Customer area

Privacy Policy

  1. Privacy Policy

    PRIVACY NOTICE REGARDING THE PROCESSING OF CUSTOMERS’ AND USERS’ PERSONAL DATA

    A. Data Controllers

    Geo Spirit S.r.l., with registered office at Via Provinciale del Biagioni, 55 - 55011 - Altopascio (Lucca), privacy@dekkeroriginal.com (hereinafter “Dekker”)

    and

    Digital Boite S.r.l., with registered office at Via Cusani, 5 - 20122 - Milan, privacy@digitalboite.com (hereinafter “DB”)

    (hereinafter jointly referred to as the “Data Controllers”) provide you with the following information regarding the collection, use, disclosure and processing of your personal data carried out through the website www.dekkeroriginal.com (hereinafter the “Website”).

    In particular:

    • Dekker acts as an independent data controller for personal data processed for Website browsing and maintenance purposes. Dekker also acts as an independent data controller for personal data processed for marketing and profiling purposes;
    • DB acts as an independent data controller for personal data processed for the purposes of sale, invoicing, payment and delivery of products purchased through the Website;
    • Dekker and DB act as joint controllers (hereinafter the “Joint Controllers”) with regard to personal data processed for carrying out commercial activities preparatory or subsequent to the sale, consisting of sales planning (requirements, related logistics, etc.), analysis of commercial results, catalogue management, after-sales support, returns management, reporting activities and the definition of commercial policies.

    The essential content of the joint controllership agreement in force between Dekker and DB is set out in the table below. Any further information regarding the content of the aforementioned joint controllership agreement may be requested by writing to Dekker or DB at the addresses indicated above or by contacting the DPOs at the addresses indicated in the following section.

    The Joint Controllers will share:

    • information relating to purchases made by customers that is useful for carrying out the activities described above; and
    • information relating to consumers who register online, as well as information collected from customers in the context of after-sales activities.

    Controllership Purpose Legal basis Data retention
    Joint Controllers Dekker and Digital Boite Provision of activities subsequent to the sale, such as sales analysis and related reporting Legitimate interest of the Joint Controllers Data relating to sales analysis activities are retained for 3 (three) years
    Joint Controllers Dekker and Digital Boite Provision of commercial activities preparatory or subsequent to the sale, such as after-sales services (including customer support and returns management) Performance of a contract to which the data subject is a party Data will be retained until the request has been fulfilled and for an additional period of 6 (six) months

    B. Data Protection Officer (DPO)

    Dekker and DB have each appointed a Data Protection Officer (DPO):


    C. Categories of personal data processed

    Depending on the purposes pursued, the Data Controllers may process the personal data (hereinafter the “Data”) listed below by way of example and not limitation:

    • Identification data: first name, surname, date of birth, gender;
    • Contact data: telephone number, email address;
    • Authentication data: email address, password;
    • Shipping information: domicile address, residence address, any additional addresses useful for delivering the order;
    • Information relating to purchases made: item, size and colour, price, date on which the sale takes place, amount spent;
    • Data relating to the customer’s profile and preferences: data relating to purchasing habits;
    • Data relating to geographic location (the “Storelocator” service): IP address;
    • Data relating to loyalty programmes: points, discounts;
    • Browsing data: data collected during visits to and consultation of the Website, also by means of cookies or other tracking technologies. For further information regarding the processing of your data through such technologies, please refer to the Cookie Policy.

    Any additional data provided in order to make use of specific services offered by Dekker.

    D. Purposes, legal basis of processing and Data retention periods
    Controllership Purpose Legal basis Retention period
    Dekker Provision of sales services and any additional service requested by customers Performance of a contract to which the data subject is a party Data relating to purchases will be retained for the time necessary to perform the contract relating to the services offered to you, and in any case for no longer than 10 (ten) years
    Dekker Management of customer care and after-sales support services, such as support services relating to payments, shipments, returns and refunds, and requests for information and assistance Performance of a contract to which the data subject is a party Data processed in order to provide a service requested by you will be retained for the time necessary to perform the service.

