Gifting has never been easier
Perfect if you're short on time or are unable to deliver your gift yourself. Enter your message and select when to send it.
Privacy Policy
1. Introduction
Welcome to the website https://www.aptyca.com. Aptyca Srl (“Aptyca”) provides the following information regarding the collection and processing of your personal data. While using the website or its related services (hereinafter, the “Site” and the “Services”), information and personal data concerning you may be collected. For this reason, in accordance with the provisions of the General Data Protection Regulation No. 2016/679 (“GDPR”) and applicable national legislation (collectively, “Privacy Legislation”), we have created this document (hereinafter referred to as the “Privacy Policy”) to describe the personal data we collect, the purposes and methods of processing, and the security measures in place to protect them.
2. Data Controllers and Data Protection Officer
Aptyca acts as the Data Controller and will process your personal data to manage online sales activities (e.g., for order and payment management), as defined in Section 3.3, and to carry out marketing activities (e.g., sending newsletters) and creating group and individual profiles (profiling), as described in Section 3.4.
As the Data Controller, Aptyca will process your personal data. You can contact Aptyca by writing to Aptyca S.r.l., viale Brianza n. 125, 20821 - Meda (MB), Italy, or by emailing support@aptyca.com.
Aptyca will handle your personal data in the context of your browsing experience on our site and access to reserved services, as defined in Sections 3.1 and 3.2 below.
3. Sources of Data and Purposes of Processing
3.1 Browsing Data
In the course of their normal operation, the computer systems used for the functioning of the Site acquire some user data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to identify the user; however, it could lead to identification if, for example, combined with information held by third parties. This category of data includes your computer’s IP address and domain name, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response, and other parameters related to your operating system. We use this data solely to derive anonymous statistical information about the use of the Site and to ensure it functions properly. The collected data is deleted immediately after processing. The data may be used to ascertain responsibility in case of cyber crimes against the Services.
3.2 Registration Information and Additional Information Provided by the User
Creating a personal account is not required to use the Site. However, to access certain pages reserved for registered users and, for example, to send us a request for information or feedback on the Services, you will need to create a personal account and log in as a registered user. When creating the account, you will be asked to enter the following registration information:
• First and last name
• Email address
• Password
Additionally, personal data provided by the user when placing an order to purchase an item will be collected and processed. These data are collected through email submission, interactions with Site features, and requests for services offered by the Site. The personal data we collect and process include first name, last name, gender, nationality, email address, shipping and payment methods, credit/debit card number, and purchase habits.
If you wish to use our online size suggestion service, we will collect data related to your body measurements (e.g., height, weight, age).
If the user collects, processes, and communicates information regarding third parties to us, they must do so in accordance with the provisions of the Privacy Policy and, therefore, must provide prior notice of processing to the third parties and, if necessary, obtain their free and express consent before proceeding with processing.
3.3 Purposes of Processing
Providing this information is necessary to create an account and to respond to and manage users’ requests for information and/or feedback, to provide the services requested through the Site, including registration and subsequent modifications, and to manage activities organized through the Site; to conduct statistical analysis and surveys; to manage sales activities and to provide sales and after-sales services, including administration, accounting, returns and warranty management, customer relationship management, including compliance with legal obligations, national and European regulations (including anti-money laundering regulations), to prevent fraud, and to exercise rights in legal proceedings.
By refusing to provide such information, you may still use the Site but will not be able to access some of our Services reserved for registered users. Additionally, your personal data must be processed in order to fulfill the contractual relationship arising from the purchase of Aptyca products. The provision of such data is a contractual obligation. If you request size suggestions, we will process the body measurement data with your consent.
You are free to provide us with your data or not; however, without the required data, it will not be possible to conclude or fulfill the contract or requests. This means that you will not be able to purchase Aptyca products, and we will not be able to manage your requests.
3.4 Additional Purposes of Processing
With your consent, which is optional, Aptyca will use your personal data for additional purposes, such as marketing activities, commercial or advertising communications, direct sales, market research via email (newsletter), phone, SMS, MMS, instant messaging, and traditional mail, including sending invitations to events. You can specify your preferred contact method from the ones listed above at any time, and you can opt out of receiving promotional communications via one or all contact methods. For profiling and marketing purposes carried out using cookies or other tracking technologies, please refer to the dedicated cookie section and the online consent form.
