Privacy Policy
PRIVACY POLICY
Privacy notice pursuant to art. 13 Reg. (EU) 2016/679 on the protection of personal data (GDPR)
This information is presented to inform you of the processing of your personal data.
Rolex section
When browsing the Rolex section on our website, some cookies are controlled by ROLEX SA which applies the following Cookie Policy.
Identity and contact details of the Data Controller
The Data Controller is CUSI Montenapoleone srl con sede a Calata Marconi 14, 16134 Genova ITALY (VAT No. 01932840182);
Purpose and legal basis of the processing
The data concerning users is collected to allow the data controller to offer its services, as well as for the following purposes: Statistics, user database management, remarketing and behavioral targeting, heat mapping and session recording, interaction with social networks and external platforms, contacting the user, interaction with data collection platforms and other third parties, interaction with live chat, content commenting, registration and authentication as well as contact management and messaging platforms.
Interaction with social networks and external platforms
This type of services enables interaction with social networks and other external platforms directly from the pages of this website.
In any case, such interaction and the information obtained from this website are subject to the user’s privacy settings for each social network.
Data collected:
–
Browsing data:
During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. This includes IP addresses or domain names of the computers used by users, the numeric codes indicating the status of the response by the server (success, error, etc.) as well as other parameters relating to the operating system and the user’s IT environment.
Such data is exclusively used to obtain anonymous statistical information on the use of the website as well as to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of any computer crimes against this website.
–
Data freely provided by users
The optional, explicit and voluntary submission of email or text messages to the contacts herein specified and any messaging apps involves the subsequent acquisition of the email address and/or telephone number of the sender, which is necessary to respond to any requests, as well as of any other personal data that the user may communicate in their messages.
With the consent of the user, their email address will be processed for subscription to our newsletter.
Further specific privacy notices may be displayed on the website pages dedicated to certain on-demand services.
By registering or logging in, users allow the application to identify them and provide access to customised services.
Based on the information below, registration and authentication services may be provided with the assistance of third parties. In such a case, this application may access certain data stored by the third-party service used for registration or identification.
Facebook Authentication (Facebook, Inc.)
Facebook Authentication is a registration and authentication service provided by Facebook, Inc. connected to the Facebook social network.
Personal data collected: various types of data as specified in the privacy policy of the service provider.
Place of processing: United States – Privacy Policy. Organisation participating in the Privacy Shield.
The user assumes responsibility for any personal data belonging to third parties published or shared through this website and confirms that they have the right to disclose or disseminate such data, releasing the data controller from any liability to third parties.
However, at any time users may request the data controller to provide concrete information on the legal basis of all processing and in particular to specify whether the processing is based on the law, provided for by a contract or necessary to conclude a contract.
The personal data is processed at the data controller’s operational headquarters as well as any other location in which the parties involved in the processing are based. For further information, please contact the data controller.
Recipients of the personal data
As part of the aforementioned purposes, your data may be communicated to companies and professional operators that provide electronic data processing and software/IT consulting services as well as information management services relating to the foregoing.
Transfer of data to third countries
In addition, user data may be transferred to third parties as specified in art. 4 of this privacy policy, which may be based in countries not belonging to the European Union. This shall be in compliance with the principles set out in art. 45 and art. 46 of the GDPR concerning the existence of an adequacy decision by the European Commission or adequate guarantees.
Data retention period
The user’s personal data will be retained for the time strictly necessary to achieve the specific purposes of the processing, namely:
- For the purposes specified in Article 2, the time necessary for the fulfillment of the request and, in any case, no longer than 10 years from the time of the collection of data for the fulfillment of regulatory obligations or no longer than the terms set by the statute of limitations of rights.
- For technical purposes such as acquiring an IP address, data is stored for 30 days. Data for analytic purposes is retained for 24 months.
Where the processing of personal data is based on user consent, the controller may retain the data for longer, until such consent is revoked. The controller may also be obliged to retain personal data for a longer period in accordance with a legal obligation or by order of an authority.
Right of the data subject
The user may exercise the rights specified below at any time:
Access to personal data: obtain confirmation that personal data concerning them is being processed and, in such a case, access to the following information: the purposes, the categories of data, the recipients, the retention period, the right to lodge a complaint with a supervisory authority, the right to request the rectification or erasure or restriction of the processing or opposition to the processing itself as well as the existence of an automated decision-making process.
Request for rectification or erasure of the personal data or restriction of processing concerning the data subject; “restriction” means the marking of stored personal data with the aim of limiting their processing in the future.
Objection to the processing: to object, on grounds relating to the user’s particular situation, to processing of personal data for the performance of a task carried out in the public interest or in the defence of a vested interest of the controller.
Data portability: in the case of automated processing carried out on the basis of consent or for the performance of a contract, to receive the data concerning the user in a structured, commonly used, machine-readable and interoperable format; in particular, the data shall be provided to the user by the data controller in a .xml or similar format.
Withdrawal of consent to processing for marketing purposes, whether direct or indirect, market research and profiling; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Lodging a complaint with a competent supervisory authority pursuant to art. 77 GDPR based on the habitual residence or place of work of the user, or the place in which a violation of their rights occurs. In Italy, the relevant authority is the Italian Data Protection Authority, to be contacted via the contact details available on the website garanteprivacy.it.
The aforementioned rights may be exercised by sending a request to the data controller using the contact channels specified in art. 1 of this notice.
Requests relating to the exercise of the user’s rights shall be processed without undue delay and in any case within one month of the request. This period be extended by a further 2 (two) months only in situations of particular complexity of the subject matter and based on the number of requests.
Personal data shall be erased at the end of the retention period. Therefore, the right to access, erase and rectify personal data and the right to data portability can no longer be exercised after this period has ended.
Communication and transfer of data
The provision of data by the user is mandatory as it is required to correctly provide the service requested. Therefore, any refusal by the user to provide the data may lead to failure to provide the service, in so far as such data is essential to achieve these purposes.
Updates
The data controller reserves the right to make changes to this privacy policy at any time by informing users through this page.
Users are therefore invited to check this page regularly, taking as reference the “last updated” date shown at the bottom.
Should a user not accept the changes made to this privacy policy, they are required to cease using this website and may request the data controller to erase their personal data. Unless otherwise specified, the preceding privacy policy shall continue to be applied to the personal data collected up to this point.