PRIVACY POLICY

Welcome to Sardegna Sartoria's privacy notice.

Sardegna Sartoria respects your privacy and is committed to protecting your personal data. This privacy notice will inform you about how we take care of your personal data when you visit our website (regardless of where you visit it) or when you visit any of our stores and tells you about your privacy rights and how the law protects you .

This privacy notice is provided in a list format so that you can click on the specific areas you want (below). Please also use the Glossary (item 10) to understand the meaning of some of the terms used in this privacy notice.

1. [IMPORTANT INFORMATION AND WHO WE ARE]
2. [THE DATA WE COLLECT ABOUT YOU]
3. [HOW TO COLLECT YOUR PERSONAL DATA]
4. [HOW WE USE YOUR PERSONAL DATA]
5. [DISCLOSURES OF YOUR PERSONAL DATA]
6. [INTERNATIONAL TRANSFERS]
7. [DATA SECURITY]
8. [DATA RETENTION]
9. [YOUR LEGAL RIGHTS]
10. [GLOSSARY]

1. [IMPORTANT INFORMATION AND WHO WE ARE]

PURPOSE OF THIS PRIVACY NOTICE

This privacy notice is intended to provide information about how Sardegna Sartoria collects and processes your personal data through the use of our website, the use of our stores, your participation in a proprietary event or any data you may provide to subscribe to our newsletter, purchase a product or service or participate in a contest.

This website is not intended for children and we do not knowingly collect data relating to children.

CONTROLLER

Sardegna Sartoria is the controller and responsible for your personal data (referred to as “Sardegna Sartoria”, “we” or “our” in this privacy notice).

We have appointed a data privacy manager who is responsible for overseeing matters relating to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details below.

CONTACT DETAILS

You can contact our Data Privacy Manager at:

Address:

Sardegna Sartoria

1644 Haddock Lobo Street

Cerqueira Cesar

CEP 01414-002

Sao Paulo-SP

Brazil

A/C: Data Privacy Manager

Email: contact@sardegnasartoria.com

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US ABOUT THE CHANGES

This version was last updated on April 23, 2021.

It is important that the personal data we hold about you is accurate and current. Keep us informed if your personal data changes during your relationship with us.

THIRD PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When leaving our website, we recommend that you read the privacy notice of each website you visit.

2. [THE DATA WE COLLECT ABOUT YOU]

Personal data, or personal information, means any information about an individual from which that person can be identified. Does not include data where identity has been removed (anonymous data).

We may collect, use, store and transfer different types of personal data about you, which we group as follows:

- Identity data includes first name, maiden name, last name, username or similar identifier, marital status, job title, date of birth and gender, transaction ID.

- Contact details include billing address, shipping address, email address, telephone numbers and emergency contact phone numbers.

- Financial data includes bank account details and payment cards.

- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

- Technical data includes internet protocol (IP) address, your login data (including Wi-Fi login data and MAC code), browser type and version, time zone and location setting, plug types and versions -in browser, operating system and platform, and other technology on the devices you use to access this site.

- Profile data includes your username and password, purchases or orders you place, your interests, preferences, comments and survey responses.

- Usage Data includes information about how you use our website, products and services.

- Marketing and communications data includes your preferences in receiving marketing from us and third parties and your communication preferences and how you interact with our email communications.

We also collect, use and share Aggregate Data, such as statistical or demographic data, for any purpose. Given away

Aggregates may be derived from your personal data, but are not considered personal data by law, as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users who access a specific feature of the website. However, if we combine or link the Aggregated Data to your personal data so that they can identify you directly or indirectly, we will treat the combined data as personal data that will be used in accordance with this privacy notice.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, union membership, health information, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

IF YOU DO NOT PROVIDE PERSONAL DATA

When we need to collect personal data by law or under a contract we have with you and you do not provide this data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to supply goods or services). In that case, we may have to cancel a product or service you have with us, but we will notify you if applicable at this time.

3. [HOW YOUR PERSONAL DATA IS COLLECTED]

We use different methods to collect data from and about you, including through:

- Direct interactions. You can provide us with your identity, contact, transaction and financial details by filling out forms or replying to us by mail, telephone, email or otherwise. This includes personal data you provide when:

Buying or expressing interest in our products or services, in store or on our website;

Create an account on our website;

Subscribe to our newsletter;

Request that we send you marketing materials;

Subscribe to a promotion or survey;

Participate in a promotional event;

Submit a product review;

Interact with customer service and/or our concierge.

