PRIVACY POLICY

Please read this Privacy Policy carefully as it contains important information on your personal data collected by us during your visit at our website www.harmontblaine.com (the “website”), either as registered or non registered user, and regardless of whether or not you purchase any products on our website, as well as a description of how we use your data.

Harmont & Blaine realises the importance of protecting your personal data and that of those who use its website, and for that reason it has adopted specific security policies and measures to comply with the applicable law on the protection of personal data and to protect your personal data.

Please be reminded that this Privacy Policy is regulated by the law of Italy and, in particular, by the Privacy Code (Legislative Decree No 196 of 30 June 2003, the “Code”), as well as by the European Regulation 2016/679 (the “Regulation”) in force as of 25 May 2018. The Code and the Regulation ensure that the processing of personal data is carried out in accordance with the fundamental rights and freedoms, with particular reference to confidentiality, personal identity and the right to personal data protection.

1. DATA CONTROLLER AND DATA PROCESSOR

Harmont & Blaine S.p.A., with registered office in Caivano (NA), at S.S. 87 Km. 16,460 Industrial Area (hereinafter HB) is the data controller (“Controller”) for personal data concerning users who visit our website, including navigation data, marketing data, client profiling data and any data concerning or related to online sales.

Drop S.r.l., with registered office in Montegranaro (FM), V.le Sandro Pertini 1, 63812, is appointed as Data Processor (“Processor”).

For any queries concerning this Privacy Policy or to obtain a full list of the appointed data processors and submit applications for the exercise of the rights related to the processing of personal data, please contact the Controller at the following email address: privacy@harmontblaine.com.

2. PERSONAL DATA COLLECTED

a) Registration in the newsletter or creating an account

In order to register in the newsletter or create an account on the website, you must provide the following personal data: name, last name and email. You must provide these data; failure to do so shall prevent you from registering in the newsletter or creating an account. It is also possible to enter other, optional data (such as the date of birth and gender, history of online orders): failure to enter said data shall prevent us from providing certain services to you (i.e. sending you promotions on your birthday).

You can also provide your personal data in order to create an account by gaining access to your social profile (i.e. Facebook). In that case, you are invited to read the privacy policies of the related social networks.

b) Online shopping

You can shop online even if you are not a registered user with an account, by providing the following data: your name, last name, email, country, address, city, postal code and telephone number. You must provide these data; failure to do so shall prevent you from shopping online. It is also possible to enter other, optional data (such as your tax code, province, date of birth and gender): failure to enter said data shall prevent us from providing certain services to you (i.e. sending you promotions on your birthday).

Furthermore, while you are shopping online, certain sales-related data are also collected, such as, for example: purchased products, product codes, amount, size.

c) Assistance/information request

To obtain assistance or request information you can send an email to the address shop@harmontblaine.it, set out in the website, or use the section “Contact us”, providing your personal data, such as: your name, last name and email. You must provide these data; failure to do so shall prevent HB from providing the assistance requested. It is also possible to provide other, optional data (such as, for example, your telephone number): failure to enter these data could prevent HB from fully meeting your assistance requests.

d) Navigation-related data

While you are visiting our website, certain data will be collected automatically, also through the use of third-party applications, among which: computer IP addresses or domain names used by you, URI (Uniform Resource Identifier) names, time of request, method for forwarding your request to the server, size of the file obtained in reply, numerical code showing the status of the server’s reply, country of origin, characteristics of the browser and of the operating system used by the and the details of the itinerary followed in the application, with particular reference to the sequence of the pages read, the parameters of the user’s operating system and electronic environment and geographic position. Univocal identifiers of advertising devices are also used (such as, for example, Google Advertiser ID or IDFA identifier).

e) Cookies

As regards the use of cookies, please read the Cookie Policy published on our website.

If you provide personal data of third parties, (i.e. family members, other customers or potential customers), you must make sure that these third parties have been duly informed and have given their consent to the use of their data as set out in this Privacy Policy. You are solely responsible for communicating information and data of third parties where the latter have not given their consent to the use thereof or for any misuse of the same data.

