Privacy Policy
USER GENERATED CONTENT (“UGC”)
- The natural and/or the legal person that has directly or indirectly (also by sending special hashtags) authorised the communication and/or publication or diffusion of that person’s own contribution, in any form or of any kind and on any media (including, without limitation: images, photographs, videos, sounds, music, texts, writings and works of any kind) by GC S.r.l. (the “Assignor”), assigns to the latter any and all rights of economic exploitation in perpetuity, irrevocably, non-exclusively, free of charge and free from any royalties, including rights associated with copyright and the related rights pertaining to such contributions (hereinafter “Authorised Contributions"), together with the sub-license right. The Assignor specifically acknowledges, for this purpose, that GC S.r.l. has an absolute right to use the Authorised Contributions, to decide when to use them or to remove them, as GC S.r.l. and its successors are the only parties entitled and competent to this end, without time restrictions. These rights are granted worldwide for any use and economic exploitation whatsoever. All the Authorised Contributions shall be deemed not to be confidential. Accordingly, GC S.r.l. will be entitled: to use, copy, distribute, reproduce, assign, exploit, alter, process, transform, store on databases, make cuts, changes and/or additions, insert or replace comments and/or disclose to third parties such Contributions, for any purpose whatsoever and according to advertising and/or commercial modalities and choices that GC S.r.l. and/or its successors consider appropriate (for example, without limitation, by the reproduction and publication of the Contributions through Facebook and Instagram social media channels, in brochures, magazines, albums, collections, products, etc., also for commercial initiatives). To this end, the Assignor also authorises and allows GC S.r.l. and its successors to directly or indirectly combine/associate the Authorised Contributions with the commercial and promotional initiatives, the image and the distinguishing marks of GC S.r.l. and/or with its successors (without prejudice to the Assignor's moral rights).
- The Assignor guarantees to have the relevant rights and the legal capacity to ensure compliance with these General Terms and Conditions of Use in its own jurisdiction, and that the contribution is an original and exclusive work, and that:
- it was not derived from any third party’s work without the consent of that third party;
- it does not and cannot infringe, in any manner, copyrights, registered trademarks or other intellectual or industrial property rights of third parties;
- it does not and cannot infringe, in any manner, the personal or property rights of third parties, as any necessary authorisation and/or special consent to the foregoing has already been received from any third parties (or from the relevant parties exercising authority) involved on any basis in the contribution;
- it does not infringe any provision of law, including (without limitation) the provisions of Law No. 633/1941 as amended, of Legislative Decree 30/2005 (Industrial Property Code) as amended, of Legislative Decree 196/2003 (Personal Data Privacy Code), as amended, and of EU Regulation 679/2016;
- it is not obscene, racist, discriminatory, or otherwise contrary to public order or public morals;
GC S.r.l. and its successors will also be entitled to communicate the identity of the Assignor to any third parties who maintain that the Authorised Contributions represent an infringement of their intellectual property rights and/or of their rights of confidentiality.
3. GC S.r.l. and/or its successors cannot be held responsible for any infringement of the rights of the Assignor and/or of third parties arising directly or indirectly from the use, in any form or manner whatsoever, of the Authorised Contributions, in terms of contractual or non contractual liability (including, without limitation, for negligent conduct or violation of law) involving: i) pecuniary loss (including, for example, actual pecuniary loss, loss of earnings, lost profits (anticipated or otherwise), lost contracts, lost business, lost opportunities or lost expected savings); ii) loss of reputation; iii) consequential or indirect loss incurred by the Assignor or by third parties.
4. The Assignor accepts that it is responsible towards GC S.r.l. and/or its successors and that it will indemnify the latter for any costs, direct and indirect damages, expenses, losses, including any legal expenses and fees and costs related to any claim and/or application and/or action brought in any court or tribunal by third parties, including public authorities, administrative bodies and state bodies and organs, as a result of any dispute arising from or in any way correlated with the use of the contribution by GC S.r.l. and/or its successors and with the declarations and warranties provided by the Assignor under General Terms and Conditions of Use.
