U.S. PRIVACY POLICY
Last updated: September 2024
Herno, Inc. (“Herno”, “us”, “we” or “our”) on behalf of Herno S.p.A, the Data Controller, engages in various activities related to the personal data that you may voluntarily provide to us through different channels, in accordance with applicable privacy regulations. We respect your privacy and we are committed to protecting it through our compliance with this Privacy Policy (“Policy”).
This Policy describes how we collect, use, maintain and disclose information that you provide to us when you:
- • visit our website www.herno.com (the “Site”);
- • send or receive emails, texts and other electronic messages between you and us (“Electronic Communications”); and
- • visit and interact with us at a retail Herno store (“Stores”).
This Policy does not apply to information collected by:
- • us through any other means, including on any other website operated by us or any third party; or
- • any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Site.
The section entitled “Privacy Notice for California Residents” specifically relates to the personal information of California residents.
Please read this Policy carefully to understand our policies and practices regarding your data and how we will process it. If you do not agree with our policies and practices, your choice is not to use the Site, exchange Electronic Communications and/or interact with us at our Stores.
By accessing or using the Site or otherwise interacting with us, as provided in this Policy, you agree to this Policy.
This Policy may change from time to time (see section “ 15. Changes to Our Privacy Policy” below). Your continued use of the Site or otherwise interacting with us as provided in this Policy after we make changes is deemed to be your acceptance of those changes, so please check this Policy regularly for updates.
1. THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER
The data controller is the subject who, alone or jointly with others, determines the purposes and means of processing of personal information. We engage in various activities related to your personal data on behalf of one or more entities acting as data controllers:
- • Herno S.p.A. , with a registered office in Via Opifici, 100 - 28040 - Lesa (Novara); contact: privacy@herno.it (“Herno S.p.A. ”). Herno S.p.A. serves as data controller for i) marketing activities, including targeted advertising and promotional campaigns, ii) communication of your personal information within the Herno Group for business purposes, iii) products sale in our Stores, and (iv) data gathered through cameras and similar technology at our Stores.
- • Herno S.p.A., jointly with The Level Group USA CORP - an affiliate of The Level S.r.l. , with a registered office in Piazza Arcole 4, 20143 Milan, Italy; contact: privacy@thelevelgroup.com (“The Level Group”). Herno S.p.A and The Level Group, jointly, serve as data controller for i) ensuring compliance with cookie regulations and managing user preference regarding cookie; ii) Site account creation and Site functions; iii) products sales on the Site and iv) conducting user profiling to enhance user experience.
Herno S.p.A. has designated a Data Protection Officer to ensure that we and the Site process personal information in compliance with applicable privacy laws. You may contact the Data Protection Officer at the following email address: privacy@herno.it
2. DATA COLLECTED AND PURPOSES OF DATA PROCESSING
The data we collect and process through the Site, including Electronic Communications, or in our Stores vary. We process the data for various purposes and with different methods as more particularly described below.
A. When You Visit the Site or Interact with Us by Electronic Communications
i) Cookies: The data concerning your browsing of the Site are processed to ensure that the Site works properly and for marketing purposes. Please also refer to our “Cookie Policy”. The Site uses the following cookies:
- • Technical Cookies
- • Other cookies
- • Advertising cookies
- • Retargeting cookies
- • Social media cookies
- • Analytical cookies
- (ii) Web Beacons: A web beacon is a small image file on a web page that may be used to collect certain information from your device. This information may include the IP address, time of access, browser, and identification of cookies. Herno, or our vendors, may utilize web beacons to track visitor statistics to the Site and manage cookies.
- (iii) Log Files and Browsing Data : This information is sent automatically to us by your browser each time you visit the Site. The transmission of this information is not dependent on the presence or use of cookies and is unaffected by your opt-in or opt-out election concerning cookies. These logs may contain information such as the Internet domain from which you access the Site; the date and time you visited the Site; the areas of the Site that you viewed; your computer’s IP address that is automatically assigned when you log onto the Internet; the type of browser and operating system you use; the address of the website you came from, if any; and the webpage addresses requested by or sent to you.
- (iv) Location Data: By giving your express consent, which is also obtained when you accept this Policy’s terms by making a choice regarding cookies as detailed in our cookies banner, we utilize a feature that, when you access the Site by or through a mobile device or through your browser, accesses, collects, monitors and/or remotely stores “location data,” and may include GPS coordinates (longitude and latitude) or similar information regarding the location of your device. This data may be used to convey information about how you browse and use the Site, as well as to provide you with personalized information based on that location data. You may opt-in or opt-out of sharing location data from your device.
