Skip to content

Cart

Your cart is empty

Privacy policy

PRIVACY POLICY – WEBSITE CARRERAWORLD.COM

Art. 13 of Regulation 2016/679/EU (“GDPR”)

 

This Privacy Policy explains the methods and purposes of the processing activities carried out by Safilo S.p.A. with registered office in Settima Strada 15, 35129 Padua, Italy, as Data Controller (hereafter the "Company" or “Data Controller”) with regard to the personal data of the users  (“Users”) that visit the website www.carreraworld.com  (hereafter “Website”).

In particular, on this page, the Data Controller intends to provide some information on the processing of personal data relating to the Users who visit or interact with this Website.

The information contained in this Privacy Policy is provided only for the Website, to all the sub-sites/pages that refer to it, and not for other websites that may be consulted by the User.  

The reproduction or use of pages, materials and information contained within the Website, by any means and on any medium, is not permitted without the prior written consent of the Company. Copying and/or printing of the contents of the Website is permitted only for personal and non-commercial use (for requests and clarifications, contact the Data Controller at the addresses indicated below). Other uses of the contents, services and information on this Website are not permitted.

 

1.      Data Controller and Data Protection Officer

The Data Controller is Safilo S.p.A. with registered office in Settima Strada 15, 35129 Padua, Italy.

The appointed Data Protection Officer ("DPO") can be contacted at [email protected].

 

2.    Categories of personal data processed when browsing the Website

The Company collects and process, via the Website, information related to the Users who visit or interact with the Website. When the User visits the Website, the latter collects certain personal data, such as IP addresses, the domain names of the computers used by User who connect to the Website, the URI (“Uniform Resource Identifier”) addresses of the requested resources, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the user (“Navigation Data”).

Navigation Data could, through processing and association with data held by third parties, allow Users to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the Website.

The Company informs the Users that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the Website of the Data Controller or other sites linked or connected to it.

The Website collects additional information about the User such as identity data, including but not limited to, name, last name, country of origin) and contact details including but not limited to., e-mail address, telephone number).

The Company may also collect information at an aggregate level for additional purposes, such as information about the User behavior on the Website, through the use of cookies or other tracking tools. For information regarding the collection of user information through the use of cookies and similar technologies, please see the Cookie Policy.

 

3.    Data provided by the User

The Company limits the collection of information provided by the User to what is necessary to pursue the purposes of the processing set out in this Privacy Policy and the services expressed requested. Furthermore, the Company collects, stores and processes User’s personal data in order to provide the User with the requested information on the products and services offered by the Company. The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, communications via social networks, call centers, etc., entails the subsequent acquisition of some of User’s personal data, necessary to respond to the requests.

 

4.    Purposes of the processing and legal basis

Personal data are processed for the following purposes:

1.     Contacting the Company: the Company offers the User the opportunity to send communication, questions and requests for information about the Company’s products and services by filling in the appropriate form in the “Contact us” section. In this regard, the personal data provided by the User (e.g., e-mail address, telephone number and/or any other information spontaneously provided by the User) will be processed by the Company in order to take charge of, correctly manage and respond to the User's request or communication.

Legal basis: provision of services expressly requested by the User, art. 6, lett. b) of the GDPR: “the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. Communication of personal data is necessary, and any refusal will result in the impossibility of obtaining the requested services.

 

Data retention period: the personal data will be deleted after 24 months from the response provided to the User unless there are further requirements strictly related to request sent by the User.

 

2.     Management of the sales contracts: the Company processes User’s personal data for the pre-contractual and contractual obligations connected to the management of purchases of products offered through the Website or that may be of interest of the User, for the completion of the purchase order for the products and services offered, including aspects relating to payment by credit card, the management of shipments, the possible exercise of the right of reconsideration provided for remote purchases, the update on the availability of products and services temporarily unavailable.

Legal basis: the processing is necessary for the performance of a contract to which the data subject is a party and the provision of services expressly requested by the User, art. 6, lett. b) of the GDPR: “the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. Communication of personal data is necessary, and failure to provide it will prevent the Company from allowing Users to complete the purchases.

 

Data retention period: the personal data will be retained according to terms provided under applicable law, that is ten years from the completion of the purchase.  

 

3.     Newsletter: by filling in the relevant registration form, the Company will send the User (by e-mail) newsletters on its services and products.

Legal basis: express consent of the data subject, art. 6, lett. a) of the GDPR: “the data subject has given consent to the processing of his or her personal data”. Provision of personal data is voluntary, and consent may be withdrawn at any time, with the interruption of the processing, without prejudice to the processing carried out up to that point.

