PRIVACY POLICY

REPLAY values your privacy and undertakes to provide you with clear and exhaustive information regarding the processing of information referring to identified or identifiable natural persons ("Personal Data") that concern you ("Data Subject"), in full compliance with art. 13 of EU Regulation n. 679/2016 ("GDPR") and the Personal Data Protection Code (Legislative Decree 196/2003) as amended by Legislative Decree 101/2018.

In this spirit, REPLAY's Privacy Policy explains and describes the following points:

  • 1) Who is the Data Controller of your Personal Data;
  • 2) Who is the Data Protection Officer for your Personal Data;
  • 3) What Personal Data REPLAY collects;
  • 4) In what cases REPLAY collects your Personal Data;
  • 5) For what purposes REPLAY may process your Personal Data;
  • 6) What happens if you do not provide your Personal Data to REPLAY;
  • 7) How long does REPLAY keep your Personal Data;
  • 8) With whom REPLAY may share your Personal Data;
  • 9) How REPLAY protects your Personal Data;
  • 10) What are your rights in relation to your Personal Data;
  • 11) How to contact REPLAY to request information or exercise your rights;
  • 12) How to stay updated on any changes to REPLAY's Privacy Policy.

1) WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA
Pursuant to Art. 4 and 24 of the GDPR, the Data Controller of your Personal Data is Fashion Box S.p.A. ("REPLAY") with registered office in Via Marcoai, 1 - 31011 Asolo - Fraz. Casella (TV) - Italy. Its role is to determine the purposes and means of this processing and to ensure that your Personal Data is always handled lawfully, fairly and transparently.

2) WHO IS RESPONSIBLE FOR PROTECTING YOUR PERSONAL DATA
In compliance with the provisions of Art. 37, 38 and 39 of the GDPR, REPLAY has designated a Data Protection Officer ("DPO"). Its purpose is to provide you with assistance and support in connection with any issue relating to your Personal Data or the exercise of your privacyrights. REPLAY's DPO can be contacted by e-mail at the following address: privacy@replay.it..

3) WHAT PERSONAL DATA REPLAY COLLECTS
Depending on the services you have requested or used, the initiatives you have joined and the consents you have given, REPLAY may collect some of your Personal Data belonging to the following categories:

  • Personal data: information about your name, surname, sex, date of birth, tax code;

  • Contact details: information about your email address, postal address, fixed or mobile phone number;

  • Access and identification data: information relating to username, password (suitably encrypted), customer ID;

  • Purchase data: information relative to the usual points of sale, amount and frequency of expenditure, type of products purchased, articles inserted in the wish list or in the virtual trolley of the REPLAY website;

  • Payment data: information about the payment instruments used to finalize purchases, IBAN code , credit/debit card details, e-payment;

  • Browsing data: information relating to IP address, geographical location, browsing history, any social profiles linked to the account, Cookies stored on your device (you can consult our Cookie Policy on the following page: https://www.replayjeans.com/it/custserv/custserv.jsp?pageName=CookiePolicy ).


NOTE ON MINORS: REPLAY does not process the Personal Data of minors, nor does it send them requests to communicate their Personal Data, since suitable control and security systems are provided for this purpose. Although visitors of all ages may visit its web portal, REPLAY does not collect Personal Data from persons under the age of 16.


4) WHEN REPLAY COLLECTS YOUR PERSONAL DATA
REPLAY collects your Personal Data when:

  • You purchase products in stores or through our website https://www.replayjeans.com/(“Website”);

  • You use remote payment services;

  • Register an account as a new customer by filling in the appropriate fields in the section "LOGIN/REGISTER" on the Website;

  • You sign up for our newsletter;

  • You sign up for our conventions and fidelity cards;

  • You use the Customer Assistance service or contact REPLAY for any reason (e.g. requests for orders, complaints, problems with the Website) through the appropriate telephone, e-mail and postal channels;

  • You browse through our Website.


5) FOR WHAT PURPOSES REPLAY MAY PROCESS YOUR PERSONAL DATA
Below we indicate the purposes that REPLAY intends to pursue through the processing of your Personal Data. For each of them, we also specify the categories of Personal Data involved and the circumstances that justify us to process them ("Legal Basis").

PURPOSE
(The purpose for which REPLAY processes your Personal Data)

LEGAL BASIS
(The circumstance that legitimizes REPLAY to process your Personal Data)

PERSONAL DATA PROCESSED
(The categories of Personal Data processed by REPLAY for each purpose)

1

MANAGEMENT OF YOUR CONTRACTUAL RELATIONSHIP
Establish and perform contractual relationships with you, including pre-sales and after-sales services through our Customer Care.

Contract performance
[Art. 6, par. 1, lett. b) GDPR]

  • Personal data
  • Contact details
  • Access and identification data
  • Purchase data
  • Payment data

2

CREATING YOUR REPLAY ACCOUNT
Allow you to register on the Website and create your Personal Area.

