Privacy Policy

This policy indicates the personal data we collect when you use this website or visit our boutiques and describes the rights you have as a “Data subject”. We reserve ourselves the right to update the content of this page periodically, so we invite you to consult it regularly. 

 

Notice at collection for Californian users 

Under the California Consumer Privacy Act (“CCPA”), California consumers shall receive certain notices and information regarding the collection and use of their personal information. This page is intended to provide the Notice at Collection and Privacy Policy required by the CCPA. 
We may collect Personal Information (hereinafter also “Personal Information”) from you and use it for specified purposes. For a list of categories of Personal Information that we collect and the purposes for which we use such Personal Information, see the sections: 

  • What categories of Data do we process?
  • For what purposes do we process your personal Data and what are the legal bases? 

We may disclose Personal Information to third parties to engage them for online advertising and may collect your personal information when you visit our websites. In such cases, such information may be transferred to third parties through profiling cookies only on the basis of your explicit consent. For this reason, since we require your explicit consent to the use of third-party profiling cookies and the subsequent communication of such information to these third parties, the right to opt-out of your personal information sale, established by CCPA, does not apply. To learn more about profiling cookies and how to manage the use of such cookies, please visit our  Cookie Policy. 

Sharing excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties. 

Currently, we do not sell personal information, except in the case indicated above with reference to profiling cookies. 

 

Who is the Data Controller? 

The Data Controller is Antonio Marras S.r.l., with legale seat in Alghero (SS), Località Salondra n. 64, e-mail data.protection@oniverse.it 

 

What categories of data do we process? 

To give you access to our services and contents, we may collect:

  • Personal and contact data collected through our online forms;
  • To make a purchase, in addition to the data indicated on the online forms, you may be asked for additional information, such as data relating to the means of payment used and data for the shipment of products and any billing. We do not process data relating to the payment method you have chosen (e.g. credit card number and security code), which are instead collected exclusively by the chosen payment service provider. 

Providing such data is optional, but some of our fields are marked with asterisks. Those fields are mandatory and, failing that, we won’t be able to provide you with the service you requested. 

We will never ask neither for special categories related Data (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sexual orientation and so on) or judicial data (related to criminal records, the status of accused or suspected and so on).

We may also collect:

  • information that we may acquire when examining your interactions with us via e mail and newsletters, through our websites and apps that may be developed by us or by third party (for more information we invite you to read the related privacy policy);
  • information shared by you through your social networks. 

We will process the data you will provide us with only for the purposes related to each service requested and used. We may use your data for other purposes, only with your prior consent or, in certain limited cases, in the presence of our legitimate interest. 

 

For what purposes do we process your personal data and what are the legal bases? 

You may find below a list of all the purposes for which we collect your personal data.  

 

Browsing 

Purpose: to allow web browsing; to carry out aggregate statistical analysis aimed at measuring the correct functioning of this website.  

Processed data: IP addresses, domain names, URIs. These data are acquired by the IT systems responsible for the proper functioning of this website. 

Legal basis: provision of services aimed at allowing users to browse this website; 

Legitimate interest consisting in ensuring the proper functioning of IT systems 

Retention period: 30 days after the collection, unless legal provisions or provisions of Public Authorities impose a different retention time in relation to investigations related to any computer crimes. 

 

Online products purchasing 

Purpose: fulfilment of online purchase orders and performance of related activities (sending of goods, invoicing, payment management, shipment tracking, delivery of goods, possible activation of the return and refund process of the order, management of the return, etc). 

Processed data: contact details (name, surname, e-mail address, telephone number) and shipping address.We do not process the data relating to the payment method indicated by you (e.g. payment card number and security code), which are instead collected exclusively by the chosen payment service provider. 

Legal basis: execution of the sales contract. 

Retention period: time necessary to fulfil the contractual and regulatory obligations regarding the purchase and sale of products (e.g. tax legislation). 

 

Customer Care 

Purpose: we provide you with an assistance service (via chat, telephone, e-mail, online form) for any request relating to the purchase of our products or the use of our services.  

Processed data: data necessary to reply to the requests that you will address to our Customer Care. 

Legal basis: 

  • execution of the contract for the purchase and sale of products or pre-contractual measures adopted following your request; 

Retention period: time strictly necessary to fulfil your requests. 

