Privacy policy disclosure

PRIVACY NOTICE

Data protection is of the utmost importance to LE SAC, which constantly strives to handle the information of data subjects with fairness, legality, and transparency, in accordance with EU Regulation 2016/679 (hereinafter "GDPR"), Legislative Decree No. 196/2003 ("Privacy Code"), and other applicable provisions regarding the protection of personal data. This document explains how collected personal data is processed and protected.

Data Controller The data controller, in accordance with Articles 4 and 24 of the GDPR, is Le Sac S.r.l. ("LE SAC"), Tax Code and VAT No. 1095438159, with registered office in Milan, Via B. Davanzati n. 28, in the person of the temporary legal representative. You may contact LE SAC for any information at the email address privacy@le-sac.it.

Types of Data Processed

Personal Data: Any information concerning an identified or identifiable natural person ("data subject"), with reference to an identifier such as a name, an online identifier, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (considering Articles 26, 27, and 30).

Navigation Data: The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its nature, it could allow the identification of users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the server's response status (successful, error, etc.), and other parameters related to the user's operating system and computer environment.

Voluntarily Provided Data: The optional, explicit, and voluntary sending of messages to the contact addresses indicated on the website or through other channels will result in the subsequent acquisition of the sender's address, necessary to respond to requests, as well as other personal data entered. Cookies: For cookies and other similar technologies, please refer to the specific cookie notice accessible through the link in the website footer.

Purposes of Processing, Legal Basis, and Data Retention Periods

Purpose A): Website navigation LEGAL BASIS: Legitimate interest, pursuant to Article 6, paragraph 1, letter f) of the GDPR, and considering 47 of the GDPR. The processing is necessary for the legitimate interests pursued by the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on their relationship with the data controller. Activities strictly necessary for the operation of the website and the provision of navigation services on the platform. DATA RETENTION PERIOD: Until the end of the browsing session (subject to any need for investigation by the judicial authority). NATURE OF PROVIDING DATA: Navigation data is necessary to allow website navigation.

Purpose B): Use of cookies other than technical ones and equivalent technologies LEGAL BASIS: The processing is based on the consent of the data subject, pursuant to Article 6, paragraph 1, letter a) of the GDPR, and considering No. 42 and 43 of the GDPR. DATA RETENTION PERIOD: See the cookie policy in the website footer. NATURE OF PROVIDING DATA: See the cookie policy in the website footer.

Purpose C): Registration on the website and management of the personal account LEGAL BASIS: The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject, pursuant to Article 6, paragraph 1, letter b) of the GDPR, and considering No. 44 of the GDPR. DATA RETENTION PERIOD: The retention period is until the account is terminated and the technical time for disabling credentials. The user has the right to delete their account at any time. If they choose to do so, the account will cease to exist, and the user will be considered inactive. NATURE OF PROVIDING DATA: Providing data is necessary. Failure to provide the necessary data will result in the inability to register on the website. In case of registration through Amazon, LE SAC collects from this operator the necessary data for registration/authentication such as name, surname, email address, and shipping addresses. In the case of registration/authentication through the "Register with Le SAC Outlet and proceed to checkout using your Amazon account credentials" function, Amazon Europe will also process the data of the data subject (more information is available in Amazon's privacy policy: https://www.amazon.it/gp/help/customer/display.html?ie=UTF8&nodeId=200545460&ld=NSGoogle).

Purpose D): To manage online purchases, process orders and returns through online services, and send notifications about the status of shipment or in case of delivery issues. LEGAL BASIS: The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject, pursuant to Article 6, paragraph 1, letter b) of the GDPR, and considering No. 44 of the GDPR. DATA RETENTION PERIOD: The retention period is a maximum of 10 years. NATURE OF PROVIDING DATA: Providing data is necessary. Failure to provide the necessary data will result in the inability to place orders, make purchases, returns, and receive notifications about the shipment status. In the case of using the "AMAZON PAY - use your Amazon account" function, Amazon Europe will also process the data of the data subject (more information is available in Amazon Pay's privacy policy: https://pay.amazon.it/help/201212490?ld=NSGoogle).

