• Privacy Policy
    We respect the privacy of our customers and the visitors to our website

PRIVACY POLICY

Welcome to www.herno.com (hereinafter also the “Site”). We invite you to carefully read this privacy policy hereinafter also referred to as the “Privacy Policy ”), which applies to each access to the Site, irrespective of any purchase of products marketed therein.

We would like to remind you that this Privacy Policy is governed by the European General Data Protection Regulation 2016/679 (hereinafter also referred to as “GDPR”) e della normativa italiana in materia di protezione dei dati personali. and the Italian legislation on the protection of personal data. The regulation ensures that the processing of personal data is carried out with respect for the fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity and the right to protection of personal data.

Finally, we would like to remind you that users under the age of 14 (fourteen) may not give consent to the processing of personal data without the authorisation of the holder of parental responsibility.


Ownership of the processing of data collected through the Site

Under the GDPR, the data controller is the entity that alone or jointly with others determines the purposes and means of the processing of personal data. Where two or more data controllers jointly determine the purposes and means of processing, they are joint data controllers.

With reference to the processing of data collected and processed through the Site, we inform you that:

  • Herno S.p.A. e The Level S.r.l. , are co-owners of the processing of navigation data, profiling data, data relating to user accounts on the Site, as well as data connected and related to sales made through the Site and to the related pre- and post-sales support activities.
  • Herno S.p.A. is the autonomous owner of the data collected for marketing purposes and communication of the data to third parties belonging to the same group (for these activities it has appointed The Level S.r.l. as data processor).
PRIVACY POLICY PROVIDED BY HERNO S.P.A. AS AUTONOMOUS DATA CONTROLLER

  • 1. Data controller and contact details of the Data Protection Officer

    The Data Controller is Herno S.p.A. with registered office in Via Opifici n. 100 - 28040 Lesa (No) (hereinafter also “Herno” or the “ Data Controller”). The Data Controller has appointed a Data Protection Manager, who can be contacted for any question concerning the processing of personal data at the following e-mail address: privacy@herno.it


  • 2. Purpose and legal basis of processing

    Herno may collect and process your personal data (your e-mail address and personal data) for its own commercial and marketing purposes, including commercial communications, invitations to events, customer satisfaction assessment activities, by automated means (including SMS, instant messaging, e-mail, display of advertisements on your social account through Custom Audience campaigns), as well as by traditional means (through paper mail and phone calls).
    Herno may also communicate the user's data to companies belonging to the same group, operating in the clothing and sports sector, so that they, acting as autonomous owners, may directly send you commercial and marketing messages (both by traditional and automated means).
    The legal basis for the above-mentioned processing lies in the free consent given by the user.

  • 3. Treatment modalities

    The personal data collected through the Site are processed by Herno using mainly computerised and telematic methods and tools, adopting the security measures necessary to minimise the risks of destruction or loss, even accidental, of the data, unauthorised access or processing that is either unauthorised or non-conforming to the purposes of collection as set out in this Privacy Policy. However, such measures, due to the nature of the online medium of transmission, cannot absolutely limit or exclude any risk of unauthorised access or loss of data. To this end, we recommend that you periodically check that your computer is equipped with appropriate software devices for the protection of network data transmission and that your Internet service provider has taken appropriate measures for the security of network data transmission (such as firewalls and spam filters).

  • 4. Source of data and mandatory or optional nature of providing data

    The personal data collected by Herno are provided directly by the user through iteration with the Site. The provision of personal data to Herno is free, optional and not mandatory. Failure to provide it does not limit the use of the Site, however, it may make it impossible for Herno to send commercial communications, information material, updates, newsletters or invitations to events of Herno or of the other companies of the same group.

  • 5. Categories of recipients of personal data

    Herno communicates the personal data of users of the Site only within the limits permitted by law and in accordance with the provisions set out below. In particular, the data may be processed and known by:

    • (i) providers of technical services instrumental to marketing activities, including any social platforms, tra cui Meta, p including Meta, for 'Custom Audience' activities;

    • (ii) companies in the same group as Herno;

    • (iii) The Level S.r.l. as provider of technical services instrumental to the activities of the Site.

  • 6. Non-EEA transfers

    Your data will not be disclosed by the Controller. They may also be transferred outside the EEA, always guaranteeing adequate levels of protection and safeguard, through the use of technical and organisational measures to protect them and the stipulation of Standard Contractual Clauses, in accordance with applicable legislation. You may always contact the Controller to find out the location of your data and to obtain a copy of it.

