According to local applicable laws, the following data controllers (herein after “Data Controllers”) provide you with the following information on the collection, use, disclosure or processing of your personal data when you provide information to us in connection with registration in our stores:
- Dolce & Gabbana S.r.l., based in Via Goldoni 10, 20129, Milan, Italy, an Italian corporation belonging to the Dolce & Gabbana Group, data controller for customer loyalty purposes, marketing purposes and profiling purposes and for administrative and accounting purposes if customers purchase in Italy
- Dolce & Gabbana Usa Inc., based in 148 Lafayette 7th Floor, 10013 New York, USA, the local subsidiary belonging to the Dolce & Gabbana Group where the customer purchases or registers to the CRM system, data controller for administrative and accounting purposes, customer loyalty purposes, marketing purposes and profiling purposes.
- Specific information of the subsidiaries belonging to the Dolce & Gabbana Group through which you have the chance to gain detailed information on the different Data Controllers, may be obtained by visiting the following link https://world.dolcegabbana.com/corporate/subsidiaries/ or by writing to email@example.com or to the postal addresses mentioned above.
A. The purposes and legal basis for the processing
A1. The following personal data supplied by you in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); invoicing and tax free information (nationality, passport number, company name, fiscal code, vat number); information regarding the purchases made by the customer (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
a. For administrative and accounting purposes: execution of sales contract, accounting and fulfillment of legal obligations, after-sales services. The legal basis for this data processing is: the execution of a contract of which you are a party of.
A2. The following personal data supplied by you over time in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); data regarding the customer profile and his/her preferences (hobbies, cultural interests, preferred magazines/websites, style of life/person, associative/cultural clubs of his/her interest, preferred brands and items purchased) and the total amount of individual purchases and details of the same (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
a.For customer loyalty as such purposes (free personal shopping services, free assistance services (tailoring), free courtesy services (domicile purchases delivery services)). The legal basis for this data processing is: the execution of a contract of which you are a party of;
b.Subject to your consent, for marketing purposes: dispatch of advertising material or direct sales material, market research, customer satisfaction surveys, commercial communication even customized regarding Dolce & Gabbana products (bags, accessories, shoes and clothes) with automated (e-mail, other communication systems via communication networks such as, by way of example but not limited to: sms, mms, instant messaging platforms (WhatsApp, Line, WeChat, Viber, KakaoTalk) and traditional (paper mail, operator-assisted phone calls) contact methods; offering of customized sales services at Dolce & Gabbana stores worldwide. The legal basis for this data processing is: your consent;
c.Subject to your consent, for profiling purposes: profiling and analysis of shopping preferences through the use of data provided by the customer and the data related to the retail business at Dolce & Gabbana stores worldwide; (even e-commerce). The legal basis for this data processing is: your consent.
The processing is carried out in compliance with the EU Regulation n. 2016/679 “General Data Protection Regulation” and the provision adopted by the Italian Data Protection Authority on 18 May 2016 at the end of the prior checking submitted by Dolce & Gabbana S.r.l. to the Authority and in compliance with any other local applicable laws.
B. Data retention period
The personal data collected for administrative and accounting purposes (paragraph A1, letter a.) shall be stored for the time necessary to perform the contract and or the provision of legal warranties in accordance with the terms of the retention required by the applicable law.
The personal data collected for customer loyalty purposes (paragraph A2, letter a.) shall be stored until the customer asks to revoke the registration.
The personal data collected for marketing and profiling purposes (paragraph A2, letters b. and/or c.) will be stored until the customer asks to revoke the registration or such earlier date as the information is no longer used for marketing or profiling purposes.
The personal data related to the details of purchases processed for profiling and/or marketing purposes, which will be retained for 7 years by Dolce & Gabbana S.r.l. in accordance with the provision adopted by the Italian Data Protection Authority on 18 May 2016 at the end of the prior checking submitted by Dolce & Gabbana S.r.l. to the Authority.
On expiry of the retention, terms indicated above or in case Data Controllers become insolvent and cannot continue processing your personal data, data will be automatically erased or made permanently and irreversibly anonymous.
C. Data Provision
Providing the data is necessary to achieve the administrative or accounting purposes as well as for the completion of the purchase. The provision of data for profiling and marketing purposes, and thus the retention in the Customer Relationship Management (CRM) system of Dolce & Gabbana S.r.l. is optional and occurs only if you give your consent to pursue such purposes. Any failure in providing data or lack of consent, shall preclude the pursuit of the purposes of profiling and marketing but will not affect the ability to complete the purchase.
There exists risk of personal data leakage and misuse, however, Dolce& Gabbana S.r.l. has implemented a number of security measures to protect your personal data processed by means of electronic or automated tools, through the CRM system, keeps access logs to the CRM system, of those entitled to use it, with retention of data collected for six months.
D. Data processing methods
The data collected will be processed and stored both on paper and automated tools. In particular, data processed for profiling and marketing purposes, will be stored in the CRM system of Dolce & Gabbana S.r.l., whose server is located in Italy.
