JOINT DATA CONTROLLER AGREEMENT
The EXOR Group, consisting of companies operating under the name ‘Tiziana Fausti’ and ‘10 Corso Como’, considers the protection of personal data of its and/or potential Customers, Users and Visitors to be of fundamental importance, respecting the rights recognised under Regulation (EU) 2016/679 (hereafter ‘the Regulation’) and other applicable personal data protection regulations.

The aim of this Privacy Policy therefore is to describe the methods used to manage the Websites listed below relating to the company EXOR Group (hereafter the 'Websites') in relation to the processing of the personal data of Customers/Users/Visitors that use them.

The following are the individual companies belonging to the EXOR Group and their respective websites

 

Company

Website

EXOR INC. SRL

www.tizianafausti.com

TFC SRL

www.10corsocomo.com

10CC GLOBAL SHOP SRL

www.10corsocomo-theshoponline.com

 

Each of these companies is the Data Controller, as defined in Article 4, Paragraph7 of the Regulation, ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data’ for the handling of personal data relating to the use of the Websites, while also acting as Joint Data Controller pursuant to and for the purpose of Article 26 of the Regulation exclusively for marketing and profiling purposes (primarily for sending newsletters and specific marketing communications. To this end, the Joint Data Controllers have entered into a joint ownership agreement which provides for:

• the joint definition of how to process the personal data of data subjects for marketing and profiling purposes
• the joint definition of the procedures for providing timely feedback concerning the exercising of rights as provided for in Articles 15, 16, 17, 18, 20 and 21 of the Regulation.

In order to facilitate the relationship between the Data Subject and each Data Controllers in terms of the exercising of the rights and for the aforementioned purposes, the Exor Group has established a ‘privacy contact person’ who can be contacted using the following email address: [email protected]

In any case, the ‘Privacy’ section of the Websites, which contains all the informations concerning the use and processing of personal data, the references for each website and information about contact and channels of communication made available to the Data Subjects by the Data Controller, will be available for consultation at all times.

 

INFORMATION OF THE PROCESSING OF PERSONAL DATA
pursuant to and for the purposes of Article 13 of European Regulation 2016/279 on the protection of natural persons with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)

As required by the General Data Protection of the European Union (GDPR 2016/679, Article 13), before proceeding with processing, the Data Subject (user of the website www.tizianafausti.com) is informed that the personal data collected through this site is subject to processing by the Company using IT and/or telematic tools for the purposes indicated in this policy.

To this end, the Data Subject is subject to the Privacy Policy drawn up by EXOR INC SRL (hereafter ‘TIZIANA FAUSTI’ or ‘the Company’ or ‘the Data Controller’), creator and promoter of the activities available on the website www.tizianafausti.com.

 

DATA CONTROLLER
The Data Controller of this personal data is EXOR INC SRL, registered in Via Portici Sentierone, 43 – 24121, Bergamo, Italy, e-mail [email protected].

For further information regarding the rights of the Data Subject, please see the ‘Rights of the Data Subject’ section of this policy.

 

INFORMATION ON THE PROCESSING
The personal data being processed is collected directly by EXOR INC SRL or third parties expressly authorised for this purpose, or communicated by the Company to said third parties for the pursuit of the purposes described below.

 

LEGAL BASIS AND PURPOSES OF PROCESSING
Personal data provided by users when browsing the website www.tizianafausti.com is processed by the Data Controller in compliance with current personal data protection regulations. The legal basis of this processing is the provision of services by the company itself in the management and consultation of the website, as well as the management and facilitation of the website and the establishment, execution and possible termination of online sales concluded between the parties and under the obligations of this policy or directly and/or indirectly relating to and/or arising from this policy. The processing of personal data by EXOR INC SRL is carried out in pursuit of the following purposes:

 

1) SUBSCRIPTION TO THE TIZIANAFAUSTI.COM NEWSLETTER:
In the event that the user decides to subscribe to the ‘TIZIANAFAUSTI Newsletter’, personal data will, after receiving explicit consent, only be processed by the Data Controller for the sending of commercial or promotional communications, relevant updates, etc. To unsubscribe to the newsletter, simply click the unsubscribe link at the bottom of any email received from the email address [email protected].

 

2) REGISTRATION ON TIZIANAFAUSTI.COM:
In the event that a user decides to register on the tizianafausti.com website, only after giving explicit consent, personal data will be processed by the Data Controller for the purposes of registration on tizianafausti.com. In particular, by providing a name, surname, email address and the establishment of a password, these will be processed for the creation of a personal account in order to speed up the purchasing process, allow users to view the status of orders and receive updates on any purchases made, change personal settings and update their account, view their returns history and request for goods to be returned, save favourite items to their Wishlist and offer the possibility of joining the TIZIANA FAUSTI VIP PROGRAM loyalty programme if the user so wishes.