 

Sending of commercial communications (“Direct Marketing”) 

Purpose: with your consent, we will send you commercial communications regarding our products, services and offers via e-mail, landline, mobile phone, instant messaging services (e.g. WhatsApp), post and social media channels (e.g. Facebook, Instagram, etc.). We may also conduct market research and surveys to detect your level of satisfaction with Antonio Marras products. 

Processed data: contact details (e.g. name, surname, e-mail address, telephone number). 

Legal basis: your consent that you may revoke at any time by writing to data.protection@oniverse.it or by clicking on the links contained in the footer of our communications. 

Retention period: until you revoke your consent. 

 

Profiling 

Purpose: with your consent, we will send you personalised commercial communications based on your profile, purchasing and browsing habits. In addition, our client advisors will be able to assist you in all our boutiques with information on colours, models and sizes relating to purchases made in our stores.    

Processed data: data relating to your purchases, your country of origin, your gender and your age, your interaction with us through our website. We may also enrich your profile with information lawfully acquired from third parties and made available to Antonio Marras, with statistical information (e.g. demographic information, georeferencing data, etc.) as well as information relating to the electronic tools you use to interact with us. 

Legal basis: your consent that you may revoke at any time by writing to data.protection@oniverse.it  

Retention period: the data relating to your interactions with us will be kept for 12 months from the date of collection; the information relating to your purchases will, on the other hand, be kept for 5 years starting from the date of each purchase. 

 

Reserved area registration 

Purpose: creation of a reserved area ("account") that will allow you to save some content (e.g. your purchase history, etc.). 

Processed data: personal details and contact information provided in the online form for registering for the reserved area. Some fields specifically marked are to be considered mandatory: should this information not be provided, we will not be able to provide you with the service you have requested. 

Legal basis: execution of the website registration contract. 

Retention period: your account and the data associated with it will be deleted if the account is not used for more than 5 years. 

 

Participation in events  

Purpose: to enable booking and participation in events organised by the ‘Antonio Marras’ brand. 

Processed data:personal details and contact data  requested in the online form dedicated to the booking of our events: data marked with an asterisk are essential for completing the booking; should they not be provided, it will not be possible to make the booking. 

Legal basis: execution of pre-contractual measures taken at your request. 

Retention period:for the entire duration of the event to which the booking refers. 

 

Video surveillance

Purpose: to ensure safety in our boutiques and protect our staff and customers, we have installed a video surveillance system. In the event of judicial or extrajudicial disputes, the recordings made may be used to ascertain or exercise the claims and rights of the data controller.

Processed data: your image.

Legal basis: legitimate interest of the data controller in protecting its business assets, ensuring the safety of its employees and customers, and protecting its rights in court or out of court.

Retention period: the images will be stored for a period of 72 hours. In the event of a request from the judicial authorities or the judicial police, or in any case where the images are used in legal proceedings, the retention period may be extended until the proceedings are concluded.


What are the methods we use to process your data?

We process your data using IT and telematic tools and supports, in compliance with the provisions of the law to ensure security and confidentiality, as well as the accuracy, updating and relevance of the data with respect to the stated purposes. Help us ensure that your data is always accurate by communicating the updates to data.protection@oniverse.it   

 

To whom do we communicate your data? 

To achieve the mentioned purposes, we need to communicate them to these categories of subjects: 

  • Staff of Antonio Marras S.r.l., in charge of managing our website and the services available online and at our stores;
  • Suppliers of Antonio Marras S.r.l. (e.g. IT service and platform providers, consultants) in their capacity as data processors;
  • Credit institutions, companies that carry out shipping and transport services, insurance companies: these subjects act as independent Data Controllers and their involvement is necessary to carry out necessary operations related to the use of our services (e.g. making payments; deliver the purchased goods). 

 

Do we transfer your personal data outside USA? 

The personal data collected may be transferred outside United State of America, in particular within the European Union, and in some cases also to other countries around the world, in particular the United Kingdom (e.g. in connection with cookies, social media plug-ins and other software applications from third-party providers). In any case, the transfer will take place in compliance with local legislation (if any) and EU Regulation 2016/679 (‘GDPR’) (in particular, the data will only be transferred after signing the Standard Contractual Clauses approved by the EU Commission by Decision 2021/914/EU or to countries able to guarantee an adequate level of protection of personal data and therefore recipients of an Adequacy Decision adopted by the EU Commission). 

 

What are the rights that you may exercise as data subject? 

