INFORMATIVA PRIVACY

Dear user, please carefully read this privacy policy, which applies to every access to the website www.paulandshark.com (hereinafter the "Website"), regardless of whether you make purchases of the products offered. We also encourage you to read, if you haven't already, the "TERMS & CONDITIONS" page as it contains important information regarding the security systems implemented by the Website.

Please note that this privacy policy is governed by European Regulation no. 2016/679 (the "Regulation"), which has been in effect since April 27, 2016, and updated on May 23, 2018. The Regulation ensures that the processing of personal data is carried out in accordance with the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity, and the right to the protection of personal data.

1. DATA CONTROLLER

The data controller is DAMA S.p.A. (hereinafter, Paul&Shark), with registered office at Via Piemonte 174, 21100 Varese, Italy.

2. DATA PROTECTION OFFICER

Paul&Shark has appointed a Data Protection Officer who can be reached at the email address privacy@paulshark.it for any information regarding the processing of your personal data and to exercise the rights described below.

You can also submit privacy-related questions by selecting the dedicated section in the Customer Service contact form, available at the URL www.paulandshark.com/contact-us/..

3. TYPES AND PURPOSES OF PROCESSING PERFORMED ON THE WEBSITE – LEGAL BASIS FOR PROCESSING

Through the Website, different types of personal data are collected and processed for various purposes and in different ways, including but not limited to:

(a) Personal data related to browsing, processed both to enable the proper functioning of the Website and for marketing purposes. In this regard, please read the "Cookie Policy" available at www.paulandshark.com/cookie-policy/;

(b) Personal data voluntarily provided by the user (such as email address, personal information, password provided by filling out the "My Account" registration form), or otherwise lawfully acquired during the interaction with the user, to respond to their requests and provide services, assistance, and information about Paul&Shark's products and world;

(c) Personal data provided by the user in the context of online registration on the Website, submission of online product purchase order forms for e-commerce transactions, and interaction with users for activities functional and instrumental to sales, as well as for pre-sale and post-sale assistance;

(d) With the explicit consent of the user, Paul&Shark may process the user's personal data for marketing purposes, i.e., to send the user information and updates about products, sales, promotional campaigns, events, and other initiatives promoted by Paul&Shark;

(e) With the explicit consent of the user, Paul&Shark may also process the user's personal data for the purpose of studying consumer habits and choices to make products and initiatives more responsive to the tastes and needs of its customers.

With the exception of browsing data, regulated by the "Cookie Policy," the processing of personal data is based on:

  • onsent, if provided by the user, for the purposes mentioned in points b, c, d, and e;
  • Legitimate interests of both Paul&Shark to provide Website services and respond to customer requests, as well as the user to browse the Website properly.

Regarding point 3.c, it is important to note that the legal basis for the processing indicated therein is the fulfillment of the contract and the obligation to fulfill pre-contractual and post-contractual obligations. Paul&Shark may contact you, based on the legitimate interest principle, to offer similar services and products to those you have previously purchased. You can, at any time, request the cessation of such processing, and Paul&Shark will promptly comply. It should also be noted that the study of user and customer behavior will be conducted in a non-invasive manner regarding personal privacy.

Si precisa inoltre che lo studio del comportamento degli utenti e dei clienti avverrà con modalità non invasive della sfera personale.

4. SOURCE OF PERSONAL DATA

The personal data collected by Paul&Shark are provided directly by the user (through Website registration or as part of the sales process), except for browsing data as mentioned in point 3.a.

5. METHODS OF PROCESSING OF PERSONAL DATA CARRIED OUT BY PAUL&SHARK

Personal data collected through the Paul&Shark Website are processed primarily using electronic and telematic methods, adopting the necessary security measures to minimize the risks of destruction or loss, accidental access, and unauthorized or unlawful processing that are not compliant with the purposes of data collection as described in this privacy policy. However, these measures, given the nature of online transmission, cannot entirely exclude any risk of unauthorized access or data dispersion.

For Paul&Shark, every purchase occurs securely due to the use of advanced technological systems and encryption (SSL).

6. MANDATORY OR OPTIONAL NATURE OF DATA PROVISION

Except for browsing data (governed by the "Cookie Policy"), the provision of personal data to Paul&Shark collected through the Website, both to address user requests and queries and for marketing and consumer habit study purposes, is voluntary and optional. Failure to provide data does not limit the use of the Website but may make it impossible for Paul&Shark to send informative material, updates, newsletters, event invitations, and respond to information requests and queries.

The provision of personal data, especially personal details, email address, postal address, phone number, and bank details (in the case of credit card payments), is mandatory for contractual and tax purposes.

Additionally, some of this data may be essential for the provision of other services related to the sale (pre-sale and post-sale services, such as made-to-measure services, transportation services, replacements, etc.) or to comply with legal or regulatory obligations (tax compliance and anti-money laundering obligations). Failure to provide required data may, in specific cases, constitute a legitimate and justified reason for not executing the online product purchase contract and/or providing the related services.

The mandatory or optional nature of data communication will be indicated in each case, and the required data for providing services and purchasing products on the Website will be marked with an asterisk (*). The failure to provide optional personal data will not result in any obligation or disadvantage.

7. CATEGORIES OF PERSONAL DATA RECIPIENTS

Paul&Shark communicates personal data of Website users only within the limits allowed by law and in accordance with the following:

Personal data may be disclosed to:

  • Employees and consultants of Paul&Shark, who will operate as subjects formally authorized for processing for internal business activities;
  • Companies of the same Group as data processors, to perform contractual activities and marketing activities;
  • Companies that provide specific technical and organizational services related to the Website on behalf of Paul&Shark (logistics services, IT services, and marketing services).

Personal data may also be disclosed to:

  • Third parties, solely for the execution of the purchase contract of products on the Website (such as the credit institution for the execution of remote electronic payment services by credit/debit card);

Your data will not be disclosed, and will only be transferred abroad with adequate protection and safeguards for data protection, in compliance with applicable law. The data centers used by Paul&Shark for data processing are located within the European Union.

To allow data processing for contractual and marketing purposes by Group companies, data may be transferred to the respective countries (including non-EU countries). In this regard, Paul&Shark has entered into Standard Contractual Clauses with subsidiaries established in countries outside the EU, in compliance with national and supranational data protection regulations.

Personal data may be transferred to IT service providers to allow Group companies to access transferred data. In this regard, Paul&Shark has entered into the necessary Standard Contractual Clauses with providers to protect personal data subject to transfer (verifying the security measures used by providers as data processors).

8. DATA RETENTION PERIOD

  • Data processed to fulfill any contractual obligation may be retained for the duration of the contract and for up to 10 years afterward;
  • Data processed for operational management and purposes strictly connected to Website access may be retained for the duration of the contract and for up to 10 years afterward;
  • Personal data processed for marketing purposes may be retained for 24 months from the date of consent for such purposes;
  • Personal data processed for marketing and profiling purposes may be retained for 12 months from the date of consent for such purposes.

In the event of a defense, claims, or actions against you or third parties, we may retain personal data that we reasonably consider necessary for such purposes for the time during which such claims may be pursued.

9. EXERCISING DATA SUBJECT RIGHTS

The data subject may exercise the rights under Articles 15-16-17-18-19-20-21 of the European Regulation 679/2016 by submitting a request to the data controller.