Privacy Policy

This Privacy Policy provides to the users of this website (the “Site”) with the fullest possible details on the processing by the Site of their personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Italian legislation on the protection of personal data. In accordance with the applicable legislation, this Privacy Policy also provides details on:

• The identity and contact details of the controllers;

• The contact details of the data protection officer (DPO);

• The purposes, the lawful basis and means of the processing of personal data;

• A brief description of the security measures adopted to protect personal data;

• The right of data subjects to request from the Data Controllers access, rectification or deletion of their personal data or the limitation of processing, or the right to object to the processing of personal data, as well as the right to data portability.


This Privacy Policy is valid only for this Site and does not apply to any website or platform to which the Site may link.


A. DATA CONTROLLER, DATA PROCESSOR AND DATA PROTECTION OFFICER


Pursuant to the GDPR, the controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers.

The joint controllers relating to the online sales and the customer service are:


• Harmont & Blaine S.p.A.., STRADA STATALE 87 KM.16,460 ZONA A.S.I- 80023, Caivano (NA), Italy; contact: privacy@harmontblaine.com


• The Level S.R.L., Piazza Arcole 4, 20143 Milano (MI), Italy; contact: privacy@thelevelgroup.com


The two Companies, indicated above, act as Joint Controllers for the purposes of:

• Managing orders and any related Site features

• Customer service

Each Joint Controller has a Data Protection Officer to ensure that personal data is processed in accordance with the GDPR.The Data Protection Officer of The Level S.R.L. may be contacted for any request at the following email address dpo@thelevelgroup.com.
Der Datenschutzbeauftragte von Harmont & Blaine S.p.A. kann bei Fragen unter der folgenden E-Mail-Adresse kontaktiert werden: dpo@harmontblaine.com.
Harmont & Blaine S.p.A. act as the only Controller regarding the following purposes:

• Management of the browsing data

• Site registration and related functionalities on the Site

• Newsletter and marketing

• Profiling activities

• Soft-spam

• Cookie

• Statistical purposes


B.PERSONAL DATA, PURPOSE OF THE PROCESSING, LAWFUL BASIS, DATA RETENTION


The term “personal data” means any information relating to users of the Site, including data that identify them personally, alone or in combination with other information.Personal data are collected automatically through the Site or received through multiple sources: forms, chats, emails, apps, devices, social media and other means.


1. MANAGEMENT OF THE BROWSING DATA
The Controller (Harmont & Blaine) collects browsing data using automatic means to enable and improve the user’s browsing of the Site (e.g. I.P. address, date/time of the visit and relative duration, any referring URLs, pages visited on the Site, device used and other information).The processing of such personal data allows users to access the Site and make full use of its features and services. Browsing data may also be used to ensure the Site is functioning properly. From time to time, browsing data are processed anonymously for statistical purposes.
Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of data subjects if associated with other information. The browsing data described above are stored only temporarily in accordance with applicable regulations. The legal basis for the processing of personal data in this case is the legitimate interest of the Controller (art. 6 par. 1 lett. f) GDPR). The personal data are processed for the time necessary to achieve the purpose of the processing plus any additional period required by law. When there is a legal obligation browsing data may also be communicated to the Public Authorities for the investigation of criminal offences (art. 6 par. 1 lett. c) GDPR).


2. MANAGING ORDERS
At the time of purchase, the Site will ask users to provide personal data for the essential purpose of ensuring the management of orders and complying with existing contractual obligations with users (the data processed include, but are not limited to, first name, last name, email address, delivery address etc.).
These personal data are also necessary to allow customer service to assist customers with any requests or questions before or after the sale (e.g. concerning the delivery status of the order or returns of products).
The Joint Controllers may also verify that payment instruments used by customers for purchases on the Site (e.g. credit or debit cards, etc.) are valid, mainly to prevent fraud or to fulfil statutory anti-money laundering obligations. Since this activity is delegated to duly authorized third parties, the Joint Controllers do not process or store financial information relating to customers and payment instruments.
Failure to transmit/provide the personal data requested at checkout will prevent users from completing an order on the Site.
When there are the requirements to obtain the return, any return request will be managed by authorization for a refund using the same payment method. When the cash on delivery has been chosen, the IBAN detail will be requested to make the refund via bank credit.
The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party).Personal data relating to orders are kept for as long as necessary to fulfil contractual obligations and any applicable accounting and tax obligations. The provision of data is necessary to complete the purchase.

