In general, we collect information about you when you create an account on the https://www.cpcompany.com online shop (the "Store"), when you purchase products offered for sale on the Store, when you subscribe to the newsletter, when you send us emails or contact us for support or information about the availability of a product. Please note that the personal data collected during these processes will be processed for the conclusion, administration and performance of contractual relationships, in order to respond to your requests, to allow you to take advantage of the services offered by the Shop by accessing restricted areas (for example, to process your orders and carry out related activities, including operations necessary for administrative and tax purposes and, where requested by you, sending newsletters and information material) and also to provide better services, marketing and support to you and other customers, as described below.
Diana e-commerce corporation S.r.l., Via San Daniele n. 137/139, Torreglia (PD), Italy, 35038,VAT number 05097740285 (hereinafter ‘Diana’) and Tristate International SA, Riva Albertolli 1, Lugano, CHE 147076577 (hereinafter ‘Tristate’), pursuant to the Applicable Data Protection Regulations such as art. 26 GDPR, are joint controllers of the processing of your personal data, and shall process them in order to: manage and process your purchase orders, ship to you the products that you buy, provide you with the required post-sales assistance, process the product returns procedure, keep you informed about the availability of a product on the Store, comply with all obligations arising from tax law and other applicable laws. Pursuant to art. 26 GDPR, you may find out the essential content of the agreement between Diana and Tristate by contacting us via e-mail at firstname.lastname@example.org or email@example.com.
Tristate is the sole controller of your personal data and shall process them for managing your Store account, also in order to consent any possible transfer to a new service provider or to internalize all services provided by Diana, for the Store maintenance, for the management of customers’ requests submitted through Customer Care (either for purchases that you have not made on the Shop or in case of request for information on Tristate's products) and, upon your consent, for marketing purposes, even in profiled mode.
Hereinafter, when we use the expressions ‘Joint Controller’, ‘We’ or ‘Ours’, we will jointly refer to Tristate and Diana together. Vice-versa, if the information only refers to one of the two data controllers, you will find the reference to either Diana or Tristate.
Your contact and purchase data. Tristate and Diana will retain the details you provide us with (e.g., your contact and personal data) when you purchase a product, interact with the after-sales service or ask to be updated on the availability of a product in the Store. Tristate will also keep such data when you create an account on the Store, subscribe to the newsletter, participate in Tristate contests or promotions and/or contact Customer Care.
Your payment and invoicing data. Diana will retain the payment and invoicing data that you provide to us with (e.g., your credit card number, contact and personal data) when you purchase a product, in order to process your order and ship the products.
Information on the use of the website and on your activities on the Store. Your use of the website implies the processing of the browsing data and the device that you are using and your IP address (i.e. the number that identifies a specific device connected to the internet and is required in order for your device to communicate with websites). Moreover, Tristate may analyse the website you browsed from, what you did and what you did not do on our website. In order to send you commercial information about products and proposals tailored to your preferences, Tristate may use your email address and your name, as well as browsing data and website behavioural information to understand better which products you prefer, provided that you have previously authorized such processing.
Directly from you. For instance, if you register in order to make a purchase on the Store, if you create an account, if you participate in a contest, if you ask us a question, subscribe to the newsletter or contact Customer Care.
If you do not provide us with your personal data, you will not be able to register on the Store, and you will not be able to purchase any of the products for sale nor make use of the other services provided.
Third party data provided directly by you. The possible indication (e.g., for the shipment of the product) of personal data and contact details of any third party other than you represents a processing of personal data with respect to which you are a data controller, thus assuming all the obligations and responsibilities provided for by current legislation on personal data. On this regard, you guarantee to Tristate and Diana that any data of third parties that will be indicated by you have been collected by you in full compliance with current legislation on personal data, and that there is an appropriate legal basis that allows the communication of such third party personal data to Tristate and Diana, relieving them from any dispute, claim, request for compensation for damages from any third party resulting from the aforementioned communication that may be received by Tristate and Diana.
a) To provide you with the products and services you purchased and to give you information about your orders and payments. Diana and Tristate will use your data to process your order, to confirm your purchase and to manage any service related to it, such as the shipping of purchased products. Without your data, we cannot manage and process your order.
The legal basis of such data processing is the performance of the purchase agreement, which you become a party of since you accept the Store’s general conditions of sale.
The data retention period of your data is equal to the period required to process the order (provided that if other treatments, such as after-sales assistance and management of the administrative position, are applicable, the retention period shall be that indicated in this notice in relation to such treatments).
b) To allow you to register for a Store account. Tristate will use your personal data in order for you to create an account on the Store, whether you make a purchase on the Store or not.
