Privacy Policy
1. Additional information for Privacy Notice for Users
Fenice S.r.l., with registered office at Piazza Cavour 3, 20121 Milan, VAT/Tax Code 08042190960 and registration number at the Companies Register of Milan, Lodi, Monza Brianza 08042190960 (hereinafter, also “Fenice” or “Controller”), as independent controller of the processing of personal data degli utenti (di seguito, gli “Users”) who browse and use the services available on the website chiaraferragnibrand.com (hereinafter, the “Website” and the “Services”) hereby provides the privacy notice pursuant to Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, “Regulation”, or also the “Applicable Legislation”).
This Website and the Services are reserved for individuals who have reached the age of eighteen. The Controller does not therefore collect personal data relating to individuals under the age of 18. Upon request of the Users, the Controller will promptly delete all personal data inadvertently collected relating to individuals under the age of 18.
The Controller holds in the highest regard the right to privacy and the protection of its Users’ personal data. For any information regarding this privacy notice, Users may contact the Controller at any time, using the following methods:
· By sending a registered letter with return receipt to the registered office of the Controller Fenice Srl (Piazza Cavour 3, 20121, Milan);
· By sending an email to the address privacy@chiaraferragnibrand.com.
Fenice has not appointed a Data Protection Officer (DPO), as it is not subject to the obligation of appointment provided for by Art. 37 of the Regulation.
2. Purposes of processing
2.1. The personal data of Users will be lawfully processed by Fenice pursuant to Art. 6 of the Regulation for the following processing purposes:
a) contractual obligations and provision of Services:
- To allow the use of the Services, including by way of example the purchase of products, the shipment of purchased products, the management of any returns of purchased products: the data processed are first name, surname, shipping address, email address, as well as all personal information of the User possibly and voluntarily communicated, for example in case of a return note;
- for the management of any requests received through customer service and/or the Website: the data processed are first name, surname, email address, and other data that may be necessary depending on the circumstance (for example, the order number; the address, etc.).
- to allow browsing of the Website: the data processed are the IP address and log data;
- to allow the user to register on the Website and to execute the Terms of Use of the Website, which are accepted by the User upon registration: the data processed are: first name, surname, date of birth (not mandatory), province of residence/domicile, email address;
The personal data of the User will be used by Fenice for the exclusive purpose of verifying the User’s identity (also through validation of the email address), thus avoiding possible fraud or abuse, and contacting the User solely for service reasons (e.g., sending notifications related to the Services) and/or managing orders and requests as indicated above. Without prejudice to what is provided elsewhere in this privacy notice, under no circumstances will Fenice make Users’ personal data accessible to other Users and/or third parties.
The legal basis on which the processing is founded is the necessity to perform pre-contractual and contractual obligations to which the User is a party. The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will result in the User’s inability to use the Services and purchase the Products on the Website or receive after-sales assistance.
b) administrative-accounting purposes, namely to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations, by way of example the issuance of purchase receipts and/or invoices;
The legal basis on which the processing is founded is the necessity to dare perform pre-contractual and contractual obligations to which the User is a party, in addition to the necessity to comply with legal obligations. The provision of personal data for the processing purposes indicated above is mandatory in order to finalize orders and to comply with legal obligations.
c) legal purposes, namely to fulfill obligations imposed by law, by an authority, by a regulation, or by European legislation.
The legal basis on which the processing is founded is the necessity to comply with legal obligations. The provision of personal data for the processing purposes indicated above is mandatory.
d) marketing purposes, previo free and optional consent of the User, namely for the sending of information and communications of a commercial nature or information on products, Services and events and participation in customer satisfaction surveys and market research and, also through the sending of periodic newsletters: the data processed are first name, surname, email as well as date of birth which will be used for example for birthday wishes and/or dedicated promotions.
The legal basis is the explicit consent of the User to the processing of data for this purpose. The provision of data for this purpose is optional. In case of non-consent, the ability to register on the Website will not be prejudiced in any way.
In case of consent, the User may revoke it at any time, by making a request to the Controller in the manner indicated in the following paragraph 6. The revocation of consent does not affect the lawfulness of processing carried out prior to such revocation.
The User may also easily object to further sending of promotional communications via email by clicking on the appropriate link to revoke consent, which is present in each promotional email. Once consent has been revoked, the Controller will send the User an email to confirm the revocation of consent.
The Controller informs that, following the exercise of the right to object to the sending of promotional communications via email, it is possible that, for technical and operational reasons (e.g., contact lists already compiled shortly before the Controller received the objection request), the User may continue to receive some further promotional messages on the same day on which they exercised their right. Should the User continue to receive promotional messages after 24 hours have elapsed from the exercise of the right to object, please report the issue to the Controller, using the contacts indicated in the following paragraph
e) legitimate interest of the Controller
in particolare,
· for the legitimate interest of demonstrating compliance with applicable legislation, the Controller processes data relating to consents given by the User or to requests made by the User;
· for the legitimate interest in maintaining security and protecting IT assets, the Controller processes the User’s data in order to manage, maintain, and keep IT systems secure;
· for the legitimate interest of defending and exercising a right in judicial and extrajudicial proceedings, the Controller may process the User’s personal data for the purpose of managing litigation, administrative proceedings, or an alternative dispute resolution system;
· for the legitimate interest of the Company in improving its commercial and promotional activities, the Controller aggregates Data in order to create reports relating to its sales in order to improve its commercial and promotional activities.
