Header - white + back + burger Created with Sketch.

Privacy Policy

Cerrtilogo Authenticator

The purpose of this privacy policy is to provide you with all the information about the processing of your data carried out by Cerrtilogo S.p.A. in case you decide to use the services that Cerrtilogo S.p.A. provides and in particular the authentication tool for fashion and luxury products with famous brand names, as well as for other products of Italian and international well-known brands (as below explained).

  1. INTRODUCTION - WHO ARE WE?

Cerrtilogo S.p.A. , with registered office in Milan (Italy), Via Cernaia n 2, 20121 Milano (MI), Tax Code and VAT n. 05258270965 (hereinafter, the "Company" or "Cerrtilogo") provides a service aimed at protecting the brand and the final consumer. Cerrtilogo has developed an app (hereinafter, "Authenticator") which confirms that third party products (like fashion and luxury products with famous brand names) are authentic. At the same time, also the aforesaid third parties may use the services and tools provided by the Company. This privacy policy provides the data subjects, i.e. the end users who wish to use the Company’s authentication service (hereinafter, "Users"), with information about the data processing methods in relation to the use of Authenticator. The Company, as the **data controller ** of personal data, provides to Users hereinafter the privacy policy pursuant to Italian Legislative Decree No. 196/2003, as modified by Italian Legislative Decree No. 101/2018 (hereinafter, the "Privacy Code") and pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, the "Regulation"; the Regulation and the Privacy Code are together referred to as the "Applicable Law").

  1. HOW TO CONTACT US?

Users may contact the Company at any time by sending an electronic mail message to the e-mail address of the Data Protection Officer (RPD or DPO) of the Company (privacy@cerrtilogo.com) or by sending a registered letter with return receipt to the registered offices of the Company, as above reported.

  1. WHAT WE DO? – PROCESSING PURPOSES

The Company has agreements with Italian and international leading luxury clothing and accessories manufacturers, as well as with other sectors’ Italian and international manufacturers (for instance, manufacturers of high-end components for racing bikes, manufacturers of precision mechanical components, manufacturers of design accessories, etc., hereinafter jointly referred to as "Brand"). Through the Authenticator and thanks to the aforementioned agreements, the Company offers a service which allows to verify the authenticity of luxury fashion clothing and accessories and of other products offered by third parties on the market (hereinafter, "Service").

In order to provide the Service, the Company collects personal data about Users submitted on a voluntary basis, through the registration form (name, surname, e-mail address, date of birth, gender). The Company collects further personal data about the device of the User who uses the Service without registering to it (such as device manufacturer, device model, operating system, browser type, IP address, preferred language) and the location of the User’s device (only in case of specific consent, as specified below). Further personal data of registered Users (address and telephone number) may be collected by Cerrtilogo during the creation of the so-called Refund Assistance Report by the User and used only for the purposes indicated in this paragraph 3.

The Cerrtilogo Service is reserved to subjects over the age of 18 years old. Hereby, Cerrtilogo does not collect personal data pertaining to subjects under the age of 18 years old. By using and/or registering for the Service, the User declares that he/she is of legal age. Cerrtilogo will promptly delete all the personal data, involuntary collected, pertaining to subjects under the age of 18 years old.

The personal data of Users will be processed lawfully pursuant to Article 6 of the Regulation for the following processing purposes:

a. Contractual obligations and provision of the Service : to implement Cerrtilogo’s Terms and Conditions, which are accepted by the User before using the Service and/or during registration; to fulfil the request to access the Service and to use the Authenticator; to carry out the necessary activities for the product’s authentication in order to provide the Service required from time to time by the User (as well as to provide, when required, the so-called Refund Assistance Report). Personal data collected through the registration form are used in order to allow the User to create a personal profile, through which the User can have access to the Authenticator and use the Service. Personal data collected through the request form for the Refund Assistance Report are used for the sole purpose of providing the User with the Refund Assistance Report, as required by the User.

In order to provide the Service, to guarantee an effective authentication system and/or if the product turns out not to be authentic, to be counterfeit or to be traded in violation any applicable laws, the Company may: 1) communicate the IP address and/or e-mail address of the User to the Brand owner of the product that the User is authenticating through the Service. This communication may be made in order to allow any investigation into the authentication of the products made through the Service, the authenticity of the products themselves and/or to ensure their conformity with the applicable laws as well as, for registered Users, to allow them to explore in depth with the Brand the encountered problems related to the product; and/or 2) for the same purposes as per no. 1) above, to communicate to the Brand the Refund Assistance Report which was released by the Company upon User’s request. Unless the User gives to the Company a specific and optional consent to processing his/her personal data for marketing purposes, in accordance with the following paragraph 4, or for profiling purposes in accordance with paragraph 5, no other processing will be carried out in relation to those personal data. Without prejudice to the provisions of this privacy policy, under no circumstances the Company will make the personal data accessible to other Users and/or third parties.

b. Administrative and accounting purposes , or to perform organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;

c. User’s Geolocation in order to provide the User with specific additional functionalities: with the User free and optional consent, Cerrtilogo may collect data regarding the position of the User’s device. In case of consent, the User will be able to enjoy additional Service’s functionality (by way of example, User may see the indication of the shops and the stores that are close to his/her location). In order to use these functionalities, within specific webpages (as for example where the User is asked to identify the shop where he/she found the product to be authenticated), the User must give a specific consent with the specific modalities therein described. In case of consent, personal data collected for the geolocation purpose will be processed in order to allow the User to use the specific additional Service’s functionalities.

