Privacy policy disclosure

Data protection is of utmost importance to LE SAC, which wants to guarantee maximum openness and transparency with regard to the processing of users’ personal data.  For this reason, this document explains how users’ personal data are processed and protected.

Controller of Users’ Personal Data.
LE SAC S.r.l. (“LE SAC”) is the Data Controller and, therefore, responsible for the processing of personal data provided online, in accordance with the applicable data protection law.
LE SAC S.r.l.
Tax Code and VAT number 1095438159
Registered office: Milan, Via B. Davanzati no. 28 (Italy)
Business Register: Milan
Registration number: 1419794.

Place of data storage.
Data collected from users are stored within the European Economic Area (“EEA”) and will not be transferred and processed outside the EEA.

Subjects who have access to data.
User data can be shared within LE SAC and transferred to partners involved in marketing and who manage the company server and website www.lesacoutlet.uk. Data can then be transferred to the company in charge of warehouse and logistics management to proceed with the correct order fulfilment.

Users’ rights
a. Right to access: users have the right to request information about their personal data in our possession at any time. Users can contact LE SAC, which will provide all personal data by e-mail.
b. Right to portability: whenever LE SAC processes users’ personal data by automated means, on the basis of user consent or an agreement, users have the right to obtain an electronic copy of any data transferred to the user or another subject, in a commonly used format, and in a structured and readable form. The right extends only to personal data sent to LE SAC by users.
c. Right to rectification: users have the right to request the rectification of their personal data, as circumstances warrant. They may also request completion of data, if deemed appropriate. Users with a LE SAC account can modify their personal data by logging into their account.
d. Right to erasure: users have the right to request the erasure of any personal data processed by LE SAC at any time, except in the following circumstances:
- when there is a pending matter with Customer Service;
- when a user has an open order that has not yet been shipped, or has been fulfilled only partially;
- when a user has a debt with LE SAC, regardless of the payment method;
- when a user is suspected of having, or has used our services fraudulently in the last three years.
For any purchase made, we will retain users’ personal data relating to the transaction, in accordance with accounting regulations.
e. Right to object on the basis of legitimate interests: users have the right to object to the processing of their personal data based on LE SAC’s legitimate interests. LE SAC will stop processing personal data unless it can demonstrate a legitimate basis for processing, which will override any users’ interests and rights, or for legal reasons.
f. Right to object to direct marketing: Users have the right to object to direct marketing, including profiling for direct marketing. In this regard, we point out that users can choose not to accept direct marketing in two ways:
- by following the instructions in each marketing email;
- by changing the settings of their LE SAC account.
g. Right to restriction: users have the right to request that LE SAC restricts the processing of their personal data in the following circumstances:
- if a user objects to the processing by LE SAC based on a legitimate interest, LE SAC will restrict all processing of such data up to the moment in which the existence of legitimate interests can be verified;
- if a user declares that his/her personal data are not correct, LE SAC must restrict all processing of such data until their accuracy has been ascertained and changes have been implemented;
- if processing is not legitimate, it is possible to object to the erasure of personal data and, instead, request that their use be restricted.

How to exercise user rights.
LE SAC employs dedicated personnel at its Customer Service able to handle requests regarding user rights, as listed above. Customer Service can be contacted at: privacy@le-sac.it.

Right to file a complaint with a competent Supervisory Authority:
If you believe that LE SAC processes personal data incorrectly, please contact us at the above address. Furthermore, users have the right to file a complaint with a competent Supervisory Authority.

Updates to our Privacy Disclosure:
Updates to our Privacy Disclosure may become necessary. The most recent version of the Disclosure is always available on our website. Users will be informed of any material changes to the Privacy Policy and Privacy Disclosure; for example, with regard to the purpose of personal data processing, Data Controller information or user rights.

***

PRIVACY DISCLOSURE FOR ONLINE PURCHASES
Why do we use personal data?
LE SAC employs users’ personal data to manage online purchases on its website www.lesacoutlet.uk, as well as to process orders and returns via online services, and to send notifications about the status of shipments, or where there are issues with the delivery of items.
We use personal data to manage payments.
We use personal data to handle complaints and manage product warranties.
Users’ personal data are also employed to identify and validate the legal age for online purchases and confirm a user's address with external partners.