- (v) Registration and Services: Any data that you voluntarily provide to us (including, but not limited to, your email address, personal details and information, the password you chose while filling in the registration form of your personal account with us, any wish list that you create and financial account information for purchases, or the data that were lawfully acquired in any other manner), are processed for acknowledging receipt of your requests, delivering the service you requested and providing you with all necessary assistance and information in relation to our products and services. All personal information you submit to us during registration must be true and accurate at the time of registration. Users are required to update their personal information if any changes occur by logging into their personal account online.
You may contact our customer service department by telephone for information about our products and services, or you can contact our physical stores by telephone to make a purchase. During your call, we may ask you to provide us with certain demographic information, including, but not limited to, your name, address and telephone number, and, if you elect to purchase one or more of our products, your payment details. We may use the information you provide to our customer service department to respond to your request and to process any purchase that you may make with us by telephone. - (vi) Marketing: By giving your express consent, which is also obtained when you accept this Policy’s terms by making a choice regarding cookies as detailed in our cookies banner, you are allowing us to process your data for marketing purposes; namely, for sending you, through newsletters, emails, SMS, MMS, postal mail and telephone, information and updates on our products, collections, sales, promotional campaigns, events and other initiatives promoted by us, including in collaboration with our business partners, and carrying out specific market research. Please note that message and data rates may apply.
When you purchase our products or obtain assistance through our Site, we may ask you to take a customer satisfaction survey. If you agree to complete the survey, we may ask you for certain demographic information, including, but not limited to, your name, address, telephone number, age and gender. You are not required to provide us with any demographic information in connection with a customer satisfaction survey. We may use the information you provide to us in a survey to improve our products and services and to communicate with you. - (vii) Analysis of Your Buying Habits and Selections: As described in more detail in Section 4 below, we may also process a user’s personal data acquired on the Site, for the purposes of analyzing the user’s habits, purchases and selections in order to make our products, services and initiatives more responsive to our customers’ tastes and needs.
- (viii) Disclosure to other Companies Affiliated with the Herno Group: By giving your express consent, which is also obtained when you accept this Policy’s terms by making a choice regarding cookies as detailed in our cookies banner, you allow us to transfer your personal data to the other companies belonging to the Herno Group and operating in fashion and sport apparel industries, namely, for sending you, through newsletters, emails, SMS, MMS, postal mail and telephone, information and updates on our products, collections, sales, promotional campaigns, events and other initiatives promoted by Herno S.p.A and/or the other companies belonging to the Herno Group. Please note that message and data rates may apply.
- •Through your account settings; or
- •By clicking the “unsubscribe” link in any such email; or
- •By sending an e-mail to: privacy@herno.it
- (i) Purchases and Services: When you purchase our products or obtain assistance in our Stores, we collect the information necessary to process your purchase or to furnish the assistance that you requested. We may collect, to the extent permitted by applicable law, information such as your name, billing and/or mailing address, telephone number, identification number (such as driver’s license, ID card or passport number). We may also collect information about the items you purchase, including the purchase price and payment method, to furnish the products and services to you, to communicate with you and for marketing purposes on the basis of your consent. You may contact our customer service department by telephone for information about our products and services. During your call, we may ask you to provide us with certain demographic information, including, but not limited to, your name, address and telephone number. We may use the information you provide to our customer service department to respond to your request.
- (ii) Marketing: By giving your express consent, in addition to consenting to this Policy, you are allowing us to process your data for marketing purposes; namely, for sending you, through newsletters, emails, SMS, MMS, postal mail and telephone, information and updates on our products, collections, sales, promotional campaigns, events and other initiatives promoted by us, including in collaboration with our business partners, and carrying out specific market research. Please note that message and data rates may apply. When you purchase our products or obtain assistance in our Stores, we may ask you to take a customer satisfaction survey. If you agree to complete the survey, we may ask you for certain demographic information, including, but not limited to, your name, address, telephone number, age and gender. You are not required to provide us with any demographic information in connection with a customer satisfaction survey. We may use the information you provide to us in a survey to improve our products and services and to communicate with you.
- (iii) Analysis of Your Buying Habits and Selections: As described in more detail in Section 4 below, with your consent, we may also process a user’s personal data, acquired in our Stores, for the purposes of analyzing the user’s habits, purchases and selections in order to make our products, services and initiatives more responsive to our customers’ tastes and needs.