    With regard to after-sales support and returns management, the Data required to handle your requests will be retained until the request has been fulfilled and for an additional period of 6 (six) months
    Dekker Allowing use of the online store and its services, including registration thereto and viewing the catalogue of products sold therein Performance of a contract to which the data subject is a party Data collected for Website registration purposes will be retained until you request the withdrawal of your registration, without prejudice to closure by Dekker due to user inactivity exceeding 5 (five) years
    Dekker Management of administrative, tax and accounting obligations imposed by law Compliance with a legal obligation to which the data controller is subject Data processed in order to comply with legal obligations will be retained in accordance with the time limits laid down by the applicable legislation, including the ten-year retention obligation for accounting records
    Dekker Operational management of Website browsing and security Legitimate interest of the data controller For data relating to cookies, please refer to the specific Cookie Policy
    Dekker Use of the Storelocator service, which consists in identifying the nearest store on the basis of your current location Freely given, specific, informed, unambiguous and revocable consent of the data subject Data will be retained until you request withdrawal of consent
    Dekker Prevention of abuse and fraud Legitimate interest of the data controller Data will be retained for the time necessary for the prevention and detection of fraudulent conduct, and in any case no longer than the limitation periods laid down by law for payment fraud offences, or until expiry of the time limits for challenging transactions provided for by the applicable sector regulations and the rules of the payment schemes
    Dekker Establishment, exercise or defence of a right in judicial proceedings and out-of-court debt collection Legitimate interest of the data controller Data will be retained for the entire duration of the debt recovery activity and, in the event of litigation, for the entire duration thereof, until the expiry of the time limits for bringing appeals
    Dekker Marketing activities through the sending of commercial communications relating to products and services (news, new arrivals, exclusives, offers and promotions) by electronic means - such as newsletters and emails containing invitations and commercial communications - and by traditional means, such as paper mail Freely given, specific, informed, unambiguous and revocable consent of the data subject Data will be retained until you request withdrawal of consent
    Dekker Profiling activities of registered users through the use of Data provided by them in the use of services (including those relating to purchases) and Browsing Data on the online store for the purpose of sending and/or displaying promotional messages in line with the user’s profile, as well as improving the website experience Freely given, specific, informed, unambiguous and revocable consent of the data subject Data are retained until consent is withdrawn and profiling activities will refer to the details of purchases relating to the last 24 (twenty-four) months
    Digital Boite Sale of products online, order handling, delivery of the product, collection of payment and invoicing Performance of a contract to which the data subject is a party

    Compliance with a legal obligation to which the data controller is subject    		 Data relating to purchases will be retained for the time necessary to perform the contract relating to the services offered to you, and in any case for no longer than 10 (ten) years.

    Data processed in order to comply with legal obligations will be retained in accordance with the time limits laid down by the applicable legislation
    Digital Boite Management of administrative, tax and accounting obligations imposed by law Compliance with a legal obligation to which the data controller is subject Data processed in order to comply with legal obligations will be retained in accordance with the time limits laid down by the applicable legislation, including the ten-year retention obligation for accounting records
    Digital Boite Prevention of abuse and fraud Legitimate interest of the data controller Data will be retained for the time necessary for the prevention and detection of fraudulent conduct, and in any case no longer than the limitation periods laid down by law for payment fraud offences, or until expiry of the time limits for challenging transactions provided for by the applicable sector regulations and the rules of the payment schemes
    Digital Boite Establishment, exercise or defence of a right in judicial proceedings and out-of-court debt collection Legitimate interest of the data controller Data will be retained for the entire duration of the debt recovery activity and, in the event of litigation, for the entire duration thereof, until the expiry of the time limits for bringing appeals

    E. Provision of Data

    The provision of Data for the purposes based on the following lawful bases:

    • performance of a contract to which the data subject is a party;
    • legitimate interest of the data controller;
    • compliance with a legal obligation to which the data controller is subject;

    is mandatory for the provision of the services; therefore, failure to provide such Data will make it impossible to provide the services.

    It is understood that certain data will be collected and/or processed only with the prior consent of the data subject, in particular for marketing, profiling and use of the “Storelocator” service. Failure to provide such consent will prevent the pursuit of the related purposes of marketing, profiling and “Storelocator”, but will not affect your ability to register on the Website or to use the services provided on a contractual basis.

    The IT systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

    This information is not collected in order to be associated with identified data subjects, but by its very nature it could, through processing and association with data held by third parties, allow users to be identified.

    The information that may be collected includes IP addresses, browser type or operating system used, addresses in URI (“Uniform Resource Identifier”) notation, domain name and the addresses of websites from which access to or exit from the Website occurred (referring/exit pages), the time of the request made to the server, the method used and information regarding the response obtained, further information relating to the user’s browsing activity (see also the section relating to cookies) and other parameters relating to the user’s operating system and IT environment.

    Such data may also be used to ascertain and establish liability in the event of any cybercrime affecting the Website.