 

Data retention period: the data will be retained for 24 months from the date of consent, unless revoked. This period may be extended by the user by renewing the consent to the processing for this purpose.

 

4.     Direct marketing: the Company process User’s personal data in order to send promotional, commercial and advertising communications or communications relating to the Company's products, services and/or events and commercial initiatives, as well as to carry out market analysis and research, by means of automated systems on the online channel (e-mail, whatsapp, sms or any other type of message) and on the telephone channel.

Legal basis: express consent of the data subject, art. 6, lett. a) of the GDPR: “the data subject has given consent to the processing of his or her personal data”. Provision of personal data is voluntary, and consent may be withdrawn at any time, with the interruption of the processing, without prejudice to the processing carried out up to that point.

 

Data retention period: the data will be retained for 24 months from the date of consent, unless revoked. This period may be extended by the user by renewing the consent to the processing for this purpose.

 

5.     Profiling activities: the Company may use the User’s personal data for individual or aggregate profiling activities in order to improve the Company's commercial offer and to provide the User with suggestions in accordance with the User's preferences.

Legal basis: express consent of the data subject, art. 6, lett. a) of the GDPR: “the data subject has given consent to the processing of his or her personal data”. Consent may be withdrawn at any time, with the interruption of the processing, without prejudice to the processing carried out up to that point.

 

Data retention period: the data will be retained for 12 months from the date of consent, unless revoked. This period may be extended by the user by renewing the consent to the processing for this purpose.

 

6.     Fulfillment of legal obligations and/or applicable provisions: the Company may also process the User's data for purposes related to the fulfilment of legal obligations, regulations, national and EU provisions as well as provisions issued by authorities.

Legal basis: fulfillment of legal obligations, art. 6, lett. c) of the GDPR: “the processing is necessary for compliance with a legal obligation to which the controller is subject”. The processing of the data is necessary and failure to provide the data will make it impossible for the Company to comply with its legal obligations.

 

7.     Legitimate interests of the Company and/or third parties: User’s personal data may be used to exercise the rights and legitimate interests of the Company and/or third parties, such as the right of defence, the handling of complaints and litigation and the prevention of illegal activities.

Legal basis: legitimate interest of the Company and/or third parties, which, on the basis of the evaluations carried out by the Company, is not detrimental to the rights of the User, art. 6, lett. f) of the GDPR: “the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”.

 

Data retention period: the data will be retained in compliance with specific legal provision, in order to assert, exercise or defend a right or for legitimate interest, and will be cancelled when the purposes for which they were collected are fulfilled.

 

5.      Data processing methods

The processing is carried out with the aid of electronic or automated means by the Data Controller and/or by third parties which he can use to store, manage and transmit the data. The data processing will be carried out with the logical organization and processing of the User’s personal data, also relating to the logs originating from the access and use of the services made available via the web, of the products and services used in relation to the purposes indicated above and, in any case, in order to guarantee the security and confidentiality of the data.

Electronic payment instruments: with reference to data security, in the section of the Website set up for particular services, where personal data is requested by the User, the data is encrypted using a security technology called Secure Sockets Layer (abbreviated to SSL). SSL technology encrypts the information before it is exchanged via the Internet between the User’s computer and the Company’s central system, making it incomprehensible to unauthorized persons and thus guaranteeing the confidentiality of the information transmitted; moreover transactions made using electronic payment instruments are carried out directly using the payment service provider’s platform (PSP) and the Company only keeps the minimum set of information necessary to manage any disputes.

 

6.      Cookies

A cookie is a short string of text that is sent to User’s browser and, possibly, saved on the computer (alternatively on smartphone / tablet or any other tool used to access the Internet); such sending generally occurs every time you visit a website.

The cookies stored on the User’s terminal cannot be used to retrieve any data from the hard disk, transmit computer viruses or identify and use the User’s e-mail address. Each cookie is unique in relation to the browser and device uses to access the website of the Data Controller. In general, the purpose of cookies, including the so-called "Pixel and/or web-bacon", is to improve the functioning of the website and the user experience in using it. These cookies allow to understand how Users use the Website in order to then be able to evaluate and improve its functioning and create content that is increasingly appropriate for users' preferences. For example, analytical cookies allow us to know which pages are the most and least visited, how many visitors to the site are, how much time is spent on the site on average by users and how visitors get on the site. In this way it is possible to determine which are the optimal functioning and the most liked contents and how the contents and the functionality of the pages can be improved. In order to know how our Users, use the site, the Company uses the services offered by third parties to collect, aggregate and analyze data in order to better understand how the Website is used. These cookies have a limited duration. The information collected is used by the Data Controller in aggregate and/or pseudo-anonymous form, for example to monitor and analyze the use of the Site, improve its functionality and choose the contents and graphics more accurately, in order to meet the needs. of visitors. In any case, if for any reason you prefer that these specific cookies were not activated, Google provides a free add-on for the opt-out that can be installed on the main browsers (see https://tools.google.com/dlpage/gaoptout). For more information on what cookies are and how they work, the User can consult the “All about cookies” website http://www.allaboutcookies.org.