- (iv) Disclosure to other Companies Affiliated with the Herno Group: By giving your express consent, in addition to consenting to this Policy, you allow us to transfer your personal data to the other companies belonging to the Herno Group and operating in fashion and sport apparel industries, namely, for sending you, through newsletters, emails, SMS, MMS, postal mail and telephone, information and updates on our products, collections, sales, promotional campaigns, events and other initiatives promoted by Herno S.p.A and/or the other companies belonging to the Herno Group. Please note that message and data rates may apply.
- • Asking at our Store to change the consent you provide when registered as Herno client; or
- • Through your account settings on the Site; or
- • By clicking the “unsubscribe” link in any such email.; or
- • By sending an e-mail to: privacy@herno.it
- a) For Cookies - as per section 2 A.(i) - When users access any page on the Site, they will see a banner displaying brief information about cookies. Through the banner, you are free to provide your personal data for the purposes of analysis for advertising and marketing and for enhancing functionality and personalization of the Site. The legal basis for this processing is the consent given as indicated on the related Site banner, as described in our Cookie Policy. A failure to consent does not have any consequence on the basic use of the Site (except that of not receiving any more suggestions to purchase and enhanced personalization and functionality of the Site). Your consent is not required for the use of technical cookies; they are thus processed on the basis of the business’s legitimate interest in providing improved navigation and use of the Site.
- b) For web beacons - as per section 2 A (ii) - the legal basis for this processing is our legitimate interest in monitoring user engagement with the Site and enhancing the user’s experience and for advertising and marketing purposes.
- c) For Log Files and Browsing Data - as per section 2 A.(iii) - log file information helps us design the Site’s appearance, identify popular features, resolve user hardware and software problems, gather analytics, and make the Site more useful for users, including customers. Additionally, addressing information sent from or sent to you – as one example, the webpage addresses requested by or sent to you – can be used for a variety of purposes and may be shared with third parties via cookies or other means for a variety of reasons, including, but not limited to: helping us design the look, operation and attributes of the Site; identifying popular features; resolving visitor hardware and software problems; gathering analytics; tailoring website content and advertising for specific visitors; and helping enhance the user’s experience. The legal basis for collecting log file information is our legitimate interest in enhancing the user’s experience and for advertising and marketing purposes.
- d) For the Registration and Services activities - as per section 2 A.(v) - the legal basis for this processing is our legitimate interest in providing general Site services and information requested by users and processing sales.
- e) For the Purchases and Services activities - as per section B. 1 (i) - the legal basis for this processing is fulfilment of contractual obligations between us and you, and compliance with legal obligations related to the provision of goods and services.
- f) For Location Data, Marketing, Analysis of Your Buying Habits and Selections, and Disclosure to other Companies Affiliated with the Herno Group - as per sections 2 A.(iv), (vi), (vii), (viii) and 1 B (iv) above - the legal basis for this processing is the specific explicit consent given by the user. Where applicable, consent is also obtained when you accept this Policy’s terms by making a choice regarding cookies, as detailed in our cookies banner.
- g) For Camera Recordings - as per sections 2 A.(iv), (vi), (vii), (viii) and 1 B (iv) above - the legal basis for this processing is the specific explicit consent given by the user. Where applicable, consent is also obtained when you accept this Policy’s terms by making a choice regarding cookies, as detailed in our cookies banner.
- (i) For data collected for Purchases and Services activities: the maximum retention period is ten years.
- (ii) For data collected for Marketing, Analysis of Your Buying Habits and Selections, Surveys and Disclosure to other Companies Affiliated with the Herno Group: the maximum data retention period is five years.
- (iii) For data collected through cookie: please refer to the cookie policy of the Site for the information on maximum data retention period of each cookie.
- • To the other companies affiliated with the Herno Group.
- • To our employees and consultants.
- • To other companies affiliated with the same group of companies as each of the Data Controllers, acting as data processors in order to carry out contractual activities and services.
- • To companies which, acting in their capacity as data processors, provide to us specific technical and organizational services in relation to the Site and to the management of marketing and communication activities.
- • To third parties to whom disclosure is approved by the customer.
- • In the event of a change in ownership or control, such as a sale or merger, regarding us or a portion of our business.
- • To law enforcement and judicial authorities, in compliance with the law and upon their request, or if we believe that such disclosure is reasonably necessary to (1) investigate, prevent or take initiatives in relation to suspected unlawful activities, or assist national supervisory authorities; (2) prepare a defense against third-party claims or charges, protect the security of the Site and of our company; or (3) exercise or protect the rights, property or security of us, the The Level Group USA CORP companies, and their affiliates, customers, employees and third parties.
