Last Udpated In: July 2021
Your Privacy and the security of your personal data/information are very important for the whole of Tod's Group, and that is why we use the utmost care in collecting and processing the personal data you will provide us or that we automatically collect when you visiting our Website, adopting specific provisions in order to ensure the security, confidentiality and integrity thereof, in compliance with Regulation (EU) 2016/679 (from here on, the Regulation).
Whenever, during the visit of our Website, we will ask you disclose us your personal data, we shall provide you with additional information on such processing., in order to be able to decide if proceed with the communication of your personal data.
The Data Controller of your personal data, which will be processed for the purposes described in the following section, is Tod’s S.p.A. (hereinafter referred to as “Tod’s”, “we”, “us” or “our”), having its registered office in Via Filippo Della Valle, 1, Sant’Elpidio a Mare, (FM) - Italy (EU).
Whenever, concerning specific data processing purposes:
i. we shall act as Joint-Controller with a third party;
ii. third parties shall act as Data Controller;
iii. we shall subject to complementary law requirements or exceeding the Regulation
we shall provide you with all the due information.
When you navigate the Site, your personal data will be collected either automatically or when you are asked to provide them to access certain areas of the Site.
• Data Collected Automatically from the Site
Web Surfing Data – Data acquired by computer systems and software procedures involved in the normal operation of the Site and transmitted as part of the communication protocols of the Internet.
This refers to information that, although not collected to identify you, by its very nature could lead to your identification if it were to be processed and combined with the data held by third parties. This type of data includes IP addresses or domain names of computers used for browsing and that connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and IT environment.
This data will not be disseminated but used for the sole purpose of obtaining anonymous and aggregate data on the usage of the Site and to check its correct functioning and will be retained for the time defined by the relevant legal regulation. The data could, however, be used to ascertain liability in case of possible computer crimes against the Site. Except in the latter case, the data will not be kept for more than fifteen days.
Geolocation Data -Data relating to your physical location that is acquired by the built-in search system of the Site to obtain appropriate search results, such as the location of the nearest boutique. This data is collected only if it is used and if you provide your consent (for example when you are looking for the boutique nearest to you through our dedicated feature).
• Data You Voluntarily Provide
So you can avail of the various services offered by the Site, we will ask you, depending on the service in question, to provide us your personal data, such as your personal data, contact information (telephone numbers, email accounts, home or residence address, etc.), data relating to the payment method, information on purchases and transactions, and others. Providing us your data is entirely voluntary but in some cases failure to do so will prevent us from providing the relevant service.
We shall not handle, in any way, your payment information (i.e. your credit card number).
We would like to point out that the protection of children's safety and privacy is very important to the Tod's Group. Therefore, we do not intend to collect and voluntarily use the personal data of individuals below the age of sixteen (16), or below any other minimum legal age limits in force in your country of residence. Consequently, we ask that you refrain from providing us with any personal data if you are below 16 years of age or if you are not of legal age in your country of residence.
We will collect and process your personal data, always in compliance with the principles of lawfulness established by the law in force, to enable us to:
Marketing activities can be done by sending newsletters, or through promotions, discounts, incentives, commercial information and other related means, by mail, phone call, direct sales, messaging platforms, email, automatic voice calls, text messages and/or MMSs.
In this context, we might also process your personal data to invite you to shows and events, ask you to participate in market research or to report on special initiatives dedicated to TOD'S Group customers, in the manner and period we believe to be most effective for any of the various initiatives mentioned.
Customer profiling can be conducted by analysing your interests and preferences regarding our products and services, as well as your shopping habits. For example, by understanding the type and frequency of your purchases on our online store when you shop using your personal account or as a "guest,” as well as in our boutiques, we are be able to guarantee a personalized service in your future visits to the TOD'S Group boutiques.
If you also have consented to processing your personal data for marketing purposes, we will be able to send you promotional information and/or invitations to initiatives that fit best your profile, preferences and expectations as a shopper.
We will process your personal data by means of telematic, paper and computer tools, and such processing will be based on the principles of fairness, lawfulness, and transparency to protect your rights and privacy.
In particular, the processing of your data, also for purposes of customer profiling, may be automated, for example through a comparative analysis of your purchases (types, quantities, frequency, timing etc.), and through the analysis of the type and number of your requests for product information within a given timeframe.
We will process your personal data in a manner that will minimize the risk of destruction, loss, and unauthorized access to your data or any unauthorized or non-compliant processing.
We will not disseminate your personal data.
Whenever we need to transfer your personal data outside the European Economic Area (EEA), we shall take place in accordance with data protection laws in force.
Either way, we shall transfer your personal data in non-EU Member States, only if the it is possible guarantee that the data protection level ensured by the Regulation is not compromised.
In the event that we have to transfer your personal data to entities outside the European Economic Area (EEA), such as to companies of the Tod's Group and/or to third parties that perform technical and organizational tasks on our behalf, again consistent with the purposes for which your data has been collected and processed, we will do so only if it is possible to guarantee the same level of data protection as that in the European Union (EU).
