Snapfeet Privacy Policy

In order to use Snapfeet service, You have to provide us with some of Your personal data. Therefore, according to Article 13 UE Reg. GDPR 2016/676, we are required to provide you with the following information.

PURPOSES OF PERSONAL DATA PROCESSING

Snapfeet is a software service offered by Trya that works as a personal shopping assistant to help You to find and buy, from our Partner Shops, the shoes that best fit Your feet dimensions and your preferences (“Virtual Fit”).

Snapfeet may be used only through dedicated client applications provided by Trya (smartphone App and other possible client applications for other devices, if made available).

By elaborating 2D pictures (that You will have to take with Your client device according to the provided instructions), Snapfeet will create a 3D model of Your feet and calculate their relevant dimensions (length, ball girth, instep girth, and possibly other dimensions in the future): – in order to help you to choose (and also to suggest to You) the shoe sizes and models from our Partner Shops that best fit the dimensions of your feet and Your personal preferences, and – in order to help You to benefit from possible discounts and promotions offered by our Partner Shops (always concerning shoe models and sizes that may fit Your feet dimensions and Your preferences).

Your preferences will be obtained from Your indications in the dedicated area of Your user profile, as well as from Your previous purchases in our Partner Shops.

TYPES OF DATA PROCESSED

The types of personal data processed will be

  • Type A: i) 2D Pictures, ii) 3D models and iii) dimensions of Your feet;

  • Type B: common personal data (name, address, email, phone, date of birth, gender, nationality);

  • Type C: personal preferences relevant to shoe shopping (like sport activity, preferred kinds of shoes and so on) and location data, where relevant to shoe shopping (f.e., to provide you with shopping suggestions related to Partner Shops near to You);

  • Type D: data related to purchases made by You in Partner Shops (date of purchase, model, size, price paid).

MODALITIES OF PERSONAL DATA PROCESSING

Your personal data will be processed using electronic systems and applying a rationale strictly related to the purposes of processing, in order to protect data security and confidentiality.

All communications between Snapfeet client applications and Snapfeet servers, as well as between Snapfeet servers and Partner Shops’ infrastructures, will be encrypted.

All servers used to provide Snapfeet services are located in the European Union.

Data of type A above will be processed separately from data of types B-C-D, by use of appropriate technical means and specific authorization profiles so that data of type A can be processed anonymously when a specific data processing does not require identification of data subjects.

When You start shoes purchase process from any Partner Shop, Snapfeet sends to the Partner Shop only data of type A-iii (dimensions of Your feet), associated with an anonymous ID provided by the Partner Shop itself (via QR code, deep link or other equivalent technical means) in order to help you to choose the right size and model. The Partner Shop will not receive any data of type B-C from Snapfeet but, if needed, it will autonomously collect them from You under its sole responsibility. The Partner Shop will send back to Snapfeet only data of type D, associated with the same ID above.

DATA RETENTION PERIOD

Your personal data shall be processed for the time strictly required to achieve the purposes for which it was collected. Once the need for processing has terminated, it will be kept for one year to detect and solve possible errors or inaccuracies of Snapfeet 3D modeling software also on the basis of Your feedback. You may authorize us to keep Your personal data for a further period of 5 years, in order to allow You to take advantage of possible improvements and new features of the Snapfeet software platform.

In any case, after one year (or after the further period of 5 years, if authorized by You), only data of type A will be kept in anonymized form for an undetermined period of time, as test data to develop improvements and new versions of the Snapfeet software platform, while other types of data will be destroyed.

OBLIGATORY OR VOLUNTARY NATURE OF PROVIDING THE REQUESTED DATA

Since Snapfeet is specifically intended and conceived as a personal shoe shopping assistant, to make it work properly we need You to provide Your feet data as well as Your preferences, Your previous shoe purchases data and Your location data (data of types A-B-C-D) so if you are not willing to provide such data, we cannot provide You with the Snapfeet service.

SCOPE OF DATA COMMUNICATION

Employees and collaborators appointed by Trya as persons in charge of processing may acquire knowledge of your data in order to provide You with the Snapfeet service and to send advertising materials or else to perform market or commercial communication surveys. Besides Partner Shops, Your personal data may be communicated to third parties to meet legal obligations, to execute orders coming from public authorities legitimated to do so, or to enforce or defend a right in the courts. Your personal data will never be disseminated.

YOUR RIGHTS

You have the right to access personal data and the other rights provided by Art. 15 of UE Reg. GDPR 2016/676, as shown here below.

DATA CONTROLLER AND DATA PROCESSOR

Data Controller is Trya Srl, via Fabio Filzi 27, Milano (MI), Italy, tel. +390444751353, email privacy@trya.it (www.trya.it).

Data Processor, limited to the security and availability of the computer systems (servers) used by Trya and provided by Amazon AWS, is Amazon EU Sarl, Rue Plaetis 5, L-2338 Luxembourg, according to the terms and conditions available from time to time at www.aws.amazon.com Amazon AWS servers are content agnostic, so Amazon will not access Your personal data. A complete list of data Processors, will be readily available from Trya by sending an email to the above email address.

RIGHT OF ACCESS BY THE DATA SUBJECT – Art. 15 GDPR

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

    1. the purposes of the processing;

    2. the categories of personal data concerned;

    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

    5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

    6. the right to lodge a complaint with a supervisory authority;

    7. where the personal data are not collected from the data subject, any available information as to their source;

    1. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  1. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

  2. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

  3. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.