Privacy policy disclosure

 

In compliance with EU Regulation 2016/679 (GDPR), we provide you with the following information regarding the processing of your personal data, in relation to browsing the Le Sac Srl website (the “ Site ”).

 

The owner of the user's personal data.

The Data Controller, pursuant to articles 4 and 24 of the GDPR, is Le Sac Srl (" Le Sac " or the “ Company ”), Tax Code and VAT number 1095438159, with registered office in Milan, Via Benigno Crespi n. 57, in the person of the legal representative pro tempore . The user may contact Le Sac, for any information, at the email address [email protected] .

 

The Data Protection Officer

Le Sac has appointed a Data Protection Officer (DPO) pursuant to Articles 37, 38 and 39 of the GDPR, who may be contacted at the email address [email protected] or by writing to the DPO at the Company's headquarters.

 

Type of data processed

Personal data : any information relating to an identified or identifiable natural person (“data subject”), meaning a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (recitals 26, 27 and 30).

Browsing data : the computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI ( Uniform Resource Identifier ) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the interested party.

Data communicated voluntarily : the optional, explicit and voluntary sending of messages to the contact addresses indicated on the Site and/or the completion of the data collection forms, entail the subsequent acquisition of the sender's address, necessary to respond to requests, as well as other personal data entered.

C ookies : For cookies and other similar technologies, see the cookie policy in the footer of the Site.

Social media and third-party sites: In relation to the processing of personal data carried out by social media managers or third parties, where interested parties click on the relevant link, reference is made to the information provided by the latter through their respective privacy policies .

 

Purpose of processing, legal basis and data retention period

Purpose A): browsing the website

LEGAL BASIS : legitimate interest, pursuant to art. 6, par. 1, lett. f) GDPR and recital 47 GDPR. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by third parties, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into account the reasonable expectations of the data subject based on his or her relationship with the controller. Activities strictly necessary for the functioning of the site and the provision of the navigation service on the platform.

DATA RETENTION PERIOD : for the duration of the browsing session (except for any need to ascertain crimes by the judicial authorities).

NATURE OF THE PROVISION : navigation data is necessary in order to allow navigation of the website.

 

Purpose B): use of cookies other than technical ones and comparable technologies

LEGAL BASIS : the processing is based on the consent of the interested party, pursuant to art. 6, par. 1, lett. a) GDPR and recitals no. 42 and 43 GDPR.

DATA RETENTION PERIOD : see the cookie policy in the footer of the site.

NATURE OF THE PROVISION : See the cookie policy in the footer of the site.

 

Purpose C): registration on the site and management of the personal account

LEGAL BASIS : the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same, pursuant to art. 6, par. 1, lett. b) GDPR and recital no. 44 GDPR.

DATA RETENTION PERIOD : The retention period is until the termination of the account and the technical time for disabling the credentials.

You have the right to delete your account at any time. If you choose to do so, your account will cease to exist and you will be considered inactive.

NATURE OF THE PROVISION : The provision of data is necessary. Failure to provide the necessary data will make it impossible to register on the site.

 

Purpose D): management of online purchases, processing of orders and returns via online services, sending notifications on the status of the shipment or in the event of problems with the delivery of the items

LEGAL BASIS : the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same, pursuant to art. 6, par. 1, lett. b) GDPR and recital no. 44 GDPR.

DATA RETENTION PERIOD : The retention period is a maximum of 10 years.

NATURE OF THE PROVISION : The provision of data is necessary. Failure to provide the necessary data will make it impossible to place orders, purchases, returns and receive notifications on the status of the shipment.

 

Purpose E): direct marketing

Le Sac uses personal data, with the consent of the interested party, to send newsletters, advertising and promotional material, commercial offers, information surveys and invitations via automated means such as email, SMS messages and messages via the Whatsapp Business application (whose Privacy Policy can be consulted at: https://www.whatsapp.com/legal/), if the interested party provides his/her mobile number, as well as through operator-assisted telephone calls, including automated ones, paper mail and other information material.

In order to optimize your Le Sac experience, we will provide you with important information, recommended products, and reminders of products left in your cart.