- Technologies or automated interactions. As you interact with our website and the emails we send you, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies, server logs and other similar technologies. Please see our cookie policy for more details.

- Third parties or publicly available sources. We may receive personal data about you from various third parties as set out below:

Technical data from analytics providers such as Google;

Contact, financial and transaction data for franchise partners and technical, payment and delivery service providers.

Identity and contact details of data brokers.

Identity and transaction data from affiliate networks.

4. [HOW WE USE YOUR PERSONAL DATA]

We will only use your personal data when the law allows it. Most commonly, we will use your personal data in the following circumstances:

- Where we need to execute the contract that we are about to enter into or that we entered into with you.

- Where we have your consent.

- When necessary for our legitimate interests (or those of third parties) and your interests and fundamental rights do not override those interests.

- Where we need to fulfill a legal or regulatory obligation.

You have the right to withdraw your marketing consent at any time by unsubscribe via the link provided with each marketing email we send to yours or by contacting us at contact@sardegnasartoria.com.

GOALS FOR WHICH WE WILL USE YOUR PERSONAL DATA

We describe below, in tabular form, all the ways in which we intend to use your personal data and on which legal bases we use to do so. We also identify our legitimate interests, where appropriate.

Please note that we may process your personal data for more than one legal reason, depending on the specific purpose for which we are using your data. Please contact us if you need details on the specific legal basis on which we rely to process your personal data, when more than one reason has been defined in the table below.

Purpose/Activity:

To register you as a new customer

Type of data:

(a) Identity

(b) Contact

Legal basis for processing, including legitimate interest basis:

Performance of a contract with you


Purpose/Activity:

To process and deliver your order, including:

(a) Manage payments, fees and charges

(b) Ensure compliance by partners and franchisees

(c) Collect and recover the money owed to us


Type of data:

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications



Legal basis for processing, including

legitimate interest basis:

(a) Enforcement of a contract with you or your employer

(b) Necessary for our legitimate interests (to recover debts owed to us)

Purpose/Activity:

To manage our relationship with you, which will include:

(a) Notify you of changes to our terms or privacy notice

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications



Legal basis for processing, including legitimate interest basis:

(a) Performance of a contract with you

(b) Required to fulfill a legal obligation

Purpose/Activity:

To manage our relationship with you, which will include:

(a) asking you to leave a comment or take a survey

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications



Legal basis for processing, including legitimate interest basis:

(a) Required for our legitimate interests (to keep our records up to date and study how customers use our products/services)

Purpose/Activity:

To manage our after-sales relationship with you, including:

(a) Helping you with warranty questions

(b) Contacting you regarding a product recall

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Transaction



Legal basis for processing, including legitimate interest basis:

(a) Performance of a contract with you

(b) Required to fulfill a legal obligation

(c) Required for our legitimate interests (to keep our records up to date)

Purpose/Activity:

To manage our after-sales relationship with you, including:

(a) Helping you with warranty questions

(b) Contacting you regarding a product recall

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Transaction



Legal basis for processing, including legitimate interest basis:

(a) Performance of a contract with you

(b) Required to fulfill a legal obligation

(c) Required for our legitimate interests (to keep our records up to date)

Purpose/Activity:

To allow you to participate in a prize draw, promotion or take a survey

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Use

(e) Marketing and Communications



Legal basis for processing, including legitimate interest basis:

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and expand our business)

(c) Consent

Purpose/Activity:

To administer and protect our business and this site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting)

Type of data:

(a) Identity

(b) Contact

(c) Technician



Legal basis for processing, including legitimate interest basis:

(a) Necessary for our legitimate interests (to run our business, provide administration and IT services, network security, to prevent fraud and in the context of a corporate reorganization or group restructuring exercise)

(b) Required to fulfill a legal obligation

Purpose/Activity:

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we offer you

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Use

(e) Marketing and Communications

(f) Technician



Legal basis for processing, including legitimate interest basis:

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

Purpose/Activity:

To share with data analytics providers like Facebook and Google and generate advertising to potential customers with similar profiles

Type of data:

(a) Identity

(b) Contact

(c) Profile

(d) Use

(e) Marketing and Communications



Legal basis for processing, including legitimate interest basis:

Required for our legitimate interests (to grow our business and inform our marketing strategy)

Purpose/Activity:

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Type of data:

(a) Technician

(b) Use



Legal basis for processing, including legitimate interest basis:

Necessary for our legitimate interests (defining types of customers for our products and services, keeping our website up to date and relevant, growing our business and informing our marketing strategy)

Purpose/Activity:

To make suggestions and recommendations about products or services that may be of interest to you

Type of data:

(a) Identity

(b) Contact

(c) Technician

(d) Use

(e) Profile

(f) Marketing and Communications



Legal base

 

l for processing, including legitimate interest basis:

(a) Necessary for our legitimate interests (to develop our products/services and grow our business); or

(b) Consent

MARKETING AND OPTING OUT

We strive to provide you with choices regarding certain uses of personal data, particularly in relation to marketing and advertising. You can update your marketing preferences by logging into your account and selecting the opt-out option. Alternatively, if you would like to continue to receive marketing communications but would like to change some features, please contact us at contact@sardegnasartoria.com. You can also click “unsubscribe” in any of the marketing emails we send you.

Choosing not to receive marketing messages will not prevent you from receiving non-marketing messages, for example, relating to products ordered from us, responses to customer service inquiries, etc.

PROMOTIONAL OFFERS MADE BY US

We may use your identity, contact, technical data, transactions, usage and profile data to form an insight into what we think you might want or need, or what might be of interest to you. This is how we decide which products, services and offers might be relevant to you (this is “marketing”).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, have not opted out of receiving such marketing. You will also receive marketing communications from us if you provided us with your details when you signed up for a promotion and gave us your consent as part of that process.

THIRD PARTY MARKETING

We will obtain your express consent before we share your personal data with any other company for marketing purposes. However, we may disclose your personal information to our authorized direct marketing agents, who will send information to you on our behalf, unless you tell us that you do not want this to happen.

COOKIES

Your browser is where your cookie information is stored. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Each browser has a different method for you to delete cookies or edit your privacy settings. The following feature provides simple guides on how to remove cookies from each browser. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function correctly. For more information about the cookies we use, please visit our cookie policy.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collect it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, where this is required or permitted by law.

5. [DISCLOSURES OF YOUR PERSONAL DATA]

We may have to share your personal data with the parties defined below for the purposes set out in the table in paragraph 4 above.

- External third parties as set out in the Glossary.

- Third parties to whom we may decide to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If there is a change in our business, new owners may use their personal data in the same way as defined in this privacy notice.

We demand that all third parties respect the security of your personal data and handle it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions.

6. [INTERNATIONAL TRANSFERS]

Some of our partners are located outside Brazil, therefore, the processing of your personal data will involve a data transfer outside Brazil. This includes our worldwide franchise partners for service purposes.

Whenever we transfer your personal data outside Brazil, we guarantee that a similar degree of protection is granted to them, ensuring that at least one of the following safeguards is implemented:

- We will transfer your personal data to countries that have been deemed to have an adequate level of protection forpersonal data by the Brazilian authorities.

- When we use certain service providers, we may use specific contracts that provide personal data with the same protection we have in Brazil.

Please contact us if you would like more information about the specific mechanism used by us when transferring your personal data outside of Brazil.

7. [DATA SECURITY]

We put in place adequate security measures to prevent your personal data from being accidentally lost, used ​​or accessed ​​in an unauthorized manner, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data in accordance with our instructions and are subject to the duty of confidentiality.

We have implemented procedures to deal with any suspected breach of personal data and will notify you and any applicable regulator of a breach when legally required to do so.

8. [DATA RETENTION]

HOW LONG WILL YOU USE MY PERSONAL DATA?

We will retain your personal data only for as long as necessary to fulfill the purposes for which we collect it, including for purposes of meeting any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these objectives by other means and by applicable legal requirements.

By law, we are required to retain basic information about our customers (including contact, identity, financial and transaction data) for seven years after they cease to be a customer for tax purposes. We also keep this basic information about our customers for seven years after their most recent active interaction with us, to allow us to efficiently handle any after-sales queries you may have. We also need to retain basic information for warranty purposes for a period of seven years and for recall purposes for a period of seven years. We will maintain customer profile information to keep you up to date with our products, services and events, and we will retain this information until such time as you indicate that you no longer wish us to retain your data. At the end of this period, we will securely delete your personal data in accordance with our suppliers' processes. Most of our providers have processes for this and a small number that do not are in the process of implementing them.

In some circumstances, you may ask us to delete your data: see [Request Delete] below for more information.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without notice.

9. [YOUR LEGAL RIGHTS]

Under certain circumstances, you have rights under data protection laws with respect to your personal data. Click on the links below to learn more about these rights: [Glossary]

- [Request access to your personal data].

- [Please request correction of your personal data].

- [Request deletion of your personal data].

- [Object of processing your personal data].

