EU Regulation 679/2016 General Data Protection Regulation
Geox S.p.A. hereby wishes to inform visitors to the “www.geox.com” website (hereinafter the
“Website”) of its personal data protection policy, emphasising its commitment and
attention to protecting the privacy of Website visitors. Please read carefully our Privacy
Policy, which applies if you access the Website and simply navigate it using our services -
without purchasing any products - as well as if you decide to make purchases.
Please also read the Terms and Conditions of Use of www.geox.com because they also contain
important instructions on the security systems used by the Website. Navigation within the
Website is free and does not require registration, with the exception of certain areas in
which you may freely and expressly provide a set of personal data to access certain services
(e.g. to register for the Geox Single Digital Profile, sign up for the newsletter or request
information, etc.). When we ask you to provide your personal data to access these additional
services, we will always inform you in accordance with EU Regulation 679/2016 General
Data Protection Regulation (the “Regulation”) about the purposes and methods
of use of the data as well as your right to request the deletion or updating of the data at
In accordance with the Regulation, we are providing you with the following information.
1. The Data Controller and Data Processors
The Data Controller is Geox S.p.A., with registered office at Via Feltrina Centro 16, 31044
Biadene di Montebelluna, Treviso (Italy) - Treviso Companies’ Register no. Imp., Tax
Identification and VAT no. IT03348440268, Share Capital €25,920,733.10 fully paid up.
Co-Data Controllers, with Geox - limited to sales, invoicing and product delivery purposes -
are the following companies of the Geox group:
- • Geox Retail S.r.l., via Feltrina Centro 16, 33144 Montebelluna, VAT No.
- • Geox Deutschland GmbH, Wilhelm-Wagenfeld-Strasse 22 - 80807 München
Registernummer/Register no.: HRB 155937 USt-IdNr: DE813486969;
- • Geox AT GmbH, Seilerstätte 16, 1010 Wien, Österreich Handelsgericht Wien, FN
355622 z VAT: ATU66105458;
- • GEOX RESPIRA S.L., Sociedad unipersonal Pasaje Permanyer n.5 08009 Barcelona,
España VAT Code B62826425;
- • Geox France Sarl, 432 Avenue André Lasquin, 74700 Sallanches France, VAT FR
- • Geox Holland B.V., Verlengde Poolseweg 14, 4818 CL Breda, The Netherlands, Vat
L808308415B01 and its branches;
- • Geox Poland S.r.o., ul. Postępu 12, 02-676 Warszawa, The District Court of the
Capital City of Warsaw in Warsaw, XIII Business Division of the National Court Register,
, KRS no. 392726, VAT PL (NIP) 527 26 61 853;
- • Geox Hungary KFT, Kálvin tér 12. III. em., 1085 Budapest – Hungary, Registration
number: 01-09-675970, Tax number: 11773250-2-42 – EU VAT number: HU11773250;
- • Geox Suisse SA, Via Balestra, 27 – CH 6900 LUGANO, VAT Code CHE-109.592.205, CH – 6901 LUGANO;
- • Geox U.K. Ltd, 4th Floor, 62 Cornhill, London EC3V 3NH, UK, VAT
number GB 779093087, Registered in England and Wales - Company number 4303095
You may request further information by writing to email@example.com.
When we refer to “Geox” below, we are referring to Geox S.p.A. and the companies of the Geox
group (except where specified otherwise).
For purely organisational and functional requirements, we have appointed certain service
providers to manage the Website as external personal data processors. This is strictly for
purposes related and connected to the services provided by the Website, including the sale
of products. More detailed information is available in the policy statements on the Website,
and a complete list of external data processors appointed by Geox may be obtained by
2. Types of Personal Data Processed
Registration is not required in order to access the Website. However, there are sections of
the Website that require registration or the use of a username and password (e.g., to sign
up for the Geox Single Digital Profile, or to complete the online purchasing process), or
services for which you need to provide your details (e.g. your personal data may be
requested to access newsletter services, to contact us, etc.).