LEGAL BASIS : the processing is based on the consent of the interested party, pursuant to art. 6, par. 1, lett. a) GDPR and recitals no. 42 and 43 GDPR.

DATA RETENTION PERIOD : until consent is revoked (opt-out).

NATURE OF THE PROVISION : The provision is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications. Failure to provide the mobile number will make it impossible to receive communications via SMS and Whatsapp.

 

Purpose F): Non-automated profiling

Le Sac uses personal data, with the consent of the interested party, in order to carry out analyses, evaluations and to divide the interested parties into homogeneous groups by characteristics, also based on the area and sector to which they belong, for better management of services, as well as for sending personalized promotional communications.

LEGAL BASIS : the processing is based on the consent of the interested party, pursuant to art. 6, par. 1, lett. a) GDPR and recitals no. 42 and 43 GDPR.

DATA RETENTION PERIOD : until consent is revoked (opt-out) and, in any case, up to a maximum of 12 months.

NATURE OF THE PROVISION : The provision is optional. Failure to provide the necessary data will make it impossible to carry out analyses and/or send targeted communications.

 

Purpose G): automated “soft-spam” via e-mail (art. 130, co. 4 Privacy Code)

Le Sac uses, for the purposes of direct sales of its products or services, the email addresses provided by the interested party in the context of the sale of a product or service, without the consent of the latter, provided that the products or services are similar to those being sold and the interested party, adequately informed, does not refuse such use, initially or on the occasion of subsequent communications. The interested party, at the time of collection and on the occasion of sending each communication carried out for the purposes referred to in this paragraph, is informed of the possibility of opposing the processing at any time, easily and free of charge.

LEGAL BASIS : legitimate interest of the Data Controller, pursuant to art. 6, par. 1, lett. f) GDPR and recital 47 GDPR. The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by third parties, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

DATA RETENTION PERIOD : until the interested party objects (opt-out).

NATURE OF THE PROVISION : The provision is optional. You may oppose the processing initially or during subsequent communications.

 

Purpose H): management of requests from interested parties

Le Sac uses the personal data provided by interested parties, via email or via the chat accessible from the Site, to satisfy their requests for information or assistance.

LEGAL BASIS : legitimate interest, pursuant to art. 6, par. 1, lett. f) GDPR and recital 47 GDPR. The processing is necessary to pursue the legitimate interest of the data controller to follow up on the requests of the interested party.

DATA RETENTION PERIOD : for the time necessary to satisfy the request and for a maximum of 12 months, without prejudice to any further retention that may be necessary for the purposes of protecting the rights of the Data Controller.

NATURE OF THE PROVISION : the provision of data is necessary. Failure to provide data will make it impossible to follow up on the interested party's requests.

 

Purpose I): survey on satisfaction with Le Sac services and products

LEGAL BASIS : legitimate interest, pursuant to art. 6, par. 1, lett. f) GDPR and recital 47 GDPR. The processing is necessary for the pursuit of the legitimate interest of the Data Controller, which consists in the possibility of receiving useful feedback to improve the quality of the service.

DATA RETENTION PERIOD : The retention period lasts until opposition (opt-out).

NATURE OF THE PROVISION : The provision is optional. You may oppose the processing initially or during subsequent communications.

 

Purpose L): management of requests to exercise the rights of interested parties, pursuant to articles 15 and following of EU Reg. 2016/679

LEGAL BASIS : legal obligation, pursuant to art. 6, letter c) GDPR. The processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

DATA RETENTION PERIOD : the retention period is 5 years from the closure of the request, barring disputes.

NATURE OF THE PROVISION : The provision of personal data is necessary in order to fulfil legal obligations.

 

Purpose M): fulfillment of legal obligations

Le Sac uses the personal data provided by interested parties to fulfill the legal obligations to which it is subject (accounting, administrative, etc.) .

LEGAL BASIS : legal obligation, pursuant to art. 6, letter c) GDPR. The processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

DATA RETENTION PERIOD , 10 years

NATURE OF THE PROVISION : the interested party is free to decide whether to conclude a contract with Le Sac, but if he does so his data will necessarily be processed

 

Purpose N): prevention and management of disputes and other legal aspects and for defense in the event of a trial

LEGAL BASIS : legitimate interest, pursuant to art. 6, letter f) and recital 47 GDPR. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into account the reasonable expectations of the data subject based on his or her relationship with the controller.