- [Request restriction on the processing of your personal data].

- [Right to opt-out of receiving automated profiles of your personal data].

- [Request the transfer of your personal data].

- [Right to withdraw consent].

If you wish to exercise any of the rights set out above, please contact us at contact@sardegnasartoria.com.

WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We may also contact you to request more information regarding your request to expedite our response.

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your application is particularly complex or if you have made a series of requests. In that case, we will notify you and keep you up to date.

10. [GLOSSARY]

LEGAL BASE

Legitimate interest: means the interest of our business in conducting and managing our business so that we can offer you the best service/product and the best and safest experience. 

 

we make sure to consider and balance any potential impact on you (positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are voided by the impact on you (unless we have your consent or are required or permitted by law). You can learn more about how we assess our legitimate interests against any potential impact on you in relation to specific activities by contacting us.

Contract Execution: means to process your data where necessary for the execution of a contract to which you are a party or to take action at your request before entering into such contract.

Complying with a legal or regulatory obligation: means processing your personal data where necessary to comply with a legal or regulatory obligation to which we are subject.

Consent: means that you have given us explicit permission to process your personal data. In these circumstances, we will ask you a specific question and you will either enter information or select a checkbox to indicate your consent.

THE 3RD

EXTERNAL THIRD PARTIES

- Service providers acting as processors based in Brazil, UK, EU and USA that provide IT services and systems administration.



- Service providers acting as processors based in Brazil, USA, UK and EU providing sales order processing services.

- Service providers and franchised partners acting as processors based outside Brazil and inside and outside the EU, UK and USA that provide customer service.

- Professional consultants acting as processors or joint controllers, including lawyers, bankers, auditors and insurance companies based in Brazil, USA, UK and EU, who provide consultancy, banking, legal, insurance and accounting services.

- Tax authorities, regulators and other authorities acting as processors or joint controllers based in Brazil, UK, USA and EU that require reporting of processing activities in certain circumstances.

- Customer service call, email, graphic advertising, product review service providers and website behavioral service providers, acting as processors, based in UK, USA, and EU. Website behavioral service providers must record mouse clicks and movements, page scrolling, and any text entered into website forms. The information collected does not include bank details or any sensitive personal data.

- Direct marketing agents sending marketing information on behalf of Sardegna Sartoria.

YOUR LEGAL RIGHTS

You have the right to:

- Request access to your personal data (commonly known as “data subject access request”). This allows you to receive a copy of the personal data we hold about you and verify that we are legally processing it.

- Request correction of the personal data we keep about you. This allows you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide us.

- Request the deletion of your personal data. This allows you to ask us to delete or remove personal data when there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object to the processing (see below), where we may have processed your information illegally or where we are required to delete your personal data to comply with local legislation. Please note, however, that we cannot always comply with your deletion request for specific legal reasons that will be notified to you, if applicable, at the time of your request.

You have the right to withdraw your marketing consent at any time by unsubscribe via the link provided with each marketing email we send to yours or by contacting us at contact@sardegnasartoria.com.

- Oppose the processing of your personal data when we are based on a legitimate (or third party) interest and there is something in your particular situation that makes you want to object to the processing for this reason, as you feel that this affects your fundamental rights and freedoms. You also have the right to dispute where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate reasons to process your information that void your rights and freedoms.

- Request restriction on the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following

In these situations: (a) if you want us to establish the accuracy of the data; (b) where our use of the data is illegal, but you do not want us to delete it; (c) where you need us to keep the data, even if we no longer ask for it, as you need it to establish, pursue or defend legal actions; or (d) you object to the use of your data, but we need to verify that we have a legitimate reason to use it. In such circumstances, we may reserve the right to delete your personal data rather than keep it, but restrict processing where our processes are not configured to allow a restriction.

- Request the transfer of your personal data to you or third parties. We will provide you, or a third party of your choice, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you have initially provided consent for us to use or where we use the information to perform a contract with you.

- Request to cancel the automated profile of your personal data. You have the legal right to refuse any automated profile of your personal data that might have a legal consequence for you, and to have a human being involved in the processing decision rather than being automated. The only such profile that we take is in our marketing activities, where we tailor our marketing communications to your transaction history and product preferences. If you wish to cancel this automated profile, please contact us, although you are aware that our systems are not set up to send unpersonalized marketing communications to you, so, in practice, canceling the automated profile will result in your exclusion from receiving ours. marketing communications.

- Withdraw consent at any time when we are relying on consent to process your personal data. However, this will not affect the legality of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case at the time you withdraw your consent.