Privacy Policy

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

 

Welcome to Coperni website (the “Website”). 

Pursuant to art. 13 of the Regulations (EU) 2016/679 (hereinafter the “GDPR”), this page provides information on how we process your personal data that we collect when you visit the Website and interact with the Website services.

The information is provided only for the Website and possible sub-domains and not for the other websites that can be visited by the User via hypertextual connections or links.

Please read this information carefully before providing your personal details.


  1. DATA CONTROLLER 

Coperni Sas, based in rue 21 Du Daubourg daint Antoine, 75011, Paris, e-mail: privacy@coperniparis.com (“Coperni”), Tomorrow Milano S.R.L., via Archimede 26, 20129 Milan, Italy, VAT Number 07547610969, e-mail: privacy@tomorrowlondon.com., (“Tomorrow”), and DIANA E-COMMERCE CORPORATION SRL, based in Torreglia (PD) at via San Daniele 137/139, 35038, VAT No. 05097740285, e-mail: privacy@dianacorp.com ("Diana") are joint controllers of personal data for all activities related to the sale of products offered on the Website, such as the order execution and after-sales assistance (e.g. for returns and complaints). You can know more about the essential content of the agreement pursuant to art. 26 GDPR between Diana, Tomorrow and Coperni by sending an email to privacy@tomorrowlondon.com.

 

Coperni and Tomorrow are independent controller for the purposes of managing the Website and your registration on the Website (i.e. personal account), as well as for marketing and back in stock services.

 

Hereinafter, when we use the expression "Joint Controllers", we will be referring jointly to Coperni, Tomorrow and Diana. Conversely, you will find the reference to Diana, Tomorrow or Coperni in the event that the information refers to only one of the two data controllers.

 

  1. PERSON IN CHARGE OF THE PERSONAL DATA PROTECTION (DPO)

Diana has appointed a data protection officer (DPO) who a concerned person can contact by writing to dpo@dianacorp.com.

 

  1. CATEGORIES OF COLLECTED PERSONAL DATA
  2. a) Navigation data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.

  1. b) Personal data that you voluntarily provide to us

Joint Controllers process the personal data that you voluntarily provide to us when you register on the Website, access its services, purchase a product or interact with the customer support service, such as, for example, personal data, contact data, data relating to the purchases and banking data.

 

  1. c) Cookies

The Website uses Cookies. For further information on cookies and their use on the Website, see the cookies page.


  1. PURPOSES, LEGAL BASES AND PRESERVATION PERIOD
  2. Your personal data will be processed by Tomorrow and Coperni as independent controller as follows:

#

PURPOSE

LEGAL BASE

PRESERVATION PERIOD

A

New product availability update: acknowledgment of your request for the update on the availability of the requested product on the Website

Execution of the contract or pre-contractual measures you have requested

For the period of time necessary to reply to your request

B

Registration on the Website (personal account): to allow you to create your personal account on the Website and to access and use the related service

Execution of the contract or pre-contractual measures you have requested

Until your request for cancellation of the account or the termination of the service 

C

Browsing the Website: to allow you to browse the Website and access the related services and, in particular, to obtain anonymous statistical information relevant to the use of the Website and its services and to check it is operating correctly

Legitimate interest of the Data Controller

For the time required for processing

D

Marketing:  for sending, by e-mail, sms, social network and other instant messaging apps, information and commercial communications, including promotional ones, regarding the products and services of Coperni.

Consent of the data subject

For 12 months, provided that you do not revoke your consent to the processing beforehand


  1. Your personal data will be processed by Joint Controllers as follows:

#

PURPOSE

LEGAL BASE

PRESERVATION PERIOD

E

Sale of products: for the conclusion and execution of the sales agreement for the products offered on the Website, including the management and processing of purchase orders, the delivery of the products, the communication of any information relating to the order, the management of payments and anti-fraud controls

Execution of the contract or pre-contractual measures you have requested

For the time necessary to process the purchase order (without prejudice to further preservation, where necessary, for the following purposes)

F

After-sales assistance: for the management and response to the requests you send us in relation to the products purchased on the Website, including returns, complaints and refunds

Execution of the contract or pre-contractual measures you have requested

For the time necessary to reply your request (without prejudice to further preservation, where necessary, for the following purposes).  

G

Fulfillment of legal obligations: for the fulfillment of legal obligations (particularly in civil and fiscal subjects as well as public security, banking and personal data protection matters)

Fulfillment of legal obligations

For the period required by the law. The billing data is kept for 10 years from the date of issue of the invoice.

