According to the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (‘PDPL’), the EU Regulation n. 2016/679 “General Data Protection Regulation” and to other local applicable laws, the following data controllers (herein after “Data Controllers”) provide you with the following information on the collection, use, disclosure or processing of your personal data:
- Dolce & Gabbana S.r.l., based in Via Goldoni 10, 20129, Milan, Italy, an Italian corporation belonging to the Dolce & Gabbana Group, data controller for customer loyalty purposes, marketing purposes and profiling purposes and for administrative and accounting purposes if customers purchase in Italy
- Dolce& Gabbana Dolce & Gabbana Middle East FZ-LLC, 201-202 & 215, Floor 2, Building 8, Dubai, United Arab Emirates, the local subsidiary belonging to the Dolce & Gabbana Group where the customer purchases or registers to the CRM system, data controller for administrative and accounting purposes, customer loyalty purposes, marketing purposes and profiling purposes.
Specific information of the subsidiaries belonging to the Dolce & Gabbana Group through which you have the chance to gain detailed information on the different Data Controllers, may be obtained by visiting the following link www.dolcegabbana.com/corporate-subsidiaries or by writing to firstname.lastname@example.org or to the postal addresses mentioned above.
A. The purposes and legal basis for the processing
A1. The following personal data supplied by you in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); invoicing and tax free information (nationality, passport number, company name, fiscal code, vat number); information regarding the purchases made by the customer (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
a. For administrative and accounting purposes: execution of sales contract, accounting and fulfillment of legal obligations, after-sales services. The legal basis for this data processing is the execution of a contract of which you are a party of.
A2. The following personal data supplied by you over time in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); data regarding the customer profile and his/her preferences (hobbies, cultural interests, preferred magazines/websites, style of life/person, associative/cultural clubs of his/her interest, preferred brands and items purchased) and the total amount of individual purchases and details of the same (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
a.Subject to your consent, for customer loyalty as such purposes (free personal shopping services, free assistance services (tailoring), free courtesy services (domicile purchases delivery services)). The legal basis for this data processing is: your consent.
b. Subject to your consent, for marketing purposes: dispatch of advertising material or direct sales material, market research, customer satisfaction surveys, commercial communication even customized regarding Dolce & Gabbana products (bags, accessories, shoes and clothes) with automated (e-mail, other communication systems via communication networks such as, by way of example but not limited to: sms, mms, instant messaging platforms (Whatsapp, Line, WeChat, Viber, KakaoTalk) and traditional (paper mail, operator-assisted phone calls) contact methods; offering of customized sales services at Dolce & Gabbana stores worldwide. The legal basis for this data processing is: your consent;
c. Subject to your consent, for profiling purposes: profiling and analysis of shopping preferences through the use of data provided by the customer and the data related to the retail business at Dolce & Gabbana stores worldwide; (even e-commerce). The legal basis for this data processing is: your consent.
B. Data retention period
The personal data collected for administrative and accounting purposes (paragraph A1, letter a.) shall be stored for the time necessary to perform the contract and or the provision of legal warranties in accordance with the terms of the retention required by the applicable law.
The personal data collected for customer loyalty purposes (paragraph A2, letter a.) shall be stored until the customer asks to revoke the registration or the consent to the processing of the personal data.
The personal data collected for marketing and profiling purposes (paragraph A2, letters b. and/or c.) will be stored until the customer asks to revoke the registration or the consent to the processing of the personal data.
The personal data related to the details of purchases processed with your consent for customer loyalty purposes and/or profiling and/or marketing purposes, which will be retained for 7 years by Dolce & Gabbana S.r.l. in accordance with the provision adopted by the Italian Data Protection Authority on 18 May 2016 at the end of the prior checking submitted by Dolce & Gabbana S.r.l. to the Authority.
On expiry of the retention terms indicated above or in case Data Controllers become insolvent and cannot continue processing your personal data, data will be automatically erased or made permanently and irreversibly anonymous.
C. Data Provision
Provide the data is necessary to achieve the administrative or accounting purposes as well as for the completion of the purchase. The provision of data for customer loyalty, profiling and marketing purposes, and thus the retention in the Customer Relationship Management (CRM) system of Dolce & Gabbana S.r.l. is optional and occurs only if you give your consent to pursue such purposes. Any failure in providing data or lack of consent, shall preclude the pursuit of the purposes of profiling and marketing but will not affect the ability to complete the purchase.
