Privacy Policy

Please read this Privacy Policy carefully, as it contains important information about your personal data, which are collected, regardless of whether or not products are purchased, when you visit the website www.harmontblaine.com (the "Site") as a registered or unregistered user and describes how these data are used. Harmont & Blaine recognises the importance of protecting the personal data of the users of its Site and, for this reason, adopts specific policies and security measures to comply with applicable data protection regulations and to protect your personal data.
Please be aware that this Privacy Policy is governed by Italian law, particularly the Italian Personal Data Protection Code (Legislative Decree no. 196 of 30 June 2003, as amended most recently by Legislative Decree no. 108 of 10 August 2018, hereinafter the "Code"), and by European Regulation 2016/679 (the "Regulation"), which has been in force since 25 May 2018. The Code and Regulation ensure that personal data are processed in accordance with fundamental rights and freedoms, with particular regard for confidentiality, personal identity and the right to have one's personal data protected.

1. Data Controller, Data Processor and Data Protection Officer
HHarmont & Blaine S.p.A., with registered office in Caivano (NA), at S.S. 87 Km. 16.460 Zona Industriale (hereinafter "HB") is the Controller of the personal data of users who browse the Site, which include browsing, marketing and profiling data, as well as data related to online sales and the personal data of users who use the "Shop from home" service.
Ibox SA, with registered office in Via Cantonale, Galleria 1- 16928 Manno - Switzerland, is appointed Processor of the personal data of the users of the Site.
Pursuant to Article 37 of the Regulation, the Data Controller has also appointed a Data Protection Officer (hereinafter "DPO").
You can contact the DPO at the following addresses:
- by email: dpo@harmontblaine.com
- by mail: Via San Vittore al Teatro 3, 20123 (MI)
If you have any questions about this Privacy Policy, would like a comprehensive list of the Data Processors appointed or would like to send a request to exercise your rights regarding the processing of your personal data, you may contact the Data Controller at the following email address: privacy@harmontblaine.com.

2. Personal data collected
a) Newsletter subscription
When subscribing to the newsletter, the user provides the following personal data: first name, surname and email address. These data are compulsory, so without them subscribing to the newsletter will not be possible. Additional data, such as date of birth and country of residence or domicile, may also be provided; providing such data is optional for subscribing to the newsletter and for the processing of data for marketing reasons, and is mandatory for the processing of data for profiling purposes if the user has given consent to such processing.
b) Creating an account
When creating an account on the Site, the user provides the following personal data: first name, surname, email address and password. These data are compulsory, so without them creating an account will not be possible. You may also provide additional optional data (such as date of birth, address of residence or home or goods address, gender, preferred language, telephone number etc.): failure to provide such data will prevent certain services (such as the online sales service with instant messaging) from being provided. users may also provide their personal data for the purposes of creating an account by logging into a social-media profile (e.g. Google). In such cases, the user is encouraged to read the privacy policy of the social network in question.
c) Online purchasing
The user may proceed with an online purchase, even if he or she is not a registered user with an account, by providing the following data: name, surname, email, country, address, city, postcode and telephone number. These data are compulsory, so without them proceeding with an online purchase will not be possible. You may also provide additional optional data (such as your VAT no., province, date of birth and sex): failure to provide such data will prevent certain services (such as the sending of invoices or birthday promotions) from being provided. At the time the online purchase is made, certain data relating to the sale are also acquired, such as: the products purchased, product codes, amount and size.
d) Purchasing through the "Shop from home" service
To make a purchase through the "Shop from home" service, the user must provide the following data: name, surname, email, country, address, city, postcode and telephone number.
These data are mandatory: as such, failure to provide them will make it impossible to make a purchase through the "Shop from home" service. The data required for payment, which is made through the ClicPay platform (managed by Axepta S.p.A.), include: name, surname and email address/telephone number. HB will share these data with Axepta, the company that operates the ClicPay service. These data are required for payment through ClicPay: as such, failure to provide them will make it impossible to pay through ClicPay.
e) Back in stock service
To make use of the Back in stock service, the user must provide their email address in order to be notified when the desired product becomes available again via the e-commerce site. This information is mandatory, and without it, the user cannot make use of the service.
f) Help/information request
For help or to request information, the user may get in touch either by sending an email to the address shown on the Site—shop@harmontblaine.it—or by using the "Contact Us" section, and will need to provide certain personal data, such as: name, email address. These data are compulsory, so without them HB will not be able to provide the help requested. Additional optional data (such as telephone number) may also be provided: failure to provide such data may prevent HB from providing assistance appropriate to the user's requests.
g) Browsing data
When the user browses the Site, certain data are automatically acquired, including by third-party applications, such as: the IP addresses or domain names of the computers used by the user, URIs (Uniform Resource Identifiers), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server, the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and IT environment of the user, and geographical location. Unique device identifiers are also used for advertising (such as Google Advertiser ID or IDFA).
h) Cookies
Regarding the use of cookies, please refer to the Cookie Policy published on the Site.