2.1. CLICK&COLLECT
At the time of purchase on the Site the registered user will be able to choose between the home delivery or in-store collection. When the user choose the in-store collection will receive via mail the collection instructions. The provision of data is necessary in order to deliver the service. The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party). Personal data relating to orders are kept for as long as necessary to fulfil contractual obligations and any applicable accounting and tax obligations.


2.2. RESERVE&COLLECT
Through the Site it is possible reserve a cloth and go to the selected Harmont & Blaine Store to complete the purchase. The provision of data is necessary to the achievement of the purpose described here. The legal basis for the processing of personal data in this case is the execution of pre-contractual measures (Article 6(1)(b) of the GDPR). The availability of product’s reservation is 48 hours. At the end of 48 hours from the request the personal data for this purpose will be deleted


2.3. RETOURE IN DER FILIALE
It is possible to return the product purchased on the Site directly to the Store. If the return requirements are met, any return request will be handled by authorisation for reimbursement by the same method of payment. If cash on delivery has been chosen, the IBAN detail will be requested in order to make the refund by bank credit. The provision of data is necessary for the achievement of the purpose described herein. The legal basis for such processing is the performance of the contract to which the data subject is party (Art. 6, point 1. b) of the GDPR). Personal data will be stored for as long as necessary to fulfil contractual obligations and any accounting and tax obligations.


3. REGISTRIERUNG AUF DER WEBSITE

When users decide to create and register a personal account on the Site, they are asked to provide personal data (e.g. date of birth, gender, etc.). The Site clearly indicates which personal data are required (or not) to set up a Site account. Users must provide true and accurate personal data when registering, and are encouraged to keep their personal data up-to-date by logging into their personal account to make any necessary changes.
Users who choose to activate or access their account on the Site via social media should be aware that when they link their Site account to a social media account, the Site collects certain personal data that the user has already provided to that social media account (e.g. email address and public profile on Facebook).
The Data Controller (Harmont & Blaine) does not oversee or manage such social media services or your profiles on such social media services and does not set the data protection settings or rules on how personal data is used on such social media (Facebook, Twitter or others). Users are strongly advised to read any data protection policy regarding social media services published by the operators of such services to obtain further information on how personal data are processed through such channels. Failure to provide the required personal data will prevent users from completing account creation on the site. In this case, the legal basis for the processing of personal data is the performance of a contract to which the data subject is a party (Art. 6(1)(b) of the GDPR).
By registering to the Site you can take advantage of the functions set out below. The personal data processed for the purpose of managing an account on the Site will be retained until the user closes his or her account, without prejudice to further retention for the fulfilment of legal obligations.


3.1. NOTIFY ME WHEN THE PRODUCT IS BACK IN STOCK
To take advantage of the Back in stock service, the user must provide his or her email address in order to be notified when the desired product becomes available again on the e-commerce site. The provision of data is necessary to use the service. The legal basis for the processing of personal data is the execution of pre-contractual measures at the request of the data subject (Art. 6, point 1. b) of the GDPR). Personal data for this purpose will be processed until the product becomes available again.


3.2. SHOPPING CART ABANDONMENT
Der registrierte Benutzer kann die Produkte, die er kaufen möchte, in den Warenkorb legen. Rechtsgrundlage für die Aufnahme der zu kaufenden Produkte in den Warenkorb ist die Durchführung der vorvertraglichen Maßnahmen und des Vertrags (Art. 6 Abs. 1 lit. b). Die Bereitstellung von personenbezogenen Daten ist erforderlich, um die Daten im Warenkorb zu speichern. Die in den Einkaufswagen gelegten Produkte bleiben 30 Tage lang sichtbar und verfügbar. Solange der Nutzer den Kauf nicht abgeschlossen hat, kann er E-Mail-Benachrichtigungen erhalten, die ihn an die Möglichkeit erinnern, einen abgebrochenen Kaufvorgang abzuschließen. Die Rechtsgrundlage für die Zusendung von Benachrichtigungen ist das berechtigte Interesse des für die Verarbeitung Verantwortlichen an der Steigerung des Absatzes (Art. 6 Abs. 1. lit. f) DSGVO). Der Nutzer kann einer solchen Verarbeitung jederzeit widersprechen, indem er seine Rechte gemäß Art. 21 der DSGVO ausübt. Die Bereitstellung von personenbezogenen Daten erfolgt freiwillig.