You acknowledge that data is being transferred abroad and may become accessible to foreign governments under a lawful order made in that country.
E. Recipients of personal data
Data will be processed by:
- employees and associates of the Data Controllers authorized to the collection, use, disclosure or processing of your personal data;
- employees and associates of the subsidiaries belonging to the Dolce & Gabbana Group worldwide, appointed as external data processors, that manage the traditional or online Dolce & Gabbana stores and that may view, edit and update the data entered into the CRM system;
- employees and associates of subsidiaries belonging to the Dolce & Gabbana Group worldwide, if necessary, appointed as external data processors by any other subsidiary belonging to the Dolce & Gabbana Group, for the purpose of collection and allocation of data which occurs locally;
- third party members or not of the EU, data processors, used by the Data Controllers in particular for acquisition services and data entry of personal information, shipping, distribution of promotional material, after sales support, market research, customer satisfaction surveys, management and maintenance of CRM system and other corporate IT systems.
Your data may also be disclosed to third parties, independent data controllers, in particular professionals or legal or tax advice and assistance firms and companies managing payments made by debit or credit card.
A full list of the recipients of personal data can be obtained by writing to the following address: firstname.lastname@example.org or to the postal addresses mentioned in the epigraph of this information notice.
F. Data transfer outside of the European Union or of the country
Your data will be transferred outside of the country or of the European Union, in countries not providing for an adequate level of data protection, only in accordance with the safeguards set forth by applicable privacy laws.
A full list of the recipients of personal data established outside of the European Union and a copy of the safeguards adopted by the Data Controllers can be obtained by writing to the following address: email@example.com or to the postal addresses mentioned in the epigraph of this information notice.
G. Data subject’s rights
According to applicable laws, you can at any time request information on personal data collected, used, disclosed or processed by the Data Controllers, as well as request for access to such personal data, ask for their integration, rectification or erasure. Ask for restriction of processing and object to their processing.
In particular, you have the right to object and withdraw your consent, in whole or in part, to the collection, use, disclosure or processing of your personal data for purposes of profiling or for purposes of dispatch of advertising material, direct selling or for the fulfillment of market surveys, customer satisfaction surveys, or commercial communication both automated (e-mail, other systems of distance communication as, by way of example: sms, mms, instant messaging platforms (Whatsapp, Line, WeChat, Viber, KakaoTalk)) and traditional (paper mail, operator-assisted phone calls). If you prefer that the processing of your personal data is carried out solely by means of traditional contact methods, you may object to the processing of your personal data by means of automated contact methods.
Furthermore, you shall have the right to receive the personal data concerning you, which you have provided to the Controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent or on a contract and the processing is carried out by automated means.
In order to exercise your rights above and/or or submit an inquiries or complaints with regard to the processing of your personal data and/or withdraw your consent, you may send a request to the Data Controllers by writing to this email address: firstname.lastname@example.org or to the postal addresses and contacts mentioned in the epigraph of this information notice.
In addition, you are able to lodge a complaint with the competent supervisory authority.
H. Data Protection Officer (DPO)
The Data Protection Officer is available at the email address email@example.com.
I. Data Controllers
The Data Controllers are the entities belonging to the Dolce & Gabbana Group as defined in the epigraph of this information notice.
J. Additional Information for California Consumers
According to the California Consumer Privacy Act or “CCPA” (California Civil Code Section 1798.100 et seq.), Data Controller is required to make additional disclosures related to the collection, use, disclosure and sale of personal data and the rights California consumers have with respect to such data.
In the last 12 months, Data Controller has collected the following categories of personal data in connection with in-store registration: identifiers (such as passport number, name and contact information), demographic information (such as gender; note that some demographic information may be considered characteristics of protected classifications under U.S. state or federal law), commercial information (such as products purchased), employment-related information (such as company name), and inferences we make (such as product preferences). For more details about the personal data Controller collects and the sources of such collection, please see Part A “The Purposes and Legal Basis for the Processing” above. Part A, “The Purposes and Legal Basis for the Processing” also describes the business and commercial purposes for which Data Controller collects personal data. Data Controller shares this data with the categories of third parties described in Part E “Recipients of Personal Data”.
Subject to certain limitations, the CCPA provides California consumers with the right to request to know more details about the categories and specific pieces of personal information Data Controller collects, to delete their personal data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. California consumers may make these rights request by writing to firstname.lastname@example.org. Once Data Controller receives a request, it will verify the request by asking you to provide contact information and information related to your recent interactions with Data Controller, such as information related to a recent purchase. If a request is submitted using an authorized agent, Data Controller may request evidence that the consumer has provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on behalf of the consumer. Data Controller reserves the right to deny requests in certain circumstances, such as where it has a reasonable belief the request is fraudulent. Data Controller will not discriminate against you if you exercise your rights under the CCPA.