Purpose E): Direct marketing LE SAC uses personal data, with the data subject's consent, to send newsletters, advertising and promotional materials, commercial offers, informative surveys, and invitations through automated means such as email, SMS messages, and messages through the Whatsapp Business application (whose Privacy Policy can be found at: https://www.whatsapp.com/legal/), if the data subject provides their mobile phone number, as well as through operator-initiated phone calls, even automated, postal mail, and other informational materials. In order to optimize the LE SAC experience, we will provide the user with important information, recommended products, and reminders of products left in the cart. LEGAL BASIS: The processing is based on the data subject's consent, pursuant to Article 6, paragraph 1, letter a) of the GDPR, and considering No. 42 and 43 of the GDPR. DATA RETENTION PERIOD: Until consent is revoked (opt-out). NATURE OF PROVIDING DATA: Providing data is optional. Failure to provide the necessary data will result in the inability to receive direct marketing communications. Failure to provide a mobile phone number will result in the inability to receive communications via SMS and Whatsapp.

Purpose F): Non-automated profiling LE SAC uses personal data, with the data subject's consent, to perform analyses, evaluations, and categorize data subjects into homogeneous groups based on characteristics, including geographical and sectoral criteria, for better service management and for sending personalized promotional communications. LEGAL BASIS: The processing is based on the data subject's consent, pursuant to Article 6, paragraph 1, letter a) of the GDPR, and considering No. 42 and 43 of the GDPR. DATA RETENTION PERIOD: Until consent is revoked (opt-out) and, in any case, for a maximum of 12 months. NATURE OF PROVIDING DATA: Providing data is optional. Failure to provide the necessary data will result in the inability to perform analyses and/or send targeted communications.

Purpose G): Automated "soft-spam" via email (Article 130, paragraph 4 of the Privacy Code) LE SAC uses email addresses provided by the data subject in the context of the sale of a product or service for the direct sale of its own products or services, without the data subject's consent, as long as they are similar to those subject to the sale, and the data subject, adequately informed, does not refuse such use, initially or on subsequent occasions. At the time of collection and when sending each communication for the purposes of this paragraph, the data subject is informed of the possibility of opposing the processing at any time, easily and free of charge. LEGAL BASIS: Legitimate interest of the Data Controller, pursuant to Article 6, paragraph 1, letter f) of the GDPR, and considering No. 47 of the GDPR. The processing is necessary to pursue the legitimate interests of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail. DATA RETENTION PERIOD: Until the data subject's objection (opt-out). NATURE OF PROVIDING DATA: Providing data is optional. The data subject may object to the processing initially or on subsequent occasions.

Purpose H): Management of requests to our Customer Care. LE SAC's Customer Service uses the personal data provided by the data subject to fulfill their information and assistance requests. LEGAL BASIS: Legitimate interest, pursuant to Article 6, paragraph 1, letter f) of the GDPR, and considering No. 47 of the GDPR. The processing is necessary to pursue the legitimate interest of the data controller in responding to the data subject's requests. DATA RETENTION PERIOD: For the time necessary to fulfill the request and for a maximum of 12 months, without prejudice to further retention required for the protection of the Data Controller's rights. NATURE OF PROVIDING DATA: Providing data is necessary. Failure to provide data will result in the inability to respond to the data subject's requests.

Purpose I): Satisfaction surveys regarding LE SAC's services and products. LEGAL BASIS: Legitimate interest, pursuant to Article 6, paragraph 1, letter f) of the GDPR, and considering No. 47 of the GDPR. The processing is necessary to pursue the legitimate interest of the Data Controller, which consists in the possibility of receiving feedback to improve service quality. DATA RETENTION PERIOD: The retention period lasts until opposition (opt-out). NATURE OF PROVIDING DATA: Providing data is optional. The data subject may object to the processing initially or on subsequent occasions.

Purpose L): Management of requests to exercise the data subject's rights, in accordance with Articles 15 and following of EU Regulation 2016/679. LEGAL BASIS: Legal obligation, pursuant to Article 6, letter c) of the GDPR. The processing is necessary to fulfill a legal obligation to which the Data Controller is subject. DATA RETENTION PERIOD: The retention period is 5 years from the closure of the request, subject to disputes. NATURE OF PROVIDING DATA: Providing personal data is necessary to fulfill legal obligations.