Data relating to the connection and navigation within the Website (such as the URI-Uniform
Resource Identifiers of the resources requested, time of the request, method used in
submitting the request to the server, size of the file obtained in response, the numeric
code indicating the status of the response provided by the server (successful, error, etc.)
and other parameters regarding the user’s operating system and IT environment) are collected
only for the purpose of extracting anonymous statistical information on the use of the
Website and to check its correct operation. Such data is immediately deleted following the
processing. The data may be used to ascertain liability in the event of possible computer
crimes that harm the Website: excluding such cases, the data shall be deleted once the time
needed to provide the services illustrated on the Website has passed.
With reference to data relating to navigation within the Website, see also point 7 below
concerning the Profiling Tools used by the Website.
3. Optional provision of personal data
The provision of personal data is generally optional. In certain cases only, the failure to
provide personal data may make it impossible to access specific services and obtain what you
have requested (e.g. registration - and the provision of personal data, e-mail address,
postal address, credit/debit card data or and telephone number - is required to purchase
products online); failure to provide such data may therefore prevent Geox from allowing you
to access the Website's services or to respond to users' requests.
The data necessary in each case are indicated in the data collection forms t on the Website
- e.g., indicated with a (*) - and the consequences of their not being provided are set out
in the specific notices on the data collection pages.
Data are collected and processed for purposes strictly related to the use of the Website, its
services and the purchase of products online. The purposes for which the data are used are
detailed in the specific policy statements provided by the Website whenever there is data
collection. We would ask that you read the policy statements which in each case explain the
characteristics of the data processing that will be performed (e.g. for registration for the
newsletter service, to access your profile, for Geox products sold online). Your data shall
be processed in full compliance with privacy
5. Method, length of data processing and scope of communication
Data may be processed in both electronic and paper form (e.g. for the handling of purchases
on the Website). Geox guarantees that the personal data provided through the Website will be
processed lawfully and properly, in full compliance with applicable legislation, and that
the data provided during registration kept strictly confidentially. We implement security
measures to ensure the security of the Website and all information collected is transmitted
through a secure connection to prevent interception by outsiders.
Any data provided by users shall be processed for the length of time specified in the
specific policy statements provided at the time of data collection.
With regard to the retention times for data collected through the use of profiling tools
(e.g. cookies), please see point 7 below and
The data shall not be communicated or disseminated to third parties except within the limits
and conditions expressly indicated in the policy statements provided in each case (i.e.
product shipping data may be communicated to couriers).
6. Links to other websites
This information is provided only for the website www.geox.com and not for any other websites that a user
may access through a link. Geox cannot be held liable for personal data provided by users to
external parties or any websites linked to this Website.
7. "Tracking” and/or targeting tools
Geox shall not transmit any communications of a promotional and/or advertising nature without
the user's prior express consent.
facilitate navigation and use of the Website) and/or profiling (i.e. to analyse users and
their behaviours and preferences, and provide them with personalised advertising.
For a detailed explanation of tracking instruments used by this Website and how to
deactivate them, please read our Cookie
8. Place of data processing
The data processing connected with the services provided by the Website are carried out: (i)
at the headquarters of Geox S.p.A. indicated in point 1 above and are carried out by
expressly authorised data processing personnel; (ii) by companies providing services related
to the management of the Website, appointed as external data processors. A complete list of
external data processors appointed by Geox can be obtained by contacting
The Data collected through the Website are generally not transferred abroad, as the
processing is carried out through providers that use servers located in the European Union
(or European Economic Area). Nonetheless, in some cases, to enable us to properly manage the
Website, your personal data may subject to transfer to countries outside the European
Union/European Economic Area (e.g. the data collected through certain cookies and social
network tracking instruments).
Based on the privacy regulations applicable, specific consent to the transfer is not
necessary when the transfer is made to a country that guarantees an adequate level of
protection (Article 45 of the Regulation) or based on the adoption of appropriate safeguards
(Articles 46 and 47 of the Regulation), and, specifically, based on the adoption of binding
rules for the group of companies or the adoption of contractual clauses approved by the
European Commission: transfer of data collected (e.g. through Website cookies/tracking
instruments) is governed by those contractual clauses (e.g.
To receive more information on the transfer of data and the safeguards set out for their
protection, as well as on the means for obtaining that data or the place where they have
been made available, send a simple request to firstname.lastname@example.org.