The activation of geolocation is optional but necessary in order to enjoy the aforementioned functionalities.

In case of consent, the User may at any time revoke the same, making a request to Cerrtilogo in the manner indicated in paragraph 9 below. In case of lack of consent, the possibility to use the Service will not be in any way affected;

d. Legal obligations , or to fulfil obligations provided by the law, a regulation or European legislation as well as to comply with specific requests made by an authority concerning the authenticity of the products for which the Service was provided and/or the use of Cerrtilogo’s Service, and to ascertain responsibility in case of alleged violations (e.g. computer crimes to the detriment of the Authenticator).

The provision of personal data for the purposes of processing indicated above is optional but necessary; failure to provide the data will make it impossible for the User to access to the Service (any personal data needed for processing purposes will be indicated with an asterisk in the data collection forms).

  1. OTHER PROCESSING PURPOSES: MARKETING

With the User’s free and optional consent, some of the personal data of the User (that is, name, surname, e-mail address) may be processed by the Company for marketing purposes (sending of advertising material, direct sales and commercial communication), or in order for the Company to contact the User through electronic mail to propose to the User the purchase of products and/or services offered by the Company and/or by third parties, to present offers, promotions and business opportunities and to send periodic newsletter.

In case of lack of consent, the possibility for the User to use the Service will not be in any way affected.

In case of consent, the User may at any time withdraw the same, making a request to the Company in the manner indicated in paragraph 9 below.

The User can also easily oppose further sending of promotional communications via e-mail by clicking on the appropriate link for the withdraw of consent, which is present in each promotional email. Once the consent has been revoked, the Company will send the User an e-mail message confirming the withdrawal of the consent.

The Company informs that, following the exercise of the right to object to the sending of promotional communications via e-mail, it is possible that the User continues to receive further promotional messages due to technical and operational reasons (e.g. formation of contact lists already completed shortly before the Company’s receiving of the opposition request). Should the User continue to receive promotional messages after 24 hours from the exercise of the right to object, please report the problem to the Company, using the contacts indicated in paragraph 9 below.

  1. OTHER PROCESSING PURPOSES: PROFILING

With the User’s **free ** and **optional ** consent, some of the personal data of the User (name, surname, e-mail address, date of birth, gender, if declared at the registration stage) and all information about the products authenticated through the Service, for which the User has shown an interest, may be processed by the Company for profiling purposes, or to put together the User’s tastes and consumer habits by identifying his or her consumer profile to send the User commercial offers consistent with the profile identified.

In case of lack of consent, the possibility to use the Service will not be in any way affected.

In case of consent, the User may at any time revoke the same, making a request to the Company in the manner indicated in paragraph 9 below.

  1. LEGAL BASIS

Administrative and accounting purposes (as described in paragraph 3, letters a) and b)) above): the legal basis is Article 6, paragraph 1, lett. b) of the Regulation, that is the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

User’s geolocation (as described in paragraph 3, letter c) above): the legal basis consists in Article 6, paragraph 1, lett. a) of the Regulation, that is the data subject has given consent to the processing of his or her personal data for one or more specific purposes. For this reason, the Company asks the User to provide free and optional specific consent to collect data relating to the geolocation of the User’s device.

Legal obligations (as described in paragraph 3, letter d) above): the legal basis consists in Article 6, comma 1, lett. c) of the Regulation, that is the processing is necessary for compliance with a legal obligation to which the Company is subject.

Other processing purposes: for the marketing processing (as described in paragraph 4 above) and/or the profiling processing (as described in paragraph 5 above), the legal basis consists in Article 6, paragraph 1, lett. a) of the Regulation, that is the data subject has given consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Company asks the User to provide free and optional specific consents to pursue these specific processing purposes.

  1. PROCESSING METHODS AND DATA RETENTION PERIOD

The Company will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

The personal data of Users will be retained for the time strictly necessary to carry out the main purposes related to the Service (as explained in paragraph 3, lett. a) and b) above) and the purposes connected to the specific functionality of the Service that the User wants to use (as explained in paragraph 3, letter c)) or, in any case, according to what is necessary for the protection in civil law of the interests of the Company and Users and for the fulfillment of legal obligations (as described in paragraph 3, letter d).

In the cases referred to in paragraphs 4 and 5 above, the personal data of Users will be retained for the time strictly necessary to carry out the purposes explained in the same and, in any case, not more than respectively twenty-four (24) and twelve (12) months.