There exists risk of personal data leakage and misuse, however, Dolce & Gabbana S.r.l. has implemented a number of security measures to protect your personal data processed by means of electronic or automated tools, through the CRM system, keeps access logs to the CRM system, of those entitled to use it, with retention of data collected for six months.
D. Data processing methods
The data collected will be processed and stored both on paper and automated tools. In particular, data processed for profiling and marketing purposes, will be stored in the CRM system of Dolce & Gabbana S.r.l., whose server is located in Italy.
You acknowledge that with your consent data is being transferred abroad and may become accessible to foreign governments under a lawful order made in that country.
E. Recipients of personal data
Data will be processed by:
- employees and associates of the Data Controllers authorized to the collection, use, disclosure or processing of your personal data;
- employees and associates of the subsidiaries belonging to the Dolce & Gabbana Group worldwide, appointed as external data processors, that manage the traditional or online Dolce & Gabbana stores and that may view, edit and update the data entered into the CRM system;
- employees and associates of subsidiaries belonging to the Dolce & Gabbana Group worldwide, if necessary, appointed as external data processors by any other subsidiary belonging to the Dolce & Gabbana Group, for the purpose of collection and allocation of data which occurs locally;
- third party members or not of the EU, data processors, used by the Data Controllers in particular for acquisition services and data entry of personal information, shipping, distribution of promotional material, after sales support, market research, customer satisfaction surveys, management and maintenance of CRM system and other corporate IT systems.
Your data may also be disclosed to third parties, independent data controllers, in particular professionals or legal or tax advice and assistance firms and companies managing payments made by debit or credit card.
A full list of the recipients of personal data can be obtained by writing to the following address: email@example.com or to the postal addresses mentioned in the epigraph of this information notice.
F. Data transfer outside of the European Union or of the country
Your data will with your consent be transferred outside of the country or of the European Union, in countries not providing for an adequate level of data protection, only in accordance with the safeguards set forth by applicable privacy laws.
A full list of the recipients of personal data established outside of the European Union and a copy of the safeguards adopted by the Data Controllers can be obtained by writing to the following address: firstname.lastname@example.org or to the postal addresses mentioned in the epigraph of this information notice.
G. Data subject’s rights
According to applicable laws, you can at any time request information on personal data collected, used, disclosed or processed by the Data Controllers, as well as request for access to such personal data, ask for their integration, rectification or erasure, ask for restriction of processing and object to their processing. Data subjects have the right to obtain additional information upon a request, including: the (i) types of personal data being processed; (ii) the decisions taken on the basis of automated processing; (iii) the rules and criteria of the periods for which the personal data will be stored and kept; (iv) and the measures to be taken upon the occurrence of a data breach.
In particular, you have the right to object and withdraw your consent, in whole or in part, to the collection, use, disclosure or processing of your personal data for purposes of profiling or for purposes of dispatch of advertising material, direct selling or for the fulfillment of market surveys, customer satisfaction surveys or commercial communication both automated (e-mail, other systems of distance communication as, by way of example: sms, mms, instant messaging platforms (Whatsapp, Line, WeChat, Viber, KakaoTalk)) and traditional (paper mail, operator-assisted phone calls).
If you prefer that the processing of your personal data is carried out solely by means of traditional contact methods, you may object to the processing of your personal data by means of automated contact methods.
Furthermore, you shall have the right to receive the personal data concerning you, which you have provided to the Controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent or on a contract and the processing is carried out by automated means.
In order to exercise your rights above and/or or submit an inquiries or complaints with regard to the processing of your personal data and/or withdraw your consent, you may send a request to the Data Controllers by writing to this email address: email@example.com or to the postal addresses and contacts mentioned in the epigraph of this information notice.
In addition, you are able to lodge a complaint with the competent supervisory authority.
H. Data Protection Officer (DPO)
The Data Protection Officer is available at the email address firstname.lastname@example.org.
I. Data Controllers
The Data Controllers are the entities belonging to the Dolce & Gabbana Group as defined in the epigraph of this information notice.