- • Your full name
- • The email address associated with your account or interactions with us.
- • Confirm whether we process their personal information.
- • Access and delete certain personal information.
- • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).
- • Data portability.
- • Opt-out of personal data processing for:
- - targeted advertising (excluding Iowa);
- - sales; or
- - profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- • Either limit (opt-out of) or require consent to process sensitive personal data.
- • Right to Know. You have the right to request information about the personal information we have collected about you, including the categories of personal information, sources of collection, and the business purposes for collecting it.
- - You have the right to request information about the personal information we sold, shared or disclosed, including the categories of personal information, the categories of third parties to whom the information was sold, shared, or disclosed, and the business purposes for collecting, sharing or disclosing it. Additionally, you have the right to request specific pieces of personal information in a portable and structured format.
- • Right to Correct. You can request the correction of inaccuracies in your personal information.
- • Right to Delete. In certain circumstances, you have the right to request the deletion or de-identification of your personal information. However, please note that this right does not apply in specific situations, such as when the information is necessary to provide services, fulfil a contract, protect security and rights, comply with legal obligations, or engage in research or other lawful uses.
- • Your full name
- • The email address associated with your account or interactions with us.
- • write to our Customer Care at the following address:.
Herno, Inc.
121 Varick Street, 6th floor
New York, NY 10013
or - • contact us directly at privacy@herno.it
- • Your written permission for the authorized agent to act on your behalf and separate verification of your identity; or
- • Proof that the authorized agent holds a power of attorney to act on your behalf pursuant to Cal. Probate Code §§ 4121--4130.
- • Writing to Customer Care at the following address:
Herno, Inc.
121 Varick Street, 6th floor
New York, NY 10013
or
- • Contacting us directly at privacy@herno.it.
Technical cookies are cookies that allow users to browse the Site and use its basic functions. These cookies are automatically installed on your device when accessing the Site and do not require any specific consent from the user. In fact, consent is not required by law when a cookie is: (i) used exclusively to transmit a communication; and (ii) strictly necessary for the provider of a digital service expressly requested by the user to provide such service.
The technical cookies used by the Site include (i) browser cookies, to ensure normal navigation and use of the Site, through various options or services; (ii) functional cookies, to save user preferences and facilitate the browsing experience based on a number of selected criteria (e.g. language, browser type, etc.).
The Site also collects the IP address or any other identifying information on your device necessary to operate the Site, diagnose server problems and fulfill other legitimate purposes.
Disabling technical cookies may limit your ability to browse the Site and enjoy its features and services.
All cookies other than technical cookies are only installed or activated if consent is given by users through the “opt-in” function (activation). When first visiting the Site, users are shown a cookie banner on the screen or interface. This banner disappears when the user has accepted or rejected the cookies used on the Site.
The activation can be expressed in a general way, for example by closing the banner or clicking on the OK button or scrolling the page and clicking on any of its elements; activation can also be provided selectively. Activation by users is tracked and recorded in order to make subsequent visits to the Site more effective. However, users may always revoke any consent previously given in full or in part by accessing, for example, the cookie preferences page here.
The non-technical cookies used by the Site are third party cookies: cookies installed on the user’s device by a domain or website separate from the Site. Third party cookies are implemented by marketing vendors and Site partners using third party tags. The Site does not control these cookies.
The Site has no access to or control over cookies or other tracking technology used by third parties accessible from the Site, and cannot guarantee the compliance of third parties with the applicable privacy laws.
These cookies allow the Site to create an anonymous profile of users based on their browsing experience on this Site and others. In this way, it is possible to provide users with advertisements focused on their interests rather than generic advertising. This is a list of advertising cookies (the user can check the related pages to obtain more information on these cookies and instructions for managing user consent): GOOGLE; CLOUDFLARE.
These cookies allow third parties to send advertisements to users who have previously visited the Site. This is a list of retargeting cookies (the user can check the related pages to obtain more information on these cookies and instructions on how to manage user consent): CRITEO.
These cookies are necessary to share content on social networks. This is a list of social media cookies (the user can check the related pages to obtain more information on these cookies and instructions on how to manage user consent): PINTEREST; FACEBOOK; TWITTER; YOUTUBE.
These cookies are collected by third parties, either individually or in aggregate form, in order to collect information about the number of users and the way they visit the Site, such as information on the pages or sections most frequently visited. This is a list of analytical cookies (the user can check the related pages to obtain more information on these cookies and instructions on how to manage user consent): GOOGLE ANALYTICS.