The legal basis of such data processing is the performance of a contractual/pre-contractual request submitted by you.
The retention period of your data, in addition to what is necessary to process your order if any, shall be equal to the period of validity of your account, which shall be in any case deactivated after 24 months from your last access or from the last action taken by you in your account.
c) To give you an update on product availability. Following your explicit request, Diana and Tristate will process your personal data to give you an update on the availability of a requested product on the Shop.
The legal basis of such data processing is the performance of a contractual/pre-contractual request submitted by you.
The retention period of your data is equal to the period necessary to process the request.
d) To provide you with the required after-sales assistance in compliance with the applicable legislation related to the product warranty. Diana and Tristate will use your data to provide you with support, in order to manage the return and/or repair of the products that you purchased from the Store in accordance with applicable law and the Store’s general conditions of sale.
The legal basis of such data processing is the compliance with legal obligations and the data retention period is equal to that required by law (specifically, by the Italian Consumer Code).
e) To manage your administrative status correctly. Diana and Tristate will process your data for accounting, administrative and tax purposes, directly connected to Diana and Tristate’s business activities as required by the applicable legislation.
The legal basis of such data processing is the compliance with the legal obligations and the retention period is equal to that required by law (specifically, civil, tax, anti-money laundering, banking and public security law).
f) To let you to interact with customer care operators. Diana and Tristate may use your personal and contact data to assist you should you require support while using the products purchased from the Store.
The legal basis of such data processing is the performance of the sale and purchase agreement that you executed with Diana when you accepted the Store’s general conditions of sale and the compliance with the obligations provided for by applicable law in terms of warranties and customer care. The retention period is equal to the time necessary to manage your request (provided that, if other process activities are applicable, the retention period shall be that indicated in this notice in relation to such treatments).
Tristate may also process such personal data to assist you with purchases that you have not made on the Store or when you request information about Tristate's products.
The legal basis is the performance of the sales agreement that you have executed with Tristate or the performance of pre-contractual requests. The retention period of your data in relation to such data processing is equal to the time necessary to process your request (provided that, if other processing is applicable, the retention period shall be that indicated in this notice in relation to such treatments).
g) To prevent or control unlawful conducts or to protect and enforce rights. Diana and Tristate may use your data to prevent infringement of their intellectual property rights (e.g., counterfeiting of our trademarks and/or our partners’) or theft (including credit card cloning and theft that we presume may occur during a contest or an event) or other unlawful acts, as allowed by applicable law.
The legal basis for such data processing is the legitimate interest of the Data Joint Controllers.
The period of retention of your data is equal to the time reasonably necessary to enforce our rights from the moment we become aware of the offence or the potential commission of it.
h) To update you on your shopping cart. Diana and Tristate may process your personal data, in particular your email address, when you have created an account on the Shop, to remind you that the shopping cart on the Shop contains products.
The legal basis for such processing is the legitimate interest of the Joint Controllers to keep you updated about your shopping cart.
The retention period of your data for this purpose is 48 hours from when you left the shopping cart without completing your purchase.
i) For direct marketing purposes / newsletter subscription. Upon your consent, you may be contacted by Tristate by email or other telematic communication means with information or promotions of products and services offered by the Shop, also following your subscription to the newsletter by entering your email address.
The legal basis for such data processing is your explicit consent which, as far as only the subscription to the newsletter is concerned, consists of entering your email address.
The retention period of your data is 24 months from the collection of your data.
j) To send you commercial communications and to offer you products aligned with your preferences. Upon your consent, Tristate analyses your personal data and the data concerning your use of the website, preferences and consumption of the products in order to improve its approach towards you and its customers in general, through automated processing activities, including profiling activities. Tristate does so in order to make better decisions related to services, advertising, products and contents, based on a greater awareness of how its customers use its services and to provide you with a more customized user experience. For such purpose, Tristate may also collect your mobile device’s ID for advertising (i.e. IDFA - Identifier for Advertising - for iOS devices and AAID - Google Advertising ID - for Android devices) so that it can always provide you with targeted and relevant advertisements based on your preferences and interests.
The legal basis of such data processing is your explicit consent.
The retention period of your data is 12 months from the collection of your data.
k) To allow you to participate to surveys. Tristate may, with your prior consent, send you surveys in order to analyse any feedback you voluntarily provide via such surveys, for example, in connection with a customer service contact or a purchase from the Store. The legal basis of such processing is your explicit consent. The retention period is equal to the time required to process your feedback as a result of your participation in the survey.