3.3. WUNSCHLISTE
The registered user may place products he/she wishes to purchase in the shopping cart. The legal basis for the insertion of products that are intended to be purchased within the shopping cart is the execution of pre-contractual measures and the contract (Art. 6, point 1. letter b). The provision of personal data is necessary in order to save the data within the shopping cart. Products placed in the shopping cart remain visible and available for 30 days. During this time, as long as the user does not complete the purchase, he/she may receive e-mail notifications reminding him/her of the possibility of completing an interrupted purchase. The legal basis for sending the notifications is the legitimate interest of the Controller in increasing sales (Art. 6, point 1. lit. f) of the GDPR). Users may always object to such processing by exercising their rights under Article 21 of the GDPR. The provision of personal data is optional.


3.4. BOOKING AN IN-STORE APPOINTMENT
Appointments can be booked via the Site. When booking you may be asked to provide the content of your request in advance. The provision of data is necessary for the execution of the requested service . The legal basis for the processing of personal data is the execution of pre-contractual measures at the request of the data subject (Art. 6, point 1. b) of the GDPR). Personal data will be processed for as long as the appointment is not made, except for further storage to fulfil legal obligations .

4. HELP/INFORMATION REQUEST
For help or to request information, the user may get in touch either by sending an email to the address shown on the Site customerservice@harmontblaine.com, or by using the "Contact Us" section, or by using the specific chat on the Site, and will need to provide certain personal data, such as: name, email address. These data are compulsory, so without them Joint Controllers will not be able to provide the help requested. Additional optional data (such as telephone number) may also be provided: failure to provide such data may prevent Joint Controllers from providing assistance appropriate to the user's requests.
Failure to transmit/provide the personal data requested will prevent users from completing the request management. The personal data will be processed for the time necessary to manage the request, as well as for any further period required by law.


5. NEWSLETTER AND MARKETING COMMUNICATIONS
Site users can opt to receive newsletters and marketing communications. In this case Harmont&Blaine acts as Controller and The Level S.r.l. acts as Processor.
The Controller may use traditional means of contact (ordinary mail and telephone calls via an operator) and/or digital and automated means (telephone calls without an operator, email, SMS, WhatsApp).
Users may at any time withdraw their consent to receive newsletters and marketing communications:


• in their account settings;

• by clicking on the “unsubscribe” link at the bottom of an email;

• by contacting our customer service or by writing privacy@harmontblaine.com


The use of data for this purpose is optional and free of charge (as this is based on consent that the user may or may not choose to give) and can only take place where personal data and related consent are provided. In any event, refusal to provide personal data for this purpose shall not prevent the user from using the services on the Site or making purchases. The legal basis for the processing of personal data in this case is the data subject’s consent to the processing of his/her personal data (Article 6(1)(a) of the GDPR). The personal data will be kept for seven years from the date you gave your consent, unless previously revoked. The withdraw can occur at any time without affecting the lawfulness of the processing based on the consent given before the revocation. In order to send commercial communications in the language of data subject, the Controller may also process the data relating to nationality (if this data was provided during the registration).