  • 7. Data retention period

    Personal data provided for marketing purposes (and for communication to third parties) are retained for a maximum of 5 (five) years after consent has been given, unless renewed by the data subject.

    • 8. Rights granted by the Privacy Act to the data subject

      The data subject shall always have the right to obtain from Herno confirmation as to whether or not personal data concerning him exist and communication of such data in intelligible form. The data subject shall also be entitled to obtain information on the source of the personal data, the purposes and methods of the processing, the logic applied to the processing if the latter is carried out with the help of electronic means, the identification data concerning data controller and data processors, the names of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity, for example, as data processors or as persons in charge of the processing or persons who are otherwise authorised to process the personal data. The data subject shall also have the right to request the updating, rectification or, where interested therein, integration of personal data, the erasure, anonymisation or blocking of personal data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; certification to the effect that the above operations have been notified, as also related to their contents, to the entities to whom or which the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. The user also has the right to data portability. The data subject also has the right to object in whole or in part (withdrawal of consent) to the processing of personal data concerning him or her. The right to object may also be exercised specifically, with regard to one or more methods of sending marketing communications. It should be noted that the right to object to the processing of one's own data for direct marketing purposes exercised by means of information technology also extends to traditional methods, without prejudice, however, to the right to exercise this right only in part, where technically possible. The above rights may be exercised by writing to: privacy@herno.it. Finally, please note that it is always possible to lodge a complaint with the competent Control Authority www.garanteprivacy.it.

    PRIVACY POLICY PROVIDED BY HERNO S.P.A. AND THE LEVEL S.R.L. AS JOINT DATA CONTROLLERS

    • 1. Co-processors and contact details of Data Protection Officers

      With reference to browsing data, profiling data, data relating to user accounts created on the Site, as well as data relating to sales, including pre- and post-sales activities, Herno S.p.A., with registered office in via Opifici n. 100 - 28040 Lesa (No) and The Level S.r.l. with registered office in Piazza Arcole n. 4 - 20143 Milano (Mi) act as joint data controllers (hereinafter, for the sake of brevity, the “ Joint Data Controllers ”).
      The Level S.r.l. has appointed a Data Protection Officer (”DPO TL”), who can be contacted for any queries at the following e-mail address: dpo@thelevelgroup.com. Herno S.p.A. has appointed a Data Protection Officer (”DPO Herno”), who can be contacted for any queries at the following e-mail address: privacy@herno.it.

    • 2. Purpose and legal basis of processing

      The co-owners may process and collect the following data, for the following purposes:

      • a. Management of cookies and the data collected through them on the Site. In this regard, we invite you to read the "Cookie Policy" [Cookie Policy | Herno S.p.A.
      • b. Creation and management of the user's account on the Site, as well as performance of related services, replying to user requests, providing assistance and sending the requested information about the products sold: For this purpose, personal data provided voluntarily by the user (such as e-mail address, personal data, password provided through registration on the Site), or otherwise lawfully acquired during the user's iteration with the Site, are processed. .
      • c. Sale of products through the Site and pre- and post-sale activities, including all obligations, contractual and legal, arising therefrom; ;
      • d. Study and analysis of consumer habits and choices, to make the Site's products, initiatives and services more responsive to users' tastes and needs. .

      With the exception of navigation data, which is regulated in the cookie policy, the legal basis for processing lies:
      • (i) in the user's consent, with reference to the purposes referred to in point d. (study and analysis of consumer habits and choices);
      • (ii) in the legitimate interest of providing information, services and responding to user requests, with reference to the purposes set out in b. above;
      • (iii) in the performance of the contract and pre- and post-contractual obligations, with reference to the purposes set out under c. and in the legal obligation with regard to tax and legal obligations related to the aforementioned activities.
    • 3. Study of users' consumption habits and choices

      As indicated in point 2 letter d. above, with the express consent of the user, the Joint Data Controllers may process his/her personal data for the purpose of studying consumption habits and choices, in order to make the products and initiatives promoted on the Site more responsive to the tastes and needs of their customers.
      With the help of automated tools, the Joint Data Controllers therefore process data relating to the value and frequency of purchases, the type of products purchased over a specific period of time, and data relating to the user's buying habits and preferences. The sole purpose of this study is to propose to customers and users products, services and initiatives that are more in line with their tastes and needs. In this regard, it is specified that the study of user and customer behaviour will be carried out in a way that does not invade the personal sphere.

    • 4. Treatment modalities

      Personal data collected through the Site are processed using mainly computerised and telematic methods and tools, adopting security measures so as to minimise the risks of destruction or loss, even accidental, of the data themselves, of unauthorised access or processing that is not permitted or does not comply with the purposes of collection as indicated in this Privacy Policy. However, such measures, due to the nature of the online medium of transmission, cannot absolutely limit or exclude any risk of unauthorised access or loss of data. To this end, we recommend that you periodically check that your computer is equipped with appropriate software devices for the protection of network data transmission, both incoming and outgoing, and that your Internet service provider has taken appropriate measures for the security of network data transmission.

    • 5. Source of data and obligatory or optional nature of providing data

      With the exception of navigation data, the provision and collection of which is governed by the Cookie Policy, the personal data collected by the Joint Data Controllers is provided directly by the user.
      The provision of personal data collected for the purposes of point 2, letter b. and letter d. is free, optional and not mandatory. Failure to provide such data will make it impossible for the Joint Data Controllers to respond to the user's requests for information and queries, and to offer products, services and initiatives that are more responsive to the user's needs.
      The provision of data, in particular personal and contact data, for the purposes related to the sale, as better specified in point 2, letter c. is necessary with regard to the conclusion of the contract for the purchase of products through the Site, as well as for the provision of other services rendered on the Site and related to the sale, or to comply with obligations arising from laws or regulations. Any refusal to provide certain data necessary for these purposes may make it impossible to execute the contract for the purchase of products on the Site, or to provide the other services related to this, such as assistance services, or to properly fulfil legal and regulatory obligations. Failure to provide data may therefore constitute, depending on the case, a legitimate and justified reason for not executing the contract for the purchase of products on the Site and the provision of related services.
      As the case may be, and if necessary, the compulsory or optional nature of the communication of data will be indicated from time to time, by appending an appropriate character (*) to the information of a compulsory nature, i.e. only the data necessary for the provision of services and the purchase of products on the Site. Failure to indicate optional personal data will not entail any obligation or disadvantage.
      It should also be noted that payment data (credit card data) are directly collected and processed by the online payment circuits and are neither displayed nor processed by the cardholders.

    • 6. Scope of personal data communication

      Personal data may be communicated to and known by:
      • • employees and/or consultants of the Joint Holders, who will act as authorised processors;
      • • third-party companies that perform specific services on behalf of the Data Controllers (such as, for instance, logistics and IT services, services instrumental to profiling activities).
      Personal data may also be disclosed to third parties for the exclusive purpose of fulfilling the purchase contract (such as, for example, the credit institution for the execution of remote electronic payment services by credit/debit card).

    • 7. Extra-EEA transfers

      Your data will not be disclosed. It may also be transferred outside the EEA, always guaranteeing adequate levels of protection and safeguard, through the use of technical and organisational measures to protect it and the stipulation of Standard Contractual Clauses, in accordance with applicable law. You may always contact the Data Controllers to find out the location of your data and to obtain a copy of it.

    • 8. Data retention period

      With the exception of browsing data, the storage of which is detailed in the Cookie Policy Cookie Policy | Herno S.p.A.], the user's personal registration, access and account use data on the Site will be stored for the period of time the account is used and activated; unused accounts will be deleted within two years from the last access/use of the account. Data processed for the purpose of providing a service, i.e. responding to specific user requests, will be retained for the time necessary to process the request and for any further time necessary for the Account Holders to fulfil the need or request received. The data processed for purposes related to the sale, shall be kept for the period necessary to perform the contract and related services, as well as for the subsequent period of time required by civil and tax regulations. Lastly, if the user has given his consent, the data collected for purposes of analysis and study of consumer habits and choices are retained for a maximum of 7 years from the collection of consent.

    • 9. Rights granted by the Privacy Act to the data subject

      The data subject shall always have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her exist and communication of such data in intelligible form. He/she also has the right to obtain information on the origin of the personal data, the purpose and method of processing, the logic applied in the event of processing carried out with the aid of electronic instruments, the identification details of the data controller and data processors, the names of the persons or categories of persons to whom the personal data may be communicated or who may become aware of it in their capacity, for example, as data processors or persons authorised to process it. The data subject shall also have the right to request the updating, rectification or, where interested therein, integration of personal data, erasure, anonymisation or blocking of personal data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; certification to the effect that the above operations have been notified, as also related to their contents, to the entities to whom or which the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. The user also has the right to data portability. The data subject also has the right to object in whole or in part (withdrawal of consent) to the processing of personal data concerning him or her.
      Finally, please note that it is always possible to lodge a complaint with the competent Control Authority (www.garanteprivacy.it).

      Version updated 13/03/2024.