    F. Recipients of the Data

    The Data will be processed by:

    • employees and collaborators of the Data Controllers authorised to collect and process your Data;
    • third parties established within the European Union, acting as data processors, used by the Data Controllers, in particular, for services involving the collection and entry of personal data, shipping, mailing of promotional material, market research, measurement of customer satisfaction, and management and maintenance of IT systems;
    • third parties acting as independent data controllers, in particular freelancers or legal or tax consultancy and assistance firms, and companies managing payments made by debit or credit card;
    • third parties acting as independent data controllers, such as supervisory and monitoring authorities or other public or private entities entitled to request the Data.

    The complete list of recipients of the Data may be requested in writing at the addresses indicated in paragraph A.

    G. Transfer of Data outside the European Union

    For the provision of the services, your Data may be transferred to third countries. Should it become necessary to transfer your personal Data to countries outside the EU, the Data Controllers undertake to ensure that such transfer is carried out in compliance with the provisions of the applicable European privacy legislation (Chapter V of the GDPR). In particular, appropriate safeguards and transfer mechanisms (for example, the standard contractual clauses approved by the European Commission) will be adopted in order to ensure a level of data protection equivalent to that provided within the EEA.

    H. Rights of data subjects

    By contacting the email addresses indicated in paragraph A, you may request from the Data Controllers access to the Data relating to you, erasure thereof, rectification of inaccurate Data, completion of incomplete Data, restriction of processing in the cases provided for by the applicable privacy legislation, as well as object to processing, on grounds relating to your particular situation, where the processing is based on the legitimate interest of the Data Controllers.

    Furthermore, where the processing is based on consent or on a contract and is carried out by automated means, you may exercise the right to receive your Data in a structured, commonly used and machine-readable format and, where technically feasible, to have such Data transmitted to another controller without hindrance.

    You have the right to withdraw the consent given at any time.

    You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, where you have not previously and explicitly provided your consent.

    You also have the right to lodge a complaint with the competent supervisory authority in the Member State in which you habitually reside or work, or in the State in which the alleged infringement occurred.

    Finally, you may at any time modify/update your Data and the consents to the processing thereof by accessing your personal account, or by sending an email to privacy@dekkeroriginal.com or, alternatively, to privacy@digitalboite.com.

    I. If you are a citizen of the Principality of Monaco

    If you are a citizen residing in the Principality of Monaco, Law No. 1.565 of 3 December 2024 on the protection of personal data shall apply. In this regard, please note that:

    • your Data may be transferred to countries outside the Principality of Monaco, in particular Italy which, as a Member State of the European Union, is considered an adequate and safe country with regard to the processing of personal data pursuant to Article 97 of Law No. 1.565 of 3 December 2024. In Italy, EU Regulation 679/2016 (“GDPR”) applies and provides adequate safeguards and protection for the rights and freedoms of data subjects;
    • you may, where possible, exercise the rights provided for in Chapter 3 of Law No. 1.565 of 3 December 2024.

    For further information on any transfers of your Data and in order to exercise your rights, you may send an email to privacy@dekkeroriginal.com or, alternatively, to privacy@digitalboite.com.

    J. If you are a citizen of Montenegro

    If you are a citizen residing in Montenegro, the Personal Data Protection Law 79/08, 70/09, 044/12 and 022/17 shall apply. In this regard, please note that:

    • your Data may be transferred to countries outside Montenegro, in particular Italy which, as a Member State of the European Union, is considered an adequate and safe country with regard to the processing of personal data pursuant to Article 42 of the Personal Data Protection Law 79/08, 70/09, 044/12 and 022/17. In Italy, EU Regulation 679/2016 (“GDPR”) applies and provides adequate safeguards and protection for the rights and freedoms of data subjects;
    • you may, where possible, exercise the rights provided for in Chapter 5 of the Personal Data Protection Law 79/08, 70/09, 044/12 and 022/17.

    For further information on any transfers of your Data and in order to exercise your rights, you may send an email to privacy@dekkeroriginal.com or, alternatively, to privacy@digitalboite.com.

    K. If you are a citizen of Turkey

    If you are a citizen residing in Turkey, Law No. 6698 on the Protection of Personal Data of 24/3/2016 shall apply. In this regard, please note that:

    • your Data may be transferred to countries outside Turkey, in particular Italy, where EU Regulation 679/2016 (“GDPR”) applies and provides adequate safeguards and protection for the rights and freedoms of data subjects. The Data Controllers guarantee that the transfer is carried out in accordance with Article 9 of Law No. 6698 on the Protection of Personal Data of 24/3/2016;
    • you may, where possible, exercise the rights provided for in Chapter 3 of Law No. 6698 on the Protection of Personal Data of 24/3/2016.

    For further information on any transfers of your Data and in order to exercise your rights, you may send an email to privacy@dekkeroriginal.com or, alternatively, to privacy@digitalboite.com.


    Last updated: March 2026