The provision of personal data for the processing purposes indicated above is voluntary. The Controller informs the User that they may object at any time to the processing of data for such purposes on the basis of their particular situation. In such cases, the Controller will cease processing for such purposes, unless there are compelling and overriding legitimate grounds or in cases where the data are necessary for the establishment, exercise, or defense of a right in court.
3. Processing methods
The Controllers will process Users’ personal data by means of manual and electronic tools, with logic strictly related to the purposes themselves and, in any case, in a manner that guarantees the security and confidentiality of the data.
3. Data retention periods
Users’ personal data will be retained for the time strictly necessary to fulfill the primary purposes set out in the preceding paragraph 1, or in any case as provided by law and/or necessary for the protection of the interests of both Users and Controllers in civil proceedings.
In particular, Fenice undertakes to delete from its systems the data provided:
§ for the execution of the sale and the management of the Services, including after-sales services, 10 years after the date of the last purchase or the last interaction with Fenice;
§ data provided in relation to requests submitted through customer service or the Website, 10 years after the date of provision;
§ data processed for the purpose of sending commercial information as well as for participation in customer satisfaction surveys and market research, 24 months after the collection of consent, or until any objection or revocation of consent.
In any case, the Controller undertakes to base data processing on the principles of adequacy and minimization, verifying annually the need for retention for a period not exceeding what is necessary for the achievement of the purposes for which the data were collected and processed.
The Controller may retain data to comply with regulatory obligations, or to establish, exercise, or defend its rights in court.
Once the purposes for which the data were collected and processed have been achieved, the Controller will take appropriate measures to anonymize them, so as to prevent identification, while in any case reserving the right to continue using the data in anonymous form.
4. Scope of communication and dissemination of data
The employees and/or collaborators of the Controller in charge of managing the Website and all services related to the provision of the Services, including marketing activities, may become aware of the Users’ personal data. Such individuals, who have been instructed accordingly by the Controller pursuant to Article 29 of the Regulation, will process Users’ data exclusively for the purposes indicated in this notice and in compliance with the provisions of the Applicable Legislation.
Third parties who may process personal data on behalf of the Controller as “Data Processors” may also become aware of Users’ personal data, such as, by way of example, providers of IT and logistics services functional to the operation of the Website and/or the Services, providers of outsourcing, hosting or cloud computing services, professionals and consultants of the Controller.
Users have the right to obtain a list of any Data Processors appointed by the Controller, by making a request to the Controller in the manner indicated in the following paragraph 6.
Furthermore, Users’ personal data may be communicated by Fenice, to the extent that this is necessary and essential to perform contractual obligations, to independent third-party controllers, such as payment service providers and logistics service providers necessary for the delivery of goods sold through the Website. Such independent controllers will process the User’s data exclusively for the purpose of correctly fulfilling orders relating to the Services.
5. Transfer of personal data to Third Countries
The entire data processing takes place in Italy, in countries within the European Union, in Canada, and, in some cases, in the United States.
Should there be a need to transfer data to additional Third Countries, the Controller undertakes to:
o Ensure that the country to which the data will be sent guarantees an adequate level of protection, as provided for by Article 45 GDPR; or
o Use the standard contractual clauses for Data protection approved by the European Commission for the transfer of personal information outside the EEA pursuant to Article 46.2 GDPR.
The User has the right to obtain a copy of the safeguards adopted for transferring data to Third Countries, in the manner indicated in the following paragraph 6.
6. Rights of Data Subjects
Users may exercise the rights guaranteed to them by the Applicable Legislation by contacting the Controllers in the following manner:
o By sending a registered letter with return receipt to the registered office of the Controller
o By sending an email to the address privacy@chiaraferragnibrand.com
privacy@chiaraferragnibrand.com
Fenice will comply with Users’ requests relating to the processing for which it is the Controller.
Pursuant to the Applicable Legislation, the Controller informs Users that they have the right to obtain information on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic tools; (iv) the identification details of the Controller and processors; (v) the entities or categories of entities to whom personal data may be communicated or who may become aware of them as processors or persons in charge.
Furthermore, Users have the right to obtain:
a) access, the update, la rectification or, when they have an interest, the integration dei dati;
b) la erasure, la transformation into anonymous form o il blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c) confirmation that the operations referred to in letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the data have been communicated or disseminated, except where such compliance proves impossible or involves a manifestly disproportionate use of means compared to the right being protected.
Furthermore, Users have:
a) the right to withdraw consent at any time, where processing is based on their consent
b) (where applicable) the right to data portability (right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data and the right to erasure (“right to be forgotten”);
c) il right to object:
i) in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of collection;
ii) in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct selling or for carrying out market research or commercial communications;
iii) where personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for such purpose, including profiling to the extent that it is related to such direct marketing.
d) where they believe that the processing concerning them violates the Regulation, the right to proporre reclamo a un’Autorità di controllo (in the Member State in which they habitually reside, in which they work, or in which the alleged violation occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, with headquarters at Piazza Venezia n. 11 - 00187 – Rome (http://www.garanteprivacy.it/).
The Controllers are not responsible for updating all links displayed in this Notice; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they shall always refer to the document and/or section of the websites referenced by such link.
More information regarding Iubenda Privacy Policy:
