Wishlist

Sign into your account to see your favourite items

Shopping Bag0 item/s

Enjoy free shipping and return on all orders

Privacy Policy for Online Check Out

Last Udpated In: July 2021

Your Privacy and the security of your personal data/information are very important for the whole of Tod's Group, and that is why we use the utmost care in collecting and processing the personal data  you will provide us with during the purchase process on our Website,  adopting specific provisions in order to ensure the security, confidentiality and integrity thereof, in compliance with Regulation (EU) 2016/679 (from here on, the Regulation), and with the applicable privacy regulations in UK (e.g. Data Protection Act 2018, UK General Data Protection Regulation), according to the implementation and within the limits of their territorial scope.

You will find below all the information concerning our processing of your personal data to allow you to purchase the products of Tod’s Group products on the online store (hereinafter, “E-Store”).

The Privacy Policy herein supplements the Privacy Policy of the Website, to which you should refer to for additional information.

  1. Data Controller

The Data Controller of your personal data, which will be processed for the purposes described in the following section, is Tod’s S.p.A. (hereinafter referred to as “Tod’s”, “we”, “us” or “our”), having its registered office in Via Filippo Della Valle, 1, Sant’Elpidio a Mare, (FM) - Italy (EU).

  1. Lawfulness and Purposes of Processing

Unless specified otherwise within the Privacy Policy herein, we collect and process the personal data you provide; we shall not obtain your personal data from any third party. “Personal data” pertains to any information concerning an identified or identifiable natural person (the ‘data subject’).

Your personal data (e.g. your name, surname, delivery address, e-mail address, and the like.), shall be processed in order to allow you to purchase products on our E-Store, as well as to fulfil our contractual obligations.

We would like to point out that we shall NOT process your payment information (i.e. your credit card number) in any way.

Failing to disclose your personal data and information will not allow to complete your purchasing process, since such information is necessary to allow us to fulfil our contractual obligations, as well as to comply with the legislation, including the fiscal, bookkeeping and administrative obligations.

Finally, we may also process your personal data in order to comply with any legal obligations that we may have,  or to pursue any legitimate interest, be it ours or belonging to third parties (i.e. optimising the purchasing procedures, preventing frauds, exercising and defending a right of ours, improving the shopping experience),  in compliance with the conditions and limits set by the legislation currently in force.

  1. Personal data Processing and Security

We shall process your personal data both by means of paper- and IT-based tools, and such processing shall be based on the principles of fairness, lawfulness, and transparency, in order to protect your rights and privacy.

We make use of industry-standard physical, organizational, contractual and technological security measures to protect your personal data from unauthorized access, public disclosure, use, modification, damage or loss.

  1. Personal data Disclosure and Transfer

We shall not disseminate your personal data.

To the extent permitted by law and where required with your consent, your Personal information may be disclosed, for the purposes described in the Privacy Policy herein:

  1. to our service providers, including other companies of Tod’s Group, performing technical and organizational tasks on our behalf (i.e. delivery and logistics services, IT technical support, fraud prevention in the electronic payment system [for further information, please see: https://www.forter.com/service-privacy-policy] , customers support, and the like), again pursuant with achieving the purposes described in the Privacy Policy herein;
  2. to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other shift in all or in any given part of our business, assets or stock (also in connection with bankruptcy or similar outcomes);
  3. in connection with the essential purposes described above (that is to say in order to comply with legal obligations or to execute a lawful request of public authorities).

Your personal data shall be transferred from your country to our headquarter in Italy, based on adequacy regulations, pursuant the section 17A of the Data Protection Act 2018.

Data transfers toward countries outside the European Economic Area (EEA): We guarantee that we shall transfer your personal data towards a country outside the European Economic Area (EEA) not having an Adequacy Decision by the European Commission (EC), only after the adoption of at least one of the  cross-border transfer mechanisms the Regulation recognizes as being able to ensure an adequate protection of the personal data being transferred:

  1. specific  “Standard Contractual Clauses” are to be drafted, issued by the European Commission, in order to ensure that the protection level of the personal data processed by our partners outside the EU shall comply with the EU's data protection level;
  2. adoption of Company Binding Rules, approved by the competent Public Authorities, in compliance with the data transfer within a group of undertakings or enterprises is done through binding corporate rules, approved by the competent data protection authority in the UE, pursuant to the consistency mechanism referred to in art. 63 and to the conditions detailed under art. 47 of the Regulation.

We also undertake to carry out, in accordance with laws in force, any possible prior risk assessment concerning the data transfer; adopting, if necessary, any additional security measures, complementary to the safeguards guaranteed by the aforementioned transfer mechanisms.

We would like to stress the fact that the data transfer mechanisms, used to disclose your personal data outside the EU, are coherent with the cross-border data transfer tools stated by the UK laws framework.

Should an adequacy decision pursuant to art. 45(3), or of appropriate safeguards pursuant to art. 46 of Regulation, including binding corporate rules, be absent, we may transfer your personal data only if:

  1. you have explicitly provided your consent to the proposed transfer   after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and of appropriate safeguards;
  2. the transfer is necessary for the performance of    a contract  you are involved in, or  for  the implementation of pre-contractual measures taken at your request;
  3. the transfer is necessary for the conclusion    or the performance of a contract, concluded in your interest, between us and another natural or legal person.

Your personal data shall only be processed by parties being duly instructed and able to provide adequate technical and organizational safeguards, as well as bound to the strictest confidentiality by us.

  1. Retention of personal data

We shall process your personal data at different times depending on the purpose.

Your personal data that we will process to enable you to complete your purchases on the E-Store shall be stored and processed until we completely fulfil all the obligations arising from the contract.

We would also like to inform you that we are further required to store your personal data in order to comply with specific law provisions dealing with fiscal, accounting and administrative matters, in the manner and   within the  timeframe established by said regulations.

Should the processing of your personal data be based on any legitimate interest, be it ours or belonging to third parties, the processing of your personal data shall be strictly limited to the time required to achieve the legitimate interest, on a case-by-case basis.

  1. Your Rights

You have the right, as detailed within the law in force, to access your personal data, to correct or update it, to delete or to obtain a copy or the transmission in a structured format to any third party thereof. You may also request to limit or object to such processing.

You may exercise these rights at any time, by writing to our Data Protection Officer (DPO) to the following addresses:

  • by e-mail: dataprivacyofficer@todsgroup.com.
  • by post: Data Protection Officer - Tod's S.p.A., Via Filippo Della Valle n. 1, 63811 Sant’Elpidio a Mare (FM) – Italy (EU).

We would like to inform you that we shall not discriminate against you, should you exercise one or more of your privacy rights acknowledged by the relevant legislation; such an exercise shall have no impact on the purchasing of our products or on any existing relationships with the Company.

We will make sure to comply with your request to exercise your rights, always within the terms of the law.

We shall retain the right to ask you, in the ways we deem appropriate, for specific information to help us confirm your identity and be reasonably certain that only you can access your personal data and no unauthorized third party can seize, change or delete them. The processing of your request is free of charge. However, should your requests be manifestly unfounded, excessive, or repetitive in nature, we shall retain the right to refuse to comply with them or to request suitable economic contributions for them.

Remember that you can file a complaint with the Supervisory Authority if you believe that we have violated any rules concerning the protection of personal data.

  1. Updates to the Privacy Policy herein

We may periodically update the Privacy Policy herein.  Please reference the “LAST UPDATED IN” legend at the top of this page to see when the Privacy Policy herein was last revised.