INFORMATION NOTICE ON PERSONAL DATA PROCESSING of the website of Vibram S.p.A. in accordance with the Regulation (EU) 2016/679

Scope This information notice is provided in accordance with article 13 of Regulation (EU) 2016/679 (“General Data Protection Regulation”, hereinafter “GDPR”) to users of the portal and internet services of Vibram S.p.A. accessible electronically from the homepage http://www.vibram.com (“Website”).

This information notice is limited to browsing on the aforementioned Website and does not apply to websites external to Vibram S.p.A. even if consulted by way of links contained on the portal and themed websites.

Processing Controller Consulting the portal and online services of Vibram S.p.A. as well as the registration or subscription of the online services leads to the processing of personal data as hereinafter defined (“Personal Data”). The processing controller is Vibram S.p.A. with registered offices in Via Cristoforo Colombo 5, 21041 Albizzate (VA), Italy – Tel. + 39 0331 999 700 – Fax + 39 0331 992 572 – Mail: privacy@vibram.com

Processing Purpose

    Personal Data will be processed primarily for the following purposes:
  • (a) to manage and complete the procedure for the purchase of Vibram products through the Website;
  • (b) to provide pre and after-sales services and overall information about products and services and Vibram purchase network/services;
  • (c) to permit Vibram to carry out its internal administrative task and to comply with all applicable laws and/or orders of public authorities;
  • (d) to protect and enforce the rights of Vibram, including its property rights, and take action for the protection of the Website

Processing Managers The processing of Personal Data in relation to the Website is perfomed by identified personnel specially appointed by the Processing Controller.

    Personal Data collected may be disclosed to:
  • entities that perform functions that are strictly connected and instrumental to the technical operations of the services of the Website, such as hosting service providers, companies that provide archiving, administrative, payment and invoicing services, companies connected to the Processing Controller or providing technical components for the provision of some features of the Website;
  • authorities and administrative and judicial authorities by virtue of legal obligations.
Personal data may be transferred outside the European Union to be processed by some service providers. In this case, the transfer will take place in compliance with current legislation ensuring maximum security and confidentiality of data. Personal Data will not be subject to disclosure or otherwise disclosed, assigned or sold to third parties.

Processing Methods Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are applied in order to prevent the loss of the data, its unlawful or incorrect use and any unauthorised accesses.

Personal Data Processed

    The use of the Website by users, for technical reasons, security and for statistical purposes, involves the collection and processing of different types of personal data related to the user:
  • a) Navigation Data The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website.
  • b) Data provided by user These data are provided by the user when completing the information request forms or during an online registration, in order to use the services or send an application. The user will be asked to consent to the processing of data according to the provisions of the GDPR.
    The following are the required data:
  • Data to be entered for subscription to the newsletter: email address
  • Data relating to the registration of your account: name, surname, email, password (mandatory), profession, data about the use of Vibram products
  • Data related to the "Careers" page: email, curriculum, any personal data communicated directly by the user in the text of the email or in the relative attachments

Optional Provision of Data Some data required for registration are mandatory and any failure to provide it involves the impossibility of registering to the Website. Similarly, the failure to communicate some data that may be required in order to subscribe to the online services may involve the impossibility of using the chosen service. Registration and subscription data is provided voluntarily. Individuals making the registration freely give their consent to data processing, in the awareness that in the absence of that consent the registration and subscription of the services may not take place. The purpose of these activities remains closely related to corporate activities, limiting their use in contexts that may compromise their personal dignity and decorum.

Cookies Some pages of the Web Site can use a common technology called "cookies". Cookies are small text files that are stored by the browser on the hard drive of the user’s computer. Cookies allow Vibram to count the number of unique and return visitors to the Website. Vibram may also use cookies to measure activity on the Website, which allows Vibram to improve navigation throughout the Website. In addition, cookies may contain information (such as a unique user ID) that logs the pages of the Website visited by the user, the products viewed or searched for. Finally, Vibram may use cookies to identify user’s IP address, browser version, number of visits, and similar data relating to navigation of the internet and the Website. Vibram uses the following cookies:

Functional Cookies

Required Cookies:

  • sid - contains site ID
  • dwsid – contains the session ID
  • dwanonymous – stores the anonymous user id to retrieve the basket if a customer comes back later
  • dwcustomer – the id of a customer registered once and requested “to be remembered”
  • dwpersonalization – participation in an AB test lasting longer than a session
  • dwsourcecode – the applied source code
  • dwsecure – request id to avoid any highjacking of a secure session
  • cqcid - Contains a hashed ID for an anonymous user
  • cquid - Contains a hashed ID for a known, logged-in user
  • __cq_uuid - First party version of "uuid" cookie
  • __cqact - Contains activities that are queued up and sent from the browser, and is deleted immediately upon sending.
  • __cqviews - Contains the last viewed recommendations to detect clicks, immediately deleted upon sending
  • __cq_bc - First party version of "bc" cookie
  • __cq_seg - Contains segment information for personalized search
  • uuid - Contains a randomly generated ID
  • bc - Contains activity history, such as the last 10 products viewed by the shopper

Optional Cookies:

  • vibram_cookie_policy - determines if user has closed cookie policy notice.
  • dw_cookies_accepted - determines if user has accepted cookie policy.
  • __atuvc - This cookie is associated with the AddThis social sharing widget which is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. It stores an updated page share count

Marketing Cookies:

  • olapicU - This cookie is used to analyze end user interactions with our Olapic Marketing Service.

Google Analytics (Google): “Google Analytics" is a web analytics service provided by Google Inc. (herein "Google"). Google may use the collected data to track and examine (anonymously) the Web Site use, to draw up reports on its operation and to share them with other Google’s services. Google may use collected Personal Data to contextualized and customized its own advertising network. Personal Data collected: browsing, data usage and Cookies. Processing Location: USA

  • _gat - This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes.
  • _ga - This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguishes unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customizable by website owners.
  • Link to Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/
  • How to disable cookies
  • If you do not wish to accept cookies, you can disable them with reference to the pages of third parties using your browser instructions on cookie removal or here

Applications The Processing Controller provides the page "Careers" to collect and evaluate the applications received for the purpose of selection and research of personnel. The curricula received may be stored and revalued for subsequent research for professional positions compatible with the candidate's profile. The candidate may oppose the processing of his personal data at any time by writing to privacy@vibram.com Please remember to include within the curriculum vitae the consent, pursuant to the GDPR, to the processing of Personal Data for the purpose of selection and to avoid entering particular categories of Personal Data (such as health status, religious, philosophical or political convictions) not relevant to the position for which one is applying.

Storage of personal data The data are collected according to the indications of the relevant legislation, with particular regard to the security measures provided by the GDPR (Article 32) for their processing by means of computerized, manual and automated tools and with logic strictly related to the purposes indicated and in any case to guarantee the security and confidentiality of the data. Personal Data will be stores for the for the time required by the purposes described in this document.

Accessing Personal Data In accordance with articles from 15 to 22 of the GDPR, the interested party has the right to ask the Processing Controller:

  • information about the existence of Personal Data, the origin of the same, the purposes and methods of processing and, if present, to obtain access to their Personal Data;
  • updating, rectification, integration, deletion, limitation of the processing of Personal Data;
  • transformation into anonymous form or block on Personal Data processed in breach of the law, including data whose storage in unnecessary in relation to the purposes for which they were collected or subsequently processed;
  • to object, in whole or in part, for legitimate reasons, to the processing of Personal Data relating to them, even if relevant to the purpose of its collection and to the processing of Personal Data relating to them for the purposes of sending advertising material or direct sales or to complete market research or sales communication. Any user also has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the revocation;
  • receive Personal Data, provided knowingly and actively or through the use of the service, in a structured format, commonly used and legible by an electronic device, and transmit them to another Processing Controller without impediments.
  • propose a complaint with the Italian Data Protection Authority.

This information may be subject to change. If substantial changes are made to the processing of Personal Data by the Processing Controller, the latter will notify the user by publishing them with the maximum evidence on their pages or through alternative or similar means. For any question or request concerning Personal Data and Privacy Policy, please contact privacy@vibram.com