When you come into contact with the Salvatori world, we collect and process some personal information about you. This happens in a number of ways:
- When you browse one of our websites (bathroom.salvatoriofficial.com, salvatori-shopthelook.netlify.app and salvatoriofficial.com). In this document, to keep things simple, we will use the word “website” to refer to one or all of these sites.
- When you use certain services (referred to as “services”) available on our website or showrooms.
- When you purchase a product or products (referred to as “products”) through one of our sales channels.
Please note that our company is officially called Alfredo Salvatori S.r.l. but we will refer to it in this document as “Salvatori”.
- any businesses or companies acting autonomously, such as franchisees or dealers, if they are not specifically named by Salvatori as responsible for processing such data;
- information you share via social network platforms such as Facebook, Instagram, WhatsApp, LinkedIn, WeChat etc or via the platforms of other companies that are managed by them.
1. The Data Controller
As Data Controller, Salvatori is responsible for deciding how we collect and use your personal details and for what purposes.
In order to provide you with our products and/or services, we may need to share some of your personal details with authorised partners acting in the capacity of having responsibility for data processing or handling. In line with Article 28 of the GDPR, in such cases Salvatori obliges them to take appropriate measures to keep your information safe and to only use the data for the purposes it was collected for.
2. Source and nature of the personal data we may collect
2.1 Browsing information
Our website is designed to capture certain personal data as part of its function and the transmission of such details is implicit as part of the protocols of Internet communication. Data is not collected in order to identify you but it is possible that, if it is combined with third party data, you could be identified. The type of data we refer to here includes your IP address, the name and domain of your device, the addresses in URI format (Uniform Resource Identifier) of requested resources, the time a request was made, the method used to make it to the server, the size of any file received in response to your request, the numerical code that indicates the status of the server response and other parameters related to your operating system. We only use such information to obtain anonymous statistics to help us better understand how our website is used and to ensure it functions correctly.
This data may be used to assign responsibility in the event of any cybercrime that is harmful to Salvatori.
2.2 Sign-up information and other details you may provide
To use our website you do not need to create a personal account but to access some pages or services you will need to do so by signing up as a registered user. When you create an account, you will be asked to provide the following details:
- name and surname;
- whether you are a private client, industry professional or student;
- your email address;
- telephone number;
We collect information that you share with us when you send an email, interact with certain functions on our website or request certain Salvatori services. The details we collect and process are your name, surname, country of residence, email address, delivery address, shipping option and payment method.
Should you communicate information pertaining to a third party to us, we kindly ask that you do this in compliance with the regulations laid out in the relevant Privacy Legislation. This means that you must inform any such third party beforehand that you are doing so, and be authorised to communicate such details to us.
2.3 Information about your preferences
When you browse our website, make use of its functions and services or purchase Salvatori products, we collect information about your browsing activity, the way you interact with our content, your preferences and any purchase(s) you make.
Information collected via cookies and other types of technology
Cookies are tiny text files that are sent by the websites you visit and are then stored on the device you use when you access those sites. When you return to a website, the browser calls up the stored cookies and resends the information to the site that originally created them.
Our website uses different types of cookies together with other technologies that read and archive information on your device so that we can carry out statistical analysis, for example. We do NOT use any cookies that could activate programs on your device, introduce any viruses or allow us to implement any form of spyware on it.
On our website you will find social media buttons or widgets, which are the icons you will recognise as belonging to social networks such as Facebook, Instagram and Twitter. These make it possible for users on our website to reach and interact with those social networks with a simple click.
We use the following types of cookies:
Technical cookies. These enable the site to function as it should, including allowing you to access certain services. This category includes analytic cookies, session cookies and functional cookies. We use these to gather information, for example, about the number of visitors and how they use our website, or to analyse statistics about browsing patterns (this is anonymous) and to save your browsing preferences, for example the language you choose.
Profiling cookies. These are created by third parties to create visitor profiles and are used to tailor advertising messages based on your browsing behaviour.
The cookies listed above may be:
- temporary, meaning they are automatically cancelled when you leave the website;
- permanent, meaning they are stored in your hard drive unless you cancel them;
- first-party, meaning they are installed and managed by the website owner, in this case Salvatori;
- third-party, meaning they are managed by a different domain from the one you are visiting.
Technical cookies come into play without the consent of the user, but profiling cookies can only be activated if you expressly agree and this is entirely optional.
It’s important to know that if you consent to profiling cookies, you can withdraw that consent whenever you want, or you can manage the cookies you are happy to have applied. To do this and disable existing cookies, you simply need to access your browser settings (ie Internet Explorer, Google Chrome, Safari, Firefox) or the cookie bar that appears when you visit our website.
Once you open up our website, you can access the Cookie area and check the status of the cookies installed (“Status”) then manage them as you wish.
Below is the list of cookies and profiling tools we use in order to provide our services:
You can learn about cookies related to Crazy Egg here: https://www.crazyegg.com/cookies
You can disactivate the Crazy Egg function at any time by following this link: https://www.crazyegg.com/opt-out.