3. Purpose of processing, legal basis and data retention period
3.1 Creating an account, help/information requests and using the Back in stock service.
The personal data provided by the user or collected when the user creates an account on the Site, asks for help/information or uses the Back in Stock service will be used to provide the services requested, i.e. completing the registration process, managing Website authentication and user accounts, assisting and handling any complaints, responding to questions or contact requests users may have (including through the customer services team), and sending email notifications when the product desired becomes available again via the e-commerce site.
Personal data must be provided for the purposes listed above and refusal would make it impossible to fulfil the request. The legal basis for processing is the performance of the contract to which the data subject is a party. The processing of data for the purposes specified is carried out in order to fulfil requests to create/manage an account and requests for information/help.
The personal data processed for the purpose of maintaining an account on the Site will be retained until you close your account or, in any event, for as long as you are an active user (you are considered inactive if you do not access your account for more than 12 months).
Personal data processed for the purpose of providing help/responding to information requests will be kept for the time necessary to fulfil the request. After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the user's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).
3.2 Online sales
The personal data provided by the user or collected when a purchase is made by a registered or unregistered user will be used for:
a) managing and fulfilling orders;
b) relevant administrative activities as well as to comply with any legal obligations;
c) the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
The legal bases for processing are as follows: for the purposes of a) the performance of a contract to which the data subject is party; b) compliance with a legal obligation to which the Controller is subject; c) the legitimate interests pursued by the Controller.
The personal data processed for online purchases are kept for a maximum of 10 years following the termination of the contractual relationship, except in the event of ongoing negotiations and/or litigation. After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the user's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).
3.3 Purchasing through the "Shop from home" service
The personal data provided by the user when ordering through the "Shop from home" service will be used for the following purposes:
a) managing and fulfilling orders;
b) relevant administrative activities as well as to comply with any legal obligations;
c) the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
The legal bases for processing are as follows: for the purposes of a) the performance of a contract to which the data subject is party; b) compliance with a legal obligation to which the Controller is subject; c) the legitimate interests pursued by the Controller.
The personal data processed for purchases made through the "Shop from home" service are kept for a maximum of 10 years following the termination of the contractual relationship, except in the event of ongoing negotiations and/or litigation.
After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the user's personal data will only be kept for any legal, contractual or regulatory obligations (such as accounting and tax obligations).
3.4 Use of browsing data
Browsing data are processed to ensure that the Site and services offered are functioning properly. Such data may also be used for the investigation of criminal offences by the relevant Judicial Authorities. The legal basis for processing is the legitimate interest of the Controller in ensuring the Site is functioning properly.
3.5 Specific purposes
a) Personal data collected on the Site, after consent is obtained, will be used to offer promotions, discounts and other personalised services and to send newsletters, other marketing and commercial communications about HB products, surveys and research, market analyses, promotions and other initiatives to registered users or customers (marketing). The Controller may use traditional means of contact (ordinary mail and telephone calls via an operator) and/or digital and automated means (telephone calls without an operator, email, SMS, WhatsApp), and may send the user such communications based on their profile, provided the user has consented to profiling (see point 3.5b below);
b) Personal data collected on the Site, after consent is obtained, will be used to analyse the Customer's behaviour, interests, preferences and purchasing habits, and to create individual or aggregate profiles based on this information in order to understand how to provide a better service, including a better sales experience ("profiling"). Personal data may also be used to create groups and carry out statistical and market analyses aimed at identifying products and/or services of interest to the user and improving services.
c) The email address collected when a product is purchased will be used to promote products similar to those that were initially purchased. "Similar products" refers to products from the men's and women's categories. The legal basis for such processing is the legitimate interest of the Data Controller, pursuant to Article 130(4) of the Code. This is without prejudice to the possibility of the data subject objecting to such processing at any time.
The use of data for the purposes detailed in section 3.5 a) and b) is optional and free of charge (as this is based on consent that the user may or may not choose to give) and can only take place where personal data and related consent are provided for both marketing and profiling purposes or for just one of these. The user may cancel their subscription to the newsletter or withdraw consent at any time. In any event, refusal to provide personal data for one or both of the purposes referred to in points 3.5 a) and b) shall not prevent the user from using the services on the Site or making purchases, but the user shall not be informed of marketing initiatives promoted by the Controller and will not be able to benefit from a more personalised shopping experience. This shall in any event be without prejudice to the possibility of the Controller sending, by email, promotions related to a product similar to the one that was purchased by the data subject, as referred to in point 3.5 c). Personal data processed for marketing and profiling purposes will be retained for 7 years after consent is obtained, unless said consent is renewed by the Customer.
Personal data processed for the purpose referred to in point 3.5 c), on the other hand, will be retained until the data subject objects to processing. After the aforementioned retention periods, the personal data will be permanently deleted or anonymised. Without prejudice to the above, the user's personal data will only be kept for any legal and regulatory obligations (such as accounting and tax obligations).

