Last Updated In: October 2021
For the Tod's Group, the security of your personal data is very important, which is why we pay the utmost attention to the collection and management of the personal data that you will provide to us during your participation in this Customer Survey, adopting specific measures to guarantee data security, confidentiality and integrity, in compliance with the provisions of Regulation (EU) 2016/679 (Regulation) and with the applicable privacy regulations in Hong Kong [e.g. The Personal Data (Privacy) Ordinance (Cap. 486)], according to the implementation and within the limits of their territorial scope.
1. Data Controller (“data user”)
The Data Controller of your personal data, which will be processed for the purposes described in the following section, is Tod’s S.p.A. (hereinafter referred to as “Tod’s”, “we”, “us” or “our”), having its registered office in Via Filippo Della Valle, 1, Sant’Elpidio a Mare, (FM) - Italy (EU).
2. Lawfulness and Purposes of Processing
The personal data that you will communicate to us when filling in the questionnaire, aimed at improving the quality of our services, will be processed by the Data Controller in order to learn your degree of satisfaction with your shopping experience and monitor the effectiveness of the improvement actions adopted as a result of the feedback received. The legal basis for the processing consists in your consent to participate in this customer survey.
Furthermore, subject to your further consent, we reserve the right to contact you, at the addresses you have already shared with us (e.g. e-mail address or telephone number), to learn more about the degree of satisfaction with your shopping experience, in order to solve any issues encountered.
If the Data Controller has already obtained your consent to process your data for profiling purposes, we inform you that the results of this Customer Survey will contribute to this end, aimed at providing you with services and products that increasingly match your preferences and expectations.
Finally, we may also process your personal data in order to comply with any legal obligations that we may have, or to pursue any our legitimate interests (i.e. improving business processes, preventing frauds, exercising and defending a right of ours or optimising our customer contact strategies), in compliance with the conditions and limits set by the legislation currently in force.
3. Personal data Processing and Security
We shall process your personal data both by means of paper- and IT-based tools, and such processing shall be based on the principles of fairness, lawfulness, and transparency, in order to protect your rights and privacy.
We make use of industry-standard physical, organizational, contractual and technological security measures to protect your personal data from unauthorized access, public disclosure, use, modification, damage or loss.
We take all reasonable and practicable steps to protect your personal information, but unfortunately, no system or network can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Your Rights” section below (note that physical mail notification will delay the time it takes for us to respond to the problem).
4. Personal data Disclosure and Transfer
We shall not disseminate your personal data.
i. with our service providers, included other companies belonging to Tod’s Group who perform technical and organizational tasks on our behalf, always in compliance with achieving the purposes described above;
ii. with other belonging to Tod’s Group acting on our behalf: in order to contact you again to learn more about the assessments released through the Customer Survey, so as to overcome any issues encountered;
iii. to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other shift in all or in any given part of our business, assets or stock (also in connection with bankruptcy or similar outcomes);
iv. in connection with the essential purposes described above (that is to say in order to comply with legal obligations or to execute a lawful request of public authorities).
Your personal data, once you have provided your written consent of that, shall be transferred from your country to our headquarters in Italy. Please, consider that we are subjects to the Regulation (EU) 2016/679, the data protection law applicable in all the EU Member States, which is substantially similar to, or serves the same purpose as, the Hong Kong privacy law framework.
Data transfers toward countries outside the European Economic Area (EEA): We guarantee that we shall transfer your personal data towards a country outside the European Economic Area (EEA) not having an Adequacy Decision by the European Commission (EC), only after the adoption of at least one of the cross-border transfer mechanisms the Regulation recognizes as being able to ensure an adequate protection of the personal data being transferred:
i. specific “Standard Contractual Clauses” are to be drafted, issued by the European Commission, in order to ensure that the protection level of the personal data processed by our partners outside the EU shall comply with the EU's data protection level;
ii. adoption of Company Binding Rules, approved by the competent Public Authorities, in compliance with the data transfer within a group of undertakings or enterprises is done through binding corporate rules, approved by the competent data protection authority in the UE, pursuant to the consistency mechanism referred to in art. 63 and to the conditions detailed under art. 47 of the Regulation.
We also undertake to carry out, in accordance with laws in force, any possible prior risk assessment concerning the data transfer; adopting, if necessary, any additional security measures, complementary to the safeguards guaranteed by the aforementioned transfer mechanisms.
At any rate, we shall transfer your personal information, only if the protection level, guarantee by the privacy laws in force in our countries, is not compromised.
Your personal data shall only be processed by parties being duly instructed and able to provide adequate technical and organizational safeguards, as well as bound to the strictest confidentiality by us.
5. Retention of personal data
We shall process your personal data at different times depending on the purpose.
Specifically, the personal data that you will give us when filling in the questionnaire, so that we can understand your degree of satisfaction, will be stored for a maximum period of 24 months from their release.
If you have expressed your willingness to be contacted to give more details about your assessment of satisfaction, your personal data will be stored for a maximum period of 24 months from their release.
We would also like to inform you that we are further required to store your personal data in order to comply with specific law provisions, in the manner and within the timeframe established by said regulations.
Should the processing of your personal data be based on any legitimate interest, be it ours or belonging to third parties, the processing of your personal data shall be strictly limited to the time required to achieve the legitimate interest, on a case-by-case basis.
6. Your Rights
You have the right, as detailed within the law in force, to access your personal data, to correct or update it, to delete or to obtain a copy or the transmission in a structured format to any third party thereof. You may also request to limit or object to such processing.
You can withdraw your consent at any time.
You may exercise these rights at any time, by writing to our Data Protection Officer (DPO) to the following addresses:
· by e-mail: firstname.lastname@example.org.
· by post: Data Protection Officer - Tod's S.p.A., Via Filippo Della Valle n. 1, 63811 Sant’Elpidio a Mare (FM) – Italy (EU).
We would like to inform you that we shall not discriminate against you, should you exercise one or more of your privacy rights acknowledged by the relevant legislation.
We will make sure to comply with your request to exercise your rights, always within the terms of the law.
We shall retain the right to ask you, in the ways we deem appropriate, for specific information to help us confirm your identity and be reasonably certain that only you can access your personal data and no unauthorized third party can seize, change or delete them. The processing of your request is free of charge. However, should your requests be manifestly unfounded, excessive, or repetitive in nature, we shall retain the right to refuse to comply with them or to request suitable economic contributions for them.
Remember that you can file a complaint with the Supervisory Authority if you believe that we have violated any rules concerning the protection of personal data.