Privacy notice

PRIVACY INFORMATION (ART. 13 - EUROPEAN REGULATION FOR THE PROTECTION OF PERSONAL DATA - “RGPD”) < / strong>

We inform you that your personal data will be processed, in compliance with the aforementioned legislation and the confidentiality obligations which the activity of our company is inspired.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller of the personal data you provide for the websites www.otticain.com and www.randolphusa.it is: Ottica In by Giuliano Agostinelli e C. snc, with registered office in Corso Roma 60/62 - 72100 Brindisi, which can be contacted at the following address: info@otticain.com

2. IDENTITY AND CONTACT OF THE DATA PROTECTION MANAGER:

The Data Protection Officer, appointed by Ottica In, is Giuliano Agostinelli who exercises direction and control of the aforementioned sites web, which can be contacted at giulianoagostinelli@otticain.com

3. PURPOSE OF THE PROCESSING TO WHICH THE DATA ARE INTENDED

Your personal data will be used, depending on the service you access, for the following purposes: < / p>

• a) To allow the release of the loyalty card (Card);
• b) For sending commercial / promotional communications (Marketing);
• c) For the analysis of your purchasing habits, necessary to provide you with personalized offers (Profiling);
• d) To allow the management of purchase orders;
• e) To allow you to register on the website www.otticain.com - www.randolphusa.it and the use of related services (Website registration); < / span>

In case a) the processing of your data is necessary for contractual purposes, so as to allow the Card to be issued; In cases b) and c), the processing is subject to your consent, freely given, pursuant to art. 6 (a) of the GDPR. In the case referred to in point d), the personal data relating to vision disorders that you should communicate to us on the occasion of your request for the production of graduated lenses, will be processed, with your express consent, pursuant to art. 9 (2.a) GDPR, for the sole purpose of providing you with the requested service. In case e) the processing of your data is necessary for contractual purposes, so as to allow you to register on the website and use the services therein.

4. CATEGORIES OF DATA PROCESSED

With reference to the purposes referred to in art. 3, we will process the following categories of personal data:

• Personal data (name, surname, address, e-mail, telephone number, place and date of birth, etc.) provided directly by you;
• Financial data (in case of purchases made through the e-commerce portal referred to on the website);
• Special categories of data (data belonging to visual disturbances);
• Navigation data obtained from automatic traceability systems while using the Site and related services (for more information visit cookie policy ).

5. NATURE OF THE PROVIDING OF PERSONAL INFORMATION AND CONSEQUENCES OF THE DENIAL

The provision of your personal data for contractual purposes is voluntary and optional. Failure to provide personal data for the purposes referred to in art. 3.a, 3.d and 3.e, will make it impossible to use the services connected to the aforementioned purposes. With reference to the Personal Data provided, you can always exercise the rights referred to in art. 9.

The provision of your personal data for marketing purposes is voluntary and optional and their use is subject to the expression of the consent. Should you decide to exercise your right to withdraw consent, the treatment prior to the opposition will remain legitimate. It is understood that in case you exercise your right to object to the processing of your personal data for the purposes referred to in art. 3.b and 3.c, we will not be able to send you commercial communications and / or profiled commercial communications.

6. SCOPE OF DATA COMMUNICATION

The personal data provided or collected will be processed by the Data Controller's staff and, in particular:

• 1. employees and consultants authorized to manage the Site and provide the related services (e.g. customer service, management of the Computer Systems and the IT systems of the Data Controller, etc.), as persons in charge of processing and / or system administrators and / or internal data processors;
• 2. employees and consultants of the marketing, finance, administration, accounting and other offices of the Data Controller, in their capacity as data processors and / or internal data processors.

The Data Controller may also request its service providers to perform some data processing operations on its behalf, according to the instructions provided by the same and in line with this Privacy Policy. The aforementioned suppliers will process personal data as external data processors on the basis of adequate contractual commitments and / or letters of appointment, and include, by way of example:

• 1. IT Systems and Website management service providers (e.g. hosting providers, market and analysis service providers, database management and maintenance services);
• 1. online payment service providers, who have access; credit card information and other financial information of the user;
• 2. service providers relating to placing orders, shipments of products and / or other services available through this Site;
• 3. service providers and systems to carry out marketing and profiling activities;
• 4. Access to information, finally, may be carried out by the company Ottica In, as data processors for the fulfillment of the contractual purposes indicated above, including the shipment of products, the management of complaints, the analysis of data, the provision of marketing assistance. In carrying out the activities provided by the aforementioned subjects, the Data Controller will provide operating instructions and rules of conduct on the processing of personal data in accordance with this Privacy Policy.

The personal data provided may be disclosed to third parties for the following purposes:

• 1. On the occasion of a merger, acquisition or sale of the company or a business unit;
• 1. in order to fulfill the obligations established by laws, regulations, protocols and by national or European legislation;
• 2. in order to implement regulations required by public authorities;
• 3. in order to allow the Data Controller to defend in court, for example in the case of violations by network users.

The aforementioned parties will process the information as independent Data Controllers. The use of data by the aforementioned third parties will therefore not be governed by this Privacy Policy.

7. TRANSFER OF DATA OUTSIDE THE EU

The Data Controller may transfer the data to third parties responsible for the processing referred to above and located outside the European Union (by way of for example, to licensee companies of Ottica In or to third parties) to allow the carrying out, on their own behalf, of the activities listed in this information (eg hosting services). If personal information is transferred to countries that do not provide the same level of protection, or in any case an adequate level of protection of personal data (eg the United States of America), the Data Controller will ensure that each service provider assumes obligations specific contractual provisions in accordance with the applicable regulations on the protection of personal data (including the signing of the Standard Contractual Clauses approved by the European Commission), except where the Data Controller can refer to any other legal basis for the transfer of personal information.

8. STORING AND DELETING INFORMATION

The Data Controller has access, uses, processes, archives and stores the personal information collected exclusively for the purposes indicated in this Policy on privacy and pursuant to the legal bases expressly indicated in art. 3

Personal information is stored and deleted in accordance with the Data Controller's security policy for the duration necessary to achieve the purposes for the which data were collected and then processed, including the data retention periods required pursuant to the applicable legislation (e.g. conservation of accounting documentation). The Data Controller will process user information for contractual purposes (Article 3 a, e) for 10 years from the termination of the contract; for 24 months for marketing purposes (Article 3 b, c); sensitive personal data provided for the purposes referred to in art. 3 lett. d), will be processed for the time strictly necessary to manage the user's request.

9. RIGHTS

We inform you that you are the owner of the rights referred to in articles 15-22 RGPD (right of access, right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object) and the right to lodge a complaint with the Supervisory Authority. Each user registered on the website can in fact access their personal information and update it (eg through the user's account). Users can also modify and update their preferences on how they intend to receive e-mails or other communications from the Data Controller. Users can also request the deletion of their personal data. It is possible to exercise the above rights and request information in this regard by contacting us using the methods set out in articles. 1 and 2.

10. CHANGES TO THE PRIVACY POLICY

For legal and / or organizational reasons, this Privacy Policy may be subject to changes; We therefore recommend that you regularly check this Privacy Policy and consult the latest version of the same. In the event that the Data Controller makes changes that the company deems important, users will be adequately informed (via website, e-mail,