In accordance with Article 13 EU Reg. 2016/679 (GDPR) we wish to inform users about the methods employed and purposes of the processing of personal data of those who use our website:

This information shall not be considered valid for other websites that may be consulted via links on any website(s) in the domain of the data controller (owner), who is is not to be considered in any way liable for such third-party websites.

Data controller

The data controller of personal data collected on this site is Leo Shoes Srl, with its registered office in Z.I. V.le Cav. Antonio Filograna, Lotto 5, 73042 Casarano (LE) Italy – P.I./VAT: 04338410758; Tel. +39 0833 599 870. Email:

Purpose of data processing, legal basis and nature of provision

For the purposes expressed herein, only non-specific personal data shall be processed. These data shall be processed in accordance with the legal conditions pursuant to Article 6, EU Reg. 2016/679 (GDPR) in order to:

allow navigation on this website and allow the technical management of connections to this website.

Computer systems used to operate websites acquire, during their normal operation and for the sole duration of the connection, some personal data, the transmission of which is implicit in the use of internet communication protocols. This information is not collected so as to be associated with identified users (data subjects), but by its very nature could, through processing and association with data held by third parties, allow data subjects to be identified. This category of data includes, for example: IP addresses or computer names acquired during connection to websites, URI (Uniform Resource Identifier) addresses of the requested resources; the characteristics of the browser used; the resolution of the screen in which the browser is executed on the device used and other parameters relating to the operating system and a user's computer environment. These data are used exclusively so as to obtain anonymous statistical information on site use in order to check the correct functioning thereof and are erased immediately after processing. These data may also be used in order to to determine responsibility in the event of hypothetical computer crimes against the sites.

Legal basis of processing: the legitimate interest of the Data Controller (GDPR: Article (1) (f).
The data required for the purposes that have been indicated are necessary to enable navigation on the site.

follow up information, contact or other requests from customers/users with regard to the services offered by the owner.

Any voluntary sending of electronic mail to the e-mail addresses indicated on the website mentioned above entails the subsequent acquisition of the e-mail address of the sender as well as the name and surname necessary to comply with requests in addition to any other personal data included within the message; this also applies to the management of complaints forwarded by users and any response to them.

Legal basis of processing: execution of a contract to which the interested party be party or to the execution of pre-contractual measures adopted at the request of the same (GDPR: Article 6 (1) (b) and legitimate interest of the owner (GDPR: Article 6 (1) (f).

The data required for the purposes indicated are necessary in order to carry out the requests of the interested party. Any failure to provide data has the sole effect of preventing the sending, receiving or response to requests from an interested party.

Data processing methods

Data processing shall be carried out by manual, computerised and technological means in compliance with the statutory regulations in force according to principles of appropriateness, lawfulness, transparency, relevance, integrity, limitation and accuracy and with the organisation and processing thereof strictly limited to the purposes for which the data were provided for processing and in such a way as to guarantee the security, integrity and confidentiality of the data processed in compliance with the organisational, physical and analytical measures required by the provisions in force.

Data retention period

In accordance with with EU Regulation 2016/679 (Article 5 (1) (e), personal data collected shall be stored in such a manner that allows for the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The storage of personal data provided depends on the purpose of the processing:

  • for navigation data see cookie policy
  • for contact and information requests: maximum 1 year

After these terms have elapsed, the data shall be erased or made anonymous, unless their further preservation be deemed necessary in order to carry out any contractual obligation(s) arising, legal obligations or to execute instructions issued by any public authority or supervisory body.

Nature of data provision

A user is free to provide his or her own data. Failure to provide personal data by a user shall have the sole effect that it will be impossible to obtain the service requested and/or to use the services offered by the site owner.

Dissemination, potential data recipients

The data provided shall be communicated exclusively to persons authorised to process data and suitably trained accordingly, under the control of the data controller, or to subjects acting as independent controllers as well as to specifically-contracted data controllers linked to Leo Shoes Srl (Article 28, EU Reg. 2016/679 (GDPR), such as:

  • companies providing services for the management of information-technology systems or of this website, including e-mail;
  • companies providing services for telecommunications networks, professionals and consultants or other service providers to the site owner;
  • authorities and supervisory bodies and, in general, public or private subjects, with functions of public importance (e.g.: prefecture, police headquarters, judicial authorities, and – in any event – only as far as the conditions established by the applicable legislation be met);
  • any other companies within the group of which the site owner is a part, or, in any case, controlling, controlled or associated companies, pursuant to Art. 2359 Codice Civile (Italian Civil Code);
  • professional firms or companies within the context of assistance and consultancy;
  • data may also be made known, in relation to carrying out duties assigned, by the data controller's staff, including interns, temporary workers, consultants, employees of external companies specifically authorised for the processing thereof.

Data transfer abroad

Data shall not be transferred outside the territory of the European Union.

Dissemination of data

User data shall not be disclosed.

Data subject rights

Articles 15, 16, 17, 18, 20, 21, EU Reg. 2016/679 (GDPR) grant the data subject specific rights that may be exercised in relation to the data controller.

Specifically, the data subject may, under the conditions provided for by the GDPR, exercise the following:

  • Right of access by the data subject: diritto di ottenere conferma che sia o meno in corso un trattamento di dati personali che La riguardano e, in tal caso, ottenere l'accesso ai Suoi dati personali, compresa una copia degli stessi;
  • Right of rectification: a data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him or her; the data subject also has the right to have incomplete personal data completed;
  • Right to erasure ("right to be forgotten"): a data subject has the right to obtain the erasure of personal data concerning the data subject if no longer necessary for the legitimate purposes of the data controller, in the event of revoking consent (and there is no other legal basis for processing ) or the data subject's objection to processing; in the event of unlawful processing or if there be a legal obligation of cancellation. The right of cancellation does not apply to the processing of data necessary for the fulfilment of a legal obligation or for the performance of a task performed in the public interest or for the establishment, exercise or defence of a right in a court of law;
  • Right to restriction of processing: a data subject has the right to obtain from the controller restriction of processing when: a) the accuracy of the personal data is contested by the data subject; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the data are required by the data subject for the establishment, exercise or defence of legal claims;
  • Right to data portability: a data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided if the processing is based on consent and it is carried out by automated means;
  • Right to object: a data subject has the right to object at any time to the processing of personal data concerning him or her for purposes other than those for which prior consent has been given.

In compliance with Article 77, EU Reg. 2016/679 (GDPR) as the data subject you are entitled to lodge a complaint with a single supervisory authority, in particular in the EU member state in which you habitually reside and/or work or where the alleged violation has occurred, which in the Italian Republic is the Italian Data Protection Authority and which may be consulted/contacted at

Furthermore, the GDPR grants you (the data subject) the right to withdraw your consent at any time and with the same ease with which it was previously granted.

Exercising these rights is free under Article 12, EU Reg. 2016/679 (GDPR). However, in the event of evidently unfounded, recurrent or excessive requests, the data controller may charge a reasonable fee in view of the administrative costs incurred in managing your request and, furthermore, may also reserve the right to refuse your request.

You may exercise your rights by using the attached form, which must be sent in paper form to the address of the owner, or by e-mail or fax to the addresses provided in this statement.

The current notice was updated on 07/30/2019. Any further updates shall always be published on this page.

The Data Controller
Leo Shoes S.r.l.