4. Disclosure of personal data
The user's personal data will be processed by the Controller's authorised personnel and the Data Processor. Personal data may also be processed by third parties who provide, by way of example, shipping services, services for sending communications by email or SMS, maintenance services for computer systems, payment management services, hosting services and backend infrastructure. The aforementioned subjects are, where necessary, appointed by the Controller as Data Processors pursuant to Article 28 of the Regulation and shall only process the personal data needed to fulfil the task assigned. As for data used for payment, however, these are not subject to processing by the Controller, but are acquired directly by the provider of the payment service requested, who acts as an independent controller, in order to provide the user with online sales services. With regard to the "Shop from home" service, payment is made online via the ClicPay platform (managed by Axepta S.p.A.). In order to manage online Payment Authorisation request operations, Your data will be disclosed to the external company AXEPTA, which will process them independently as a data controller in accordance with the provisions of the privacy law in force, for the purpose of managing Payment Authorisation request operations and related responses, as well as to prevent fraud and other risks associated with the sake.
With regard to the processing of personal data by Axepta, users should consult Axepta's privacy policy.

5. Protecting the privacy of children
The processing of the personal data of a child is lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
The Controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology. If the Controller or Data Processor becomes aware that data from a child has been collected, they will immediately delete the data.
If the user is not of the required age, they must not register or proceed to make an online purchase and an adult (i.e. a parent or guardian) must be asked to carry out the necessary steps.

6. Processing methods
Personal data collected through the Site are processed mainly by analogue and computerised/telematic means and tools, with necessary security measures adopted to minimise the risks of destruction or loss, including accidental, of the data, unauthorised access or processing that is not permitted or does not comply with the purposes of collection specified in this policy.
Once their consent is obtained, the user's personal data may be processed for profiling purposes, with the aid of automated tools, in order to analyse the user's purchasing habits and choices and to tailor the Controller's products and promotional initiatives more to the user's preferences.

