• Conditions of sale
    The offer and the sale of products on parajumpers.it are determined by the Conditions of Sale
  • Legal area
    Please read our Privacy and Return Policy carefully

Privacy Policy


This Privacy Policy provides users of this site (the “Site”) with the fullest possible details on processing of their personal data, as described below, by the Site in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation – the “GDPR”) and the applicable Italian legislation on the protection of personal data.


In accordance with the applicable legislation, this Privacy Policy also provides details on:


• the nature of the personal data processed (as defined below);

• the purposes of the processing and the means used for the processing;

• the identity and contact details of the controllers;

• the contact details of the data protection officer (DPO);

• any third parties involved in the processing activities;

• the period for which the personal data will be stored;

• a brief description of the security measures adopted to protect personal data;

• the existence of the data subject’s right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.


This Privacy Policy applies to the Site only and does not concern any website or platform to which the Site may link..

Users under 14 (fourteen) years of age cannot give consent to the processing of their personal data without the authorisation from the holder of parental responsibility.



THE CONTROLLER


Under the GDPR, the controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers.

The joint controllers in relation to the Site’s activities are:


• Parajumpers S.p.A., Sestiere San Marco 3877 – 30124 – Venezia (VE) Italy; email: privacy@parajumpers.it

• THE LEVEL GROUP S.R.L., Piazza Arcole 4, 20143 Mailand, Italien; contact: privacy@thelevelgroup.com

(the "Joint Controllers").


A Data Protection Officer has been designated to ensure that personal data is processed in accordance with the GDPR. The Data Protection Officer may be contacted for any request at the following email address: privacy@thelevelgroup.com


PERSONAL DATA: PURPOSES OF PROCESSING


“Personal data” means any information relating to users of the Site, including information that identifies them personally, alone or in combination with other information.

Personal data is collected automatically, through the Site or from multiple sources: forms, chats, emails, apps, devices, social media and other means.


The Joint Controllers process personal data in connection with the following activities:


Managing Site browsing


The Joint Controllers collect browsing data (of a general nature) using automatic means for the purposes of enabling and improving the user’s browsing of the Site (for example, IP address, visit date/time and duration, any referring URLs, pages visited on the Site, device used and other information).

Processing of such browsing data allows users to access the Site and make full use of its features and services. In addition, browsing data can be used to check that the Site is working properly.

From time to time, browsing data are processed anonymously for statistical purposes.

Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of the users if associated with other information.

The browsing data described above are stored only temporarily in accordance with applicable regulations.


The legal basis for such personal data processing is the legitimate interest of the controller (Article 6(1)(f) of the GDPR).


Managing orders


On verification, the Site will ask users to provide personal data that are essential for ensuring proper processing of purchase orders and fulfilling user-related contractual obligations (such data may include, for example: first name and surname, email address, delivery address, etc.).

This personal data is also essential for allowing Customer Service to assist customers with any requests and related needs, prior to or after the sale (for example: order delivery status or product returns).

Personal data relating to orders will be stored for as long as needed to fulfil contractual obligations, as well as any accounting and tax obligations.

The Joint Controllers can also check that payment instruments used by customers for purchases on the Site (for example, credit or debit cards, etc.) are valid, mainly to prevent fraud or to fulfil statutory anti-money laundering obligations. Since this work is assigned to duly authorised third parties, the Joint Controllers do not process or store financial information relating to customers and payment instruments.

Failure to provide the personal information required at checkout will prevent users from completing an order on the Site.

The legal basis for such personal data processing is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party).


Based on their legitimate interest (Article 6(1)(f) of the GDPR) in improving customer relations, the Joint Controllers will send customers who have made purchases on the Site email communications containing product suggestions, discounts, requests for feedback or other updates. Customers are free to object to any further email communication at any time (for example by clicking on the “unsubscribe” link at the foot of each email).


Site registration


Users choosing to set up and register a personal account on the Site will be asked to provide personal data (for example, date of birth, gender, etc.). The Site clearly indicates which personal data are essential (or otherwise) for setting up an account on the Site.

Users must provide true and accurate personal data at the time of registration and are encouraged to update their personal data as necessary by logging into their personal account.

Users must provide true and accurate personal data at the time of registration and are encouraged to update their personal data as necessary by logging into their personal account.

The Joint Controllers do not monitor or manage such social media services or the user profiles on such social media services, neither do they establish the data protection settings or rules on use of personal data on such social media services (Facebook, Twitter, etc.). Users are strongly advised to read any social media service personal data protection statements published by the operators of such services, so as to obtain further information on how their personal data will be processed through such channels.


The legal basis for such personal data processing is the consent given by the data subject at the time of registration (Article 6(1)(a) of the GDPR).


Newsletter and marketing communications


The Site allows Users to choose to opt out of receiving newsletters and commercial communications.

The Joint Controllers will always seek the express, free and unambiguous consent of users before sending them newsletters and marketing communications or, more generally, before commencing marketing initiatives aimed at users.

In such cases, in addition to their email addresses, users may be requested to provide personal data (for example, gender, country of residence, etc.) so as to receive marketing communications and newsletters that are personalised based on their user profiles.

Users are free to withdraw their consent to receive newsletters and commercial communications at any time simply by:

• changing their account settings;

• clicking on the “unsubscribe” link contained in all such emails;

• contacting our Customer Service.


