PRIVACY POLICY
INTRODUCTION www.ln-cc.com is a site property of LN-CC AC Limited with registered office in 6th floor, One London Wall, EC2Y 5EB London and operated by LN-CC Italia S.r.l with registered office in Italy at Piazza Arcole, 4 - 20143, Milan, business register number, tax code and VAT number IT09727710965. LN-CC ("We") are strongly committed to protecting and respecting your privacy. PRIVACY POLICY This Privacy Policy provides users of us.ln-cc.com (the “Site”) with the fullest possible details on the processing by the Site of their personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Italian legislation on the protection of personal data. In accordance with the applicable legislation, this Privacy Policy also provides details on: - The nature of the personal data processed (as defined below) - The purposes and means of the processing of personal data - The identity and contact details of the controllers - The contact details of the Data Protection Officer (DPO); - Any third parties involved in the processing operations; - The period the personal data will be stored - A brief description of the security measures adopted to protect personal data - The existence of the data subject’s right to request from the controller access to and rectification or erasure of his/her personal data, right to limit the processing of the data concerning him/her or to oppose their processing, and the right to the portability of user data This Privacy Policy applies to the Site only and does not concern any website or platform to which the Site may link. Users under the age of 14 (fourteen) are unable to give consent to the processing of personal data without the authorization of the holder of parental responsibility. CONTROLLER PURSUANT TO THE GDPR, THE CONTROLLER IS THE NATURAL OR LEGAL PERSON WHICH, ALONE OR JOINTLY WITH OTHERS, DETERMINES THE PURPOSES AND MEANS OF THE PROCESSING OF PERSONAL DATA. WHERE TWO OR MORE CONTROLLERS JOINTLY DETERMINE THE PURPOSES AND MEANS OF PROCESSING, THEY ARE JOINT CONTROLLERS. THE JOINT CONTROLLERS RELATING TO THE ACTIVITIES OF THE SITE ARE: LN-CC Italia S.R.L., Piazza Arcole 4, 20143 Milan, Italy; contact: privacy.ln-cc@thelevelgroup.com THE LEVEL GROUP S.R.L., Piazza Arcole 4, 20143 Milan, Italy; contact details: privacy@thelevelgroup.com (the “Joint Controllers”). A Data Protection Officer has been designated to ensure that personal data is processed in accordance with the GDPR. The Data Protection Officer may be contacted for any request at the following email address: dpo@thelevelgroup.com Regarding the processing of personal data relating to marketing and profiling activities, LN-CC will act as the sole controller, while The Level Group S.r.l. will carry out data processing activities as the processor on behalf of LN-CC. PERSONAL DATA: PURPOSE OF THE PROCESSING The term “personal data” means any information relating to users of the Site, including data that identify them personally, alone or in combination with other information. Personal data are collected automatically through the Site or received through multiple sources: forms, chats, emails, apps, devices, social media and other means. The Joint Controllers process personal data in connection with the following activities: MANAGING SITE BROWSING The Joint Controllers collect browsing data (which, according to the GDPR, do not fall under the special categories of data) using automatic means to enable and improve the user’s browsing of the Site (e.g. IP address, date/time of the visit and relative duration, any referring URLs, pages visited on the Site, device used and other information). The processing of such personal data allows users to access the Site and make full use of its features and services. Browsing data may also be used to ensure the Site is functioning properly. From time to time, browsing data are processed anonymously for statistical purposes. Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of data subjects if associated with other information. The browsing data described above are stored only temporarily in accordance with applicable regulations. The legal basis for the processing of personal data in this case is the legitimate interest of the controller. MANAGING ORDERS At the time of verification, the Site will ask users to provide personal data for the essential purpose of ensuring the management of orders and complying with existing contractual obligations with users (the data processed include, but are not limited to, first name, last name, email address, delivery address). These personal data are also necessary to allow customer service to assist customers with any requests or questions before or after the sale (e.g. concerning the delivery status of the order or returns of products). Personal data relating to orders are kept for as long as necessary to fulfil contractual obligations and any accounting and tax obligations. The Joint Controllers may also verify that payment instruments used by customers for purchases on the Site (e.g. credit or debit cards, etc.) are valid, mainly to prevent fraud or to fulfil statutory anti-money laundering obligations. Since this activity is delegated to duly authorized third parties, the Joint Controllers do not process or store financial information relating to customers and payment instruments. Failure to transmit/provide the personal data requested at checkout will prevent users from completing an order on the Site. The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party). Based on their legitimate interest (Article 6(1)(f) of the GDPR) in improving customer relations, the Joint Controllers will send customers who have made purchases on the Site email communications containing product suggestions, discounts, requests for feedback or other updates. Customers are free to object to any further email communication at any time (e.g. by clicking on the “unsubscribe” link at the foot of each email). REGISTERING AN ACCOUNT ON THE SITE When users decide to create and register a personal account on the Site, they are asked to provide personal data (e.g. date of birth, gender, etc.). The Site clearly indicates which personal data are (or are not) required to set up an account on the Site. Users must provide true and accurate personal data at the time of registration and are encouraged to keep their personal data up to date by accessing their personal account to make any necessary changes. Users who choose to activate or access their account on the Site through social media must be aware that when they connect their Site account to a social media account, the Site collects certain personal data the user has already provided to that social media platform (e.g. email address and public profile on Facebook). The Joint Controllers do not monitor or manage these social media services or user profiles on these social media services, nor do the Joint Controllers establish the personal data protection settings or the rules regarding the methods of use of personal data on these social media platforms (Facebook, Twitter, or other). Users are strongly encouraged to read any information published by the managers of these services concerning the protection of personal data to obtain further information on the methods of processing personal data through these channels. The legal basis for the processing of personal data in this case is the data subject’s consent given at the time of registration (Article 6(1)(a) of the GDPR). NEWSLETTERS AND MARKETING COMMUNICATIONS Site users can opt to receive newsletters and marketing communications. The Joint Controllers collect users’ freely given, express, and unequivocal consent before sending them newsletters and marketing communications or, more generally, before undertaking dedicated marketing initiatives. In these cases, in addition to their email address, users may be asked to provide personal data (e.g. gender, country of residence, etc.) to receive marketing communications and newsletters tailored to their user profile. Users may at any time withdraw their consent to receive newsletters and marketing communications: - In their account settings - By clicking on the “unsubscribe” link at the bottom of an email - By contacting our customer service representatives. The legal basis for the processing of personal data in this case is the data subject’s consent to the processing of his/her personal data.