With your consent, which is optional, Aptyca collects information on preferences, habits, and lifestyle, as well as information on your purchases, to use them to create group and individual profiles (“profiling”) and to send you personalized communications. We can send you personalized communications via email (newsletter), phone, SMS, MMS, instant messaging, and traditional mail. You can specify your preferred contact method from those listed above at any time and can opt out of receiving promotional communications via one or all contact methods.
Consent for the aforementioned marketing and profiling purposes is optional, and refusal will have no consequences. User data can be provided through interaction with websites belonging to Aptyca.
3.5 Legal Bases of Processing
Your personal data is processed only if one of the legal requirements provided by current legislation is met, specifically:
- For the conclusion and performance of a contract in which you are an interested party regarding the purchase of products offered on the Site, as well as for the provision of Services to registered users, as applicable to the purposes described in Section 3.3.
- To comply with a legal obligation to which data controllers may be subject within the scope of their activities.
- For the legitimate interest of the data controllers in ensuring navigation and registration activities for reserved users as per Sections 3.1 and 3.2; to prevent and pursue fraudulent activities; and for legitimate internal administrative purposes, for which the communication of data to companies within the data controller’s corporate group is permitted.
- With your consent, for marketing and profiling activities as described in Section 3.4.
4. Data Processing and Storage Methods
Your personal data will be processed both in paper form and with electronic tools, always in compliance with security requirements provided by applicable legislation, particularly but not limited to Article 32 of the GDPR. Our security measures include contractual agreements with other entities (e.g., service providers) aimed at protecting the security and confidentiality of the user’s personal data as stipulated in this Privacy Policy.
Data Use and Retention Period
We will retain your personal data until the purpose for which it is used has been achieved, following our internal data retention policy. Specifically, we provide a general retention period of ten years from the moment of collection of personal data processed for our billing and accounting purposes, except in circumstances where applicable national law requires different retention terms. Generally, we will destroy your personal data in our possession once the purpose of data collection and usage has been achieved. However, we will retain the following categories of personal data for the specified duration below:
- •User registration data: this data will be retained for the time the account is active, strictly to provide the user with services. Even after account closure, we will retain user information if necessary to comply with legal or regulatory obligations, protect our rights, prevent fraud, or comply with this Policy.
- Payment-related data: until payment confirmation and completion of the related administrative and accounting formalities; after the withdrawal right expires and after the dispute period for payment ends.
- Data collected in connection with the use of Services offered on the Site.
- Data related to user requests to our Customer Service: relevant data will be retained until the request is resolved.
To specifically protect our legal rights, we retain data in compliance with restrictions imposed by local regulations.
If you have consented to the processing of personal data for marketing and profiling purposes, data related to your purchases will be retained for five years. After the retention period, data will be automatically deleted or permanently anonymized.
In any case, for technical reasons, the termination of processing and subsequent deletion or irreversible anonymization of personal data will become final within thirty days of the above terms.
Procedure and Methods for Destroying Personal Data
In general, we will destroy your personal data in our possession once the purpose of data collection and usage has been achieved.
Below, we describe the process and methods for destroying personal data
A. Process
Your personal data will be transferred to a separate database (or to a separate archive, in the case of paper documents) and, after being stored for a certain period in accordance with our internal policy or applicable laws and regulations, will be destroyed (please refer to provisions on retention and usage periods). Personal data will not be used for purposes other than those permitted by applicable laws and regulations.
B. Methods
Paper documents containing personal data will be destroyed using shredders or incinerated.
Personal data stored electronically will be deleted using technical means that prevent its recovery.
5. Scope of Disclosure
5.1 Internal and External Data Communication
Personal data is accessible, if necessary, to our duly authorized personnel (such as staff from the Digital, CRM, Retail, IT departments) and is communicated to third parties in the following cases: (i) when disclosure is required by applicable laws and regulations to legitimate third-party recipients, including authorities and public bodies, for their institutional purposes, such as anti-money laundering regulations, judicial authorities; (ii) communication to third parties in cases of extraordinary transactions (e.g., mergers, acquisitions, business transfers, etc.); (iii) communication to third parties engaged in fraud prevention services.
