Aeffe S.p.A., with registered offices at San Giovanni in Marignano (RN) via delle Querce 51, Company No. and VAT: 01928480407 , in the person of its legal representative for the time being, as the data controller (hereinafter “Controller”), informs you that, pursuant to art. 13 of Reg. (EU) 2016/679 (hereinafter “GDPR”), it needs to process your personal data in compliance with current regulations and on the basis specified in more detail below.

The present information concerns only the website “www.aeffe.com” and not further website reached by the user through link.

1. Object of processing
   The Controller will process the personal identification information (including but not limited to: name, surname, address, telephone no., e-mail address, etc., hereinafter “Data”) freely communicated by you in order use the specific services offered by the site “www.aeffe.com”, in addition to those (navigation data) normally accessible by the Controller through the computer systems and software procedures used to operate the site. In this latter case, we refer to those personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes ex-multis IP addresses or domain names of the computers used by users to reach the website and to connect with it, the addresses in Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used in the submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters concerning the operating system and the user’s IT environment
2. Purpose of processing
   Your Data will be processed in a legal and proper manner for the purposes described below.
   1. As far as the navigation data is concerned:
      1. To allow the Controller to obtain anonymous statistics on the use of the “www.aeffe.com” website and check its correct operation;
      2. For security reasons (spam filters, firewalls and virus detection), in order to block damage’s attempts to the site itself or its users, and in any case to avoid harmful activities or constituent a crime;
      3. Perform any other function necessary or instrumental to the operation of the website, including the installation of technical cookies to improve the functionality of the site for which reference is made to the Cookie Policy
      4. To allow the Controller to fulfill legal, fiscal, administrative, contractual and accounting obligations linked to the management of the site and the provision of the requested services, as well as the proper management of relationships with authorities, control bodies and public third party for purposes linked to particular requests, fulfillment of legal obligations or other procedures.
   2. As far as the data voluntary provided by the user is concerned, are included in this category the information (name, surname, e-mail address, data present in CV, contents acquired by the form filled on line etc) voluntarily provided by the user at the time of registration on the website www.aeffe.com, in addition to the Data communicated during the spontaneous sent of curriculum vitae and online spontaneous candidacies – through the section “Work with us” -, which will be consequentially used by the Controller to evaluate the suitability of the user with respect to a potential recruitment in the company, starting, if it is the case, the selection processes. This will entail, inter alia, the subsequent acquisition by the Controller of the address of the sender necessary to answer to the proposed candidacy and, more generally, to answer to any question formulated by the user through the contacts present online. It is specified that the Controller will not process any category of personal data pursuant to art. 9 and 10 GDPR eventually provided – voluntarily – by the user through the various communication channels on the website.
3. Methods of processing
   Your Data will be processed using the operations indicated in art. 4, point 2) GDPR and, specifically: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the Data.

   Your Data will be processed both in hard-copy form and electronically and/or automatically.

   The Data collected will be processed in full compliance with the law, as well as with the principles of legality, fairness, transparency, limited to what is necessary and protection of your privacy and rights.

   The Data of minors of 16 years will not be processed.

4. Duration of retention of the Data
   The Controller stores the Data in compliance with local laws and company policies and procedures for the time necessary in order to achieve the above purposes and satisfy its legitimate commercial interests and legal obligations, and to establish, exercise or defend its legal rights. When there is no further need to retain the Data for the above purposes, it will be erased in a secure manner.
5. Legal basis for processing
   Communication, dissemination and access to the Data
6. Comunicazione, diffusione e accesso ai Dati
   Your Data may be made accessible for the purposes described above to:
   • Employees and collaborators of the Controller in Italy and abroad, as internal data processors and/or sub-managers/persons tasked with processing and/or system administrators;
   • Other Aeffe Group companies (parent companies, subsidiaries and/or associates) in Italy and abroad and to their employees and collaborators;
   • Other third-party companies or other parties to which the Controller has outsourced activities, in their role as external data processors, including vendors or parties engaged to provide services that are ancillary to or useful for the purposes indicated above, with which the Controller has signed specific agreements.

   The Controller also reserves the right to make accessible the personal data with certain third parties, including: IT companies for the development of systems and technical support; auditors and consultants that check compliance with external and internal requirements; legal entities, agencies responsible for application of the law and parties in legal cases, consistent with the legal obligation to inform and other requirements; any successors or commercial partners of the Controller or a company in the same group as the Controller, in the event of sale, assignment or other special transactions; the police, armed forces and other public administrations in compliance with obligations imposed by law, regulations or EU rules.