PRIVACY POLICY
Pursuant to Article 13 of Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter also only the “GDPR”), we wish to inform you that the personal data of users and/or of visitors (hereinafter also only the “User” or, collectively, the “Users”) who consult and/or visit and/or register within the website “www.plan-c.com” (hereinafter also only the "Website”) and/or benefit from the related services (irrespective of whether or not they purchase the products), will be processed in compliance with the rules safeguarding personal data and the confidentiality of such data which strictly govern our activities, for the purposes and procedures better described in this Privacy Policy.
We also wish to inform you that this Privacy Policy applies only to the Website and not to other websites that may be consulted by the User through other links on our Website.
This Privacy Policy can be easily consulted as it is accessible from the home page of the Website and by clicking on links from any other page of said Website, where personal data are collected. In order to enjoy special services provided at the User's request, specific information will be provided and, if necessary, specific consent in order to carry out personal data processing operations will be required.
DATA CONTROLLER
- The data controller of personal data collected through the Website is GC S.r.l. (VAT NO 10335050968) with registered office in Milan, Via Melchiorre Gioia 8, owner of the trademark Plan C; e-mail: customercare@plan-c.com (hereinafter “GC” and/or the “Data Controller”).
CATEGORY OF PERSONAL DATA PROCESSED
2.1 Data provided directly by the UserGC will process the personal data provided directly by the User as listed below:
- name, surname, address, telephone number, e-mail address, password to register on the Website and to create a personal account;
- in addition to the data listed in point 1. above, the partial number of the credit card and the circuit to which the credit card belongs for the purchase of Plan C brand products (hereinafter “Plan C Products”);
- e-mail address and any other eventual personal data included in the communication for the optional, explicit and voluntary sending of e-mails to the addresses indicated on the Website to answer to requests received.
2.2 Data collected by GC
- During their normal operation, the computer systems and software procedures aim to the Website functioning acquire personal data whose transmission is implicit in the use of internet communication protocols. Such information is not collected in order to be associated with identified data subjects but, by its very nature, they could lead to Users identification by means of processing operations and by association with data held by third parties. This category includes the IP addresses or domain names of computers used by Users who connect with the Website, addresses in URI (Uniform Resource Identifier) notation of requested resources, the time the request is made, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the response status from the server (successful, error, etc.) and other parameters related to the User's operating system and computer environment.
- The sales data of Plan C Products: purchase methods, type, quantity and price of Plan C Products purchased.
2.3 Personal data of third parties
If the Data Controller processes personal data of third parties communicated directly by an own User (for example, if the User has purchased a product to be delivered to a different person or when the actual payor is different from the recipient, or when the User wishes to recommend a service of the Website to a friend), the User agrees in this case to act as the data controller in respect of the personal data of said third parties. Therefore, by communicating these third-parties’ personal data to GC, the User guarantees that: (i) any personal data communicated by the User to GC were processed by the User in conformity with applicable data protection rules and (ii) the User has duly informed said third parties in advance about the methods and purposes of the data processing, and they have authorised said User for this purpose.
The User will remain the sole party responsible for communicating information and data related to third parties in circumstances where they have not consented, or for any use of such information and data which is potentially incorrect or contrary to law.
PURPOSES AND LEGAL BASIS OF THE DATA PROCESSING
The User's personal data is collected and processed by GC for purposes strictly related with the use of the Website and its services.
3.1 Registration on the Website and creation of a personal account
Personal data as referred to in paragraph 2.1.1. will be processed by GC for the registration on the Website and for the creation of the User’s personal account.
The legal basis of personal data processing for the purposes referred to in paragraph 3.1. above is the business relationship to which the User is a party.
3.2 Establishing, implementing and managing the business relationship
The personal data referred to in paragraphs 2.1, 2.2 and 2.3 above will be processed:
- in order to fulfil GC’s legal obligations under applicable civil, tax and accounting rules as well as to ascertain potential liability in case of computer crimes;
- in order to establish, implement and manage the business relationship and/or to provide services related to said relationship. In particular: administrative and accounting purposes: issuance of invoices and credit notes; customer data management; processing and shipping of purchase orders; IT support for Website use; after-sales support: management of returns and complaints; contact with customer service.
The legal basis of personal data processing for the purposes referred to in paragraph 3.2 above is the business relationship to which the User is a party.
