Please read this Privacy Policy carefully, as it contains important information about the personal data of Customers who sign the Fidelity Programme Form at Harmont & Blaine stores and outlines how this data will be used.
Harmont & Blaine recognises the importance of protecting the personal data of its Customers and, for this reason, adopts specific policies and security measures to comply with applicable data protection regulations and to protect your personal data.
Please be aware that this Privacy Policy is governed by Italian law, particularly the Italian Personal Data Protection Code (Legislative Decree no. 196 of 30 June 2003, as amended and supplemented most recently by Legislative Decree no. 101 of 2018, hereinafter the "Code"), and by European Regulation 2016/679 (the "Regulation"), which has been in force since 25 May 2018. The Code and Regulation ensure that personal data is processed in accordance with fundamental rights and freedoms, with particular regard for confidentiality, personal identity and the right to have one's personal data protected.
1. DATA DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER
Harmont & Blaine S.p.A., with registered office in Caivano (NA), at S.S. 87 Km. 16,460 Zona Industriale (hereinafter HB), is the company responsible for processing the personal data ("Data Controller") of Customers who sign Fidelity Programme Forms, processing marketing and profiling data and processing data related to sales made in stores.
Data Subjects may contact the Data Controller at the following addresses:
- - by email: privacy@harmontblaine.com
- - by mail: Caivano (NA), at S.S. 87 Km. 16,460 Zona Industriale
The Data Controller may appoint other authorised parties to process data.
Pursuant to Article 37 of the Regulation, the Company has also appointed a Data Protection Officer ("DPO"), who can be contacted at the following addresses:
- - by email: dpo@harmontblaine.com
- - by post: Via San Vittore al Teatro 3 - 20123, Milan (MI).
2. PERSONAL DATA COLLECTED
a) Fidelity Programme Subscription
When signing the Fidelity Programme Form at an HB store, the Customer provides the following personal data: first name, surname and email address. This information is mandatory and, without it, the services associated with the Fidelity Programme cannot be provided. You may also provide additional optional data (such as your address, city, province, postcode, country, date of birth, gender and mobile phone number): failure to provide this data will prevent certain additional services (such as sending birthday promotions or catalogues) from being provided.
When a Customer signs the Fidelity Programme Form, additional data are collected, including the date of the subscription, the name of the store in which the Customer signed, and the circuit (Boutique, Outlet, Corner, Shopping Centre).
b) Purchases made at HB stores
When a Customer makes a purchase at a store, additional data related to the sale are collected, including: the products purchased, the product codes, the amount spent, the name of the store in which the purchase was made, the circuit (Boutique, Outlet, Corner, Shopping Centre), and the date of the purchase.
3. PURPOSE OF PROCESSING, LEGAL BASIS AND DATA RETENTION PERIOD
3.1 Management of Customers subscribed to Fidelity Programme
The Customer's personal data will be used to award discounts, promotions and gifts.
Personal data must be provided for the purposes listed above and refusal to do so would make it impossible for HB to provide the services described.
The processing of data for the purposes specified is carried out to enable the company to offer the services described. The legal basis for processing is the performance of the contract to which the data subject is a party.
Personal data will be used for the management of the relationship with Customers subscribed to the Fidelity Programme and will be retained until the Customer requests to cancel their subscription.
After the aforementioned retention period, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the Customer's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).
3.2 Specific purposes
The Customer's personal data will be used:
a) for the promotion, by email, of products similar to those purchased by the data subject. "Similar products" refers to products from the men's and women's categories. The legal basis for such processing is the legitimate interest of the Data Controller, pursuant to Article 130(4) of the Code. This is without prejudice to the possibility of the data subject objecting to such processing at any time.