 

3) ONLINE SHOPPING ACTIVITIES:
The personal data provided will be used for the establishment, management, execution and/or termination of an online sales contract, including the possibility for the seller to send an email in the event of the failure to finalise the purchase for technical reasons or for shopping cart abandonment that notifies the user of the present situation. The data provided will be processed by the Data Controller for the purposes of managing the purchase order with reference, for example, to the activities of payment, shipment, receiving any returns, customer support, the carrying out of administrative purposes – accounting relating to the management of the order, for the fulfilment of obligations under current legislation. In the case of payment by credit card, the essential information necessary for carrying out the transaction (credit/debit card number, expiry date, security code) will be processed by Banca Sella, PayPal or, where appropriate, by companies responsible for anti-fraud checks by means of an encrypted protocol and without third parties having access to it in any way. This information will never be displayed or stored by the seller (EXOR INC SRL).

 

4) PROFILING OF A NATURAL PERSON:
Only after giving eventual and explicit consent, the personal data provided may be processed by the Data Controller and/or Joint Controller for the purposes of profiling user activity or analysing preferences in order to create personalised content and offers.

 

NATURE OF DATA PROCESSING
In relation to the purposes referred to in point 1) of the previous paragraph, the provision of personal data and consent to its processing is optional. Failure to provide consent makes it impossible for EXOR INC SRL to allow a user to subscribe to the ‘TIZIANA FAUSTI Newsletter’ or to receive promotional communications and receiving updates relating to the latest trends, new arrivals, exclusive offers, special events and promotions.

If the user decides to subscribe to the newsletter through the section of the website solely dedicated to this, the provision of personal data and consent to its processing is compulsory.

Failure to provide consent makes it impossible for EXOR INC SRL to allow a user to subscribe to the ‘TIZIANA FAUSTI Newsletter’ or to receive promotional communications and receiving updates relating to the latest trends, new arrivals, exclusive offers, special events and promotions.

In relation to the purposes referred to in point 2) of the previous paragraph, the provision of personal data and consent to its processing is compulsory. Failure to provide consent will make it impossible for TIZIANA FAUSTI to allow registration on tizianafausti.com, create a personal account in order to speed up the purchasing process, view the status of order and receive updates on any purchases made, change personal settings and update their account, save favourite items to their Wishlist and join the TIZIANA FAUSTI loyalty programme if the user so wishes.

In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to its processing is compulsory. Failure to provide consent will make it impossible for EXOR INC SRL to proceed with the establishment, management and execution and/or conclusion of the online sales contract, thereby making it impossible to carry out activities related to the payment, shipment, receiving any returns, customer support and the carrying out of administrative purposes – accounting relating to the management of the order, for the fulfilment of obligations under current legislation.

In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to its processing is optional.

Failure to provide consent will make it impossible for EXOR INC SRL to carry out profiling activities or to carry out analysis of preferences aimed at creating personalized content and offers.

 

PERSONAL DATA PROCESSED
The personal data processed by the Data Controller are those provided by users when browsing the website www.tizianafausti.com, after registering/signing up to any services/programmes offered by EXOR INC SRL and/or the purchase of products offered by EXOR INC SRL. This data includes information such as the user’s name, surname and email address, as well as the data necessary for providing online sales services, such as data necessary for executing payments and the shipping/exchange of purchased products.

 

METHODS OF DATA PROCESSING AND STORAGE
The processing of personal data is carried out by the Data Controller in compliance with the provisions of current Privacy legislation. The Data Controller will process personal data using IT and/or telematic tools and using organisational and logical methods strictly relating to the pursuit of the purposes listed in this policy, as well as taking appropriate security measures to prevent unauthorised access to or the disclosure, modification or destruction of personal data or their loss and misuse. However, the Company cannot guarantee that the measures taken for the security of the website and the transmission of data and information on the website can limit or prevent all risk of unauthorised access or leaking of data by devices belonging to the user. Users of the website are therefore advised to ensure that their computer is equipped with software suitable for the protection and transmission of data within a data network (such as up-to-date antivirus software) and that their Internet Provider has taken appropriate measure for the security of data transmission over this network. The Company also undertakes to process data in compliance with the principles of correctness, lawfulness and transparency, to collect it to the exact extent necessary for processing and to restrict its use to only authorised staff. The management and storage of any personal data acquired will be carried out in archive storage facilities or servers located within the European Union owned by the Data Controller and/or third-party companies appointed as External Data processors currently located in Italy. Regarding the different purposes for which they are collected, personal data will only be kept for the amount of time necessary to achieve these purposes and will ultimately be processed in accordance with applicable legal provisions.

In any case, the Company will take steps to avoid the use of the data for an indefinite period of time by, on a regular basis, confirming if there is ongoing interest in the subject that this data is related to.