Profiling


With the express consent of the user, the newsletter and marketing communications can be tailored to the user “profile”, based on the Personal Data collected by the Joint Controllers on the user in question.

It is in the legitimate interests of the Joint Controllers to process the personal data of customers of the Site so as to be able to offer more attractive products, improve the Site and personalise the products offered on the Site.

The main purpose of profiling is to offer products, services and initiatives that are better tailored to the tastes, purchasing habits and interests of users and customers.

Personal data may also be used for remarketing, retargeting or profiling purposes, including via third parties (for example, social networks, etc.).

Under no circumstances will the Site or the Joint Controllers carry out profiling activities relating to minors.

The legal basis for such personal data processing is the consent of the data subject to processing of their personal data (Article 6(1)(a) del GDPR).


COOKIES


Information is available on cookies used on the Site via following link: Cookie Policy


SHARING AND TRANSFER OF PERSONAL DATA


The Joint Controllers will transfer customers’ personal data to primary third-party service providers, acting in the capacity of processors (the “Processors”), to allow them to perform the operations necessary to fulfil contractual obligations (for example, delivery of ordered goods, payments, etc.).

The Joint Controllers will do all in their power ensure that all Processors adopt the best available procedures for protecting personal data and do not use such data for purposes other than those laid down by the Controllers.

For example, the Joint Controllers may share personal data with the following categories of Processors:

• Couriers and postal operators;

• Order Fulfilment centers and warehouses;

• Advertising, digital, marketing and social media agencies;

• IT service providers;

• Customer service providers;

• Payment service providers.

Users can obtain details of the categories of recipients to whom their personal data have been or will be disclosed by sending an email to: privacy@thelevelgroup.com

The Joint Controllers are required to share personal data with third parties in certain cases where this is strictly required under the law, as well as in cases where this is necessary to protect the rights of the Joint Controllers, related parties, or third parties.

Furthermore, personal data may be disclosed to other members of the group of companies to which each of the Data Controllers belong, or to third parties in the event of company reorganisation, in full compliance with the applicable laws.

In all other cases, sharing of personal data will be subject to the prior express consent of the user, unless there is another legal basis for processing.

The Joint Controllers will not transfer personal data outside the European Economic Area (EEA) except with the express consent of the user (data subject) to such transfer or where transfer of personal data outside the EEA is permitted under the GDPR on another legal basis.


PROCESSING METHODS AND SECURITY MEASURES


Users’ personal data will be processed by the Joint Controllers using computer, automated and electronic means and, to a limited extent, by paper means. In accordance with the GDPR, specific security measures have been put in place to prevent loss, unlawful or improper use of and unauthorised access to data.

Only persons authorised by the Joint Controllers or by their service providers acting in their as capacity as Processors will have access to personal data relating to Site activities. Instructions and security measures have been laid down in agreements or when appointing the Processors to ensure that the level of security required by the GDPR is ensured at all times during the processing of personal data for Site activities.

While Site settings and processing adopt security measures to prevent the loss, destruction or dissemination of personal data, security risks connected with online transmission of data cannot be excluded.


STORAGE OF PERSONAL DATA


The Joint Controllers will store personal data for the period that is necessary for providing users and customers with the services they request or for complying with legal or tax obligations or for the minimum period required by law.

The Joint Controllers will promptly erase or pseudonymise any personal data when its storage is no longer necessary or required by law.

Notwithstanding the right to be forgotten to the extent provided for under the applicable legislation, when storage of personal data is no longer permitted or no longer required by law, the maximum period of storage of personal data will be 10 (ten) years from the date of last interaction with the Site by the data subject.


LINKS TO THIRD-PARTY WEBSITES OR PLATFORMS


The Site may display banners, advertisements and other links to third-party websites or platforms. The Joint Controllers have no control over and will accept no responsibility for the conduct of such third-party websites or platforms in relation to data protection legislation. Users are encouraged to read the data protection statements of third-party websites for information on their personal data collection and storage or processing procedures.


RIGHT OF USERS


Users have the right to obtain confirmation as to whether or not personal data concerning them is held by Joint Controllers.

Where this is the case, under the GDPR, users, as data subjects, also have the right to:

• be informed about the collection and use of personal data concerning them;

• obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f) the right to lodge a complaint with a supervisory authority (in Italy: Garante per la protezione dei dati personali - Personal data protection authority);

• obtain the rectification or completion of inaccurate or incomplete personal data;

• obtain the erasure of their personal data (“the right to be forgotten”);

• receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (“the right to data portability”);

• object, under certain circumstances, to processing of personal data concerning them;

• object at any time to processing of personal data concerning them for the purposes of “profiling” or “automated decision-making processes”;

• withdraw, at any time, their consent to the processing of their personal data, where requested and given, without affecting the lawfulness of processing based on consent before its withdrawal;

• lodge a complaint with the competent Italian supervisory authority: Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Roma (RM), Italy.

Users can contact the Joint Controllers with any queries and to exercise their data protection rights, at the following email address: privacy@thelevelgroup.com


CHANGES TO THE PRESENT PRIVACY POLICY


Any future changes to this Privacy Policy will be posted on the Site and, as required, notified to users by email. Users are encouraged to consult this Privacy Policy frequently to check for any updates or changes.


Last update: 01/07/2021