3. PURPOSE OF PROCESSING, LEGAL BASIS AND DATA RETENTION PERIOD

3.1 Registering in the newsletter, creating an account and assistance/request of information

The personal data provided by you or collected while registering in the newsletter, creating an account on the website or requesting assistance/information, will be used as follows:

a) provide the services requested (i.e., carry out the account registration processes, manage the authentication on the website and the user’s accounts, assist the latter and manage claims and reply to any questions or requests for contact submitted by you, also through customer assistance);

b) manage registrations in the newsletter for non-registered users.

You must provide your personal data for the aforesaid purposes; failure to do so will prevent us from processing your request.

The processing of your data for the purposes set out herein is carried out in order to process your request to send the newsletter, to create/manage your account and to obtain information/assistance.

Your personal data processed for registration in the newsletter will be retained until you request to be deleted from the newsletter or, in any case, as long as you are an active user (a user is considered inactive when he or she does not open any emails for a period exceeding 12 months).

The personal data processed for managing an account on the website will be retained until you close your own account or, in any case, as long as you are an active user (a user is considered inactive when he or she does not access their account for a period exceeding 12 months).

The personal data processed for assistance/request of information will be retained for the time required to manage said request.

After the aforesaid retention periods have elapsed your personal data will be deleted or made anonymous permanently. Without prejudice to the foregoing, your personal data will be retained only for the purpose of meeting any legal and regulatory requirements (such as, for example, accounting and tax requirements).

3.2 Selling online

The personal data provided by you or collected at the time of purchase by a registered or non-registered user will be used for managing orders, for the related administrative activities and in order to fulfil any legal requirements.

The processing of data for the purposes set out above is carried out in order to process the order.

The personal data processed for online shopping by users who are not registered in the website must be retained for the entire duration of the business relationship, including any return practices or debt collection procedures.

The personal data processed for online shopping by users registered in the website shall be retained until the account is closed or, in any case, until the user becomes an active user (a user is considered inactive when he or she does not access their account for a period exceeding 12 months).

After the aforesaid retention periods have elapsed, your personal data will be permanently deleted or made anonymous. Without prejudice to the foregoing, your personal data shall be retained solely for the purpose of fulfilling any legal and regulatory requirements (such as, for example, accounting and tax requirements).

3.3 Specific purposes

The personal data collected while you visit our website will be used, subject to your prior consent, for the following purposes:

a) Offer promotions, discounts and other personalised services and send newsletters, other marketing and business communications on HB’s products, surveys and research studies, market surveys, promotions and other initiatives for registered users or customers (“marketing”). The Controller can use the traditional contact means (ordinary mail or telephone) and/or digital and automated means (e-mail, SMS,) and can send these communications to you based on your profile, subject to your consent to profiling (see point 3.3b below);

b) Analyse your behaviour while visiting our website, your interests, preferences and purchase habits, and create individual or aggregated profiles on the basis thereof, understand how to provide a better service, also for the purpose of offering a better selling experience (“profiling”). The personal data can be used also for creating groups and conducting statistical and market surveys aimed at identifying products and/or services of interest to you and improve our services.

The use of your data for the purposes set out above is optional and free of charge (as it is subject to your consent, which you are free to give) and may occur only when your personal data are provided for both of the marketing and profiling purposes referred to in points 3.3 a) and b) or for only one of them. You may revoke your consent at any time. In any event, your refusal to provide your personal data for either or both of the purposes referred to in sections 3.3. a) and b) will not prevent you from using the services or shopping on our website; however, you will not be informed of the marketing initiatives promoted by the Controller and you will not be able to enjoy a more personalised shopping experience.

The personal data processed for marketing purposes will be retained, in accordance with the provisions laid down by the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali (Authority), for a period not exceeding 24 months, unless you renew your consent and without prejudice to any further measures implemented by the Authority.

The personal data processed for profiling purposes will be retained, in accordance with the provisions laid down by the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali (Authority), for a period not exceeding 12 months, unless you renew your consent and without prejudice to any further measures implemented by the Authority.

