contract.
  • Retention Period: Until the order is delivered or registration is completed.
  • Other Information: Transactional emails are sent to allow better order management and to provide the Customer with confirmation regarding the purchase, shipping, or registration.

Marketing and Profiling via Digital Platforms

  • Purpose: The purpose of data processing is to show marketing content based on your interests, as identified by your interactions on our site or social media. This includes the use of digital platform retargeting tools to disseminate targeted advertising messages.
  • Legal Basis: Consent, which can be acquired through various methods:
    • Through Cookies on our Site: Your consent to marketing and profiling cookies is collected via the cookie settings on our site.
    • For Custom Audience CRM Campaigns (Prospecting and Retargeting): For these campaigns, we obtain your explicit consent to use your contact data (e.g., email address) for marketing purposes.
    • Interaction with Social Pages: If you have given consent to the use of profiling cookies on our Site, we can process your contact data and the information communicated during interaction with Social Pages. We use this information, in accordance with your privacy settings on social media, to show personalised marketing ads.
  • Retention Period: Data will be kept until consent is revoked through cookie settings.
  • Other Information: Consent acquired through Cookies on our Site: The User can manage or revoke this consent at any time, as described in our Cookie Policy. We also inform you that cookies can be both first and third party and therefore installed, through us, directly by Meta. Consent acquired for Custom Audience CRM Campaigns (Prospecting and Retargeting): This consent allows us to process your data to identify similar audiences (lookalike) and to show targeted advertisements on social media and other digital platforms. In the case of simple User segmentation, your consent is not required.

Back in Stock

  • Purpose: The purpose of data processing is to inform you when an out-of-stock product becomes available for purchase again.
  • Legal Basis: Performance of pre-contractual measures taken at the request of the Data Subject.
  • Retention Period: Data will be kept for 18 months.
  • Other Information: The User has full freedom to release the requested data, as there is no legal obligation to provide it. However, if the user chooses not to provide the data marked as essential, the Data Controller will not be able to achieve the indicated purpose.

Chat

  • Purpose: The purpose of data processing is to receive information and assistance via chat.
  • Legal Basis: Consent.
  • Retention Period: We will process data for the time necessary to respond to requests and will subsequently delete the data. The data obsolescence check is performed every 12 months.
  • Other Information: The provision of data is optional and not always necessary. It is clear that in case of failure to provide data, where required, it will not be possible to provide assistance to the User.

Contact Us

  • Purpose: The purpose is to offer the User or Customer the possibility to contact the Data Controller; to exercise or defend a right in the event of litigation.
  • Legal Basis: Performance of a contract and fulfilment of pre-contractual measures taken at the request of the data subject. In the event of litigation, the legitimate interest of the Data Controller.
  • Retention Period: Data will be kept for 6 months or for a longer period in the event of litigation.
  • Other Information: The provision of data is mandatory, and in case of refusal to provide it, it will not be possible to contact the Data Controller.

Abandoned Cart

  • Purpose: The purpose of data processing is to be able to send 1 email within 72 hours to invite the user to finalise the interrupted purchase on the site.
  • Legal Basis: Legitimate interest of the Data Controller in concluding the purchase.
  • Retention Period: 72 hours.
  • Other Information: The provision of data is automatic and follows the partial completion of the shopping cart.

Abandoned Cart via SMS

  • Purpose: The purpose of data processing is to be able to send 1 SMS within 72 hours to invite the user to finalise the interrupted purchase on the site.
  • Legal Basis: Consent of the Data Subject.
  • Retention Period: 72 hours.
  • Other Information: The provision of data is optional, and consent can be revoked at any time by sending a message with the word "STOP" to the number from which the communications are received.

Navigation Data

  • Purpose: Site security.
  • Legal Basis: We will process data based on the company's legitimate interest in IT security and compliance with legal obligations. The legal basis for processing cookies other than essential ones is consent.
  • Retention Period: 24 months.
  • Other Information: Please refer to the specific information notice for the cookie policy.

3. What else should I know?

Data will be processed lawfully, fairly, and with the utmost confidentiality, in compliance with appropriate security measures as required by the Code and the Regulation. Processing will be carried out using digital means. Data will not be subject to public dissemination. Furthermore, the user will not be subject to automated decision-making processes such as profiling unless they consent to this through the installation of cookies or other tracking tools, for the regulation of which please refer to the specific policy.

4. To whom will my data be communicated?

The Controller may communicate data to all entities to whom communication is mandatory by law for the fulfilment of the purposes provided for by law. The Controller also relies on some companies or IT tools that perform processing activities on personal data of data subjects in the exclusive interest of the controller, all adequately appointed as data processors under Art. 28 GDPR. The data will also be communicated to payment gateways acting as independent data controllers. The list of data processors is available at our offices. In the event of a merger, sale, or any other corporate change and/or in the event of the organisation of one of these operations, your data may be shared. Furthermore, in the event that the company owned by the Data Controller or part of it is sold to a third party, the latter may continue to use your data, always in the manner set out in this privacy policy.

5. Where is the data stored and transferred?

The management and storage of personal data will take place on servers located inside and outside the EU. The Data Controller guarantees that the non-EU transfer takes place in accordance with Articles 44-47 Chapter V of the GDPR by signing standard contractual clauses and/or through the adequacy decision of July 10, 2023.

6. What are my rights, and how can I exercise them?

a) Rights of the data subject

The user, in their capacity as a data subject, has the rights referred to in Art. 15 et seq. of the Regulation, specifically:

  1. RIGHT OF ACCESS (Art. 15 GDPR): The data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed, even if not yet registered, and to have it communicated in an intelligible form.
  2. RIGHT TO RECTIFICATION (Art. 16 GDPR): The data subject has the right to obtain the rectification of inaccurate personal data concerning them and also the integration of incomplete data.
  3. RIGHT TO ERASURE (Art. 17 GDPR): The data subject has the right to obtain the erasure of personal data in the presence of specific reasons such as the withdrawal of consent, objection to processing, or if the data is no longer necessary in relation to the purposes for which it was collected and processed, or in the case of unlawful processing. It will not always be possible to proceed with erasure, but it will certainly be the controller's responsibility to provide adequate justification.
  4. RIGHT TO RESTRICTION OF PROCESSING (Art. 18 GDPR): The data subject has the right to obtain the restriction of processing in specific hypotheses such as, for example, in the case of a request for rectification or objection during the time of evaluation of the requests.
  5. RIGHT TO DATA PORTABILITY (Art. 20 GDPR): If the processing is based on consent or a contract and is carried out by automated means, the data subject has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format or to request its transmission to another controller.
  6. RIGHT TO OBJECT (Art. 21 GDPR): The data subject has the right to object, in whole or in part:
    • for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection;
    • to the processing of personal data concerning them for the pursuit of purposes not contemplated by Art. 2.
    The user can formulate a request to object to the processing of their personal data pursuant to Article 21 of the GDPR in which they provide evidence of the reasons justifying the objection: the Controller reserves the right to evaluate the request, which would not be accepted in the event of compelling legitimate grounds for processing which override the interests, rights, and freedoms of the user.
  7. RIGHT TO LODGE A COMPLAINT: The data subject has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if they believe that the processing of their data is contrary to current legislation.

b) Methods of exercise

The data subject can at any time exercise the rights referred to in the preceding article by contacting the DPO at the following address: dpo@alessi.com.

*Last updated: 03/26/2026