The Site uses cookies that do not allow any control over the user’s device and do not install programs on said device.
You can withdraw your consent to receiving newsletters and other communications in the following ways:
B. When You Visit Our Stores
1. Information You Voluntarily Provide to Us
We may collect personal information from you when you visit our Stores and use it for the purposes noted below.
You can withdraw your consent to receiving newsletters and other communications in the following ways:
2. Information We Collect Automatically
We may collect, to the extent permitted by applicable law, certain personal information automatically when you visit our Stores as noted below:
(i) Cameras: We may use cameras, sensors, digital recordings, photography and/or other similar technology to monitor our Stores for any lawful purpose, including to deter theft, to provide security and to operate the Stores.
3. Information Collected by Third-Party Retailers
Herno’s products are available at certain retailers in the United States (a “ Third-Party Retailer”). This Policy does not apply to the manner in which a Third-Party Retailer collects, uses, maintains and discloses personal information that you provide to the Third-Party Retailer when you shop at its store. Please review the Third-Party Retailer’s privacy policy for information about the Third-Party Retailer’s use of your personal information. We are not responsible for the privacy policy of any Third-Party Retailer.
3. SOURCE OF PERSONAL DATA AND LEGAL BASIS OF THE DATA PROCESSING
We collect personal data directly from the user, with the exception of: (i) the data collected with navigation such as via technical cookies, and log file and browsing data - per sections 2 (a) and (b) above -, and (ii) images and other data gathered by cameras or other similar technology in our Stores.
4. ANALYSIS OF YOUR BUYING HABITS AND SELECTIONS
With a user’s express consent, we may also process a user’s personal data, whether acquired on the Site or in our Stores, for the purposes of analyzing the user’s habits, purchases and selections in order to make our products, services and initiatives more responsive to our customers’ tastes and needs.
We may analyze, by automatic means, the value of our products that a customer purchases within a period of time, the frequency of the purchases (including whether the purchases are made during a sale period, if any, and the type of product purchased. The analysis is used to recommend to customers and users products, services and initiatives that we believe would be of interest to them.
As per section 2A.(i), with a user’s express consent given on the Site’s cookies banner, we can also process personal data through automatic means to study cookies. This analysis helps us to analyze the user’s navigation through the Site and recommend products and services to users based on that navigation.
5. HOW YOUR PERSONAL DATA WILL BE PROCESSED
The data we collect through the Site, at our Stores by cameras our through forms/cards, is mainly processed by electronic means, adopting all reasonable security measures that we believe are necessary to reduce the risk of destruction or loss of the data, including accidental loss, unauthorized access, unlawful processing or processing that is not compliant with the purposes for which the data were collected as specified in this Policy.
However, because the data will be transmitted via electronic networks, we note that the above-referenced measures cannot limit or completely exclude the risk of unauthorized access or dissemination of such data or guarantee the security of any information that you send to us electronically. To this end, we recommend that your PC or mobile device have software capable of providing adequate security protection, such as an updated antivirus program, for the online transmission (inbound and outbound) of data and that your Internet Service Provider has adopted adequate security measures for a secure online transmission of your data, such as a firewall and anti-spam technology.
6. DO NOT TRACK
Some web browsers have “Do Not Track” features that allow you to tell a website not to track you. These features are not all uniform. The Site does not currently process or respond to “Do Not Track” signals.
7. STORAGE PERIOD
We will keep your personal information, including sensitive personal information, for as long as we need it, or as otherwise prescribed by law, for the purposes set out in this Policy. The retention period will vary depending on your interactions with us. For instance:
We may retain your personal information for a longer period of time if we believe valid legal grounds for doing so exist; for example, in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, including for categories not explicitly mentioned in this Section, we consider many factors, including the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. For more information, please contact the Data Controllers at privacy@herno.it
8. MANDATORY OR VOLUNTARY NATURE OF PROVIDING THE REQUESTED DATA
With the exception of the data related to your browsing activity (i.e., certain cookies, that are governed by our Cookie Policy), web beacons, log file and browsing data, and images and other data gathered by cameras or other similar technology in our Stores, your provision of any other data collected through the Site or in our Stores for answering your requests, providing information, as well as for marketing purposes and for analyzing your spending habits and preferences is voluntary and optional. Any failure by you to provide the data shall not limit your use of the Site; however, such failure may make it impossible for us to respond to your inquiries and requests for information, or to send materials, updates, newsletters or invitations to the events organized by us and/or our business partners, or to complete your purchase or to furnish the assistance that you requested or may request.
9. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
We may disclose your personal data as indicated below:
Certain data collection and processing on the Site may be deemed by applicable state laws as a “sale” or “sharing” of personal information. For example, the personal identifiers and usage data collected by the cookies, web beacons and log files described above in Section 2 may be shared with our analytics vendors that may use such information for the purposes of targeted behavioral advertising across different platforms. Such disclosure is treated as a sale of personal data in certain jurisdictions. You can opt out of the sale or sharing of your personal information by sending an email to privacy@herno.it with the subject line “Do Not Sell or Share My Personal Information.” In your email, please include:
10. CROSS-BORDER DATA TRANSFER
Your data may be transferred and processed abroad only if adequate levels of protection and sufficient safeguards, as provided for by applicable law, are guaranteed. For more information about the location of your data, please contact the Data Controller at privacy@herno.it.
11. YOUR RIGHTS UNDER U.S. PRIVACY LAWS
Depending on the applicable law of the state of your residence, as noted in Section 13 below, you may be permitted to access your personal data, confirm whether or not the personal data concerning you exists, regardless of whether such data has already been recorded, and request that we communicate such data in intelligible form to you. You also may have the right to be informed of (i) our source of the personal data, (ii) our purpose for and method of processing the data, (iii) the reason for our processing the data, if such processing is carried out with the help of electronic means, (iv) the identity of the Data Controller and any data processors, and (v) the identity of the entities or the categories of entities serving as data processors to whom we may transfer your personal data.
You also may have the right to (i) update or correct your personal data, (ii) request that we transfer data that we have in our records to you and (iii) delete any of your personal data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed. You also may have the right to obtain confirmation from us that we have communicated any such request to the entities serving as data processors and to whom the data were communicated, unless the request is impossible to fulfill or involves effort by us that is disproportionate to the right that is to be protected. You also may have the right to be forgotten, to lodge a complaint with a governmental authority that supervises consumer privacy matters and to withdraw any consent you have previously given regarding the disclosure of your personal data.
If you have given consent to the activities carried out for marketing, analysis and communication purposes to third parties, you may revoke your consent at any time.
You also may have the right to object, in whole or in part, on legitimate grounds, to the processing of your personal data, even though they are relevant to the purpose of the collection, where the purpose is to send advertising materials or to direct selling or to send market or commercial communication surveys. The right to object may be exercised in the same manner in which the marketing messages are sent to you.
Your rights regarding your personal data depend on the rights provided under the laws of the state of your residence. If a right is not provided to you under such laws, we have absolute discretion on whether to provide you with such rights.
12. HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights under this Privacy Policy by sending the relevant request to us, to the attention of the Data Controller, at privacy@herno.it.
13. YOUR STATE PRIVACY RIGHTS
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.
California (see “Privacy Notice for California Residents” below), Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia provide (now or in the future) their state residents with rights to:
The exact scope of these rights may vary by state, and we may not be subject to one or more of these state privacy laws. To exercise any of these rights please send a request to us, to the attention of the Data Protection Officer, at privacy@herno.it.
a) Shine the Light Law - California Civil Code §1798.83 permits residents of California to request certain information about our disclosure, if any, during the prior calendar year of your personal information to third parties for the third parties’ direct marketing purposes. We have not disclosed, during the prior calendar year, your personal information to third parties for the third parties’ direct marketing purposes.
14. CHILDREN UNDER THE AGE OF 16
Our Site is not intended for children under 16 years of age. No one under the age of 16 may provide any information on the Site. We do not knowingly collect personal information from children under the age of 16. If you are under the age of 16, do not use or provide any information on the Site, register on the Site, make any purchases through the Site or provide any information about yourself to us, including your name, address, telephone number, email address or any other personal information. If we learn that we have collected or received personal information from a child under the age of 16, we will delete that information.
15. CHANGES TO OUR PRIVACY POLICY
It is our policy to post any changes we make to this Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you by email, if you have created an account with us online, sent to the email address specified in your account and/or through a notice on the Site’s home page. The date of the last revision to this Policy is identified at the top of the page. You are responsible for ensuring that we have an up-to-date, active and deliverable email address for you and for regularly visiting the Site and reviewing this Policy to determine whether we have revised the Policy.
ANNEX
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This Privacy Notice supplements our U.S. Privacy Policy and applies solely to the processing of the personal information of California residents. This section is intended to address the relevant notice requirements of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together, the “CCPA”), and uses certain terms having the meaning given in the CCPA and related regulations.
