Privacy Policy

This Privacy Policy provides users this site (the “Site”) with the fullest possible details on the processing by the Site of their personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Italian legislation on the protection of personal data. In accordance with the applicable legislation, this Privacy Policy also provides details on:

• The purposes, the lawful basis and means of the processing of personal data;

• The identity and contact details of the controllers;

• The contact details of the data protection officer (DPO);

• Any third parties involved in the processing operations;

• The period the personal data will be stored;

• A brief description of the security measures adopted to protect personal data;

• A brief description of the security measures adopted to protect personal data;


A brief description of the security measures adopted to protect personal data;
Users with fewer than 16 (sixteen) years old are unable to give consent to the processing of personal data without the authorization of the holder of parental responsibility.


DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER


Pursuant to the GDPR, the controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers.

The joint controllers relating to the activities of the Site and the online sales are:


• Harmont & Blaine S.p.A., with registered offices in Caivano (NA), STRADA STATALE 87 KM.16,460 ZONA A.S.I- 80023, Italy; contact: privacy@harmontblaine.com


• The Level S.R.L., with registered offices in Milano (MI), Piazza Arcole 4 - 20143, Italy; contact:privacy@thelevelgroup.com
(the "Joint Controllers")


Each Joint Controller has a Data Protection Officer to ensure that personal data is processed in accordance with the GDPR.

The Data Protection Officer of The Level S.R.L. may be contacted for any request at the following email addressdpo@thelevelgroup.com.
The Data Protection Officer of Harmont&Blaine S.p.A. may be contacted for any request at the following email address dpo@harmontblaine.com.
Regarding the processing of personal data relating to marketing and profiling activities, Harmont & Blaine S.p.A. acts as the sole Controller, while The Level S.r.l. will carry out data processing activities as the processor on behalf of Harmont & Blaine S.p.A.


PERSONAL DATA: PURPOSE OF THE PROCESSING, THE LAWFUL BASIS


The term “personal data” means any information relating to users of the Site, including data that identify them personally, alone or in combination with other information.
Personal data are collected automatically through the Site or received through multiple sources: forms, chats, emails, apps, devices, social media and other means.
The Joint Controllers process personal data in connection with the following activities:


• MANAGING SITE BROWSING
The Joint Controllers collect browsing data (which, according to the GDPR, do not fall under the special categories of data) using automatic means to enable and improve the user’s browsing of the Site (e.g. IP address, date/time of the visit and relative duration, any referring URLs, pages visited on the Site, device used and other information).
The processing of such personal data allows users to access the Site and make full use of its features and services. Browsing data may also be used to ensure the Site is functioning properly.
From time to time, browsing data are processed anonymously for statistical purposes.
Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of data subjects if associated with other information. The browsing data described above are stored only temporarily in accordance with applicable regulations.
The legal basis for the processing of personal data in this case is the legitimate interest of the Joint Controllers.


• MANAGING ORDERS
At the time of verification, the Site will ask users to provide personal data for the essential purpose of ensuring the management of orders and complying with existing contractual obligations with users (the data processed include, but are not limited to, first name, last name, email address, delivery address).
These personal data are also necessary to allow customer service to assist customers with any requests or questions before or after the sale (e.g. concerning the delivery status of the order or returns of products).
Personal data relating to orders are kept for as long as necessary to fulfil contractual obligations and any accounting and tax obligations.
The Joint Controllers may also verify that payment instruments used by customers for purchases on the Site (e.g. credit or debit cards, etc.) are valid, mainly to prevent fraud or to fulfil statutory anti-money laundering obligations. Since this activity is delegated to duly authorized third parties, the Joint Controllers do not process or store financial information relating to customers and payment instruments.
Failure to transmit/provide the personal data requested at checkout will prevent users from completing an order on the Site.
The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party).


• REGISTERING AN ACCOUNT ON THE SITE
When users decide to create and register a personal account on the Site, they are asked to provide personal data (e.g. date of birth, gender, etc.). The Site clearly indicates which personal data are (or are not) required to set up an account on the Site.
Users must provide true and accurate personal data at the time of registration and are encouraged to keep their personal data up to date by accessing their personal account to make any necessary changes.
Users who choose to activate or access their account on the Site through social media must be aware that when they connect their Site account to a social media account, the Site collects certain personal data the user has already provided to that social media platform (e.g. email address and public profile on Facebook).
The Joint Controllers do not monitor or manage these social media services or user profiles on these social media services, nor do the Joint Controllers establish the personal data protection settings or the rules regarding the methods of use of personal data on these social media platforms (Facebook, Twitter, or other). Users are strongly encouraged to read any information published by the managers of these services concerning the protection of personal data to obtain further information on the methods of processing personal data through these channels.
Failure to transmit/provide the personal data requested will prevent users from completing the creation of the account on the site.
The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party).