3.3 GC’s marketing activities
The User’s personal data as referred to in paragraphs 2.1. and 2.2. above will be processed by GC through computerized means (e-mail, fax, sms, mms and instant messages) for marketing activities, such as:
- sending newsletter, brochure, presentations;
- sending commercial and/or promotional, as well as updating information regarding Plan C Products and services;
- invitations to special events (promotional sales, fashion shows);
- market researches.
The legal basis of personal data processing for the purposes referred to in paragraph 3.3 above is the User’s specific prior consent.
3.4 GC’s profiling activities
Your personal data referred to in paragraphs 2.1 and 2.2 above will be processed for not fully automated profiling purposes. In this case, the Data Controller will only examine, in particular, the sales data of Plan C Products i.e. purchase methods, type, quantity and price of Plan C Products purchased and/or viewed by the User, in order to:
- develop and/or create profiles based on the User's preferences and purchases;
- customise the User’s experience with GC aligning it with his/her interests and purchasing habits.
The profiling, therefore, will not be fully automated and will not produce legal effects that could affect the User or impact the latter significantly.
The legal basis of personal data processing for the purposes referred to in paragraph 3.4 above is the User’s specific prior consent.
Any data processing purpose, different from the specific one for which the personal data was provided, will be pursued by GC only after sending the User a specific notice and after obtaining – if necessary – the User’s express consent.
MANDATORY OR OPTIONAL NATURE OF THE USER'S DATA PROVISION(CONSEQUENCES OF ANY REFUSAL)
The provision to GC of any of the User's personal data that have been requested through the Website on various data-collection occasions may be necessary – or optional – in achieving the purposes of this Privacy Policy.
Any refusal to communicate personal data identified as necessary will make impossible to achieve the purposes of the specific data collection.
In particular:
- the User's provision of personal data for the purposes referred to in paragraphs 3.1 and 3.2 is optional, but the failure to provide such data will make it impossible to register on the Website and to create a personal account and/or initiate and/or continue the business relationship and/or provide the services associated with said relationship;
- the provision of the User's personal data for the purposes referred to in paragraphs 3.3 and 3.4 is optional and the failure to provide such data will not affect the User's ability to register on the Website and/or to purchase Plan C Products and/or to receive requested services, but it will not be possible to inform the User on promotional and commercial initiatives nor to send to the User invitations to events nor to evaluate his/her interests and preferences.
Moreover, it has to be specified that, if the User has consented the Data Controller to pursue the purposes indicated in paragraphs 3.3 and 3.4 above, he/she will always be free to withdraw that consent and/or object to the data processing for those purposes, by sending a clear written informal communication to the addresses indicated in paragraph 10 below: “Contact details for the data subject exercising his/her rights or requesting further information” .
PERSONAL DATA PROCESSING METHODS
The processing of the User's personal data will be lawful, correct and transparent, for specific, expressed and legitimate purposes and in compliance with applicable data protection rules, regulations and provisions.
The User's personal data are mainly processed in electronic format and in some cases also in paper form.
Personal data provided by the User will not be subject to fully automated decision-making processes.
Personal data provided by the User will be processed through GC’s Customer Relationship Management (hereinafter “CRM GC”). The filing of the User’s personal data in CRM GC for the purposes referred to in paragraphs 3.3 and 3.4 (marketing and profiling) is optional and it will be carried out only in case of the User releases a specific consent, while for the purposes referred to in paragraphs 3.1 and 3.2 above (registration, creation of an account and purchase of a Product Plan C) the filing of your personal data in CRM GC will be necessary to allow GC the correct management and execution of the registration in the Website and of the sale relationship of which the User is a party. Once the User’s personal data are filed in the CRM GC they can be read, modified and updated by GC’s sales, marketing and communication offices employees specifically appointed for the processing as person in charge the processing.
RECIPIENTS OF PERSONAL DATA
The following is a list of recipients of the User's personal data and, therefore, of those who will acquire knowledge thereof:
(i) persons authorized for the processing by GC whom have received specific instructions in written: sales, marketing and communication offices employees;
(ii) subjects who provide services for GC, whom the latter appointed in written as data processors:
- the company that provides the operating system where it will be developed the Website for the management of Plan C Products’ e-commerce: Shopify International Limited;
- the company that provides IT consulting services related to the use of the Website: Diana E-commerce Corporation Srl;
(iv) persons/entities who, as independent controllers, manage the online payments service:
- PayPal and Strike Payments Europe Ltd.