6. PROFILING
Profiling is the analysis and the study of the behaviour of registered users in order to send personalized commercial communications and for the improvement of their customer experience. To personalize communications and the customer experience, in addition to actual purchasing behavior, the use of the functions on the Harmont & Blaine S.p.A Site are also taken into consideration.
The personal data collected, subject to the acquisition of consent, will be used to analyse the user's behaviour on the Site, interests, preferences and buying habits, and to create individual or aggregate profiles based on them, to understand how to provide a better service, including to offer a better shopping experience ("profiling"). The main purpose of profiling is to personalise the shopping experience and propose products, services and initiatives that are more in line with users' tastes, shopping habits and interests.
At this juncture, the legal basis for the processing of personal data is the consent of the data subject to the processing of his or her personal data - Article 6(1)(a) GDPR. Personal data will be processed for up to seven years from the date of giving consent, unless revoked earlier. Revocation may occur at any time and is without prejudice to the lawfulness of the processing prior to the aforementioned revocation.


7. SOFT-SPAM
The email address collected when a product is purchased will be used to promote products similar to those that were initially purchased.
The use of data for this purpose is optional and free of charge. In any event, refusal to provide personal data for this purpose shall not prevent the user from using the services on the Site or making purchases.
The legal basis for such processing is the legitimate interest of the Data Controller, pursuant to Article 130(4) of Legislative Decree No 196 of 30 June 2003, as last amended by Legislative Decree No 108 of 10 August 2018. This is without prejudice to the possibility for the data subject to object to such processing at any time. Personal data will be processed as long as the data subject does not object to the processing.


8. COOKIE

For information on coookies used on the Site, click on the following link: Cookie Policy


9. STATISTICAL PURPOSES Users' personal data may be processed for clustering and statistical purposes to enable the company to identify customers/users with similar characteristics. The legal basis for the processing is the legitimate interest in increasing its customer base (Art. 6 para. f) GDPR). The provision of data is optional and the user may object to the processing at any time in accordance with Art. 21 GDPR. If profiling cookies are used for such processing, the legal basis is the consent of the person concerned given on the appropriate banner when landing on the Site, for further details please refer to the Cookie Policy.

10. FURTHER PURPOSE OF PROCESSING This is without prejudice to the possibility for both Companies, as joint data controllers (and for Harmont & Blaine S.p.A. as autonomous data controller), to process personal data in compliance with legal obligations and/or for the exercise of rights in or out of court. For the fulfilment of legal obligations the legal basis of the processing is Art. 6 par. 1 lett. c) RGPD. For the exercise of rights the legal basis is legitimate interest (Art. 6 para. 1 lit. f) GDPR). The retention time for the fulfilment of legal obligations is determined from time to time by the provisions of the law, for the exercise of rights the retention time is that necessary to assert one's right in or out of court.

C. SHARING AND TRANSFER OF PERSONAL DATA


The personal data may be communicated to suppliers, as data processor (“Processor”), in order to carry out the necessary activities in relation to the above mentioned purposes (e.g. payment, delivery etc.).

For example, the personal data may be shared with the following categories of Processors:


• Courier services and postal operators;

• Fulfilment centres and warehouses;

• ICT service providers;

• Customer support service providers;

• Telecommunication services providers (email, sms);

• Payment service providers.


Users, for the purposes where the Companies are Joint Controllers, may obtain information about the categories of recipients to whom the personal data have been or will be disclosed by sending an email to: privacy@thelevelgroup.com or dpo@thelevelgroup.com richten.
The Joint Controllers are required to share personal data with third parties where strictly required by law and where necessary to protect the rights of the Joint Controllers, related parties, or third parties.
Personal data may also be disclosed to other companies within the same group of companies to which each of the Joint Controllers belong or to third parties in the event of a company reorganization procedure, in full compliance with applicable law.
In all other cases, the sharing of personal data is subject to users’ prior express consent, unless the processing is permitted on the basis of another legal basis.
For management of the browsing data and cookie, registration on the Site and any related Site features, , newsletter and marketing, profiling activities, soft-spam, statistical purposes, Harmont & Blaine, acting as Data Controller, may be shared the personal data with its suppliers that are acting as Data Processor. Users, for the purposes where the Companies are Joint Controllers, may obtain information about the categories of recipients to whom the personal data have been or will be disclosed by sending an email to: privacy@harmontblaine.com senden.
The personal data in relation to the above mentioned purposes may be shared with countries that are be found outside the European Economic Area (EEA). In particular the personal data may be shared in the United States. This transfer is done in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR. The transfer of data to the United States is in compliance with the Decision 2023/4745/EU with Recipient, who have joined the Data Privacy Framework. Any further data transfers outside the EEA will be done by the Harmont & Blaine’s provider with its Binding Corporate Rules, always in accordance with and within the limits provided for by the applicable legislation, particularly Articles 44 et seq. of the GDPR. For the payments the data are processed directly by the payment’s provider. There are different payment methods provided by different providers. At the time of purchase it’s possible select the payment method you deem most appropriate among those accepted by the Joint Controllers.