7. Transfers to third countries or international organisations
Where the Controller needs to transfer personal data to third countries or international organisations in order to fulfil the purposes set out in this Policy, they shall take the necessary measures to ensure that such transfers are executed in accordance with European data protection standards (e.g. the use of standard contract clauses or adequacy decisions).
In particular, the user's personal data may be transferred to Ibox SA, with registered office in Via Cantonale, Galleria 1- 16928 Manno – Switzerland, on the basis of the Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC on the adequate protection of personal data provided in Switzerland authorising such a transfer.

8. Rights of users
To exercise the rights set out below, the user may send a request to the Controller by sending an email to privacy@harmontblaine.com or by sending a letter by standard mail to the Controller's address. When contacting the Controller, the user shall ensure that they include their name, email address, postal address and/or telephone number to ensure that the Controller can deal with their request properly. 8.1 Right of access
The user shall have the right to obtain confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, has the right to information about: the origin of the personal data; the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the user's right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning them or to object to such processing; the right to lodge a complaint with a supervisory authority; where the data are not collected from the user, any available information as to their source; the existence of automated decision-making, including profiling and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the user; the existence of appropriate safeguards in case data are transferred to third countries or international organisations.
The user has the right to obtain a copy of the personal data being processed.
8.2 Right to rectification
The user shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the user shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Right to erasure
The user shall have the right to obtain from the Controller the erasure of personal data concerning them without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the user withdraws consent on which the processing is based;
c) the user objects to the processing and there are no overriding legitimate grounds for the processing, or they object to processing for direct marketing purposes, including profiling;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
f) the personal data have been collected in relation to the offer of information society services to children. 8.4 Right to restriction of processing
The user shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the user, for a period enabling the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims;
d) the user has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the Controller override those of the user.
8.5 Right to data portability
The user shall have the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point a) of Article 6(1) of the Regulation or point a) of Article 9(2) of the Regulation, or on a contract pursuant to point b) of Article 6(1) of the Regulation;
b) the processing is carried out by automated means. In exercising their right to data portability pursuant to paragraph 1, the user shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
8.6 Right to object
The user shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point e) or f) of Article 6(1) of the Regulation, including profiling based on those provisions.
With regard to the marketing purposes referred to in paragraph 3.5 a), the data subject who has given their consent may: i) ask, at any time and free of charge, the Controller to only communicate with them through traditional contact methods, such as ordinary paper mail or calls via an operator; ii) object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes (in this case, the data subject's right to object to the processing of their personal data through automated contact methods, such as unmanned calls, emails and sms messages, extends to traditional contact methods, such as ordinary paper mail or calls via an operator; iii) object, at any time and free of charge, to the processing of their personal data for the aforementioned purposes only in part, i.e. by expressing a choice as to the contact methods.
8.7 Further rights
The user shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The user has the right to withdraw consent, at any time, to their personal data being used by sending a request to the Controller at the following email address privacy@harmontblaine.com or accessing the "MY PROFILE" section of the private area at www.harmontblaine.com.
The user has the right to lodge a complaint with a supervisory authority (in Italy, this is the Italian Data Protection Authority).

9. Updating personal data
The user is invited to regularly check and update their personal data. To this end, in the event of changes, the user is invited to send an email to privacy@harmontblaine.com or to modify the data directly online using the user account settings on the Site.

10. Updates to this policy – communications
The Controller reserves the right to change, add or delete portions of this Privacy Policy at any time by posting the revised version on this page of the Site and updating the "Last updated" date shown below. It is the user's responsibility to review the Policy from time to time to be aware of any changes that may be made.
In some cases, the Controller may provide further notice of material changes to this Policy by posting a notice on the home page of this Site or, in the case of registered users, by sending an email notification or posting a notice on their account page. If requested, the user must once again consent to the processing of personal data.