What kind of personal data do we process?
We process the following categories of personal data:
- contact details such as name, social security number, address, e-mail address and telephone number;
- payment data and payment history (LE SAC does not come into contact with data related to the payment instruments used by a Customer to place an order, such as data relating to prepaid cards, credit cards, etc.);
- order information.
If a user has a LE SAC account, we also process the personal data provided regarding the account, including:
- account ID;
- purchase history.

Who has access to personal data?
Personal data transferred to third parties are used exclusively to provide the services mentioned above.
Data are used by LE SAC personnel to send an order confirmation, as well as by partners who manage the company server and website www.lesacoutlet.uk. Data can also be transferred to the company that manages the warehouse and logistics to proceed with the correct order fulfilment, as well as to payment service providers for payment issues.

What is the legal basis for processing personal data?
The processing of personal data is necessary for LE SAC to manage and deliver an order.

How long are personal data retained?
We keep personal data until users maintain active customer status.


PRIVACY DISCLOSURE ON DIRECT MARKETING
Why do we use personal data?
We employ users’ personal data to send commercial offers, information surveys and invitations via e-mail, text messages and phone calls.
In order to optimize the LE SAC experience, we will provide our customers with important information, recommended products, reminders of products left in the shopping cart and customized offers. All these services are based on previous purchases, on products displayed by a user and on information provided.

What kind of personal data do we process?
We will process the following categories of personal data:
- contact details, such as e-mail address, telephone number and postal code;
- gender (if a user wishes to provide this information);
- which products and offers a user has clicked.
If a user has a LE SAC account, we will also process personal data provided in relation to the account:
- name;
- address;
- age;
- purchase history.

Who has access to personal data?
Data are used by LE SAC personnel to provide the services mentioned above, as well as by partners involved in marketing and in the management of the company server and website www.lesacoutlet.uk. LE SAC does not transfer, sell or exchange users' personal data with third parties for marketing purposes outside of the LE SAC group.

What is the legal basis for processing personal data?
Processing of users’ personal data is based on the consent given by them at the time they accept direct marketing.

Right to withdraw consent:
Users have the right to withdraw consent to the processing of personal data at any time, and to object to direct marketing.
Upon receiving users’ requests in this regard, LE SAC cannot send any further direct marketing offer or information based on user consent.
Users can choose not to accept direct marketing:
- by following the instructions in each marketing email;
- by setting up their LE SAC account.

How long are personal data retained?
We keep personal data for direct marketing until users withdraw their consent.

PRIVACY DISCLOSURE ON THE LE SAC ACCOUNT
Why do we use personal data?
We use personal data to create and manage your personal account in order to offer you a personalized and interesting LE SAC experience.
We will provide users with their order history and related details, allowing them to manage their account settings (including their marketing preferences). We will also provide users with several simple ways to keep information accurate and up-to-date, such as contact details and payment information. Furthermore, we allow users to save items in the cart.

In order to provide users with relevant product recommendations, LE SAC will process information on website browsing and visits and purchase history and product reviews, along with data provided through the account.

What kind of personal data do we collect?
We always process e-mail address and password provided by users when they create a LE SAC account.
We process the following categories of personal data, which users choose to provide to us:
- contact details, such as name, social security number, address, e-mail address and telephone number;
- date of birth;
- gender;
- country;
- account settings.
We process the following categories of personal data when users make a purchase:
- order history
- delivery data
- payment history
We also process the following categories of personal data related to cookies:
- click history
- browsing and viewing history

Who has access to personal data?
Data are used by LE SAC personnel to provide the services mentioned above, as well as by partners involved in the management of the company server and website www.lesacoutlet.uk.

What is the legal basis for processing personal data?
We process users’ personal data for the management of their account on the basis of their consent granted at the time they create a LE SAC account.
Personal data processing for the purpose of providing relevant product data is based on our legitimate interests.