The document entitled “CCPA Notice at Collection for California Employees and Applicants” specifically addresses the personal information of our employees, job applicants, and independent contractors who are California residents.
Please refer to the sections in the Policy above explaining 1) what data we collect, 2) the purposes of such collection, 3) the sources of such information, 4) the retention or storage period of such information, and 5) the categories of recipients with which we disclose the information and whether such information is sold and shared.
As described in more detail above in Section 1. of the U.S. Privacy Policy, on behalf of Herno S.p.A, the Data Controller, we engage in various activities related to the personal data that you may voluntarily provide to us through different channels.
1. PERSONAL INFORMATION WE HAVE COLLECTED.
Listed below are the categories of consumer personal information that we have collected in the preceding 12 months, the business purposes for which it was collected and the sources of the information:
CATEGORY OF PERSONAL INFORMATION |
BUSINESS PURPOSES FOR COLLECTING AND USING PERSONAL INFORMATION |
SOURCES OF PERSONAL INFORMATION |
|
---|---|---|---|
• | Identifiers (include information such as name, address, email address, IP address) | For advertising and marketing services; Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing analytic services for advertising and marketing, and processing payments. |
Directly from you; Social media networks; Automated information collection. |
• | Personal Information Classifications (include details like name, signature, address, phone number) | For advertising and marketing services; Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and providing analytic services. |
Directly from you; Social media networks; Automated information collection. |
• | Commercial Information (includes records of Client Services, financial data, and payment information, excluding credit/debit card numbers and related credit/debit card data) | For advertising and marketing services; Providing analytic services to business or service provider. |
Directly from you. |
• | Internet or Electronic Network Activity Information (includes data such as IP addresses, login information, browsing history on the Site, and interactions with websites, applications, or advertisement) | Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and providing analytic services; Debugging to identify and repair technology-related errors that impair existing intended functionality; Helping to ensure the security and integrity of the Site; To improve the user experience on the Site. |
Automated information collection. |
• | Inferences Drawn from Other Personal Information (refers to profiles reflecting preferences, characteristics) | For advertising and marketing services; To perform services on behalf of the business; To improve the user experience on the Site. |
Directly from you; Analytic service providers. |
• | Audio, Electronic, Visual, and Similar Information (includes CCTV footage for safety and security purposes (e.g., office premises), and audio/video recordings of events, conferences, and meetings) | Prevent unauthorized access, use, or loss of our property. | Automated information collection. |
• | Sensitive Personal Information (such as Social Security, driver’s license, state identification card, passport number, debit card, or credit card number) | For financial account, debit card, or credit card number without any required security code, password, or credentials allowing access to an account Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, and processing payments. |
Directly from you. |
A legitimate interest is present when we have a business or commercial reason to use your personal information, so long as this interest does not outweigh your rights and interests under the CCPA. We only use sensitive personal information for the business purposes described above.
2. SALE OR SHARING OF PERSONAL INFORMATION, PURPOSES FOR SALE OR SHARING AND THIRD PARTIES RECEIVING THE PERSONAL INFORMATION.
Certain data collection and processing on the Site may be deemed by the CCPA as a “sale” or “sharing” of “personal information”. Under the CCPA, sharing solely refers to the disclosure of personal information for cross-contextual behavioural advertising and is treated similarly under the law to the selling of personal information in exchange for consideration.
In the preceding 12 months, we have shared the following personal information to third parties, and we continue to share personal information with third parties, as specified below:
CATEGORY OF PERSONAL INFORMATION SOLD OR SHARED |
BUSINESS PURPOSES FOR SELLING OR SHARING PERSONAL INFORMATION |
CATEGORIES OF RECEIVING THIRD PARTIES |
|
---|---|---|---|
• | Identifiers (include information such as name, address, email address, IP address) | For advertising and marketing services; To improve the user experience on the Site. |
Advertising networks. |
• | Internet or Electronic Network Activity Information (includes data such as IP addresses, login information, browsing history on the Site, and interactions with websites, applications or advertisements) | For advertising and marketing services; To improve the user experience on the Site. |
Advertising networks. |
• | Geolocation Data (includes information regarding IP addresses and device locations used to determine general geographic location) | For advertising and marketing services; To improve the user experience on the website. |
Advertising networks. |
We do not knowingly provide services to anyone under the age of 16 nor do we have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
3. CATEGORIES OF PERSONAL INFORMATION DISCLOSED FOR A BUSINESS PURPOSE, REASON FOR DISCLOSURE AND THIRD PARTIES RECEIVING THE INFORMATION.