H

Litigations and prevention of offenses: to defend or assert a right of Diana, Tomorrow and/or Coperni and/or for the detection and prevention of fraud and other crimes or offenses

Legitimate interest of the Data Controller 

For the period necessary for the purpose for which the data is collected in accordance with applicable law (for example, regarding prescription)  


  1. NATURE OF THE DATA PROVISION

The provision of data in the fields marked with an asterisk (*) for the purposes given in the previous art. 4, I), letters A), B), C) and II) is necessary to register in the Website and use the relevant services as well as to purchase the Website’s products; failure to provide the data will make it impossible to obtain the products and services you have required. On the other hand, the provision of data in the fields not marked with an asterisk, although it may be useful to facilitate relations with Joint Controllers, is optional and not providing it does not affect the possibility to obtain the products and the required services. With reference to marketing purposes given in the previous art. 4, I), letter D), the provision of data is optional and your refusal will make it impossible for Coperni and Tomorrow to process the provided data for marketing purposes, but it will not prevent you from logging onto the Website, purchasing products and using the relevant services according to the provisions given in art. 4, I), letters A), B), C) and II).

 

  1. PROCESSING METHODS

Your data will be processed by the Data Joint Controllers using mainly IT and telematic methods. Specific security measures are adopted to minimize the risk of destruction or loss of personal data and unauthorized access. The Joint Collectors have adopted all suitable security measures given by the law.

 

  1. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND DISTRIBUTION OF DATA

In order to achieve the purposes that the personal data is collected for, the Joint Collectors can appoint other responsible parties for processing the personal data such as the following:

  • IT service providers, i.e. internet service and cloud computing,
  • subjects that are in charge of the warehouse logistics, as well as promotion, sale and delivery of the products and services of the Joint Collectors,
  • customer care,
  • companies and other subjects that provide customers with legal, fiscal, accountancy, financial, technical-organization, data processing and communication services;
  • subjects that provide bank services, i.e. financial, insurance and credit recovery services;
  • subjects that control anti-fraud on payments;
  • controlled companies and subsidiaries;
  • public authorities and supervising bodies.

The updated list of the Data Processors of personal data is available by a specific request to the Data Joint Controllers through the methods indicated in the paragraph 10. 

Personal details can be also known by the Joint Controllers’ staff in charge of dealing with orders and authorized by the Joint Controllers.

No data collected by the Website can be diffused.

 

  1. TRANSFER OF DATA BOTH TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION

Your personal data may be transferred, for the purposes for which it is collected, to Canada and the United States of America (USA) which are countries that the European Union consider as suitable to the data transfer.

The transfer of personal data to subjects located in the USA will take place exclusively in accordance with the standard contractual clauses adopted or approved by the European Commission (art. 46, paragraph II, letters C and D of the GDPR).

To obtain a copy of this data, please contact the Joint Controllers as given in the paragraph 10.

 

  1. MINORS

The Website and the services are intended for the sale of products and services to adults. Therefore, the Joint Controllers do not intentionally collect the personal data of persons under the age of 18. If you access the services of the Joint Controllers, you are declaring that you are of age.

 

  1. RIGHTS OF THE CONCERNED PERSON

With reference to the provided data, you have the right at any time to ask for the following:

  • the confirmation that personal data is being processed and, in this case, to access your personal data and obtain a copy of it (see Article 15 of the GDPR);
  • the correction of inaccurate personal data, as well as the integration of it if it is incomplete, provided that the purposes of the processing are met (see Article 16 of the GDPR);
  • the cancellation of personal data in accordance with the cases given in art. 17 of the GDPR;
  • the restriction of data processing in the cases given in art. 18 of the GDPR;
  • to prevent the processing of personal data in the cases given in Art. 21 of the GDPR;
  • data portability if the processing is based on your content or on a contract and it is carried out with automated means (see Art. 20 of the GDPR);
  • if you have expressly authorized the processing of your personal data for one or more specific purposes (see Article 6, paragraph 1, letter A of the GDPR), to revoke your consent without affecting the legality of the processing based on the authorization given before the revocation.

To exercise these rights, you can write to privacy@coperniparis.com.

However, you can exercise your rights towards each Joint Controller by writing to the respective references indicated in paragraph 1.

Finally, you have the right to lodge a complaint to the Supervisory Authority.