Personal data is also shared with our service providers, for example, within the scope of technical and organizational services required for the above purposes, including independent partners such as associates, shipping companies, marketing companies, and payment processing companies, the list of which can be provided upon request. We provide such entities only with the data necessary for executing the agreed services, and they act as data processors in accordance with Article 28 of the GDPR, based on instructions received from Aptyca. Aptyca expressly declares that it does not disclose user personal data to third parties for marketing or profiling purposes.
5.2 Data Transfer Abroad
For the performance of certain processing of your Personal Data, Aptyca may communicate such data to external entities located in countries outside the European Union (EU) or the European Economic Area (EEA) (hereinafter “Third Countries”).
In particular, Aptyca informs you that your Personal Data may be transferred to Third Countries, the list of which will be periodically updated and/or available upon request. The legality of the transfer is guaranteed by mechanisms provided under Article 46 of the GDPR, as Aptyca has implemented the Standard Contractual Clauses approved by the European Commission (supplemented by additional technical/organizational/legal measures) or, as applicable, based on the existence of an adequacy decision pursuant to Article 45 of the GDPR issued by the European Commission.
These external entities will process the data as autonomous data controllers or data processors, duly appointed by Aptyca, in compliance with data protection legislation and depending on their respective role concerning processing.
6. Rights of the Data Subject
As a data subject, you may exercise at any time the rights recognized by the Privacy Policy regarding the specific processing of your personal data. If you are under the legal age, your legal guardians will, in turn, enjoy the rights described below.
Below is a general description of the rights and the ways to exercise them:
- Right to access personal data: you can obtain confirmation of whether or not your personal data is being processed and, consequently, access your personal data and related information about processing. If you wish, you will be provided with a copy of your personal data.
- Right to rectify personal data: you can obtain correction, modification, or updating of any inaccurate or outdated information and complete incomplete personal data, possibly by providing an additional statement.
- • Right to withdraw consent: you can withdraw consent to process your personal data for any marketing purposes at any time, including profiling. In this regard, please note that marketing activities include sending commercial and promotional communications and conducting market research and surveys aimed at assessing satisfaction levels and adapting commercial offers to your interests. Upon receipt of your request, the processing of your personal data based on such consent will cease, while we will continue to carry out other processing activities or activities based on other grounds, in full compliance with applicable laws.
- Right to erase personal data (right to be forgotten) if your personal data is, specifically, (i) no longer necessary for the purposes for which it was collected or processed, or (ii) has been unlawfully processed, or (iii) must be erased to comply with a legal obligation, or, finally, (iv) if you objected to its processing (see “right to object” below) and there is no overriding legitimate reason allowing Aptyca to process your personal data in any way. Once your request is received and examined, if valid, your personal data will be deleted.
- Right to restrict the processing of personal data: you can request that your data be restricted, meaning that your personal data will be stored but not used (except for requests made by you and exceptions provided by law):
- When you contest the accuracy of personal data for the time necessary for Aptyca to verify its accuracy.
- When processing is unlawful, but you oppose the deletion of your data.
- When, although the data is no longer necessary for Aptyca for processing purposes, you need it to ascertain, exercise, or defend your rights in court.
- When you object to processing, pending verification of whether Aptyca has legitimate grounds for continuing to process the data.
- Right to data portability: you may request to receive data processed based on your consent or a contract entered into with you, in a structured and machine-readable format. If you wish, if the transfer is reasonable and technically possible, we can, at your request, transfer your data directly to a third party indicated by you.
- Right to object: you may object at any time to the processing of your personal data based on a legitimate interest, stating the reasons supporting the request. In the absence of reasons preventing the exercise of the right as provided by law, we will stop the processing objected to. You have the right to object at any time to the processing of your data for marketing and/or profiling purposes, to the extent that the processing is related to such purpose, without the need to specify the reason for objection. In this case, data processing will be immediately suspended.
- Right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
National laws may provide for additional rights of data subjects. For further information, you can contact us at the contact details below.
To exercise the rights described above:
You can write to Customer Service through the appropriate form available in the “Contact” section of the Site.
If you believe that your personal data has not been processed correctly, you can file a complaint with the local supervisory authority.
To consult the list of our external data processors and third parties with whom Aptyca shares your personal data, please contact the Data Controller through the above methods.