Privacy policy

General Provisions
Data Subjects and Scope of Application
Categories and Source of the Processed Personal Data
Legal Basis and Purpose of Processing Personal Data. Data Retention Period
Joint Controllers and Processors
Processing of Personal Data Related to Browsing the Website
Processing Methods, Personal Data Retention, and Security Measures
Rights of Data Subjects

1. General Provisions

1.1 Introduction This website (the “Website”) concerns Hudson Italy Srl (the “Company”) – details are provided in the footer – which is part of the Hudson group (“Hudson Group”) headed by Hudson Holdings Limited (HHL), a company with its registered office in Malta (“Hudson”) – at Hudson House, Burmarrad Road St Paul’s Bay (“Hudson”). This Privacy Notice explains how information and data identifying the data subjects described in Article 2.1 (“Personal Data”) are processed in accordance with the national legislation in force on the protection of personal data (“National Data Protection Laws”) and EU General Data Protection Regulation 2016/679 regarding the protection of natural persons with respect to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (“GDPR”).

1.2 Controller and Joint Controller. The Company processes Personal Data as Data Controller (or Joint Controller, as applicable), as defined in the National Data Protection Laws and the GDPR. The identity and contact details of the Company are specified in the Website footer. In particular, the Personal Data of any individual/entity/natural person or representative of legal entities who are customers (“Customers”) with whom the Company establishes commercial/contractual/pre-contractual relationships as customer/prospective customer are processed jointly by the Company and Hudson within their legitimate interest, in accordance with Article 4.1 of this Privacy Notice and the joint controllership agreement signed by the Company, HHL, and other Hudson subsidiaries.

1.3 Changes. The Controller reserves the right to amend or simply update this Privacy Policy, in whole or in part, also due to changes in applicable law. Such changes will be promptly published on the Website and will be binding as soon as they are made known, and will state the month of publication. Any new version of the Privacy Notice will be published on the Website replacing the previous version and will be valid and applicable as of the date of publication, unless otherwise specified.

1.4 Applicable Rules. The Controller processes Personal Data in compliance with: (i) the provisions of the National Data Protection Laws in force on the date of this Privacy Policy; (ii) the provisions of the GDPR and, in particular, the principles laid down therein, including but not limited to lawfulness, fairness and transparency, purpose limitation, data minimisation and adequacy, accountability, accuracy, and—prior to initiating any processing activity—the principles of privacy by design and privacy by default; (iii) guidelines and measures issued by the competent supervisory authority (“Supervisory Authority”).
2. Data Subjects and Scope of Application

2.1 Data Subjects. The Company’s processing activities concern (i) any individual who visits the Website (“Visitors”); and (ii) any individual/entity/natural person or contact person of entities/legal persons with whom the Company establishes relationships on the occasion of registration/participation in Company events and/or who request information, informational material, subscribe to newsletters and other communications, as well as any individual/entity/natural person or contact person of entities/legal persons with whom the Company establishes commercial/contractual/pre-contractual relationships as customers/prospective customers (collectively referred to as “Users” or “Data Subjects”). For the purposes of this Privacy Policy, Visitors and/or Users shall be understood as Data Subjects, as defined by the National Data Protection Laws and the GDPR.

2.2 Scope of Application The Privacy Policy applies to Visitors and Data Subjects, it being understood that the Company, in its capacity as Controller/Joint Controller, is responsible only for the processing of Personal Data falling within its powers, duties, and responsibilities. This Privacy Policy shall not be deemed valid and effective with regard to processing activities carried out by third parties whose websites can be reached from the Website.
3. Categories and Source of the Processed Personal Data

3.1 Source. In their respective capacities as Controller/Joint Controller:

a. Personal Data of Data Subjects—as specified below—are provided by the Data Subjects;

b. Personal Data of Visitors—as specified below—as well as any data related to cookies, are used through the Website, as set out in the Cookie Policy published on the Website.

3.2 Identification Data. The Controller/Joint Controller processes the Personal Data of Visitors and Data Subjects, consisting of common Personal Data; sensitive and/or judicial data (as defined in the National Data Protection Laws in force) and/or special categories of personal data as well as personal data relating to health as defined in the GDPR are expressly excluded from the processing activities under this Privacy Notice (all these types of personal data are hereinafter collectively referred to as “Special Data”). The Personal Data provided by Visitors and Users may include:

a. Browsing data, such as IP addresses, domain names of the computers used by each Visitor connecting to the Website, URI (Uniform Resource Identifier) addresses identifying resources, time of the request, method used to submit the request to the server, size of the requested file, server status code (success, error, etc.), and other parameters regarding the Visitor’s operating system and IT environment; such data will, however, be used solely to obtain anonymous statistical information on the use of the Website and its features, and will be deleted immediately at the end of the relevant processing;

b. Personal Data provided voluntarily or during contractual/pre-contractual phases by Users, such as first and last name (including the name and surname of the legal representative of the company/entity for which the Users act), tax code and VAT number, residence/domicile (including for tax purposes), contact details (mobile and telephone numbers, fax numbers and/or other identification numbers), postal and email addresses (including business addresses, employees’/contractors’ emails and, where applicable, certified email addresses), postal codes, bank details and/or payment data, etc.

