SHARING AND TRANSFER OF PERSONAL INFORMATION
The Controllers may transfer personal information of customers to primary third-party suppliers, acting as “data processors” (the “Processors”), for the purpose of performing business operations in order to fulfill their contractual obligations.
The Controllers will make their best effort to ensure that all Processors will apply their industry best practice to protect personal information and that they will not use personal information for any other purposes than those agreed with the Controllers.
For instance, the Controllers may share personal information with the following categories of Processors:
- Couriers and postal operators;
- Fulfilment centers and warehouses;
- Advertising, digital, marketing and social media agencies;
- IT service providers;
- Customer care service providers;
- Payment service providers.
In such cases, sharing personal information with the Processors is necessary for the Controllers to fulfill their contractual obligations and, also, to improve the Site’s products and services.
Users can request an updated list of the Processors involved in the processing of personal information relevant to the Site’s activities by writing an email to: [email protected]
The Controllers must always reserve the right to disclose personal information about users as required by law (for instance, in response to law enforcement requests), and where needed to protect the rights of the Controllers or their affiliates or third parties.
Moreover, personal information may be disclosed to other companies within the same corporate group of each of the Controllers, or to third parties in the event of a corporate restructuring process, in full compliance with the applicable law.
In any other cases, the sharing of personal information will be conditional upon the preliminary and explicit consent of the user, unless processing is allowed under an alternative legal basis.
The Controllers will not transfer any personal information outside the European Economic Area (EEA), unless the user has explicitly authorized such transfer or the transfer of personal information outside the EEA is allowed by the GDPR on another legal basis.