For a complete and updated list of the persons/entities to whom the data are communicated, the User can write to the addresses indicated in Article 10 below: “Contact details for the data subject when exercising his/her rights or requesting further information”.
DATA RETENTION PERIOD
7.1 For the purposes referred to in paragraph 3.1 (Registration on the Website and creation of a personal account), the User’s personal data will be stored until the User decides to close his/her account. In any case, it is understood that in case of inoperability of the account for 2 years after the last interaction (for example last access) with the account by the User, GC will delete the personal data relating to the registration and management of the account.
7.2 For the purposes referred to in in paragraph 3.2 (Establishing, implementing and managing the business relationship) the personal data will be stored for the entire duration of the business relationship and for a 10-year period after the cease of the business relationship, except where their continued retention is justified by the existence of disputes or litigation, or specific request from the competent authorities.
7.3 For the purposes referred to in paragraph 3.3 (GC’s marketing activities), the personal data will be stored for a 2-year period from consent collection and its registration in CRM GC or, in any case, until the consent is revoked.
7.4 For the purposes referred to in paragraph 3.4 (GC’s profiling activities), the personal data will be stored for a 1-year period from consent collection and its registration in CRM GC or, in any case, until the consent is revoked.
TRANSFER AND COMMUNICATION OF DATA TO THIRD PARTIES
The User's personal data are not transferred to non-EU countries.
HOW DATA SUBJECT CAN EXERCISE HIS/HER RIGHTS
Please note that, pursuant to Articles 13.2, letters b), c) and d) and Articles 15 to 22 of the GDPR, Users may exercise the following rights:
a) the right to request access to their personal data along with information on the purpose of the data processing, the category of personal data processed, the persons or categories of persons to which the data have been or will be communicated (specifying whether such persons/entities are based in third countries or are international organisations), when possible on the period of storage of the personal data or the criteria used to determine this period, on the existence of their own rights to correct and/or to erase the personal data, to limit the data processing and to oppose the data processing, on their right to file a complaint before a supervisory authority, on the origin of the data, on the existence and the logic applied where there is an automated decision-making process. If the User exercises this right and unless the latter provides different instructions, he/she will receive an electronic copy of his/her personal data that are subject to data processing operations;
b) the right to obtain:
- the correction of his/her personal data, if it is incorrect or incomplete;
- the erasure of his/her personal data, if one of the conditions set out in GDPR Article 17 applies (e.g. the User's personal data is no longer necessary for the purposes for which they were collected, the User decides to withdraw his/her consent to the processing - if consent represents the legal basis for same - and there is no other legal basis for the data processing, the User opposes to the data processing and no other prevailing legitimate interest of the Data Controller exists, or the User’s data is unlawfully processed);
- the restriction of the data processing concerning the User, 1) for the time necessary to enable GC to ascertain the accuracy of the User’s data (where the User made an objection), or 2) if the personal data processing is unlawful and the User requests the data processing to be limited rather deleted, or 3) if GC no longer needs the User’s personal data, but such data are necessary for the User to ascertain, exercise or defend a right in court or, lastly, 4) for the time needed to assess whether the Data Controller’s legitimate interests prevail over those of the User, if the latter has objected to the processing of his/her personal data under paragraph c) below;
- the User’s personal data is in a structured, commonly used and electronically readable format, also to transmit them to another controller, where the data processing is based on consent or on a contract and is implemented by automated means (i.e. right of data portability). If the User is interested, he/she can ask GC to transmit his/her data directly to the other data controller, if this is technically feasible.
c) the right to oppose the processing of your data, if such processing is carried out pursuant to GDPR Article 6.1 letter e) (i.e. to fulfil a public interest duty to which the Data Controller is subject) or letter f) (i.e. to pursue a legitimate interest of the Data Controller), unless compelling and legitimate reasons exist for the Data Controller to proceed with the data processing, pursuant to GDPR Article 21;
d) the right at any time to revoke the consent to a data processing, without prejudice to the legitimacy of the User’s personal data processing operations based on the latter’s consent and carried out prior to the withdrawal;
e) if carried out, the User is also entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern him/her or impact the latter significantly, as well as being entitled to human intervention from the data controller, to express his/her opinion and to challenge the decision;
f) if the User is not satisfied with the processing of his/her data carried out by GC, he/she may file a complaint before the Italian Data Protection Authority, following the procedures and instructions published on its official website (www.garanteprivacy.it);
g) GC will notify each recipient to whom the User's personal data may have been transmitted (in conformity with this Privacy Policy) of any corrections to or erasure of such personal data or restrictions on the data processing that were implemented on the User's request - unless this is impossible or requires disproportionate efforts.