Contract performance
[Art. 6, par. 1, lett. b) GDPR]

  • Personal data
  • Contact details
  • Access and identification data

3

REGISTRATION TO OUR CONVENTIONS AND FIDELITY CARD
To allow you to participate in our loyalty initiatives.

Contract performance
[Art. 6, par. 1, lett. b) GDPR]

  • Personal data
  • Contact details

4

UPDATING YOUR REPLAY ACCOUNT
Allow you to edit/update information in your personal account area, including your login credentials, shipping addresses, and products on your wish list.

Contract performance
[Art. 6, par. 1, lett. b) GDPR]

  • Personal data
  • Contact details
  • Access and identification data
  • Navigation data

5

MANAGING YOUR PURCHASES
Process your purchases, deliver the products you have ordered, authorize possible refunds, allow you to pay even through remote payment systems.

Contract performance
[Art. 6, par. 1, lett. b) GDPR]

  • Personal data
  • Contact details
  • Purchase data
  • Payment data

6

PERSONALIZED MARKETING
Analyze the information you provided, your shopping behaviors and preferences in order to send you personalized marketing communication, also through our newsletter, in line with your inferred interests.

Consent of the Data Subject
[Art. 6, par. 1, lett. a) GDPR]

  • Personal data
  • Contact details
  • Access and identification data
  • Purchase data
  • Navigation data

7

IMPROVING SERVICES
Collect and welcome feedback received to improve the usability of the Website and the services we offer(Customer Satisfaction).

REPLAY's legitimate interest in optimizing the quality of its offer
[Art. 6, par. 1, lett. f) GDPR]

  • Personal data
  • Contact details
  • Purchase data
  • Payment data
  • Navigation data

8

JUDICIAL PROTECTION
To allow REPLAY to defend its rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in relation to the services offered..

REPLAY's legitimate interest in the protection of its rights
[Art. 6, par. 1, lett. f) GDPR]

  • Personal data
  • Access Data
  • Purchase data

9

COMPULSORY COMMUNICATIONS
To send you e-mails or service communications required by law and the relevant authorities.

Fulfilment of a legal obligation
[Art. 6, par. 1, lett. c) GDPR]

  • Personal data
  • Contact details


6) WHAT HAPPENS IF YOU DO NOT PROVIDE YOUR PERSONAL DETAILS TO REPLAY
Depending on the purpose for which we process your Personal Data, we indicate below the nature of the contribution, the consequences in case of refusal to communicate them to us and the necessity or otherwise of your consent for their treatment:


• Purposes 1, 2, 3, 4, 5: provision of the categories of Personal Data required for these purposes is mandatory (contractual obligation) and necessary for the conclusion of the contract. Without such conferment, the execution of the contract is precluded and REPLAY will not be able to provide you with the services indicated.

Your Personal Data is processed for these specific purposes without the need for your express consent.


• Purpose 6: provision of the categories of Personal Data required for this purpose is optional. Failure to provide them does not have any consequences on the contractual relationship in progress.

Processing of your Personal Data for this specific purpose requires your express consent. Consent may be revoked at any time, with effect for subsequent processing.


• Purposes 7, 8: provision of the categories of Personal Data required for these purposes is mandatory (legitimate interest). Without such conferral, REPLAY will find itself unable to guarantee the quality of its services and protect its rights.

Your Personal Data is processed for these specific purposes without the need for your express consent.


• Purpose 9: provision of the categories of Personal Data required for this purpose is mandatory (legal obligation). ). Without such conferral, REPLAY will find itself unable to guarantee the quality of its services and protect its rights.

Your Personal Data is processed for these specific purposes without the need for your express consent.


7) HOW LONG DOES REPLAY KEEP YOUR PERSONAL DATA?
We only retain your Personal Data for as long as is necessary for the purposes for which it was collected or for any other legitimate related purposes. Therefore, if Personal Data is processed for two or more different purposes, we will retain that data until the purpose with the longer retention period ends; however, we will no longer process Personal Data for that purpose whose retention period has expired. The data relating to the details of purchases with reference to identifiable customers will be kept for profiling purposes for a period not exceeding thirty-six months from their registration, except when they are subject to irreversible transformation into anonymous form that does not allow, even indirectly or by connecting other databases, to identify the persons concerned. However, exceptions may be made if there are elements that lead REPLAY to deem a longer storage period necessary (for example, for the purposes of defending a right in a court of law), also following a possible impact assessment pursuant to and for the purposes of art. 35 of the GDPR.


8) WITH WHOM REPLAY MIGHT SHARE YOUR PERSONAL INFORMATION WITH
REPLAY will not sell, rent or otherwise make your Personal Data commercially available to third parties. Your Personal Data may be accessed by duly authorized employees, as well as by external suppliers, who are appointed, if necessary, as Data Processors.

In particular, your data may be provided to:

  • Companies belonging to the REPLAY group;
  • Companies involved in finalizing purchases, including payment service providers and delivery companies;
  • Service providers and other marketing agencies, including advertising partners and website hosts;
  • Companies approved by you, such as social platforms (if you choose to link your social accounts to the website).

