Privacy Policy

PRIVACY POLICY

related to the products and services of Cutty srl
pursuant to Articles 13 and 14 of Regulation EU/679/2016 and Legislative Decree 101/2018 (amending and supplementing Legislative Decree 196/2003)

 

Who is the Data Controller?

The company Cutty srl, VAT number 11546320968, with registered office at Via Pietrasanta 12, 20141 Milan (MI), acts as the “Data Controller” (hereinafter referred to as “the Controller”) for the personal data of the customer and any co-obligors (jointly referred to as the “Data Subject”) as described in paragraph 2 below.

 

What data is processed?

The Data Controller processes personal data provided by the Data Subject, including name, surname, residential address, tax code, telephone number, and email address (hereinafter collectively referred to as “Data”).

 

For what purposes is the Data processed?

The Data will be processed by the Data Controller for the following purposes:

a) to conclude contracts for the Controller’s products and services;
b) to fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with the Data Subject;
c) to comply with obligations imposed by law, regulations, EU legislation, or orders from authorities (e.g., anti-money laundering regulations);
d) to exercise the Data Controller’s rights, such as the right to legal defense.

The purposes described in points (a) to (d) are collectively referred to as “Contractual Purposes.”

e) to carry out activities related to securitizations, credit transfers, issuance of securities, business or branch transfers, acquisitions, mergers, demergers, or other transformations, and to execute such transactions;
f) to perform checks aimed at preventing potential fraud.

The purposes described in points (e) and (f) are collectively referred to as “Legitimate Interest Purposes.”

g) to promote the products and services offered by the Controller, including the sending of advertising materials, commercial communications, market research, and direct sales activities through traditional means (e.g., postal mail) or remote communication tools (e.g., email, chat, newsletters, phone, SMS, video calls, automated calls, instant messages, chatbots, intelligent automated communication systems, banners, social networks, search engines, notification systems, and other remote communication tools);
h) to promote – including through the activities described in point (g) above – products and services offered by third parties located within the EU and non-EU countries, to whom the data will be disclosed, in the following sectors: insurance, wholesale and retail trade, information and communication services, services related to the activities of the Controller, professional and technical activities, event organization;
i) to profile the Data Subject (e.g., internal profiling through CRM) to better tailor promotional activities and services to the needs, habits, and interests of the Data Subjects, and to carry out preparatory and/or functional activities for the proper execution of such promotional initiatives.

The purposes described in points (g) to (i) are collectively referred to as “Marketing Purposes.”

 

On what basis is the Data processed?

The processing of Data:

  • is necessary for Contractual Purposes, as it enables the provision of the requested services and related information, as described in points (a) to (c) of paragraph 3 above, and to comply with legal obligations as described in point (d) of paragraph 3 above.
  • for Legitimate Interest Purposes, as described in paragraph 3, letter (e), is carried out to pursue the legitimate interest of the Data Controller and its counterparts, appropriately balanced with the interests of the Data Subject.
  • for Marketing Purposes, the processing is optional, and if the Data Subject denies their consent, they will not receive commercial communications.

 

How is the Data processed?

The Data of the Data Subject is processed through the operations described in Article 4, No. 2 of Regulation EU/679/2016. The Data may be processed using manual or electronic tools designed to ensure its security and confidentiality and to prevent unauthorized access.

 

To whom is the Data disclosed?

The Data may be disclosed to:

  • service providers connected to the activities of the Data Controller;
  • tax, legal, and technical consultants;
  • IT or storage service providers.

 

Is the Data transferred abroad?

The Data may be transferred outside the European Union within the limits permitted by applicable regulations.

 

What are the rights of the Data Subject?

The Data Subject has the rights provided under Articles 15-22 of Regulation EU/679/2016, including the right to access, rectify, erase, restrict processing, data portability, object, and not be subject to automated decision-making, including profiling.

Requests can be sent to the email address info@robertcutty.com.

 

How long is the Data retained?

The Data will be retained for:

  • Contractual Purposes: for the duration of the contract and 10 years after its termination or withdrawal;
  • Legitimate Interest Purposes: for the time strictly necessary;
  • Marketing Purposes: up to 24 months for commercial communications and 12 months for profiling activities.

 

Changes and Updates

This privacy policy is effective from the date indicated below. Any substantial changes will be notified in advance and made available on the website www.robertcutty.com.

 

Milan, July 3, 2019