b) once consent is obtained, to offer promotions, discounts and other personalised services, and to send, by regular mail, mms, email and sms, newsletters, other marketing and commercial communications about HB products, surveys and research studies, market analyses, promotions and other initiatives ("marketing"). The Controller may use traditional means of contact (ordinary mail and telephone) and/or digital and automated means (email, SMS), and may send the Customer such communications based on their profile, provided the Customer has consented to profiling (see point 3.2c below);
c) once consent is obtained, to analyse the Customer's behaviour, interests, preferences and purchasing habits, and to create individual or aggregate profiles based on this information in order to understand how to provide a better service, including a better sales experience ("profiling"). Personal data may also be used to create groups and carry out statistical and market analyses aimed at identifying products and/or services of interest to the Customer and improving services.
d) for the management of the contractual relationship and associated activities such as, for example, administrative/accounting procedures and complaint handling ("contractual purposes"). The legal basis for processing is the performance of the contract to which the data subject is a party. The provision of data for the purposes referred to in points 3.2 b) and c) is optional (as this is based on consent that the Customer may or may not choose to give) and can only occur where personal data are provided for both the marketing and profiling purposes referred to in points 3.2 b) and c) or just one of the two. The Customer may withdraw their consent at any time. In any event, refusal to provide personal data for one or both of the purposes referred to in points 3.2 b) and c) shall not prevent the Customer from purchasing HB products, but the Customer shall not be informed of marketing initiatives promoted by the Controller and will not be able to benefit from a more personalised shopping experience. This shall in any event be without prejudice to the possibility of the Controller sending, by email, promotions related to a product similar to the one that was purchased by the data subject, as referred to in point 3.2 a). The provision of data for the purposes set out in point 3.2 d), on the other hand, is obligatory and refusal to provide such data shall prevent the Customer from purchasing HB products. Personal data processed for the purpose referred to in point 3.2 a) will be retained until the data subject objects to processing. Personal data processed for marketing and profiling purposes will be retained for 7 years after consent is obtained, unless said consent is renewed by the Customer.
3.3. Managing returns for purchases made through third-party apps
To manage any returns for purchases made through apps provided by third parties, the Customer must be subscribed to the Fidelity Programme. If the return requirements are met, the refund will be made by way of a personal gift card. The legal basis for processing is the performance of the contract to which the data subject is a party. For the purpose of issuing the gift card, your personal data and those relating to the purchase for which you are requesting a return will be processed.
Personal data processed for contractual purposes will be retained for 10 years after the relationship is terminated, unless there are ongoing disputes and/or transactions.
After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the Customer's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).
4. DISCLOSURE OF PERSONAL DATA
The Customer's personal data will be processed by the Data Controller's authorised personnel and Data Processors.
Personal data may also be processed by third parties who provide, by way of example, shipping services, services for sending communications by email or SMS, and maintenance services for computer systems.
The aforementioned parties will only process the personal data required to provide the relevant services and are not authorised to process such data for any other purpose.
The Customer's personal data may also be shared with other parties, such as law enforcement agencies, administrative or judicial authorities and public authorities, in order to fulfil legal obligations or comply with regulations or EU rules.
5. PROTECTING THE PRIVACY OF CHILDREN
The processing of the personal data of a child is lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
The Data Controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
If the Data Controller or Data Processor becomes aware that data from a child has been collected, they will immediately delete the data.
If the Customer is not of the required age, the Fidelity Programme Form must not be signed by them and an adult (i.e. a parent or guardian) must be asked to carry out the necessary steps.
6. PROCESSING METHODS
Personal data are processed both by analogue means and computerised/telematic tools, with necessary security measures adopted to minimise the risks of destruction or loss, including accidental, of the data, unauthorised access or processing that is not permitted or does not comply with the purposes of collection specified in this policy.
Once consent is obtained, the Customer's personal data may be processed for profiling purposes, with the aid of automated tools, in order to analyse the Customer's purchasing habits and choices and to tailor the Data Controller's products and promotional initiatives more to the Customer's preferences.
7. TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Where the Data Controller needs to transfer personal data to third countries or international organisations in order to fulfil the purposes set out in this Policy, they shall take the necessary measures to ensure that such transfers are executed in accordance with European data protection standards.