If you would like to view the list of data processors and other entities to whom we disclose your Personal Data, you may contact us at the e-mail address privacy@replay.it.

In order to provide its services, REPLAY may need to transfer your Personal Data to locations outside the European Economic Area ("EEA"), which in some cases do not provide an adequate level of protection compared to that offered within the EEA. In such circumstances, the transfer of your Personal Data to non-EU countries will take place in accordance with currently applicable laws, subject to the conclusion of standard contractual clauses ("SCC") referred to in Commission Decision n. 2010/87/EU (pursuant to Art. 26, par. 2 of Directive 95/46/EC and Art. 46, par. 2, lett. c) of the GDPR). REPLAY, in its capacity as Data Controller, shall verify that the level of protection applied to data transferred to the importing country is substantially equivalent to that guaranteed within the EU by the GDPR.


9) HOW REPLAY PROTECTS YOUR PERSONAL DATA
REPLAY uses a wide range of security measures in order to improve the protection and maintenance of the security, integrity and accessibility of the data in its possession. All of your Personal Data is held on our secure servers (or appropriately stored hard copies) or those of our suppliers, and can be accessed and used in accordance with our standards and security policies (or equivalent standards for our suppliers). REPLAY uses technical and organizational security measures aimed at protecting your Personal Data from unauthorized access, use and disclosure. Our Site, in particular, uses data security technologies such as firewalls, access control procedures and cryptographic mechanisms to prevent any unauthorized access to data, ensuring maximum confidentiality.


10) WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
In order to provide an additional degree of protection and control over your Personal Data, the GDPR expressly provides you with a number of inalienable rights:


Right of Data access
(Art. 15 GDPR)

You have the right to ask REPLAY whether any Personal Data concerning you is being processed and, if so, to receive all the information on the processing in question and a copy of all the Personal Data involved.

Right to Data correction
(Art. 16 GDPR)

You have the right to request and obtain from REPLAY the correction or integration of inexact or incomplete Personal Data concerning you.

Right to withdraw consent
(Art. 7, par. 3 GDPR)

You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out until then.

Right to oblivion/be forgotten
(Art. 17 GDPR)

You have the right to request and obtain from REPLAY the deletion of your Personal Data in various cases, for example when your Personal Data is no longer necessary in relation to the original purposes, you have revoked the consent on which the processing was based or we are required to do so by law. If we have disclosed your Personal Data to other parties, we will notify them promptly so that they can remove any links, copies or reproductions of it.

Right to restriction of processing
(Art. 18 GDPR)

You have the right to demand that REPLAY limits the processing operations of your Personal Data in various cases, for example if you contest their inaccuracy (which we will check accordingly), if you have objected to the processing and if the data is necessary for the establishment, exercise or defense of a legal claim.

Right to Data Portability
(Art. 20 GDPR)

If you have provided REPLAY with your Personal Data on the basis of consent or a contract and if such Data has been processed by REPLAY by automated means , you have the right to receive your Personal Data in a structured, commonly used and electronically readable format. You also have the right to have REPLAY transmit such Data to other service providers , if this is technically feasible.

Right to object to processing
(Art. 21 GDPR)

You have the right to object to the processing of your Personal Data for certain reasons, including the termination of direct marketing. As a result of your objection, the Data Controller will refrain from further processing your Personal Data.

Right not to be profiled
(Art. 22 GDPR)

You have the right not to be subject to a decision that is based solely on the automated processing of your Personal Data , including profiling. However, you will not be able to exercise this right in cases where the decision is necessary for the finalization of a contract or is based on your explicit consent.

Right to complain to the Guarantor
(Art. 77 GDPR)

If REPLAY does not provide you with a reply within the time limits envisaged by the regulations , or if its response to the exercise of your rights does not satisfy you, you have the right to lodge a complaint with the Guarantor for the protection of Personal Data. You can find all useful information at the following web page , prepared by the Guarantor on its official website: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.


11) HOW TO CONTACT REPLAY TO REQUEST INFORMATION OR EXERCISE YOUR RIGHTS
If you want to:


  • Obtain clarifications or further information regarding REPLAY's Privacy Policy;
  • Exercise your rights as outlined above;

please contact our Customer Service at customer-service@replayjeans.com.


12) HOW TO STAY UP TO DATE ON ANY CHANGES TO REPLAY’s PRIVACY POLICY
REPLAY may make modifications and variations to this Privacy Policy, in order to implement changes in national and/or Community legislation, to adapt to technological innovations or for other reasons. We therefore invite you to check this page periodically. In the event that significant updates are made to this document, REPLAY will take care of informing you promptly through the Site or by e-mail, requesting you also to give or deny your consent to any new processing should it prove necessary.



This Privacy Policy is the property of Fashion Box S.p.A.. Fashion Box S.p.A. will protect its rights in civil and criminal proceedings in accordance with the law.




[Last Updated: 23/08/2021]