PRIVACY POLICY

In accordance with the General Data Protection Regulations (RGPD) and the Personal Data Protection Code (DL 196/2003), this Privacy Policy indicates:

  • the nature of the personal information processed;
  • the purposes and means of processing personal information;
  • the identity and contact details of the Data Controller;
  • the contact details of the Data Protection Officers (DPOs);
  • any third parties involved in the processing activities;
  • the period of retention of personal information;
  • the security measures taken to protect personal information;
  • the privacy rights of users.

Users under 16 (sixteen) years of age may not consent to the processing of personal data without parental permission.

 

DATA CONTROLLER AND DATA PROCESSOR

 

According to the RGPD, the data controller is the subject or subjects who define the purposes and means of the processing of personal information.

The Data Controller for the processing of data relating to the activities of the Site is: Kallistè ("Data controllers".).

With regard to the personal information of non-registered users who have chosen to receive newsletters and marketing communications, the Data Controller is Kallistè

 

PERSONAL INFORMATION

 

Personal Information" means any information about users that identifies them personally, either alone or in combination with other information.

Personal information is automatically collected by the Site or received from multiple sources: forms, chats, emails, apps, devices, social media and other means.

The Site collects non-sensitive browsing data by automatic means in order to enable and improve your navigation (e.g. IP address, date/time of visit and duration, any referring URL, pages visited on the Site, device used and other information).

The processing of such information enables users to access the Site and make full use of its features and services. In addition, navigation data may be used to verify that the Site functions correctly.

From time to time, navigation data is processed anonymously for statistical purposes.

Navigation data are unlikely to identify the data subject. However, by their very nature, browsing data may allow users to be identified when combined with other information.

The navigation data described above are stored only temporarily in accordance with the applicable law.

 

  • ORDERS

 

At the time of verification, the Site asks users to provide personal information for the essential purpose of fulfilling their purchase orders and fulfilling contractual obligations (e.g. name and surname, e-mail address, delivery address, etc.).

Such personal information is also essential to enable Customer Service to assist customers with their inquiries and any related needs, before or after the sale (for example, regarding the delivery status of the order or product returns).

Personal information relating to orders will be kept for as long as necessary to comply with contractual obligations and applicable tax and financial reporting requirements.

The Site may also verify the payment instruments used by customers for purchases on the Site (e.g. credit or debit card, etc.) primarily to prevent fraudulent activity or under applicable anti-money laundering laws. Since full trust is granted for the verification of payments to third party payment processors, the Data Processors do not process or store financial information belonging to customers.

Failure to provide the personal information requested at the time of verification will prevent users from completing an order on the Site.

Based on its legitimate interest in improving the relationship with customers, the Site will send them e-mail communications with product suggestions, discounts, requests for feedback or other updates. Customers are always free to unsubscribe from such email communications (for example, by clicking the "unsubscribe" link at the bottom of each email).

 

  • REGISTRATION ON THE SITE

 

When users choose to register a personal Site account, they are asked to submit personal information (e.g. date of birth, gender, etc.). The Site clearly indicates which personal information is mandatory (or not) to set up a Site account.

Users must provide true and accurate personal information when registering and are encouraged to keep their personal information updated (if changes occur) by logging into their personal account to make any necessary changes.

Users who choose to activate or access their Site account through social media should be aware that when they link their Site account to a social media account, the Site collects certain personal information that you have already provided to that social media account (for example, your email address and public profile on Facebook).

The Data Controller does not supervise or control these social media services or user profiles on these services and does not establish privacy settings or rules regarding how personal information is used on these services. Users are strongly encouraged to read all applicable social media service policies and information to learn more about how personal information is processed.

 

  • NEWSLETTER

 

On the Site, users may choose to receive newsletters and commercial communications.

The Site always collects the explicit, free and unequivocal consent of users before sending newsletters and marketing communications to such users or, more generally, before undertaking electronic marketing initiatives dedicated to them.

In such cases, users may be asked to provide personal information in addition to their e-mail address (e.g. gender, country of residence, etc.) in order to receive marketing communications and newsletters tailored to their user profile.

Users can always easily revoke their consent to receive newsletters and commercial communications in the following ways:

  • through their account settings;
  • by clicking the 'unsubscribe' link in any such email;
  • by contacting our Customer Service.

 

With regard to the personal information of non-registered users who have chosen to receive newsletters and marketing communications, the Data Controller is Kallistè.

 

  • PROFILATION

Subject to your explicit consent, the newsletter and marketing communications may be adapted to your "profile" based on the personal information that the Site collects or receives about you.

With regard to the Site's customers, it is in the legitimate interest of the Site to process personal information in order to offer more interesting products, improve the Site and personalize the products offered on the Site.

The main purpose of profiling is to propose products, services and initiatives more in line with the tastes, buying habits and interests of users and customers.