 

RECIPIENTS AND DATA PROCESSORS
The data collected will not be distributed or disseminated in any way, but will be processed within the limits and for the purposes described by Company employees on the basis of appropriate operating instructions (these including administrative, commercial, marketing, legal, system administrators, etc.). Some data processing may also be carried out by third parties appointed as External Data Processors, which the Data Controller uses or can use within the context of managing the contractual relationship, the provision of the services offered and for the organisational needs of its business activities. In particular, the data can be communicated to

a) ) public and private entities that can access this data in accordance with the law, regulations or EU policies within the limits established by said rules;

b) entities or persons who require access to the data for purposes related to the contractual relationship between the parties, to the extent necessary for the performance of ancillary tasks (these including banks and credit institutions, technical service providers, IT companies, communication agencies, postal services and shipping companies);

c) advisers, to the extent necessary for carrying out their professional duties.

The updated list of External Data Processors and other approved data processors is kept at the registered office of the Data Controllers and is available to the Data Subject upon request via email at [email protected] or [email protected].

 

TRANSFER OF DATA ABROAD
The management and storage of personal data will be done on severs belonging to the Data Controller and/or third-party companies appointed as External Data Processors located within the European Union. Personal data may be transferred abroad in accordance with the provisions of current legislations, even to countries outside the European Union. Transfers to non-EU countries, apart from cases in which this is guaranteed under European Commission Adequacy Decisions, are carried out in such a way as to provide appropriate and pertinent guarantees pursuant to Articles 46, 47 or 49 of the Regulation.

 

RIGHTS OF DATA SUBJECTS
As a Data Subject, a user may at any time exercise the rights provided for in Articles 15, 16, 17, 18, 20 and 21 of the GDPR, which more specifically confer the right to:

a) obtain confirmation from the Data Controller, pursuant to Article 15, that personal data is being processed or not and, if so, obtain access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data has or will be communicated, particularly if the recipients are located in Third Countries or International Organisations; (iv) when possible, the planned retention period of the personal data or, if not possible, the criteria used to determine this period;

b) obtain from the Data Controller, pursuant to Article 16, the correction of any inaccurate personal data concerning them without undue delay; taking into account the purposes of the data processing, the Data Subject has the right to have their incomplete personal data completed, including by means of providing a supplementary statement;

c) obtain from the Data Controller, pursuant to Article 17, the deletion of personal data concerning the data subject without undue delay. The Data Controller is obliged to delete personal data without undue delay if one of the reasons listed in Paragraph 1 of Article 17 is applicable;

d) obtain from the Data Controller, pursuant to Article 18, a restriction of the data processing when one of the hypothesis governed by Paragraph 1 of Article 18 applies;

e) obtain from the Data Controller, pursuant to Article 20, the portability, i.e. receiving this is in a structured, commonly used format that is readable by an automatic device, of any personal data concerning the Data Subject provided to a Data Controller. The Data Subject also has the right to transfer this data to another Data Controller without the obstruction of the first Data Controller to whom they provided this data, if the conditions listed in Article 20 Paragraph 1 are met. Finally, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if this is technically feasible;

f) object, pursuant to Article 21, in whole or in part to the processing of personal data concerning the Data Subject.

To exercise their rights, users can send a request to: [email protected] or [email protected].

It should be noted that the Data Subject has the right to revoke their consent at any time without prejudice to the legality of the data processing based on the consent given before the revocation, without prejudice to the aforementioned consequences regarding any refusal to provide said personal data. The Data Subject also has the right to a file a complaint with a Supervisory Authority.

Requests regarding the exercising of these rights can be made by contacting the Data Controller via the email address [email protected] or [email protected].

EXOR INC SRL undertakes to respond to the Data Subject’s requests within the period of one month, except in particularly complicated cases which may take up to a maximum of three months. In any case, the Data Controller will provide the Data Subject with evidence of the reasons for the delay within one month of the request. The outcome of the request will be provided in writing or electronically. In the event of a request for modification, deletion or limitation of processing, the Data Controller undertakes to communicate the results of the requests received from the Data Subject to each recipient of their data, unless this proves to be impossible or requires disproportionate effort.

The Company specifies that the Data Subject may be asked for a The Company specifies that a possible contribution may be requested if the applications are manifestly unfounded, excessive or repetitive; in this regard the Company shall track your requests for intervention.

 

CHANGES TO THE PRIVACY POLICY
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving users notice via the website www.tizianafausti.com. Please regularly consult this page, referring to the most recent modification date indicated at the end of the document. In the event of non-acceptance of changes made to this Privacy Policy, the Data Subject can request the Data Controller to delete their personal data. Unless otherwise indicated, the previous Privacy Policy will continue to apply to any personal data collected up to that time.

Privacy policy updated on May, 12th 2021