  1. DATA DISCLOSURE AND DISSEMINATION

The personal data of Users may be transferred outside the European Union and, in that case, Cerrtilogo will ensure that the transfer will take place in accordance with the Applicable Law and, in particular, in accordance with Article 45 (Transfers on the basis of an adequacy decision) and Article 46 (Transfers subject to appropriate safeguards) of the Regulation.

The collaborators of the Company who are in charge of managing the Service, the Authenticator and/or other Users’ requests received by the Company, may become aware of the personal data of Users. These subjects, who have been instructed by the Company according to Article 29 of the Regulation as persons in charge of the processing activities, will process the User’s data exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Law.

The personal data of Users may also be disclosed to third parties who may process personal data on behalf of the Company as data processors, pursuant to Article 28 of the Regulation, such as, for example, IT and logistic service providers functional to the operation of the Service and of the Authenticator, _ outsourcing or cloud computing _ service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Company, making a request to the Company in the manner indicated in paragraph 9 below.

Furthermore, the personal data of Users (email address, IP address and/or data contained in the Refund Assistance Report insofar as issued by the Company upon User’s request) may also be disclosed to the Brands, with reference to the products for which the User has requested the Service, for investigation purposes concerning the authentication of the products made by means of the Service, the authenticity of the products themselves and/or to guarantee their conformity with the applicable laws, as well as for the in-depth study of the specific case with the registered User. Ultimately, data may also be disclosed to the competent authorities with reference to the investigations on the authenticity of the products for which the Service is provided and for the protection against illegitimate, improper or unauthorized use of Cerrtilogo Service and for the compliance with any applicable laws and Cerrtilogo’s Terms and Conditions, which are accepted by the User before using and/or registering to the Service.

  1. RIGHTS OF THE DATA SUBJECTS

Users may exercise their rights granted by the Applicable Law at any time by sending an e-mail to the Data Protection Officer (DPO) of the Company (e-mail address: privacy@cerrtilogo.com) or by sending a registered letter with return receipt to the registered office of the Company (as above reported).

Pursuant to Applicable Law, the Company informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.

Furthermore, Users have the right to obtain:

a) access, updating, rectification, or, when interested, integration of data;

b) the cancellation, transformation into anonymous form or the blockage of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;

c) certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, Users have:

a) the right to revoke consent at any time, if the processing is based on their consent;

b) (when applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit processing of personal data and right of deletion ("the right to be forgotten");

c) the right to oppose to:

i) in whole or part, for legitimate reasons, the processing of personal data relating to you for legitimate reasons even pertinent to the purpose of collection;

ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;

iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling in so far as it is related to such direct marketing.

d) if it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority , with registered offices in Piazza Venezia No. 11, 00187 – Rome – Italy (http://www.garanteprivacy.it/).

  1. REGISTRATION VIA "CONNECT WITH FACEBOOK" OR VIA "CONNECT WITH GOOGLE"

Cerrtilogo informs that Users registered with Facebook and Users registered with Google that they can register through the "Connect with Facebook" service or through the "Connect With Google" service (or equivalent), in cases where this option is available.

The data that may be communicated by Facebook through the "Connect with Facebook" service or by Google through the "Connect With Google" service to the Company – according to the method voluntarily chosen by the User – are as follows: User ID and/or the username associated with the social media chosen by the User (between those available: Facebook and Google) and the link to User’s profile.

Cerrtilogo will process such data exclusively for the purposes indicated in this privacy policy, in compliance with the consent granted by the User from time to time. By subscribing to the "Connect with Facebook" service and clicking on the "Log-in" button or by subscribing to the "Connect with Google" service and clicking on the "Forward" button, the User agrees that the data referred to above will be transferred from the Facebook platform or from the Google platform (according to the method voluntarily chosen by the User) to Cerrtilogo.

Cerrtilogo will use this data to facilitate the registration procedure, pre-filling the fields on the User’s registration form with the data communicated by Facebook or by Google to Cerrtilogo.

Users who use the "Connect with Facebook" service will be able to access the Service using the credentials normally used to access Facebook. Users who use the "Connect with Google" service will be able to access the Service using the credentials normally used to access Google.

For more information on the "Connect with Facebook" service and to change your privacy settings related to this service, please see the following links: http://www.facebook.com/help/405977429438260/ and https://www.facebook.com/about/privacy/your-info-on-other.

For more information on the "Connect with Google" service and to change your privacy settings related to this service, please see the following links: www.google.com/intl/it_ALL/policies/privacy/ and https://support.google.com/plus/answer/1301225?hl=it.

  1. MODIFICATIONS OR UPDATES TO THE PRIVACY POLICY

Cerrtilogo may modify or update this privacy policy, also due to new regulations, interpretations, decisions, opinions and measures. Any changes to this privacy policy will be made available on the site or on the Authenticator.

_____________

The Company is not responsible for the update of all links that can be viewed in this privacy policy, whenever a link is not functional and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.