Customer area

A. Data Controller

• Peuterey S.r.l. with registered office in Via Tortona, 31 - 20144 - Milan (MI), privacy@peuterey.it (hereinafter "Peuterey")

and

• Digital Boite S.r.l. with registered office at Via Cusani, 5 - 20122 - Milan, dpo@digitalboite.com (hereinafter "DB")

(hereinafter referred to collectively as ‘Data Controllers’) provide you with the following information on the collection, use, disclosure and processing of your personal data carried out through the website www.peuterey.com (hereinafter ‘Website’).

In particular:

• Peuterey is the independent data controller for personal data processed for the purposes of browsing and maintaining the Website. Peuterey also acts as the independent data controller for personal data processed for marketing and profiling purposes;
• DB is the independent data controller of personal data processed for the purposes of sales, invoicing, payment and delivery of products purchased through the Website.
• Peuterey and DB are joint controllers (hereinafter ‘Joint Controllers’) of the processing of personal data for the performance of commercial activities preparatory to or consequent upon the sale, consisting of sales planning (requirements, related logistics, etc.), analysis of commercial results, catalogue management, after-sales service, returns management, reporting activities and definition of commercial policies.

The essential content of the joint controller agreement between Peuterey and DB is set out in the table below. Any further information regarding the content of the joint controller agreement may be requested by writing to Peuterey or DB at the addresses above or by contacting the DPOs at the addresses indicated in the following paragraph.

The Joint Controllers will share:

• information relating to purchases made by buyers that is useful for carrying out the above activities; and
• information relating to consumers who register online, as well as information collected from buyers as part of after-sales activities.

B. Data Protection Officer (DPO)

Peuterey and DB have each appointed a Data Protection Officer (DPO):

• Peuterey's DPO is available at the e-mail address dpo@peuterey.it;
• DB's DPO is available at the e-mail address dpo@digitalboite.com.

C. Categories of data processed

Depending on the purposes pursued, Data Controllers may process personal data (hereinafter the "Data") listed herein by way of example but not limited to:

• Personal Data: first name, last name, date of birth, gender;
• Contact Data: telephone number, e-mail address;
• Authentication data: e-mail address, password;
• Shipping information: home address, residential address, any additional addresses useful to deliver the order;
• Information related to purchases made: item, size and color, price, date the sale takes place, expense incurred;
• Data related to the customer's profile and preferences: data related to purchasing habits;
• Data related to geographical location ("Storelocator" service): IP address;
• Data related to loyalty programs: points, discounts;
• Browsing data: data collected when you visit and consult the Site including through cookies or other tracking technologies. For more information on the processing of your data through such technologies, please refer to Cookie Policy[P4I1.1].

Any additional data disclosed to take advantage of specific services offered by Peuterey.

D. Purpose, legal basis of processing and retention period of personal data

E. Provision of Data

The provision of Data is necessary in order to provide services to the users; therefore, failure to provide them does not allow their provision.

It is understood that certain data will be collected and/or processed only with the consent of the data subject, in particular for the purpose of marketing, profiling and taking advantage of the "Storelocator" service. Failure to provide such consent will preclude the pursuit of the related marketing, profiling and "Storelocator" purposes, but will not affect your ability to register with the Site or to take advantage of the services rendered on a contractual basis.

The computer systems and software procedures used to run the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

Among the information that may be collected are IP addresses, the type of browser or operating system used, addresses in URI ("Uniform Resource Identifier") notation, the domain name and addresses of the websites from which the access or exit was made (referring/exit pages), the time the request was made to the server, the method used and information on the response obtained, further information on the user's browsing (see also the section on cookies) and other parameters relating to the user's operating system and computer environment.

This same data could, also be used to identify and ascertain responsibility in case of any computer crimes against the Site.

F. Recipients of the Data

The Data will be processed by:

• employees and collaborators of Data Controllers authorized to collect and process your Data;
• third parties that assist Data Controllers in activities like shipping, mailing promotional material, market research, customer satisfaction surveys, management and maintenance of computer systems;
• third parties that assist Data Controllers provide legal or tax advice and assistance and companies handling payments made by debit or credit card;
• supervisory and control authorities or other entities, public or private, entitled to request the Data.

The full list of third parties can be requested in writing to the addresses indicated in paragraph A.

Data is processed by personnel who have been duly trained. The databases are protected by high levels of security through the use of techniques such as encryption and strict access procedures.

Furthermore, Data Controllers has implemented technical and organisational security measures to limit the destruction, unauthorised access and disclosure, loss and modification of the Data.

G. Transfer of Data outside USA

Data may be transferred to third countries, in particular to countries belonging to the European Economic Area (e.g. Italy), for activities such as processing and managing your order, handling requests for assistance during purchases and after-sales, and providing the services requested.

Italy, as a member country of the European Union, applies European legislation in the field of data protection, i.e. Regulation EU 679/2016 (‘GDPR’).

This legislation guarantees a high level of protection for personal data processed and the rights and freedoms of data subjects.