Personal information can also be used for remarketing, retargeting or profiling purposes, even through third parties (e.g. social networks, etc.).。

Neither the Site nor the Data Controller will ever perform profiling activities relating to children.

 

SHARING AND TRANSFER OF PERSONAL INFORMATION

 

The Data Controller may transfer customers' personal information to primary third party suppliers, as "data processors" (the "Data Processors"), so that they may carry out the commercial operations necessary to fulfil their contractual obligations.

Data Controllers will do their best to ensure that all Data Processors apply their industry best practices to protect personal information and that they do not use personal information for purposes other than those agreed with Data Controllers.

For example, the Data Controller may share personal information with the following categories of Data Processors:

  • Couriers and postal operators;
  • Order fulfillment centers and depots;
  • Advertising, digital, marketing and social media agencies;
  • IT service providers;
  • Customer service providers;
  • Payment service providers.
  • Persons, companies or professional firms that provide assistance and advice to the Owners in accounting, administrative, legal, tax and financial matters;
  • Subjects, entities or authorities to whom it is mandatory to communicate personal data for purposes of compliance, abuse or fraud, or on the orders of the Authorities.

 

In such cases, the sharing of personal information with Data Processors is necessary to allow Data Controllers to fulfil their contractual obligations and, in addition, to improve the products and services of the Site.

Data controllers must always reserve the right to disclose personal information about users as required by law (for example, in response to law enforcement requests) and where necessary to protect the rights of data controllers or their affiliates or third parties.

In addition, personal information may be disclosed to other companies within the same corporate group as each of the Data Controller or to third parties in the event of a corporate restructuring process, in full compliance with applicable law.

In all other cases, the sharing of personal information will be subject to your prior express consent, unless processing is permitted under an alternative legal basis.

The Data Controller not will transfer any personal information outside the European Economic Area (EEA), unless you have explicitly authorized such transfer or the transfer of personal information outside the EEA is permitted by the PJD on another legal basis.

 

PROCESSING METHODS AND SECURITY MEASURES

 

Users' personal information is processed by the Data Controller using computerised, automated and electronic tools and, in limited cases, using documentary means. In compliance with the RGPD, specific security measures have been implemented to prevent data loss, illegal or incorrect use and unauthorized access.

Only authorised employees of the Data Controller and authorised employees of third party suppliers, in their capacity as Data Processors on behalf of the Data Controller, have access to personal information relating to the activities of the Site. Data processing agreements are in place with the Data Processors to ensure that they always meet the level of security required by the RGPD when processing personal information relating to the activities of the Site.

Although the Site adopts primary security measures to prevent the loss, destruction or dissemination of personal information, at the same time it cannot exclude the security risks that are naturally associated with the online transmission of data. You accept the risks inherent in providing personal information on the Internet and will not hold the Site liable for any breach of security unless such breach is due to negligence or willful misconduct of the Site.

 

STORAGE OF PERSONAL INFORMATION

The Data Controller will keep personal information for as long as necessary to provide users and customers with the requested services or to comply with legal or fiscal obligations or for the minimum period prescribed by law.

In order to determine the appropriate retention period for personal information stored by the Site with your consent, Data Controllers will take into account multiple factors to ensure that personal information is not retained for longer than is necessary or appropriate. These criteria will also include:

  • the purpose for which the Site holds personal information;
  • legal, tax and regulatory obligations related to such personal information;
  • the type of relationship in progress with the user or customer concerned (how often the user accesses their account on the Site, whether users continue to receive marketing communications, how regularly they surf or purchase on the Site, etc.);
  • any specific user request related to the deletion of personal information;
  • legitimate business interests.

The Site will promptly delete or anonymize personal information that is no longer needed or stored by law.

 

USERS' RIGHTS

Users have the right to receive confirmation regarding the possible possession of personal information on their account by the Data Controller.

In this case, according to the RGPD, users also hold the rights of:

  • be informed about the collection and use of your personal information;
  • access their personal information at no cost;
  • obtain the correction or completion of inaccurate or incomplete personal information;
  • obtain the deletion of personal information ("the right to be forgotten");
  • under specific conditions, obtain the restriction or deletion of your personal information;
  • obtain and reuse your personal information for your own purposes between different services when the processing is based on a contract or consent and is performed automatically ("the right to data portability");
  • under specific conditions, oppose the processing of their personal information;
  • oppose at any time the use of personal information for 'profiling' or 'automated decision making' purposes.
  • the right to lodge complaints concerning the collection and processing of personal information with the competent supervisory authority;
  • the right to withdraw consent to the processing of personal data at any time.

 

CHANGES TO THIS PRIVACY POLICY

 

Any future changes to this Privacy Policy will be posted on the Site and, if applicable, notified to users by e-mail. Users are encouraged to read this Privacy Policy frequently to check for updates or changes.