3. Why we collect and process your data
Salvatori collects, retains, uses and shares your personal details only for the purposes described in this section.
If you decide not to share your personal details with us or do not give us your consent to collect and process them, we will unfortunately be unable to provide some of our services. However, you will still be able to use our website, receive information (where we have sufficient details to provide it) and receive assistance from us, again within the limits of the information you share with us.
If you wish to make a purchase, however, there are certain details that we must have to complete your transaction and supply the product or products you have chosen, and these refer to invoicing and shipping.
We collect and process your data for the following purposes:
- for administration and accounting purposes to conclude a contract and to process purchases, maintenance services and post-sales customer care (such as delivery, bespoke requests, installation, warranty requests, managing returns, maintenance and any repairs relating to products purchased);
- to create your Salvatori account and process your purchase(s) and to provide a level of service that is as personalised and complete as possible, including responding to and dealing with requests for information and/or feedback;
- analytics and statistics;
- to comply with legal obligations, local and EU regulations (including anti-money laundering legislation), fraud prevention and to exercise rights in a court of law;
- for marketing and market research, to send you offers, promotions or suggestions of products that match your preferences, to invite you to our events, to send you commercial or promotional messages (usually in the form of a newsletter), to contact you directly, to provide sales support around the world through our stores or via email, telephone, SMS, instant message or traditional mail. At any time, you can indicate your preferred contact method from those listed above;
- for profiling, in line with lawful bases (see the section “Lawful bases for collecting and processing data” below), to create group or individual profiles that may be used to provide you with tailored content, communications, assistance and experiences. We may collect your details as a result of you providing them in paper or electronic form at one of our sales outlets or during a visit to our showrooms or when you interact with Salvatori websites or Internet or mobile applications.
Lawful bases for collecting and processing data
Your personal details are handled in compliance with Privacy Legislation, which requires that there are legal requirements for doing so. Specifically:
- to enable us to undertake marketing and market research activities and to send you relevant offers, promotions or products that are tailored to your preferences and based on your consent;
- to process and conclude the purchase of products or services provided by Salvatori, to engage with you in the pre-purchase phase of choosing products and services or to furnish online services;
- to enable Salvatori to fulfil a legal obligation;
- where Salvatori has a legitimate interest to ensure that the website and registration function work correctly, to prevent and prosecute fraudulent activity, to protect ourselves from claims in a court of law, for profiling purposes so that we can send your personalised content, and, where necessary for administrative reasons, to share details with other businesses that make up part of our company;
- if you provided your email address when purchasing a product or service from us, we may send you information and newsletters via email regarding similar or complementary products/services, unless you advise us that you do not want to receive such messages. In this case, you simply need to click on the UNSUBSCRIBE button that you will always find at the bottom of our emails or send a short email to the address email@example.com.
4. How your details are processed and retained
Your personal details may be handled in paper form or through electronic means. They will also be processed in conformity with applicable security regulations and here we can specifically mention Article 32 of the GDPR. We adopt technical and organisational measures to protect your personal details from accidental or unlawful destruction, accidental loss, alteration and unauthorised sharing or access.
All our business partners and suppliers must assure us that they are able to guarantee that your personal details are protected in line with recognised international standards. Any Salvatori employee, collaborative partner or third-party service provider who has access to your personal data is legally and contractually required to respect your confidentiality and privacy. Should we ever discover a lapse in security that violated the GDPR, Salvatori has a procedure in place to ensure we can react promptly to any such incident and to limit or offset any potential negative consequences. Where Privacy Legislation demands such action, we would notify any violation to you and also the Garante per la Protezione dei Dati Personali, which is the Italian authority that governs personal data protection.
How long we retain your data
Salvatori retains your personal details for as long as we require them in order to fulfil the purpose for which they were obtained, in line with our internal policy. We have a general retention period of 10 years starting from the moment we originally collect your details, and we keep them for administrative and accounting purposes, unless there are particular circumstances where the applicable national law specifies different retention requirements. As a rule, we immediately destroy your details once we have achieved the purpose for which they were collected and used. However, the following categories of personal data are retained as described below.
Data relating to payments: Within the scope of any purchases of our products or services you may make, payment-related details will be retained until the payment is fully processed and all administrative and accounting obligations or formalities have been concluded, which also includes the expiry of the right of return and payment contestation periods.
Data collected during the process of supplying products or services: This data will be retained in order to deliver services (such as installation and maintenance) related to Salvatori products you purchase for as long as necessary and based on the technical specifications of the products in question.
Data necessary to safeguard our rights in a court of law: We retain data for a period that conforms with any potential restrictions imposed by law.
Data regarding your preferences: We retain data that is used for marketing and profiling purposes, as well as data related to your purchases, for a period of 10 years. At the end of that period, your details are automatically cancelled or converted to a permanently anonymous form.
In all cases, for technical reasons, it may take up to 30 days from the deadlines described above to cease data handling and cancel or convert it into anonymous form.