3.3 Insights. The Company processes Personal Data of selected Data Subjects acting on behalf of Customers who are more likely to be ready to make a purchase. This processing consists of analysing the interactions of the Data Subjects (e.g., whether the message is opened or not, time spent reading the newsletter, downloads of attachments and/or clicks on links) with the material sent by the Company for marketing purposes (“Insights”). This processing—which involves an assessment of Data Subjects’ behaviour—falls within the definition of “profiling” under Article 4(4) GDPR.

3.4 Special Data. The activities that can be carried out through the Website do not require the provision of Special Data; therefore, Data Subjects are asked not to provide and/or otherwise make Special Data available to the Company. Unless otherwise agreed in writing, any Special Data inadvertently provided by Data Subjects will be deleted and/or removed or otherwise anonymised by the Controller.
4. Legal Basis and Purpose of Processing Personal Data. Data Retention Period

4.1 Legal bases. The legal bases for processing Personal Data are: (i) performance of a contract to which the Data Subjects are party or taking pre-contractual steps at the request of the Data Subjects, with particular reference to the purpose under point 4.2 C); (ii) the Data Subjects’ consent; (iii) the legitimate interest of the Company and companies belonging to the Hudson Group, in particular where the processing of Personal Data is necessary for fraud prevention purposes or where processing is carried out to fulfil statutory formalities or for direct marketing and profiling purposes in connection with the use of the CRM (see points C, D, E, F and G), in any event subject to the requirements of the GDPR.

4.2 Purposes. The Controller/Joint Controller processes Personal Data for the following purposes, as specified in the table below, which also highlights (a) whether express consent to the processing of Personal Data is required, and (b) the data retention period:

Purpose	Consent	Retention Period
A) Fulfil Data Subjects’ orders, including delivery also via courier, contact them regarding order status, and respond to enquiries;	Not required	Until the expiry of the data retention period as provided by applicable law
B) Enable the Company and/or Hudson to carry out all statutory formalities, including administrative and tax/fiscal requirements	Not required	Until the expiry of the data retention period as provided by applicable law
C) Optimize the Website by analysing how Visitors and/or Data Subjects browse and/or use the Website	Not required	Not applicable (aggregated or anonymous data)
D) Send communications and respond to queries regarding the Company/Hudson activities	Not required	For the time necessary to respond and, in any case, to enforce the Company’s rights
E) Send general informational, promotional and advertising newsletters and/or other material for marketing communication purposes, in relation to the Website’s features, Hudson and the Group companies’ activities	Required for newsletters, other materials for advertising or direct e-marketing communications (e.g., marketing communications sent via electronic channels such as email, fax, SMS and MMS), questionnaires and surveys. Not required for postal marketing and/or emails sent to customers, according to applicable laws	Until consent is withdrawn or an objection is communicated
F) Communicate Personal Data to Hudson group companies and to Hudson in order to receive commercial information, newsletters and/or the above materials (under items C and D)	Required	Until consent is withdrawn
G) Process Personal Data for statistical analysis purposes	Not required	Until consent is withdrawn

4.3 Optional provision of Personal Data Without prejudice to the above, the provision of Personal Data is entirely optional and voluntary. However, failure to provide Personal Data may result in the inability to receive communications and/or responses and/or the requested activities.

4.4 Expression and withdrawal of consent. With regard to the purposes referred to under letters D and E) in the table above, Data Subjects may withdraw their consent by informing the Company and/or Hudson by any means and in any form, including by email and telephone; however, with particular regard to the purpose under letter D(i), in order to facilitate the completion of all relevant formalities connected to the request at hand, including the removal of the email address from the mailing list, Data Subjects are invited to follow the specific instructions included in each newsletter/communication sent by the Company and/or any Hudson Group company. If the Data Subject withdraws consent with regard to the purposes under letters D) and E) above, the related processing activities by the Hudson Group companies will be discontinued.

4.5 Right to object. With regard to the purposes under letters D, E and G in the table above, the User may object at any time to the processing in order to have their Personal Data no longer processed for such purposes. To object, Data Subjects are invited to follow the specific instructions included in each newsletter.

5. Joint Controllers and Processors

5.1 Controller and authorised personnel. Directors, employees and independent contractors (regardless of the contractual relationship concerned) of the Company and/or Hudson may process Personal Data in their capacity as persons authorised to process data, in accordance with the National Data Protection Laws and the letter of authorisation signed pursuant to Art. 29 of the GDPR. The authorised personnel are duly trained and permitted to access Personal Data in accordance with this Privacy Notice and subject to their tasks and assignments.