Right to withdraw consent:
Users have the right to withdraw their consent to the processing of personal data at any time, by deleting the account. By doing so, the account will cease to exist and LE SAC will not be able to provide the services mentioned above.

How long are personal data retained?
We retain personal data as long as users have an active LE SAC account.
Users have the right to delete their account at any time. If they decide to do so, the account will cease to exist and users will be considered inactive.
We also consider an account to be inactive - even if it has not been effectively deleted - when a user has not placed an order within 20 years.
In such cases, we retain a user’s personal data if legal disputes are in progress.

Users’ right to object to data processing:
Users have the right to object to the processing of personal data based on LE SAC’s legitimate interests by writing to privacy@le-sac.it. The account will then be deleted and we will not be able to provide our services.

PRIVACY DISCLOSURE ON CUSTOMER SERVICE
Why do we use personal data?
We employ users’ personal data to manage requests, process complaints and product warranties, and provide technical support through e-mail, telephone calls and social media. We may also contact users if there is a problem with their orders.

What kind of personal data do we process?
We process all data provided to us, including those in the following categories:
- contact details, such as name, address, e-mail address and telephone number
- payment details and payment history
- order information
- account or registration number
- all correspondence concerning any pending matter

Who has access to personal data?
Data are used by LE SAC personnel to provide the services mentioned above, as well as by partners involved in the management of the company server and website www.lesacoutlet.uk.

What is the legal basis for processing personal data?
Personal data processing is based on LE SAC’s legitimate interests.

How long are personal data retained?
We retain users’ personal data for telephone calls, e-mails and correspondence, for 12 months after collection, in order to manage any outstanding cases.

Users’ right to object to processing on the basis of legitimate interests:
Users have the right to object to the processing of their personal data on the basis of LE SAC’s legitimate interests. LE SAC will stop processing personal data, unless it is able to demonstrate a legitimate basis for processing, which will override users’ interests and rights, or for legal reasons.

PRIVACY DISCLOSURE, COMPLIANCE WITH LEGAL REQUIREMENTS
Why do we use personal data?
We use personal data to fulfil legal obligations, judicial litigation and measures by the authorities, as well as to protect our rights.

What kind of personal data do we process?
We process the following categories of personal data
- customer number
- order number
- name
- mailing address
- transaction amount
- transaction date

Who has access to personal data?
Data are used by LE SAC personnel to fulfil the above obligations, as well as by partners who manage the company server and website www.lesacoutlet.uk.

What is the legal basis for processing personal data?
Personal data processing is necessary for LE SAC to fulfil its legal obligations and protect its rights.

How long are personal data retained?
We retain users’ personal data for a period of 10 years, in accordance with statutory requirements.

PRIVACY POLICY FOR COOKIES
A cookie is a small text file that is saved on and, during subsequent visits, retrieved from a user's system or mobile device. If a user wishes to use our services, he/she implicitly accepts the use of these cookies.

How do we use cookies?
We use permanent cookies to store the initial page selected by a user and the related information, in case such user has selected the relative acceptance during access to the site. Cookies allow us to collect statistical data and user data in aggregate and individual form for analysis tools, in order to optimize the site and offer the most relevant marketing material to users.

What kind of personal data do we process?
We link a user’s cookie ID to personal data provided and collected in correlation with a user's account, only if such user has logged in to the account.

Who has access to personal data?
Data are used by LE SAC personnel to provide the services mentioned above and collect statistical data in order to optimize the site and feature relevant material, as well as by the operator of the website www.lesacoutlet.uk.

What is the legal basis for processing personal data?
We link a user's cookies to personal data only if such user has logged in to his/her LE SAC account. If a user has logged into his/her account, the law guarantees the collection of data on the basis of our legitimate interests.

How long are personal data retained?
LE SAC does not retain personal data. Cookies can be easily deleted from a system or mobile device, by using the browser. For instructions on managing and deleting cookies, visit the section of the guide for the specific browser used. Users can also disable cookies or be notified whenever a new cookie is sent to a user’s system or mobile device. If cookies are disabled, it will not be possible to use all the features of the LE SAC site.