DATA RETENTION PERIOD : 10 years, except for the time necessary for legal defense.

NATURE OF THE PROVISION : the provision of data is necessary. The refusal must be balanced with the legitimate interest of the Data Controller for this purpose.

 

Treatment methods

Your data will be subjected to traditional manual, electronic and automated processing. It is specified that no fully automated decision-making processes are carried out.

 

Location of data storage

The personal data collected for the purposes described in this Policy will not be communicated and/or transferred to companies and individuals located in non-EEA countries, except as provided for purposes B) - use of cookies other than technical cookies and H) - management of requests from interested parties (limited to the use of the chat on the website). In the event of data transfer to non-EEA countries, this will occur in compliance with the limits and conditions set out in articles 44 et seq. of the GDPR.

 

Subjects who have access to the data.

The personal data of the interested party will not be disclosed and will be processed by:

-             internal subjects of Le Sac, in the capacity of Authorized Persons to process data (art. 29 GDPR), who act under the authority of the Data Controller on the basis of specific instructions received;

-             any third parties who carry out activities on behalf of the Data Controller and who are therefore classified as Data Processors (art. 28 GDPR), who will process the data, for the purposes indicated above, in compliance with the provisions of the GDPR and the directives received (parties in charge of managing the information system and telecommunications networks, including email and the website, subjects who provide marketing services and chatbot systems, subjects in charge of warehouse and logistics management, as well as freelancers, firms or companies in the context of assistance and consultancy relationships);

The list of Data Controllers can be requested by writing to [email protected] or to the registered office of Le Sac.

-             subjects, entities or authorities to whom the Data Controller is obliged to communicate your personal data by virtue of legal provisions or legitimate orders.

 

User rights

The user may exercise, at any time, the following rights, provided for by articles 15 et seq. GDPR, by contacting the Data Controller at the email address [email protected] .

to)     right of access to personal data (art.15);

b)     right to rectification (art.16), if the data is incorrect or incomplete;

c)     right to erasure (art. 17);

d)     right to restriction of processing (art.18);

The Data Controller shall communicate to each of the recipients to whom the personal data have been transmitted any corrections, cancellations or limitations of the processing carried out (art. 19). The Data Controller shall communicate to the interested party these recipients if the interested party requests it.  

to)     right of portability, in the cases provided for (art.20); in this case, the data will be provided to the interested party in a structured, commonly used and machine-readable format;

b)     right to object, in the cases provided for (art. 21), to the processing of data based on consent and/or on the legitimate interest of the Data Controller, as well as the right to revoke the consent given without prejudice to the lawfulness of the processing based on consent before the revocation.

To stop receiving automated direct marketing communications (e.g. email, SMS, WhatsApp) simply write an email at any time to [email protected] with the subject “cancellation from automated” or use the automatic cancellation systems provided for emails; for communications via WhatsApp, you can also write “STOP” in the chat with Le Sac.

To stop receiving traditional direct marketing communications (telephone calls, postal mail) simply write an email at any time to [email protected] with the subject “unsubscribe from traditional”.

To object to direct marketing only in certain ways, you can write an email to [email protected] with the subject “cancellation from…”, specifying the tool whose use you no longer wish to allow.

To revoke consent to profiling, simply write an email to [email protected] with the subject “no profiling”.

To stop receiving soft spam communications, you can write an email to [email protected] with the subject “no soft spam”.

If the interested party believes that Le Sac processes personal data incorrectly, he/she can contact the Data Controller at [email protected] . Furthermore, the interested party has the right to lodge a complaint with the Guarantor for the protection of personal data, through the form and procedure indicated on the Authority's website.

 

Updates to our Privacy Policy:  

Updates to this information may be necessary, also as a result of any subsequent regulatory changes and/or additions. The most recent version of the Information is always available on the Site.

Last modified: June 6, 2025

Scroll To Top