5.2 Joint Controllers and processors. The Controller may appoint internal and external entities/individuals as data processors, including but not limited to consultants (legal and tax) and third-party companies (in particular, CRM providers, internet service providers and other IT service providers, including cloud platforms). The complete list of all processors can be requested by Data Subjects from the Controller by sending an email to the Controller’s email address specified in Article 8.1 of this Privacy Notice. For the purposes under letters C, D, E, F and G in the table above, Hudson, the Company and/or the relevant Hudson Group companies to which the Personal Data of Data Subjects are communicated and shared act as Joint Controllers under Article 26 GDPR and have therefore signed a specific joint controllership agreement.

5.3 Limitations. The authorised personnel and the processors—where appointed—must be properly trained and duly enabled to access and use Personal Data, within the limits of the specific tasks and duties assigned to them and in accordance with this Privacy Policy.
6. Processing of Personal Data Related to Browsing the Website

6.1 Browsing data. The Controller processes Personal Data collected while browsing as provided in the Cookie Policy.

6.2 Links. The Website may include hyperlinks to other websites that are not operated by or otherwise associated with the Company. The Controller has no access to or control over such websites. Data Subjects are invited by the Controller to read the privacy policies of such third-party websites that Data Subjects may access from the Website in order to understand how personal data are collected and processed by them.
7. Processing Methods

7.1 Methods of processing. The Personal Data of Data Subjects are processed almost exclusively through digitised procedures using IT systems and software or, in a limited number of cases, by manual means (e.g., paper-based), it being understood that Personal Data are processed in ways that are strictly related to the purposes for which such data were collected and, in any case, that ensure their security in accordance with the GDPR and the National Data Protection Laws.

7.2 Place of digital data processing. The processing of Personal Data is carried out at the Controller’s offices and/or—if appointed—those of the processors and/or Joint Controllers. Personal Data are stored at the Controller’s/Joint Controller’s offices where the physical servers are located and, in some cases, on third-party servers that provide cloud services to enable the storage of Personal Data.

7.3 Transfer of personal data. Personal Data may be transferred, for organisational and/or commercial purposes, to other Hudson companies, whether located in the EU or in third countries outside the EU, it being understood that, in the latter case, the transfer of Personal Data as specified above shall be subject to the Controller’s/Joint Controller’s assessment of full compliance with the provisions of the GDPR and in particular Articles 44 and 45 thereof. For example, the Hudson Group companies have entered into specific standard contractual clauses regarding the transfer of data involved in the shared use of the CRM solution for the purposes under letters D, E and G.

7.4 Place of manual data processing. When Personal Data are collected offline (e.g., on paper), all documents containing such data are stored at the Controller’s/Joint Controller’s or processors’ and service providers’ premises, where appointed, and filed in appropriate archives.

7.5 Disclosure of Personal Data. Personal Data will in no event be disseminated. Personal Data may be communicated to external processors and/or service providers (e.g., CRM, cloud service providers) or—under the conditions in Articles 4.2, 5.2 and 7.3 above—to Hudson entities.
8. Rights of Data Subjects

8.1 Rights. Data Subjects, where natural persons, may contact the Controller/Joint Controller directly or the processor(s) appointed by the Controller/Joint Controller in order to exercise their rights as provided by the National Data Protection Laws and the GDPR (Arts. 15 et seq.), and, in particular, to access their Personal Data, obtain the updating and rectification or erasure thereof, restriction of processing, object on legitimate grounds to the processing of their Personal Data (with the effects provided in this Privacy Policy), as well as obtain data portability by sending an email to privacy@blackboxstore.com or writing to Hudson Italy Srl C.F. / VAT 06555971214 Address: 80129 Naples, Via Romaniello 21 / B, Italy Phone: (+39) 08119027540, addressing communications to: Privacy Officer—with specific regard to newsletter, direct marketing and profiling activities—by clicking the “unsubscribe” button or following the instructions published on the Website or communicated by the Company and/or other Hudson Group companies.

8.2 Complaint. Without prejudice to the above, pursuant to Articles 13 and 15 GDPR, Data Subjects, where natural persons, may lodge a complaint with the competent Supervisory Authority in order to assert their rights as specified above.

7Pixel S.r.l., represented by its legal representative pro tempore, is appointed as data controller of the User's data (email address) for the management of comment requests within the Trusted Program of the website www.trovaprezzi.it

Privacy policy

1. General Provisions

2. Data Subjects and Scope of Application

3. Categories and Source of the Processed Personal Data

4. Legal Basis and Purpose of Processing Personal Data. Data Retention Period

5. Joint Controllers and Processors

6. Processing of Personal Data Related to Browsing the Website

7. Processing Methods

8. Rights of Data Subjects

Newsletter

DON'T FOLLOW. BE THE FIRST.

Colonna 1 riga 1

Colonna 2 riga 1

Colonna 3 riga 1

Colonna 1 riga 2

Colonna 2 riga 2