We shall transfer your personal data towards a country outside the European Economic Area (EEA), that does not possess an European Commission's adequacy decision, by means of at least one of the follow cross-border transfer mechanisms, that the Regulation recognizes be able to ensure an adequate protection of the personal data:
We also undertake to carry out, in accordance with laws in force, any possible prior risk assessment concerning the data transfer; adopting, if necessary, any additional security measures, complementary to the safeguards guaranteed by the aforementioned transfer mechanisms.
In the absence of an adequacy decision pursuant to art. 45(3), or of appropriate safeguards pursuant to art. 46 of Regulation, including binding corporate rules, we may transfer your personal data if:
You may contact our Data Protection Officer (DPO) at the email addresses below detailed, to receive additional information on the protection of your personal data in the event it is transferred to countries outside the EEA.
In any case, your personal data shall only be processed by parties being duly instructed and able to provide adequate technical and organizational safeguards, as well as bound to the strictest confidentiality by us.
We will process your personal data at different times depending on the purpose. At any event, we will retain your personal data only for the period strictly necessary to achieve the purpose for which it was collected and processed, except when specific provisions of the law require longer retention periods.
The processing and storing of your personal data will be:
You have the right to know which of your personal data we have stored and which ones are being processed, to request to update or correct it, as well as in cases provided for by the law, to delete it, and to restrict or object to the processing even after you have provided your explicit consent. You may also request your personal data to be delivered in electronic format to a third party of your choosing.
You may at any time email the Data Protection Officer (DPO) at email@example.com to exercise the following rights provided for by the Regulation regarding the specific processing activities we conduct. Specifically, you have the right to:
a) request access to your personal data, as well as receive information about the purposes of the processing, types of data processed, parties or types of parties your data will be disclosed to, the expected retention period, and application, if any, of customer profiling techniques and automated decision-making processes;
b) request to correct your personal data, as well as update any information relating to you, though in some cases you will be asked to verify first the new data that you provided us.
c) request to delete or remove your personal data when its processing is no longer necessary, when you wish to exercise your right to object to its processing and there are no other legal basis to retain said data, if we have violated any laws related to said processing, or if we are required to delete your personal data to comply with a specific regulatory provision. Please note that due to some legal constraints beyond our control, we may be prevented from satisfying your request at all or to its full extent. In those cases, you will be informed promptly of the reasons behind our complete or partial inability to comply with your request.
d) request to object to the processing of your personal data or terminate in any way the processing according to your wishes. We would like to point out that should we accommodate such request, there may or may not be a lawful basis for doing so.
If you had given your explicit consent to the processing, we will comply with your request to terminate the processing within the time frame set by the Regulation.
Further, you may also withdraw your consent to processing for marketing and/or customer profiling purposes by emailing the DPO as indicated above, or even do so directly from your personal account (if activated) on the Site. Withdrawing your consent does not negate the legitimacy of the processing you had previously consented to.
We also would like to highlight that withdrawing your consent could prevent us from providing certain services or products in the Site and in the boutiques of the Tod’s Group. In those cases, we will alert you so you can fully evaluate the effects of withdrawing your consent.
Finally, if the processing is performed based on our legitimate interests or that of third parties, we reserve the right to evaluate the reasons for your request. If the purposes of processing legitimately override your interests, rights, and freedoms, or if it is necessary for us to process such data to file a claim, execute legal actions, or defend ourselves in court, we will have to reject your request and let you know of the reasons for such a decision.
e) request to restrict or suppress the processing of your personal data in the following cases:
i. if you request us to verify the accuracy of your data;
ii. if the data has been unlawfully processed and you prefer to restrict the processing rather than delete your data;
iii. if you want us to retain your data even if we no longer have to so you may establish, exercise, or defend a legal claim;
iv. if you object to the processing but we have to retain your data to ascertain if our legitimate interests override yours.
f) request to receive your personal data or provide them to a third party of your choosing in a structured, commonly used, machine-readable format. This will be carried out only if it is technically possible to do so, if your personal data was processed by automated means, and if the processing was based on your consent or the performance of a contract.
When processing your request, we reserve the right to ask you in ways we deem appropriate for specific information to help us confirm your identity and be reasonably certain that only you can access your personal data and no unauthorized third party can obtain them.
We are committed to accommodating and following up on your request to exercise one or more rights, where possible, within a month of receiving it. Occasionally, but always in compliance with the terms set by the law, we might take longer to process the request if it is particularly complex or if you have submitted several other requests. In those cases, we will let you know and keep you posted.
The processing of your request is free of charge.
However, if your requests are manifestly unfounded, excessive, or repetitive in nature, we reserve the right to:
a) ask you to pay a reasonable fee based on the administrative costs incurred to action your request;
b) refuse to comply with your request.
Finally, you may decide at any time to file a complaint with the Supervisory Authority if you believe that one or more of your rights or any rules of the Regulation have been violated.
You may exercise these rights at any time, by writing to our Data Protection Officer (DPO) to the following addresses:
We shall not discriminate against you, neither in service nor in price, if you exercise your privacy rights; any existing relationships with the Tod’s Group shall not be affected.
You can also contact the DPO to request further information or clarification, or to obtain specific information about who is authorized to access your personal data.
We therefore ask that you to visit this page periodically.
We may also need to contact you, if legally required, to obtain your consent and allow you to continue to use the services of the Site.