Your personal data will be processed by the Data Controller in order to know your degree of satisfaction with the assistance service received. The legal basis for the processing consists in your consent to participate in this customer survey. 

Finally, we may also process your personal data in order to comply with our applicable statutory obligations or to pursue our legitimate interests (i.e. improving business processes, preventing fraud, exercising and defending our rights or optimising our customer contact strategies), in compliance with the provisions and restrictions applicable under current legislation. 

We shall process your personal data using both hard and soft copies of the data  and the processing will comply with the principles of fairness, lawfulness, and transparency so as to best safeguard your rights and privacy. 

We use of industry-standard physical, organizational, contractual and technological security measures to protect your personal data from unauthorized access, public disclosure, use, modification, damage or loss. 

We take all reasonable and practicable steps to protect your personal information, however unfortunately no system or network is guaranteed to be 100% secure.  If you believe that your interaction with us is no longer secure, please immediately inform us of that in accordance with the “Your Rights” section below (note that physical mail notification will delay the time it takes for us to respond to an issue). 

We shall not disseminate your personal data. 

We will not sell your personal information to third parties. 

To the extent permitted by law and where required with your consent, your Personal information may be disclosed, for the purposes described in this Privacy Policy: 

1.  with our service providers, including companies that belong to Tod’s Group that carry out technical and organizational services on our behalf, with the ultimate aim of pursuing the purposes described above; 

2.  to a third party in the event of a reorganization, merger, sale, joint venture, assignment or transfer of any part of our business, assets or stock (also in connection with bankruptcy or similar proceedings); 

3.  in connection with the essential purposes described above (i.e. to comply with statutory obligations or to respond to a lawful request made by public authorities). 

Your personal information will be transferred from your country to our headquarters in Italy. We are subject to Regulation (EU) 2016/679, which is the data protection law applicable throughout all EU Member States that offers a comparable level of personal data protection as under U.S. laws and regulations. 

Data transfers to countries outside the European Economic Area (EEA): We guarantee that we will only transfer your personal data to a country outside the European Economic Area (EEA) that does not have an Adequacy Decision by the European Commission (EC) only once at least one of the  cross-border transfer mechanisms under the Regulation has been adopted that is able to ensure an adequate protection of the personal data being transferred: 

1.  specific  “Standard Contractual Clauses” are drafted, as issued by the European Commission, in order to ensure that the level of protection of the personal data processed by our partners outside the EU complies with the EU's data protection level requirements; 

2.  Company Binding Rules approved by the competent Public Authorities are adopted, in compliance with the data transfer within a group of undertakings or enterprises, approved by the competent EU data protection authority, pursuant to the consistency mechanism provided for by Article 63 and to the provisions of Article 47 of the Regulation. 

We also undertake to carry out all possible advance risk assessments in accordance with applicable laws concerning the data transfer; adopting, as and when required, any additional security measures, on top of the safeguards guaranteed by the aforementioned transfer mechanisms. 

In any event,  we will only transfer your personal information if the level of protection guaranteed by the relevant privacy laws in force in our countries is not compromised. 

Your personal data shall only be processed by parties that have been specifically instructed to do so and are able to ensure adequate technical and organizational safeguards, as well as being bound to the strictest confidentiality undertakings by us. 

The timing of when we will process your personal data will depend on the purpose of said processing.  

Specifically, the personal data that you provide us by participating in the survey, so that we can understand your degree of satisfaction, will be kept for a maximum period of 24 months from their release.  

We would like to inform you that we are required to retain your personal data in compliance with specific law provisions, on the terms and for the retention periods required by said regulations. 

Insofar as the processing of your personal data is based on a legitimate interest, either ours or that of a third party, the processing of your personal data will be strictly limited to the time required to achieve the legitimate interest, on a case-by-case basis. 

You have the right under applicable law  to access your personal data, to rectify and/or update it, to erase it and/or to obtain a copy or the transmission in a structured format to any third party thereof. You may also request to limit or object to such processing. 

You can withdraw your consent at any time. 

You may exercise these rights at any time, by writing to our Data Protection Officer (DPO) at the following addresses: 

-  by e-mail: dataprivacyofficer@todsgroup.com. 

-  by post: Data Protection Officer - Tod's S.p.A., Via Filippo Della Valle n. 1, 63811 Sant’Elpidio a Mare (FM) – Italy (EU).  

-  you may call us at the following phone number: (+1) 855-303-3253 (Mon-Fri 9am-6pm EST - Weekends and Holidays excluded) 

We will make sure to comply with your request to exercise your rights, always in full compliance with applicable law. 

We will be entitled to ask you for specific information to help us to confirm your identity and to be reasonably certain that only you may access your personal data and that no unauthorized third party may seize, change or delete that data. The processing of your request is free of charge. However, should your requests be manifestly unfounded, excessive, or repetitive in nature, we shall have the right to refuse to comply with them or to request suitable economic compensation for them.  

Under no circumstance will we sell your personal information and for that reason there is not feature which prevents the sale of your personal information. 

Note that at any time you may file a complaint with the Data Protection Authority if you believe that we have breached any rules concerning the protection of your personal data. 

1.  California and Disclosures 

The present section supplements, for the California citizens, what Privacy Policy above describes. 

-  California “Shine the Light” Law - If you are a resident of California, you have the right to ask us once per year for information about the disclosures of personal information and data to third parties for direct marketing purposes during the previous calendar year, if any. 

We shall not use your personal information for marketing purposes nor we shall disclose your personal information  to third parties for their direct marketing purposes. 

-  California Consumer Privacy Act (CCPA) - We have explained our privacy practices in full in the other sections of this Privacy Policy. In this section, we provide a list of categories of personal information that have been collected, disclosed for business purposes during the preceding 12 months, as well as certain other kinds of information, as detailed in the CCPA. We would like to reiterate that we shall not sell your personal information and data and that we shall not use your personal information for marketing purposes. 

Please see the other sections of the Privacy Policy for additional information and context.