   Should these parties be established in non-EU countries, the Controller will ensure that the non-EU transfer of Data takes place in compliance with the applicable laws, by employing the standard contractual clauses envisaged by the European Commission.

7. Transfer of Data
   The Data will be held on servers located within the European Union. In all cases, should it be necessary, the Controller is entitled to share the Data with third parties, member or not of the Controller’s Group and/or transfer the Data in other non-EU contexts; in that case, the Controller hereby guarantees that the non-EU transfer of Data will take place in compliance with the applicable laws, by employing the standard contractual clauses envisaged by the European Commission.

   The Controller will apply all necessary precautions when making the above transfers, in accordance with the current privacy regulations.

8. Nature of the provision of Data and consequences of refusal to provide Data
   The provision of your Data for the purposes described in this information is mandatory; from one side, it let you a correct navigation and the access to the various functions of the website www.aeffe.com; on the other side, it let Aeffe to satisfy your request.
9. Rights of the data subject
   As the data subject, you have the rights specified in arts. 13, para. 2, letters b), c) and d), 15, 16, 17, 18, 19 and 21 GDPR and, specifically, the rights to:
   • Obtain confirmation of the existence or not of Data relating to you, even if not yet registered, and its communication in an intelligible form;
   • Obtain indication of:
     1. the origin of the Data;
     2. the purposes and methods of processing;
     3. the logic applied if processing is carried out using electronic equipment;
     4. the identification details of the Controller, the data protection officer, the processors and the representative designated pursuant to art. 3, para. 1, GDPR;
     5. the parties or categories of party to which the Data may be communicated or which may become aware of it as the designated representative in the territory of the State and as processors;
   • Obtain the:
     1. update, rectification or, if desired, completion of the Data;
     2. erasure, transformation into an anonymous form or blockage of personal data processed in violation of the law, including data that need not be retained in relation to the purposes for which it was collected or subsequently processed;
     3. confirmation that the operations referred to in letters a) and b), and their content, have been drawn to the attention of the parties to which the Data has been communicated or disseminated, except if fulfillment of that requirement would be impossible or require the use of resources obviously out of proportion to the right safeguarded;
   • Object, in whole or in part:
     1. for legitimate reasons to processing of the Data that relates to you, even if relevant to the purpose for which it was collected;
     2. to processing of the Data that relates to you in order to send advertising or direct marketing materials or to carry out market research or commercial communications, using automated calling systems without operator involvement, e-mails and/or traditional marketing methods, such as recourse to telephone calls and/or regular mail. The right of the data subject, presented in point b) above, to object to direct marketing using automated means, also extends to traditional marketing methods; in all cases, the data subject remains entitled to object solely in part. Accordingly, the data subject may decide to receive communications solely using traditional means or solely automated communications or neither of the two types of communication;
   • Where applicable, the data subject also has the rights envisaged in arts. 16 – 21 GDPR (Right to rectification, right to be forgotten, right to the restriction of processing, right to data portability, right to object), as well as the right to complain to the Privacy Ombudsman;
   • Revoke at any time any consents already given.
10. Exercise of rights
    At any time, you may exercise your rights or make a request by sending: a registered letter to Aeffe S.p.A., with registered offices at 47842 San Giovanni in Marignano (RN) Via delle Querce 51, or an e-mail to the following address:privacy@aeffe.com.

    The deadline for the reply is one month. The mentioned deadline may be extended for two months in particularly complex cases: if this occurs, within one month the Controller will provide a communication concerning the reasons for the extension.

    The Controller has the right to request the information necessary for the identification of the applicant.

    Generally, the exercise of rights is free, except in the case of manifestly unfounded or excessive requests, for which the Controller may reserve the right to request the interested party a reasonable contribution based on administrative costs to be incurred.

11. Controller, Data Protection Officer, Processor
    The Controller is Aeffe S.p.A., in the person of its legal representative for the time being, with registered offices at 7842 San Giovanni in Marignano (RN) Via delle Querce 51, Company no and VAT: 01928480407.

    The Data Protection Officer may be contacted at the following e-mail address: privacy@aeffe.com

    Information about the categories of Processor is available from the registered offices of the Controller.