4.1 How your data will be destroyed
In principle, any personal details held by Salvatori in our role as Data Controller will be erased and destroyed within the timelines outlined above.
These details will not be used for any purpose other than those described in this document and will never be processed in any way that is not consistent with any applicable laws and regulations.
Any paper documents that contain your personal details will be shredded or destroyed using appropriate means to ensure that your data is impossible to retrieve.
Personal data held in electronic form will be erased via technological or technical means that ensures they can never be retrieved.
5.1 Internal and external communication of personal data
Your personal details can only be accessed by Salvatori staff members who are strictly authorised to do so (for example, Digital, CRM, Retail or IT personnel) and only where necessary. We may share your details with third parties in the following cases: (i) when requested to do so by regulations or laws relating to legitimate third parties, such as public bodies and authorities for institutional purposes, for example anti-money laundering, judicial processes; (ii) when required to do so by third parties involved in fraud prevention services.
We may also share your details with our service providers, for example those supplying services of a technical, technological or organisational nature, but only for purposes as indicated earlier in this document. Such service providers may include freelance consultants (individuals or businesses), delivery companies, marketing companies, payment systems providers etc. We can supply a full list of such parties upon request. We only share the details that are necessary to carry out the services in question and any third party is deemed to be responsible for processing your data in accordance with Article 28 of the GDRP, based on instructions received from Salvatori. We would like to make it clear that Salvatori does not share personal data for marketing or profiling purposes.
5.2 Transfer of data outside the EU and EEA
To carry out some activities that involve data processing, Salvatori may need to share your personal details with parties that are based outside the European Union (EU) or European Economic Area (EEA) and we refer to these in this document as “Third Countries”.
Your data may be passed to Third Countries. The list of these countries, which is updated from time to time, is available upon request. Such transfers are legitimate and are protected by
- a mechanism provided for in Article 46 of the GDPR, as Salvatori has signed standard contractual clauses that have been approved by the European Commission (integrated with other technical/administrative/legal measures), or;
- a mechanism provided for in Article 45 of the GDP, where the European Commission deems a particular country ensures an adequate level of protection.
Such external parties will act as autonomous Data Controllers or as having responsibility for handling data, designated by Salvatori in accordance with Privacy Legislation (commensurate with the role they fulfil in relation to the handling).
6. Your rights
As a data subject, you may exercise the rights regarding collection and handling of your data at any time.
Below is a description of those rights:
Right of access: You can request confirmation that we have collected and are using your data, and if so, you can ask us to provide access to the data we hold and to understand how it is being used. You may also ask us to provide a copy of that data.
Right of correction: You may ask us to correct, update or modify any out of date or inaccurate information, or to add additional details, which you may decide to do by providing an additional declaration.
Right to withdraw your consent: At any time, you may withdraw your consent for us to use your data for any purpose(s) you have previously agreed to (marketing, profiling). When we receive your request, we will stop using your personal details for those specific purposes, but for other purposes we will continue to use them as provided for by the prevailing laws or regulations.
Right to erase your personal data (the right of oblivion): You may invoke this right in any of the following situations
(i) the purpose for which we hold or use the data has come to an end;
(ii) your data has been used illicitly;
(iii) to fulfil a legal obligation;
(iv) you object to your details being used (see “Right to object” below) and there is no legitimate reason that allows Salvatori to continue using them.
If you ask us to erase your personal data, we will evaluate your request and, if it is legitimate, we will cancel your details in a timely manner.
Right to restrict the use of your personal data: There are certain cases in which you can request restrictions regarding how your data is used. This means that your details may be held but not used (apart from any particular requests by you and any exceptions provided for by law). Those situations are as follows:
- if you contest the accuracy of the personal data we hold and we need to verify the situation;
- if your data has been unlawfully used and you oppose it being erased;
- when we no longer need your data, but you require it to establish, exercise or defend a legal claim
- if you have objected to the usage of your date and we are considering whether you have legitimate grounds to do so.
Right of data portability: You may ask us to provide a copy of your personal data that we hold (obtained either through your consent or because of a contractual arrangement you are party to) in a common, digitally-readable format. If it is reasonable and technically possible, we can also transfer your data directly to a third party of your choice, should you so wish.
Right to object: You can object to the usage or storage of your personal data at any time, as long as there is a legitimate interest. You will need to explain why you object, and we will stop using it, unless there are grounds to continue doing so. You can also object, at any time, to us using your data for marketing and/or profiling purposes and in this case you do not need to explain why and we will stop using your details immediately.
To exercise any of these rights or to request further information about them and how to exercise them, please contact our Client Service team as follows:
- By telephone (Monday to Friday from 8.30 am to 5.30 pm CET, excluding public holidays): +39 0584 76 92 00
- By email: firstname.lastname@example.org
If you believe your personal details have not been obtained or handled correctly, you can make a complaint to the Autorità Garante per la Protezione dei Dati Personali, which is the Italian authority that governs data protection.
If you would like to receive a list of our external partners who may handle your data or third parties with whom we may share your details, please contact us via the email address or telephone number detailed above.