In accordance with European Regulation 2016/679 (“the GDPR”), the national legislation currently in force and the Privacy Policy (i.e. Legislative Decree 196/03, as amended by Legislative Decree 101/2018), this document is intended to inform users that when providing personal data by filling out the form to purchase products online, they are consenting to data processing by Calzaturificio Fratelli Soldini SpA, with VAT No.  IT00100020510, with headquarters at 32, Via Vittorio Veneto, Capolona (AR), 52010, Italy, contactable via the following means: Tel +39 0575 42811; Fax ++39 0575 420254; email:

Calzaturificio Fratelli Soldini SpA (hereinafter referred to as the “Data Controller,” pursuant to Article 4 of the GDPR) adopts the following privacy policy, as required by Article 12 of the GDPR, as a measure to provide users with information pursuant to Article 13, as well as communications pursuant to Articles 15 to 22 of the GDPR. Therefore, in relation to the above, the Data Controller informs users that personal data provided by filling out the form to purchase products sold by the Data Controller online, as well as data not included in special personal data categories, as listed under Article 9 of the GDPR concerning the interested party, will be processed in accordance with the provisions of the GDPR and applicable national legislation, based on the principles that apply to the processing of personal data as described in Article 5 of the GDPR (i.e. the principles of correctness, relevance, transparency, adequacy, the protection of privacy and rights, etc.). Data processing is carried out based on the conditions of lawfulness pursuant to Article 6 of the GDPR regarding the purposes inherent to the relationship established with the Data Controller; consequently, its legal basis, as required by Article 13, Letter C of the GDPR, finds justification in the reasons for which the relationship with the Data Controller is established, which is, in the case in question, the purchase of the Data Controller’s products online (Article 6, Paragraph 1, Letter B of the GDPR).

In view of this purpose, data processing will include the management, organisation and use of data, administrative activities following successful purchases and invoice delivery, data storage, creation of a database, soft spam and marketing activities pursuant to Article 130, Paragraph 4 of the Privacy Code, which users can oppose at any time via the “unsubscribe” function at the bottom of emails, as well as the execution of statistics, communication to partners with whom the service has been developed, as well as the individuals appointed for data processing pursuant to Article 28 of the GDPR, communication to the courier in order to ship the purchased product, communication to members of the Data Controller’s organisation, and finally, communication to business management consultants. Furthermore, data processing will also include the destruction and modification of processed data following notification by the interested party and his or her consultation. Data processing will be carried out throughout the EU and outside the EU in the cases falling within the relevance of Articles 45 and 46 of the GDPR.

In the event that the interested party requests the provision of the relevant service when filling out the form, data processing performed by the Data Controller will also include the sending of promotional material in reference to the Data Controller’s products and brands via a newsletter service sent to the email address provided in the form requesting data necessary for the purchase. Pursuant to Article 130, Paragraph 4 of Legislative Decree 196/03, as amended by Legislative Decree 101/2018, the interested party may object to data processing carried out via the newsletter by clicking on the unsubscribe button at the bottom of any email sent by the Data Controller at any time. In order to provide and manage this service, the Data Controller uses services and tools provided by Mail Chimp. For more information on the processing of personal data by Mail Chimp, the Data Controller recommends consulting its privacy policy directly.

In relation to the transfer of data to non-EU territories, the Data Controller informs users that the data they provide may also be transferred to countries outside the EU in accordance with the provisions set forth in Chapter V of the EU Regulation.

Data processing may be carried out both in paper and electronic form by subjects specifically authorised to process it. The Data Controller does not process data based on decision-making processes on a solely automated basis, nor does it perform profiling.

The provision of data is optional, however, in the event of failure to provide the necessary data, or its partial or untruthful provision, the request to purchase the Data Controller’s products may not be accepted or correctly processed. The sending of the completed purchase form will authorise the Data Controller to process data, based on the legal basis pursuant to Article 6, Paragraph 1, Letter B (processing necessary for the execution of the contract).

The Data Controller further specifies that, in the event that PayPal is selected as a payment method, the data subject will be redirected to the PayPal website in order to complete the payment procedure, a site not managed by the Data Controller. Please note that any personal data provided on this page will not be subject to any kind of data processing by the Data Controller. For more information, please consult the privacy policy at the bottom of the Data Controller’s website.

Data will be stored for 10 years for administrative purposes, as well as for the length of time necessary to meet the purposes of its collection.

The Data Controller also informs users that the rights expressed in Article 13, Paragraph 2 of the GDPR are guaranteed, and therefore:

– The right to access personal data and related information listed under Article 15 of the GDPR;
– The right to the correction or cancellation of data or the limitation of data processing;
– The right to oppose data processing;
– The right to data transfer;
– The right to revoke consent at any time without jeopardising the lawfulness of data processing based on the consent given before revocation, if data processing is based on Article 6, Paragraph 1, Letter A, or on Article 9, Paragraph 2, Letter A;
– The right to make a complaint to a supervisory authority. Users can exercise the rights listed above, or request more information about them by sending an email to the following email address:, indicating “Exercising rights ex GDPR” in the subject line and including the right to be exercised in the body of the email, as well as the user’s name, surname and reply email address. Once processed as received, the Data Controller will send confirmation within the terms indicated in Article 12, Point 3 of the GDPR.

The Data Controller also informs users that the rights listed and guaranteed by Articles 15 to 22 of the GDPR cannot be exercised with a request to the Data Controller or via a complaint pursuant to Article 77 of the GDPR if said exercise could result in actual or concrete prejudice in relation to certain categories of interested parties and/or specific activities as listed in Article 2-undecies pursuant to Legislative Decree No. 196/03 as amended by Legislative Decree No. 101/2018. This point remains valid except as specified by the legislator in Paragraph 2 and 3 of the aforementioned article.

The Data Controller also advises users that if the company intends to process personal data for a purpose other than that for which it was initially collected, it will provide the interested party with information regarding the different purposes prior to said further processing, as well as any other relevant information, collecting specific consent.