For the purposes of subparagraphs from a) to h) above, the provision of data is necessary to allow you to create an account on the website, make purchases on the Shop and receive other services on the website.
For the purposes of subparagraphs from i) to k), the provision of data is optional, a refusal will not cause any prejudice for the purposes of subparagraphs from a) to h). Data subject may withdraw his/her consent at any time, but this shall not affect the lawfulness of processing carried out by Tristate based on consent before its withdrawal.
Data shall be processed and stored at the offices and IT systems of Tristate and Diana.
Personal data may also be disclosed, including for the purpose of customer service interaction, to companies providing services - specifically appointed as data processors pursuant to the Applicable Data Protection Regulations - based in countries outside Switzerland and the European Union and, in particular, in the United States of America; in exceptional cases, in any country in the world.
Such data transfers shall be authorized either upon:
- an adequacy decision of the third country to which the data are transferred, adopted by the competent authorities such as the European Commission pursuant to Article 45 of the GDPR; or
- the appropriate or adequate safeguards provided for by the Applicable Data Protection Regulations such as Articles 46, 47 and 49 of the GDPR (such as standard contractual clauses approved by the European Commission, binding corporate rules, contractual or covenantual safeguards provided by the data controllers involved, or such as exemptions to the prohibition of transfers applicable in specific situations), as well as on the basis of the right to contact the Data Controller to obtain the contact details of the entities to whom the personal data are disclosed, from whom he/she may receive information on how to obtain a copy of the processed data or where the data have been made available.
Provided that, where required by law, we will obtain your prior consent and complete any formalities required by law, we may share your data with the following third parties (also acting as data processors):
Our service providers We may share your data with third parties so that they can provide us with services (e.g., providers of IT services for the management of the Shop, providers of profiling services and compliance automation, payment gateways and other entities that provide banking services, couriers, companies that manage warehouses and provide logistics services, legal, tax and accounting consultants) who may act as autonomous data controllers or as data processors: in this second case we will enter into a data processing agreement aimed at protecting your data. These entities will only hold the data necessary to perform their functions and may only use it to perform such services on Our behalf or to comply with legal requirements. You can find out the details of such data processors by contacting us by email at firstname.lastname@example.org or email@example.com. If such providers operate outside Switzerland or the European Union, we will meet one of the conditions set out above before disclosing any personal data to them.
Where we deem it necessary in order to comply with legal obligations or to protect Ourselves or third parties from a judicial standpoint. Where permitted or required by law, we may also share the data requested by a government agency or by another authorised third party or organisation, in order to protect or enforce Our rights or those of third parties, or to limit or prevent fraud (including credit card fraud or other fraud, which we believe that may occur during a promotion or an event) and other offences.
Our Store is not intended for minors under the age of 16, but for adults. If you are a parent or guardian and you believe that your child may have sent us some personal data, please contact us.
We adopt the security measures required by law.
We adopt security measures to protect your data. The standard security measures that we use depend on the type of data that we process, and such measures meet the requirements provided for by law and by the standards of European government agencies.
You may contact Tristate and/or Diana in order to request the access to, the rectification or erasure of your personal data, or restriction of the processing, to object such processing and to request the portability of your data; you may also withdraw your consent at any time (and this shall not affect the lawfulness of the processing based on consent granted before such withdrawal).
When you exercise your right of access, you have the right to know whether your data is being processed or not, as well as the purpose of the processing, the categories of data being processed, the recipients or categories of recipients who your data have been disclosed with (and, if they are located in a third country, the guarantees in place), the retention period of your data (or the criteria in order to determine such retention period), whether an automated processing is being carried out or not (e.g., through profiling), the logic involved behind such processing, and the source of the data (when not initially collected by Us).
You have the right to lodge a complaint with the competent Data Protection Authority and to ask the data controller, at any time, for information about the data controllers and the persons authorised by the data controllers to process your data.
In any case, you may amend or withdraw your consents by changing Store's settings.
You can withdraw your consent to receive marketing communications including newsletters. In order for you to stop receiving marketing communications, you may access your account and change your settings or follow the instructions shown in the promotional message that you receive. Alternatively, you may withdraw your consent by sending an email to firstname.lastname@example.org.
As for marketing emails and data processing through profiling, you may amend your preferences in the privacy settings of your account or by sending an email to email@example.com.
Diana has appointed a Data Protection Officer (DPO) that may be contacted by sending an email to firstname.lastname@example.org.
Version updated to 12-01-2021