• HELP/INFORMATION REQUEST
For help or to request information, the user may get in touch either by sending an email to the address shown on the Site - support@harmontblaine.com, or by using the "Contact Us" section, and will need to provide certain personal data, such as: name, email address. These data are compulsory, so without them Joint Controllers will not be able to provide the help requested. Additional optional data (such as telephone number) may also be provided: failure to provide such data may prevent Joint Controllers from providing assistance appropriate to the user's requests.
Failure to transmit/provide the personal data requested will prevent users from completing the request management.
In the following activities Harmont&Blaine acts as Controller:


• NEWSLETTER AND MARKETING COMMUNICATIONS
Site users can opt to receive newsletters and marketing communications.
In this case Harmont&Blaine acts as Controller and The Level S.r.l. acts as Processor. The processor on behalf of the Controller collect users’ freely given, express, and unequivocal consent before sending them newsletters and marketing communications or, more generally, before undertaking dedicated marketing initiatives.
The Controller may use traditional means of contact (ordinary mail and telephone calls via an operator) and/or digital and automated means (telephone calls without an operator, email, SMS, WhatsApp).
Users may at any time withdraw their consent to receive newsletters and marketing communications:


• in their account settings;

• by clicking on the “unsubscribe” link at the bottom of an email;

• by contacting our customer service representatives.


The use of data for this purpose is optional and free of charge (as this is based on consent that the user may or may not choose to give) and can only take place where personal data and related consent are provided. In any event, refusal to provide personal data for this purpose shall not prevent the user from using the services on the Site or making purchases. The legal basis for the processing of personal data in this case is the data subject’s consent to the processing of his/her personal data (Article 6(1)(a) of the GDPR).


• PROFILING
In this case Harmont&Blaine acts as Controller and The Level S.r.l. acts as Processor. Based on the user’s express consent, the newsletter and marketing communications may be adapted to the user’s profile. In particular personal data collected on the Site, after consent is obtained, will be used to analyze the User's behaviour, interests, preferences and purchasing habits, and to create individual or aggregate profiles based on this information in order to understand how to provide a better service, including a better sales experience ("profiling"). Personal data may also be used to create groups and carry out statistical and market analyses aimed at identifying products and/or services of interest to the user and improving services. The main purpose of profiling is to offer products, services and initiatives that better meet users’ tastes, purchasing habits and interests. The use of data for this purpose is optional and free of charge (as this is based on consent that the user may or may not choose to give) and can only take place where personal data and related consent are provided. In any event, refusal to provide personal data for this purpose shall not prevent the user from using the services on the Site or making purchases. The legal basis for the processing of personal data in this case is the data subject’s consent to the processing of his/her personal data (Article 6(1)(a) of the GDPR).


• SOFT-SPAM
In this case Harmont&Blaine acts as Controller and The Level S.r.l. acts as Processor. The email address collected when a product is purchased will be used to promote products similar to those that were initially purchased. "Similar products" refers to products from the men's and women's categories. The use of data for this purpose is optional and free of charge (as this is based on consent that the user may or may not choose to give). In any event, refusal to provide personal data for this purpose shall not prevent the user from using the services on the Site or making purchases. The legal basis for such processing is the legitimate interest of the Data Controller, pursuant to Article 130(4) of Legislative Decree No 196 of 30 June 2003, as last amended by Legislative Decree No 108 of 10 August 2018. This is without prejudice to the possibility of the data subject objecting to such processing at any time.


COOKIE


For information on cookies used on the Site, click on the following link: Cookie Policy.


SHARING AND TRANSFER OF PERSONAL DATA


The Joint Controllers transfer customers’ personal data to major third-party providers acting as data processors (the “Processors”) to carry out the operations necessary to fulfil their contractual obligations (e.g. delivery of ordered goods, payments, etc.).

The Joint Controllers make every effort to ensure that all Processors apply the best procedures available to protect personal data and do not use these data for purposes other than those established by the controllers.