After the aforesaid retention periods have elapsed, your personal data will be permanently deleted or made anonymous. Without prejudice to the foregoing, your personal data will be retained solely for the purpose of fulfilling any legal and regulatory requirements (such as, for example, accounting and tax requirements).

4. DISCLOSURE OF PERSONAL DATA

Your personal data will be processed by the Data Controller’s authorized staff.

Your personal data may also be processed by third parties which provide, by way of example, shipping services, services for the dispatch of communications via email or SMS, IT system maintenance services, payment management services, hosting services and backend infrastructural services. The data used for payment purposes are not subject to processing by the Data Controller; however, they are acquired directly by the operator of the requested pay service, which operates independently, in order to provide the online sale service to you.

The persons indicated above shall process only the data required for providing the related services; they are not authorized to process them for any other purposes.

Your personal data may be disclosed also to other persons, such as, for example, the police, administrative authorities or courts and public administration authorities for the purpose of fulfilling any legal, regulatory or EU requirements.

5. PROTECTING THE PRIVACY OF MINORS

The processing of personal data of minors is lawful, provided that the minor is aged at least 16 years. When the minor is aged less than 16 years, said processing is lawful only and to the extent that the related consent is given or granted by the holder of parental responsibility.

The Data Controller shall take measures, as far as reasonable and on account of the technology available, to verify that the consent is given or granted by the holder of parental responsibility over the minor.

If the Data Controller or Data Processor become aware that the data of a minor have been collected, they shall delete them immediately.

If you do not meet the age requirement, you are kindly requested not to register or shop online and to ask an adult (or your parents or your guardian) to complete the required procedures for you.

6. PROCESSING PROCEDURE

The personal data collected through our website are processed using mainly electronic procedures and tools, adopting the security measures necessary to minimise the, also accidental, risk of destruction or loss of said data, of unauthorized access or of unauthorized processing or processing not in line with the processing purposes set out in this privacy policy.

However, said measures, due to the nature of the online transmission means, cannot in any way minimise or eliminate the risk of unauthorized access or of dispersion of data. To that end, you are recommended to do the following: check periodically that your computer is equipped with the adequate devices and software for the protection of online transmission of both incoming and outgoing data (such as updated antivirus systems); verify that your internet service provider has adopted the appropriate security measures for the electronic transmission of data (such as, for example, firewall and anti-spamming filters); keep the user name and password for gaining access to the account secret and confidential, and refrain from disclosing them to anyone; change the password regularly.

In the event that the Data Controller considers the security of your personal data in his or her possession or under his or her control to have been or to be at risk, the latter shall notify you of the event in accordance with the procedures provided for by the law in force, using the methods prescribed therein (by providing your email address to the Data Controller, you give your consent to receiving said information in electronic format via your email address).

Your personal data can be processed for profiling purposes, with your prior consent, with the aid of automated instruments, so as to analyse your consumer habits and choices and make the Data Controller’s products and promotional initiatives more compliant with your preferences.

7. TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

If, for the purpose of pursuing the objectives set out in this policy, the Data Controller needs to transfer personal data to third countries or international organizations, the latter shall take measures to ensure that said communications are made in accordance with the European standards on data protection (for example, the use of standard contractual clauses or Privacy Shield).

8. YOUR RIGHTS

In order to exercise your rights as set out herein, you can submit an application contacting the Data Controller via email to privacy@harmontblaine.com or via ordinary letter to the Data Controller’s address. When contacting the Data Controller, you must make sure to include your full name, email address, postal address and/or telephone number(s) so as to ensure that the latter can manage your application correctly.

8.1 Right of access

You have the right to obtain confirmation of whether or not personal data concerning you is being processed and, in that case, you have the right to obtain information on the following: the origin of the personal data; the purpose of the processing; the categories of personal data; the recipients or the categories of recipients; where possible, the prescribed period of retention of the personal data or, if not possible, the criteria adopted for determining said period; the existence of your right to request the data controller to correct or delete your personal data or to limit the processing of the personal data concerning you or the right to object to the processing thereof; the right to file claims with a supervisory authority; if the data are not collected directly from you, all the information available on their origin; the existence of an automated decision-making process, including the related profiling and, in that case, any relevant information on the logic used, including the relevance and the envisaged consequences of said processing for you; the existence of adequate guarantees in the event of transfer of the data to third countries or international organisations.