8. RIGHTS OF USERS
To exercise the rights set out below, the Customer may send a request to the Data Controller by sending an email to privacy@harmontblaine.com or by sending a letter by standard mail to the Data Controller's address. When contacting the Data Controller, the Customer shall ensure that they include their first name, surname, email address and/or postal address and/or telephone number(s) to ensure that the Data Controller can deal with their request properly.
8.1 Right of access
The Customer shall have the right to obtain confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, has the right to information about: the origin of the personal data; the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the Customer's right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; the right to lodge a complaint with a supervisory authority; where the data are not collected from the Customer, any available information as to their source; the existence of automated decision-making, including profiling and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Customer; the existence of appropriate safeguards in case data are transferred to third countries or international organisations.
The Customer has the right to obtain, upon request, a copy of the personal data being processed.
8.2 Right to rectification
The Customer shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Customer shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Right to erasure
The Customer shall have the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the Customer withdraws consent on which the processing is based; c) the Customer objects to the processing and there are no overriding legitimate grounds for the processing, or they object to processing for direct marketing purposes, including profiling; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Data Controller is subject; f) the personal data have been collected in relation to the offer of information society services to children.
8.4 Right to restriction of processing
The Customer shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Customer shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The Customer shall have the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the Customer withdraws consent on which the processing is based; c) the Customer objects to the processing and there are no overriding legitimate grounds for the processing, or they object to processing for direct marketing purposes, including profiling; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Data Controller is subject; f) the personal data have been collected in relation to the offer of information society services to children.
The Customer shall have the right to obtain from the Data Controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the Customer, for a period enabling the Data Controller to verify the accuracy of the personal data; b) the processing is unlawful and the Customer opposes the erasure of the personal data and requests the restriction of their use instead; c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Customer for the establishment, exercise or defence of legal claims; d) the Customer has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the Data Controller override those of the Customer.
8.5 Right to data portability
The Customer shall have the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where: a) the processing is based on consent pursuant to point a) of Article 6(1) of the Regulation or point a) of Article 9(2) of the Regulation, or on a contract pursuant to point b) of Article 6(1) of the Regulation; b) the processing is carried out by automated means.
In exercising their right to data portability pursuant to paragraph 1, the Customer shall have the right to have the personal data transmitted directly from one Data Controller to another, where technically feasible.
8.6 Right to object
The Customer shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point e) or f) of Article 6(1) of the Regulation, including profiling based on those provisions.
The Customer shall have the right to object at any time to the processing of personal data concerning them for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
Where the Customer objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. With regard to the purposes referred to in points 3.2 b) and c), the data subject who has given their consent may: i) ask, at any time and free of charge, the Data Controller to only communicate with them through traditional contact methods, such as ordinary paper mail or calls via an operator; ii) object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes (in this case, the data subject's right to object to the processing of their personal data through automated contact methods, such as unmanned calls, emails, faxes, mms or sms messages and social networks, extends to traditional contact methods, such as ordinary paper mail or calls via an operator); iii) object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes only in part, i.e. by expressing a choice as to the contact methods.
8.7 Further rights
The Customer shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The Customer has the right to withdraw consent, at any time, to their personal data being used by sending a request to the Data Controller at the following email address privacy@harmontblaine.com.
The Customer has the right to lodge a complaint with a supervisory authority (in Italy, this is the Italian Data Protection Authority).
9. UPDATING PERSONAL DATA
The Customer is invited to regularly check and update their personal data. To this end, if changes are made, the Customer is invited to send an email to privacy@harmontblaine.com or send a letter by regular mail to the Data Controller's address.
10. UPDATES TO THIS POLICY - COMMUNICATIONS
The Data Controller reserves the right to amend, add or delete parts of this Privacy Policy at any time. In such cases, the Data Controller shall make www.harmontblaine.com.a copy of the updated Policy available to Customers in stores and at the website.