In the preceding 12 months we have disclosed the following categories of personal information for the business purposes indicated to the following categories of third parties:
CATEGORY OF PERSONAL INFORMATION DISCLOSED FOR A BUSINESS PURPOSE |
BUSINESS PURPOSES FOR DISCLOSING PERSONAL INFORMATION |
CATEGORIES OF RECEIVING THIRD PARTIES |
|
---|---|---|---|
• | Identifiers (include information such as name, address, email address, IP address) | For advertising and marketing services; Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing analytic services, and processing payments. |
Service providers (such as analytic service providers, payment service providers, delivery companies); Affiliates. |
• | Personal Information Classifications (include details like name, signature, address, phone number) | For advertising and marketing services; Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, and providing analytic services. |
Service providers (such as analytic service providers, payment service providers, delivery companies); Credit Reporting Agencies. |
• | Commercial Information (includes records of Client Services, financial data, and payment information, excluding credit/debit card numbers and related credit/debit card data) | For advertising and marketing services; Providing analytic services to business or service provider. |
Service providers (such as analytic service providers, payment service providers); Affiliates. |
• | Internet or Electronic Network Activity Information (includes data such as IP addresses, login information, browsing history on the Site, and interactions with websites, applications or advertisements) | Providing analytic services; Debugging to identify and repair technology-related errors that impair existing intended functionality; Helping to ensure the security and integrity of the Site; To improve the user experience on the Site. |
Service providers (such as analytic service providers, website hosts); Affiliates. |
• | Sensitive Personal Information (such as Social Security, driver’s license, state identification card, passport number, debit card, or credit card number) | For financial account, debit card, or credit card number without any required security code, password, or credentials allowing access to an account Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, and processing payments. |
Service Providers |
4. YOUR RIGHTS UNDER THE CCPA
You have the right under the CCPA, to exercise, free of charge, the following rights:
Right to Opt-Out. You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of cross-contextual behavioural advertising. You can opt out of the sale or sharing of your personal information by sending an email to privacy@herno.it with the subject line “Do Not Sell or Share My Personal Information.” In your email, please include:
5. HOW TO EXERCISE YOUR RIGHTS
To exercise your rights as described above you may:
Please note that Herno can deny a CCPA-related data access or data portability disclosure request if you already made such request twice within a 12-month period.
If you choose to contact us directly by phone or email to exercise your rights, you must provide us with: (i) sufficient information for us to identify you; (ii) proof of your identity and address (e.g., a copy of your driver’s license or passport and a recent utility or credit card bill); and (iii) a description of what right(s) you want to exercise and the information to which your request relates.
We are not obligated satisfy a request for a data access or data portability disclosure or to correct personal information if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for verification purposes.
You may designate an authorized agent to exercise your rights under the CCPA. If you utilize an authorized agent to exercise a right, you must furnish the following proof that you have authorized the agent to act on your behalf:
6. NO DISCRIMINATION
If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us.
7. SECURITY AND RETENTION OF YOUR PERSONAL INFORMATION
We use reasonable and appropriate measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing undertaken and the nature of the personal information we collect.
We will keep your personal information, including sensitive personal information, for as long as we need it, or as otherwise prescribed by law, for the purposes set out in this Policy. The retention period will vary depending on your interactions with us. For instance:
i) For data collected for Purchases and Services activities - as per the U.S. Privacy Policy above - the maximum retention period is ten years.
ii) For data collected for Marketing, Analysis of Your Buying Habits and Selections, and Disclosure to other Companies Affiliated with the Herno Group - as per the U.S. Privacy Policy above - the maximum data retention period is five years.
We may retain your personal information for a longer period of time if we believe valid legal grounds for doing so exist; for example, in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, including for categories not explicitly mentioned in this Section, we consider many factors, including the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. For more information, please contact the Data Protection Officer at privacy@herno.it.
8. DO NOT TRACK
Some web browsers have “Do Not Track” features that allow you to tell a website not to track you. These features are not all uniform. The Site does not currently process or respond to “Do Not Track” signals.
9. CONTACT US
If you have any questions regarding this Privacy Notice for California Residents, and/or Herno’s privacy and information practices, you can direct them to us by:
10. CONFLICTS
This Privacy Notice is a supplement to, and is incorporated into, our U.S. Privacy Policy. In the event of any conflict between the terms of this Privacy Notice and the terms of the U.S. Privacy Policy, this Privacy Notice shall prevail with respect to your personal information that is governed by California law.