D. PROCESSING METHODS AND SECURITY MEASURES


Users’ personal data are processed using information technology, automated and electronic tools and, in limited cases, paper means. In compliance with the GDPR, specific security measures have been implemented to prevent data loss, unlawful or improper use of and unauthorized access to data.
Only the persons authorized or the providers acting as Processors have access to personal data relating to the activities of the Site. Instructions and security measures have been defined in agreements or when appointing the Processors to ensure that the level of security required by the GDPR is ensured at all times during the processing of personal data for Site activities..
While security measures have been adopted in Site settings and processing operations to prevent the loss, destruction or dissemination of personal data, the security risks associated with the online transmission of data cannot be excluded.


E. THIRD PARTY ADVERTISERS AND LINKS TO OTHER WEBSITES


The Site may display banners, advertisements and other links to third-party websites or platforms. The Joint Controllers have no control over and are not responsible for the conduct of these third-party websites and platforms in relation to data protection legislation. Users are encouraged to read the data protection policies of third-party websites for information on their personal data collection and storage or processing procedures.


F. MINORS


The protection of minors online is a fundamental element of the Joint Controller's corporate policy. By purchasing or subscribing to the newsletter or by giving consent to marketing and/or profiling on the Sites, the User declares that he/she has reached the age of majority according to the legislation of his/her country of residence.


G.RIGHTS OF DATA SUBJECT


Under the GDPR, users, as data subjects, also have the right to:


• be informed about the collection and use of personal data concerning them;

• obtain from the confirmation as to whether or not personal data concerning them are being processed, and, if so, obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing;
f) the right to lodge a complaint with a supervisory authority (in Italy: Garante per la protezione dei dati personali – Personal Data Protection Authority);

• obtain the rectification or completion of inaccurate or incomplete personal data;

• obtain the erasure of their personal data (“the right to be forgotten”);

• receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (“right to data portability”);

• object at any time to the processing of personal data concerning them for the purposes of “profiling” or “automated decision-making processes”;

• object, under specific conditions, to the processing of personal data concerning them (for more details see the next paragraph);

• withdraw, at any time, their consent to the processing of their personal data, where requested and given, without affecting the lawfulness of processing based on consent before its withdrawal;

• lodge a complaint with the competent Italian supervisory authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187, Rome (RM), Italy;


Users may contact the Joint Controllers with any queries and to exercise their data protection rights at the following email addresses: privacy@thelevelgroup.com , dpo@thelevelgroup.com.
For the following purposes:

• Management of the browsing data

• Registration on the Site and any related Site features

• Newsletter and marketing

• Profiling activities

• Soft-spam

• Cookie

• Statistical purposes


users may contact Harmont & Blaine with any queries and to exercise their data protection rights at the following email address: privacy@harmontblaine.com

H. RIGHT TO OBJECTS


In compliance with Article 21 paragraph 1 and 2 GDPR for processing based on legitimate interest or for marketing purposes, you are the right to object which can be exercised by writing to privacy@harmontblaine.com,wenden. WYou can write to this email address in order to stop commercial communication from the Data Controller. In addition, to unsubscribe from the newsletter service or stop receiving marketing communications, click on the "unsubscribe" link at the bottom of each communications you receive, at any time. In order to object marketing call you can be registered at Italian registry of oppositions (“Registro delle Opposizioni”) (https://registrodelleopposizioni.it/cittadino/).


I. CHANGES TO THIS PRIVACY POLICY


Any future changes to this Privacy Policy will be posted on the Site and, as required, notified to users by email. Users are encouraged to consult this Privacy Policy frequently to check for any updates or changes.

Date: 24/04/2024