H. Rights of data subjects

By contacting the e-mail addresses indicated in paragraph A, you may request the Data Controllers to access your Data, delete it, correct inaccurate Data, integrate incomplete Data, limit processing in the cases provided for by applicable privacy legislation, and oppose processing, for reasons related to your particular situation, in cases of legitimate interest of the Data Controllers.

Furthermore, if the processing is based on consent or on a contract and is carried out using automated tools, you may exercise your right to receive your Data in a structured, commonly used, and machine-readable format, as well as, if technically feasible, request that it be transmitted to another data controller without hindrance.

You have the right to withdraw your consent at any time.

You may at any time change/update your Data and the consents to the processing thereof by logging into your personal account, or by sending an e-mail to privacy@peuterey.it or, alternatively, to privacy@digitalboite.com.

You also have the right to lodge a complaint with the competent supervisory authority.

Should it become necessary to update this Privacy Policy, data subjects will be notified by e-mail.[P4I3.1]

I. If you are a citizen of California

In this section, we are providing additional terms to comply with the California Consumer Privacy Act of 2018 (CCPA) and the new California Privacy Rights Act (CPRA).

Peuterey and DB do not share/sell any of your Data and have not shared/sold any of your Data in the past 12 months[P4I4.1].

Pursuant to the CPRA, you may exercise the following rights, if applicable:

• consumers’ right to delete personal information;
• consumers’ right to correct inaccurate personal information;
• consumers’ right to know what personal information is being collected (right to access personal information);
• consumers’ right to know what personal information is sold or shared and to whom;
• consumers’ right to opt out of sale or share personal information. To object to such data transmission, you can change your preferences using the Do not sell or share my personal information button on the Website's cookie banner, or by sending an e-mail to privacy@peuterey.it or privacy@digitalboite.com[P4I5.1];
• consumers’ right to limit use and disclosure of sensitive personal information;
• consumers’ right to no retaliation following opt out or exercise of other rights;
• consumers’ right to data portability: a business must provide the specific pieces of personal information obtained from the consumer in a format that is easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format, which also may be transmitted to another entity at the consumer's request without hindrance;
• consumers’ right not to be subject to automated decision-making.

Your ‘Do Not Track’ browser setting: some web browsers incorporate a Do Not Track (“DNT”) feature that signals to the websites that you visit that you do not want to have your online activity tracked. Our Website does not respond to DNT signals. Other third party may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.[P4I6.1]

J. If you are a citizen of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia

If you are a citizen of these States, the information in this Privacy Policy applies to you as well.

In addition, the law of your State of residence will apply.

Specifically:

• Colorado’s privacy legislation, the Colorado Privacy Act (“CPA”);
• Connecticut's privacy legislation, the Connecticut Data Privacy Act (“CTDPA”);
• Delaware legislation, the Delaware Personal Data Privacy Act (“DPDPA”).
• Florida legislation, the Florida Digital Bill of Rights (“FDBR”);
• Indiana legislation, the Indiana Consumer Data Protection Act (“INCDPA”);
• Iowa legislation, the Iowa Consumer Data Protection Act (“ICDPA”);
• Kentucky legislation, the Kentucky Consumer Data Protection Act (“KCDPA”);
• Maryland legislation, the Maryland Online Data Privacy Act (“MODPA”);
• Minnesota legislation, the Minnesota Consumer Data Privacy Act (“MCDPA”);
• Montana legislation, the Montana Consumer Data Privacy Act (“MTCDPA”);
• Nebraska legislation, the Nebraska Data Privacy Act (“NDPA”);
• New Hampshire legislation, the New Hampshire Data Privacy Act (“NHDPA”);
• New Jersey legislation, the New Jersey Data Privacy Act (“NJDPA”);
• Oregon legislation, the Oregon Consumer Privacy Act (“OCPA”);
• Rhode Island legislation, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”);
• Tennessee’s new privacy legislation, the Tennessee Information Protection Act (“TIPA”);
• Texas’ new privacy legislation, the Texas Data Privacy and Security Act (“TDPSA”);
• Utah’s privacy legislation, the Utah Consumer Privacy Act (“UCPA”);
• Virginia’s new privacy legislation, the Virginia Consumer Data Protection Act (“VCDPA”);

Depending on your State of residence and applicable law, you may exercise (if applicable) certain rights, such as:

• the right to access your Data collected and processed by the Data Controllers;
• the right to correct your Data;
• the right to delete your Data;
• the right to obtain a copy of your Data in a portable and easily usable format that allows you to transfer the Data to another Data Controller with ease;
• the right to opt-out:
  • to the sale of your Data;
  • to the processing of Data for the purpose of targeted advertising;
  • to profiling in furtherance of automated decisions that produce legal or similarly significant effects concerning the consumer.

Targeted advertising means the display of advertisements to a consumer where the advertisement is selected on the basis of personal data obtained or inferred from that consumer's activities over time and on unaffiliated Internet sites or online applications to predict that consumer's preferences or interests.

The law defines the sale of personal data as “the exchange of personal data for monetary or other value consideration by the Data Controller to a third party”.

In the state of Utah and the state of Virginia, the definition of sale includes the exchange of personal data only for monetary consideration by a Data Controller to a third party.

Should it become necessary to update this Privacy Policy, data subjects will be notified by email.

Last update: March 2026