The exercise of the aforementioned rights is not subject to any form of constraint and is free of charge. GC, following to the User’s request, may only require the latter to verify his/her identity before undertaking further actions.
CONTACT DETAILS FOR THE DATA SUBJECT WHEN EXERCISING HIS/HER RIGHTS OR REQUESTING FURTHER INFORMATION
In order to exercise your rights and/or to receive any kind of information pertaining to the management of the business relationship established through the Website, you may send a written communication to: GC S.r.l., Via Melchiorre Gioia 8, Milano or an email to:
customercare@plan-c.com.
COOKIES
The Data Controller uses cookies so that the Website can be safely and efficiently browsed. For further information on cookies and their use on the Website, please consult the Cookie Policy page, which is an integral part of this notice.
SOCIAL SHARING BUTTONS
The Website may also include Social sharing buttons. These are “buttons” that stand for social network e.g. Instagram icons, and allow Users to reach and interact with the relevant social network simply by clicking on the icon. With the support of these tools, the User can, for instance, share contents or recommend the Website's products in social networks. After clicking on Social sharing buttons, the social network might collect data related to the User's visit on the Website. As anticipated, this privacy notice does not involve the processing of the User's personal data by the social network, therefore the User should refer exclusively to the dedicated privacy policy of the social network itself. Apart from cases when the User shares his or her browsing data with the selected social networks by clicking on social buttons/widgets, the Data Controller does not share nor diffuse any personal data of the User with the social network.
SECURITY MEASURES
Pursuant to Article 32 of the GDPR, GC S.r.l. and the data processors appointed adopt security measures adequate to minimise the risk of the deliberate or accidental destruction or loss of personal data, unauthorised access or processing that is either not permitted or not compliant with the purposes of collection, as specified in our Privacy Policy.
Nevertheless, GC cannot guarantee its Users that the measures adopted to secure the Website and to ensure the safe transmission of personal data and information on the Website will limit or exclude any risk of unauthorised access or dissemination of personal data from devices attributable to the User.
The User's computer should always have adequate software installed to ensure that incoming as well as outgoing personal data transmitted on the Internet are suitably protected, and that the chosen internet services provider has taken suitable measures to safeguard data transmission over the internet.
LINKS TO OTHER WEBSITES
The Website contains links or refers you to other websites that may not have any connection with the trademark Plan C.
The Data Controller neither controls nor monitors those websites or their contents. The Data Controller cannot be held responsible for the content of those websites and for the rules adopted by them, also in relation to the protection and processing of the User’s personal data while browsing.
This Privacy Policy does not apply to third party websites. The Website provides links to these sites solely to assist the User in searching and browsing and to facilitate hypertext links to other sites on the web. The activation of links does not imply any recommendation to access and navigate on these websites, nor any guarantee as to their contents, services or goods provided by those sites and sold to Internet users.
USE OF THE WEBSITE BY MINORS
The Website is intended for use and consultation by adults only. Requests by minors will not, therefore, be taken in consideration.
APPLICABLE LAW
This Privacy Policy is governed by Italian law and, in particular, by applicable data protection rules including the GDPR, the Personal Data Protection Code, authorisations and guidelines issued by the Italian Data Protection Authority which regulate the processing of personal data, where applicable.
CHANGES AND UPDATES TO THE PRIVACY POLICY
The Data Controller may amend or simply update all or part of the Privacy Policy of the Website, also to incorporate any changes made by applicable legislative or regulatory provisions governing the matter. Changes and updates to the Privacy Policy will be notified to Users on the Home Page as soon as they have been adopted, and they will be binding once published on the Website and it will be contained and accessible on the Website. You should therefore consult this section regularly in order to verify the publication of the most updated Privacy Policy.