For example, the Joint Controllers may share personal data with the following categories of Processors:


• Courier services and postal operators;

• Fulfilment centers and warehouses;

• IT service providers;

• Customer support service providers;

• Payment service providers;


Users may obtain information about the categories of recipients to whom the personal data have been or will be communicated by sending an email to: privacy@thelevelgroup.com or dpo@thelevelgroup.com .
The Joint Controllers are required to share personal data with third parties where strictly required by law and where necessary to protect the rights of the Joint Controllers, related parties, or third parties.
Personal data may also be disclosed to other companies within the same group of companies to which each of the Joint Controllers belong or to third parties in the event of a company reorganization procedure, in full compliance with applicable law.
In all other cases, the sharing of personal data is subject to users’ prior express consent, unless the processing is permitted on the basis of another legal basis.
The Joint Controllers will not transfer any personal data outside the European Economic Area (EEA), unless the user (data subject) has explicitly authorized the transfer or the transfer of personal data outside the EEA is permitted by the GDPR based on another legal basis.
In order to offer you Klarna’s payment methods, we might pass your personal data in the form of contact and order details to Klarna at checkout, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
For newsletters, marketing communications, profiling and soft-spam purposes, Harmont&Blaine, acting as Controller, may share personal data to major third-party providers acting as data processors to carry out the operations necessary. Users may obtain information about the categories of recipients to whom the personal data have been or will be communicated by sending an email to privacy@harmontblaine.com.


PROCESSING METHODS AND SECURITY MEASURES


Users’ personal data are processed by the Joint Controllers using information technology, automated and electronic tools and, in limited cases, paper means. In compliance with the GDPR, specific security measures have been implemented to prevent data loss, unlawful or improper use of and unauthorized access to data.
Only the persons authorized by the Joint Controllers or by the providers acting as Processors have access to personal data relating to the activities of the Site. Instructions and security measures have been defined in agreements or when appointing the Processors to ensure that the level of security required by the GDPR is ensured at all times during the processing of personal data for Site activities.
While security measures have been adopted in Site settings and processing operations to prevent the loss, destruction or dissemination of personal data, the security risks associated with the online transmission of data cannot be excluded.


STORAGE OF PERSONAL DATA


The Joint Controllers keep personal data for as long as necessary to provide users and customers with the services they request or to comply with legal or tax obligations or for the minimum period prescribed by law.
The Joint Controllers promptly delete or anonymize personal data whose retention is no longer necessary/mandatory according to the law.
Without prejudice to the right to be forgotten within the limits established by the applicable legislation, where the retention of personal data is no longer permitted/provided for by legislation, the maximum storage period of personal data is 10 (ten) years from the date of the relevant data subject’s last interaction with the Site.
For newsletters, marketing communications, profiling purposes will be retained for 7 years after consent is obtained, unless said consent is renewed by the User. For soft-spam purpose will be retained until the data subject objects to processing.
After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the user's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).



The Site may display banners, advertisements and other links to third-party websites or platforms. The Joint Controllers have no control over and are not responsible for the conduct of these third-party websites and platforms in relation to data protection legislation. Users are encouraged to read the data protection policies of third-party websites for information on their personal data collection and storage or processing procedures.


RIGHTS OF USERS


Users/customers (as data subjects) have the right to obtain confirmation as to whether or not personal data concerning them is held by Joint Controllers. Where this is the case, under the GDPR, users, as data subjects, also have the right to:


• be informed about the collection and use of personal data concerning them;

• obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, if so, obtain access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing;
- the right to lodge a complaint with a supervisory authority (in Italy: Garante per la protezione dei dati personali – Personal Data Protection Authority);

• obtain the rectification or completion of inaccurate or incomplete personal data;

• obtain the erasure of their personal data (“the right to be forgotten;

• object at any time to the processing of personal data concerning them for the purposes of “profiling” or “automated decision-making processes”;

• object, under specific conditions, to the processing of personal data concerning them;

• withdraw, at any time, their consent to the processing of their personal data, where requested and given, without affecting the lawfulness of processing based on consent before its withdrawal;

• lodge a complaint with the competent Italian supervisory authority: Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Rome (RM), Italy;


Users may contact the Joint Controllers with any queries and to exercise their data protection rights at the following email addresses:privacy@thelevelgroup.com, dpo@thelevelgroup.com.

For newsletter, marketing, profiling and soft-spam purposes users may contact Harmont&Blaine with any queries and to exercise their data protection rights at the following email addresse: privacy@harmontblaine.com.


CHANGES TO THIS PRIVACY POLICY


Any future changes to this Privacy Policy will be posted on the Site and, as required, notified to users by email. Users are encouraged to consult this Privacy Policy frequently to check for any updates or changes.

Last Update: June 28th, 2023