You have the right to obtain a copy of the personal data being processed.

8.2 Right to rectify your data

You have the right to obtain from the Data Controller the correction of any incorrect personal data concerning you without undue delay. Keeping in mind the purposes of the processing, you have the right to supplement any incomplete personal data concerning you, also providing a supplementary declaration.

8.3 Right to delete your data

You have the right to obtain from the Data Controller the deletion of any personal data concerning you without undue delay and the Data Controller is obliged to delete your personal data without undue delay, for any one of the following reasons:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b) you revoke your consent to the processing;

c) you object to the processing and there is no fundamental legitimate reason for processing the data, or you object to the processing for direct marketing purposes, including profiling;

d) your personal data are unlawfully processed;

e) The personal data processed for marketing purposes will be retained, in accordance with the provisions laid down by the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali (Authority), for a period not exceeding 24 months, unless you renew your consent and without prejudice to any further measures implemented by the Authority.

f) your personal data were collected in connection with the offering of information society services to children.

8.4 Limitation right

You have the right to obtain from the Data Controller a limitation on the processing when one of the following conditions are met:

a) you challenge the correctness of your personal data, for the period required by the Controller in order to verify the correctness of said personal data;

b) the processing is unlawful and you object to the deletion of your personal data and, instead request that a limit be set to the use thereof;

c) even though the Data Controller no longer requires your personal data for processing purposes, said data are necessary to you in order to establish the exercise or to defend your rights in a legal proceeding;

d) you have objected to the processing pursuant to Article 21(1) of the Regulation, awaiting assessment as to the prevalence of the data controller’s legal grounds over your grounds.

8.5 Right to data portability

You have the right to receive any personal data concerning you which you have provided to the Data Controller in a structured, current format and legible by automatic devices; you also have the right to transmit said data to another data controller without impediments on the part of the data controller to whom you provided them, on the following conditions:

a) the processing is based on the consent within the meaning of Article 6(1)(a) of the Regulation, or of Article 9(2)(a) of the Regulation, or on a contract within the meaning of Article 6(1)(b) of the Regulation; and

b) the processing is carried out using automated means.

In exercising your rights to the portability of data pursuant to the first paragraph, you have the right to obtain direct transmission of your personal data from the one Data Controller to the other, if technically feasible.

8.6 Right to object

You have the right to object at any time, for reasons related to your particular situation, to the processing of any personal data concerning you pursuant to Article 6(1)(e) or (f) of the Regulation, including the profiling on the basis of said provisions.

You also have the right to object, at any time, to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to said direct marketing.

If you object to the processing of your personal data for direct marketing purposes, your personal data will not be processed for said purposes.

8.7 Other rights

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or which has a similar, significant impact on your person.

You have the right, at any time, to revoke your consent to the use of your personal data, by submitting a request to the Controller to the email address privacy@harmontblaine.com.

You have the right to file a claim to a supervisory authority (in Italy, the Data Protection Authority - Autorità Garante per la Protezione dei dati personali).

9. UPDATE OF PERSONAL DATA

You are invited to check and update your personal data on a regular basis. To that end, in case of any changes, you are invited to write to the following email address: privacy@harmontblaine.com or to change your data directly online using the settings of the user account on the website.

10. UPDATE OF THIS PRIVACY POLICY - COMMUNICATIONS

The Data Controller reserves the right to change, add or delete parts of this Privacy Policy at any time, by publishing the revised version on this page of the website and updating the date of the “Last Revision” set out herein below.

You are responsible for reading the privacy policy from time to time so as to be aware of any changes made thereto.

In some cases, the Controller may provide further communications relating to significant changes to this privacy policy by publishing a notice on the initial page of this website or, in the case of registered users, by sending a notification email or entering a notice on the page of their account. If necessary, you must give your consent again to the processing of your personal data.