Purpose M): Compliance with legal obligations We use personal data to fulfill the legal obligations to which LE SAC is subject. LEGAL BASIS: Legal obligation, pursuant to Article 6, letter c) of the GDPR. The processing is necessary to fulfill a legal obligation to which the Data Controller is subject. DATA RETENTION PERIOD: 10 years. NATURE OF PROVIDING DATA: The data subject is free to decide whether to enter into a contract with LE SAC, but if they do, their data will necessarily be processed.

Purpose N): Prevention and management of disputes and other legal aspects and defense in case of legal action. LEGAL BASIS: Legitimate interest, pursuant to Article 6, letter f), and considering No. 47 of the GDPR. The processing is necessary to pursue the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, taking into account the reasonable expectations of the data subject based on their relationship with the Data Controller. DATA RETENTION PERIOD: 10 years, subject to the time necessary for defense in court. NATURE OF PROVIDING DATA: Providing data is necessary. Refusal must be balanced with the Data Controller's legitimate interest for this purpose.

Processing Methods

User data will be processed manually, electronically, and automatically. It should be noted that no completely automated decision-making processes are carried out.

Location of Data Storage Data collected from data subjects are stored within the European Economic Area ("EEA") and will not be transferred and processed in countries outside the EEA.

Entities with Access to Data The personal data of the data subject will not be disclosed and will be processed by:

  • internal subjects at LE SAC, as Authorized Data Processors (Article 29 of the GDPR), who act under the authority of the Data Controller based on specific instructions received.
  • any third parties performing activities on behalf of the Data Controller and are therefore classified as Data Processors (Article 28 of the GDPR), who will process the data for the purposes mentioned above, in compliance with the GDPR and the directives received (entities providing marketing services, managing the company's server and website www.lesacoutlet.it, managing the warehouse and logistics, as well as freelance professionals, studios, or companies within the scope of assistance and consultancy relationships). The list of Data Processors can be requested by writing to the address privacy@le-sac.it or to the registered office of LE SAC.
  • subjects, entities, or authorities to whom the Data Controller is required to communicate personal data pursuant to legal provisions or legitimate orders.

User Rights The data subject may exercise the following rights at any time, as provided for in Articles 15 et seq. of the GDPR, by contacting the Data Controller at the email address privacy@le-sac.it: a) right of access to personal data (Article 15); b) right to rectification (Article 16) if the data is incorrect or incomplete; c) right to erasure (Article 17); d) right to restrict processing (Article 18); The Data Controller will communicate any rectifications, erasures, or restrictions of processing to each of the recipients to whom the personal data has been transmitted (Article 19). The Data Controller will also inform the data subject of these recipients if requested. a) right to data portability, where applicable (Article 20); in this case, the data will be provided to the data subject in a structured, commonly used, and machine-readable format; b) right to object, where applicable (Article 21), to the processing of data based on consent and/or the legitimate interest of the Data Controller, as well as the right to withdraw consent given without affecting the lawfulness of processing based on consent before withdrawal. To no longer receive automated direct marketing communications (e.g., email, SMS, WhatsApp), it will be sufficient to send an email at any time to privacy@le-sac.it with the subject "unsubscribe from automated," or use the automatic cancellation systems provided for emails. To no longer receive communications via WhatsApp, you can also write "STOP" within the chat with LE SAC. To no longer receive traditional direct marketing communications (phone calls, postal mail), it will be sufficient to send an email at any time to privacy@le-sac.it with the subject "unsubscribe from traditional." To object to direct marketing only by certain means, it will be sufficient to send an email to privacy@le-sac.it with the subject "unsubscribe from..." specifying the instrument you no longer wish to allow the use of. To withdraw consent to profiling, it will be sufficient to send an email to privacy@le-sac.it with the subject "no profiling." If the data subject believes that LE SAC is processing personal data incorrectly, they can contact the Data Controller at privacy@le-sac.it. In addition, the data subject has the right to lodge a complaint with the Italian Data Protection Authority, using the form and procedure indicated on the website at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.

Updates to our Privacy Policy: Updates to LE SAC's Privacy Policy may be necessary, including as a result of any subsequent changes and/or additions to the law. The most recent version of the Privacy Policy is always available on LE SAC's website.

Last modified: September 12, 2023

Scroll To Top