If the User wishes to block or delete the cookies received from the Website, you can do so by changing the settings on your browser.  In case the User chooses to disable all cookies, also the necessary, functional and performance cookies will be blocked and this could cause inconvenience to your navigation on the site. For example, the User will be able to visit the public pages of the site, but may not be able to access any restricted areas.

For detailed information on the cookies used by the site, read the Cookies Policy at this link: https://www.carreraworld.com/pages/cookie-policy.

 

7.    Interaction with external social networks and platforms

The Website, through widgets and buttons, can interact with external platforms and social networks. In this case, the information acquired depends on the settings of the profiles used by the User on each social network and not by the administrator of this Website, especially if the User has an active access profile to these platforms.

The connections with Instagram®, or other social site, allow the User to interact with the pages of Carrera World present in social networks and share ideas, opinions or topics of the website with the respective social platforms and can collect data of the interested party. We would like to point out that by using the dedicated Carrera World pages on social networks the User could insert content publicly available on the Internet. Before interacting with these areas, please read the General Conditions of Use of social media carefully, taking into consideration that, in certain circumstances, the information published can be viewed by anyone and all the information you include in your publications can be read, collected and used by third parties. More information can be obtained from the websites of the companies offering the service. We would like to point out that in this case, during such browsing your personal data are not managed by the Company whose intervention is limited to making the connection available through these buttons only to offer an additional service to the user but has no control over them.

 

8.    Data recipients

For the pursuit of the purposes indicated above, the User’s personal data may be shared with the Company’s employees and collaborators, as persons authorized to process personal data.

In addition, your personal data may be communicated to the following categories of subjects: (i) partners of the Company; (ii) third parties who provide computer and telematic services (e.g. hosting services, website management and development, payment instruments) which Safilo uses to carry out tasks and activities of a technical and organizational nature instrumental to the functioning of the website; (iii) banks. The subjects belonging to the above-mentioned categories will use the personal data as autonomous data controllers or as data processors.

Finally, the personal data processed may be communicated to subjects whose right to access the Data is recognized by provisions of law and secondary regulations or by provisions issued by the competent authorities.

 

9.      Transfer of data outside the EU

In pursuit of the above-mentioned purposes, the data may be transferred outside the European Economic Area (“EAA”). In this case, the Data Controller ensures that the transfer of data will take place on the basis of adequate safeguards, including European Commission adequacy decisions pursuant to Article 45 of the GDPR or, failing that, standard contractual clauses or other adequate safeguards pursuant to Article 46 of the GDPR.

 

10.   Data of minors

The Website is not addressed at minors under the age of 18 and the Company does not intentionally collect personal information from them. In the event of accidental recording of any information on minors, as soon as it becomes aware of it, the Company will promptly delete it.

 

11.   Data subjects’ rights

Users are granted the rights set out in Articles 15 to 22 of the GDPR. In particular, the User has the right to:

- request confirmation that data processing is taking place and, if so, ask the Data Controller for access to information relating to such processing

- ask for the rectification of inaccurate or incomplete data

- ask the Controller to delete the data

- request the restriction of the processing;

- request to receive the data in a commonly used, machine-readable format and to transmit them to another data controller, or to obtain direct transmission from one data controller to another, if technically feasible (so-called data portability);

- where data processing is based on consent, withdraw consent at any time. Such revocation shall not affect the lawfulness of the processing carried out prior to the revocation.

The User also has the right to object in whole or in part, for legitimate reasons, to the processing of personal data concerning him/her.

The Data Controller shall do so without delay and, in any case, no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Data Controller. In such cases, the Data Controller shall inform the User within one month of receipt of the request and inform him of the reasons for the extension.

The User may exercise these rights by sending a request by e-mail to the Data Controller at the following e-mail address, [email protected].

Finally, if the User considers that the processing of data violates the legislation on the protection of personal data, he/she has the right to lodge a complaint with the competent Data Protection Authority

 

12.   Update of the Privacy Policy

This Privacy Policy was updated in April 2025.