You may exercise the rights guaranteed by the GDPR regarding your personal data by writing to data.protection@oniverse.it.We will reply to your request as soon as possible and, in any case, no later than thirty days after receiving your request. If, in relation to your request, it is necessary to verify your identity, we may ask you for additional identifying information or an identity document. In particular, you may exercise the following rights: 

  • Right of access, i.e., the right to know if a processing of personal data concerning you is in progress and, if confirmed, to obtain a copy of such data and be informed about: the origin of the data, the categories of personal data processed, the recipients of the data, the purposes of the processing, the existence of an automated decision-making process (including profiling), the data retention period, the rights provided for by the GDPR; 
  • Right to obtain the rectification or integration of your data;
  • Right to obtain the deletion of personal data if such data are no longer necessary for the purposes for which they were collected, or if we are no longer authorized to process them;
  • Right to obtain the limitation of the processing of personal data in the following cases: i) you have contested the accuracy of the personal data. You can request a processing limitation for the period necessary to verify the accuracy of the data; ii) we are no longer authorized to process the data, and instead of deleting them, you can ask us to limit their use; iii) if the personal data in our possession, despite being no longer necessary for the purposes for which they were collected, are necessary for you to ascertain, exercise or defend a right in court;
  • Right to data portability, i.e., the right to receive personal data concerning you in a structured format, commonly used and readable by an automatic device, as well as the right to request for such data to be transmitted to another Data Controller;
  • Right to revoke the consent, for the processing based on it;
  • Right to oppose at any moment to the processing of personal data based on our legitimate interest. 

 

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data conflicts with the provisions of the applicable laws. 

 

In particular, if you are a Californian resident, under the CCPA, you have the right to request the deletion of personal information that we have collected from you. Once we receive and confirm your verifiable consumer request to delete, we will delete (and communicate to our service providers to delete) your personal information from our records, unless an exception applies (e.g. retaining the information necessary for us or our service provider(s) in order to complete the transaction for which we collected the personal information, providing a good or service that you requested, complying with a legal obligation etc.). With reference to the right to access/to know and the right of erasure/to delete, you may submit your requests, free of charge, by writing to data.protection@oniverse.it  . We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account. We will only use personal information provided in connection with a consumer rights request to review and comply with the request. Once submitted the request, you will receive an e-mail as soon as feasibly possible, but no later than 10 business days, confirming that we have received your request and providing information about how we will process your request. We will respond to your request to access/to know or erasure/delete within 30 days (as required by GDPR) from the day we receive the request even if, in case of Californian consumers, the CCPA sets a longer period of 45 days. Any disclosure in response to a request to access/to know will cover the entire period from the date of your registration to the website (as required by GDPR) even if, in case of Californian consumers, the CCPA sets that disclosure of personal information must cover the 12-months preceding the business’ receipt of the request to know. In certain circumstances, we may decline a request to access/to know and/or erasure/delete, particularly where we are unable to verify your identity. 

If you are a Californian resident, under the CCPA, you may institute a civil action for statutory damages on an individual or class-wide basis (providing Calzedonia with 30 days’ written notice identifying the specific provisions violated) in the following cases: nonencrypted and nonredacted information subject to unauthorized access and exfiltration, theft or disclosure as a result of a business's lack of implementation of reasonable security procedures and practices. 

If Calzedonia within 30 days cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations occur, no action for individual statutory damages or class-wide statutory damages may be initiated against Calzedonia. 
If you are a Californian resident, under CCPA, also the following rights will be applied: 

  • Right to Opt-Out of Personal Information Sale. Currently, we do not sell personal information, except in the case of profiling cookies. To learn more about profiling cookies, how to manage the use of such cookies and how to disable them, please visit ourCookie Policy.
  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment, in terms of price or services that we offer, for exercising any of the rights described above. However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you with our products or services or engage with you in the same manner.
  • Financial Incentives. You have the right to be notified of any financial incentives offers and their “material terms” (terms and conditions), the right to opt-out of such incentives at any time, and to not be included in such incentives without your prior informed opt-in consent. We do not offer any incentives at this time. 

 

Authorized Agent 
In certain circumstances, you are allowed to use an authorized agent to submit the above requests on your behalf by writing to data.protection@oniverse.it  . If you choose to submit a request through an authorized agent, we will require proof that the authorized agent has your written permission to submit a request on your behalf and, if necessary, we may require you to verify your identity with us. 
If the agent cannot provide your signed permission, we may deny the request. 

 

Last update: October 2025