9. Rights of data subjects
By e-mail to be sent to email@example.com, you may at
any time exercise the rights set out in Articles 15 to 22 of the Regulation, including:
- confirmation as to whether personal data concerning you is being processed;
- access to your personal data and the information indicated in Article 15 of the Regulation;
- rectification of inaccurate personal data concerning you without undue delay or completion
of incomplete personal data;
- erasure of personal data concerning you without undue delay;
- restriction of processing of personal data concerning you;
- notification regarding rectification, erasure or restriction of processing of personal data
-the right to receive the personal data concerning you in a structured, commonly used and
- the right to object at any time, on grounds relating to your particular situation, to
processing of personal data concerning you.
Note that you can always:
- object to the processing of your data, particularly for marketing purposes or the
analysis of your purchasing habits or preferences,
- withdraw your consent.
More information on your rights is available in point 13 below.
10. Who to contact in the case of a complaint
If you believe that the processing of your data violates the provisions of the Regulation,
you may always make a complaint to the Italian Data Protection Authority (www.garanteprivacy.it), or to the Data
Protection Authority of the country in which you reside, work or, finally, of the place
where you believe the violation occurred
11. Applicable law
ensures that the processing of personal data is carried out in accordance with the
fundamental rights and freedoms and the dignity of data subjects, with particular reference
to confidentiality, personal identity and their personal data protection rights.
12. Revision clause
part, at its sole discretion, in any manner and/or at any time, without notice, including to
take account of changes to the law or regulations regarding the protection of personal data.
the homepage of the Website; they will be binding as soon as published and communicated.
Please access this section regularly for publication of the most recent and updated Privacy
Policy or check your e-mail.
13. Privacy rights
Articles 15 to 22 of the Regulation grant to all data subjects the option to exercise
specific rights against the Data Controller. A brief description of these is provided below.
For all doubts or questions, contact us at firstname.lastname@example.org.
- Right of access: the data subject may request which data concerning him or
her are being processed, the purposes of the processing, the categories of data
processed, the recipients to whom the personal data have been or will be disclosed,
any transfer of the data outside the European Union, the period of storage of the
data, the existence of automated decision-making (including profiling), as well as
the source of the data that has not been collected from the Data Subject (Article 15
of the Regulation).
- Right to rectification: the data subject may request the rectification or
updating of inaccurate data or, taking into account the purposes of the processing,
the supplementation of incomplete personal data (Article 16 of the Regulation).
- Right to erasure (right to be forgotten): (where applicable) the data
subject shall have the right to obtain the erasure of personal data concerning him
or her, for example, where the personal data are no longer necessary in relation to
the purposes for which they were collected. Therefore, it will not be possible to
request the erasure of data if they are required to fulfil a legal obligation (e.g.
keeping accounting records or for security purposes) or for the verification,
exercise or defence of a right in legal proceedings (Article 17 of the Regulation).
- Right to restriction of processing: the data subject may request the
restriction of processing of the data, for example, where the data subject contests
the accuracy of the personal data, for a period necessary to verify the accuracy of
that data (Article 18 of the Regulation).
- Notification obligation: the data subject has the right to be informed of
any rectification or erasure or restriction of processing carried out in relation to
the personal data regarding him or her, and the recipients to whom the data have
been communicated (Article 19 of the Regulation).
- Right to data portability: (where applicable) the data subject has the right
to receive the data that concerns him or her in a structured, commonly used and
machine-readable format (i.e. in .excel or .csv format). However, that right is
limited only to data processed using automated means and based on a contract with
the data subject or his or her consent. Where technically feasible, it will be
possible to request the transmission of the data directly to the other data
controller (Article 20 of the Regulation).
- Right to object: (where applicable) the data subject has the right to object
at any time, on grounds relating to his or her particular situation, to the
processing of personal data concerning him or her carried out, for example, for the
pursuit of a legitimate interest of the data controller or third parties (including
profiling). The data subject can always object to data processing for direct
marketing purposes, including profiling related to such direct marketing (Article 21
of the Regulation).
- Right to not be subject to automated decision-making, including profiling:
(where applicable) the data subject shall have the right not to be subject to a
decision based solely on automated processing, including profiling, which produces
legal effects concerning him or her or significantly affects him or her, unless the
automated decision is necessary (i) for entering into, or performance of, a contract
between the data subject and a data controller, (ii) is envisaged by law, in
compliance with measures and safeguards, or (iii) is based on the data controller
explicit consent (Article 22 of the Regulation).
The full text of the Regulation and your rights are available here.