A. The purposes and legal basis for the processing
A1. The personal data provided by you through the registration form will be collected, used, disclosed or processed:
For the users’ registration to "My Account" and use of the services dedicated to the registered users
- traditional registration
In the "My Account" registration page you will be asked to provide the following personal data: e-mail, password, gender, country and preferred language.
- registration through social networks (Facebook, Linkedin)
The access to the following data of your social account will be requested if you have enabled the sharing of the data of your social account with third party applications: e-mail, password and gender.
You can disable the sharing of the data of your social account with third party applications at any time by accessing to your account settings.
In the "My Account" registration page you will be asked to provide the following additional personal data: country and preferred language.
The legal basis for this data processing is: the execution of a contract of which you are a party.
A2. The following personal data provided by you over time through the registration form mentioned above or through your online account: personal information (name, surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); data regarding the customer profile and his/her preferences (hobbies, cultural interests, preferred magazines/websites, style of life/person, associative/cultural clubs of his/her interest, preferred brands and items purchased), the total amount of individual purchases and details of the same (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed;
For customer loyalty purposes (free personal shopping services, free assistance services – tailoring, free courtesy services – domicile purchases delivery services). The legal basis for this data processing is: the execution of a contract of which you are a party;
Subject to your consent, for marketing purposes: dispatch of advertising material or direct sales material, market research, customer satisfaction surveys, and commercial communication that may be customized regarding Dolce & Gabbana products (bags, accessories, shoes and clothes) using automated (e.g., e-mail, sms, mms, and certain instant messaging platforms – Whatsapp, Line, WeChat, Viber, KakaoTalk) and traditional (paper mail, operator-assisted phone calls) contact methods, including offering customized sales services at Dolce & Gabbana stores worldwide. The legal basis for this data processing is: your consent;
Subject to your consent, for profiling purposes: profiling and analysis of shopping preferences through the use of data provided by you online and in our Dolce & Gabbana stores worldwide .The legal basis for this data processing is: your consent.
The processing is carried out in compliance with the EU Regulation n. 2016/679 "General Data Protection Regulation" and the provision adopted by the Italian Data Protection Authority on 18 May 2016 at the end of the prior checking submitted by Dolce & Gabbana S.r.l. to the Authority and in compliance with any other applicable laws.
B. Data retention period
Personal data collected for "My Account" registration purposes (point A1, letter a.) will be retained until you ask to revoke your registration.
Personal data collected for customer loyalty purposes (point A2, letter a.) will be retained until you ask to revoke your registration to "My Account".
The personal and contact information collected for marketing and profiling purposes (point A2, letters b. and c.) will be retained until you ask to revoke consent to such processing of the personal data or such earlier date as the information is no longer used for marketing or profiling purposes.
The personal data related to the details of purchases processed for profiling and/or marketing purposes will be retained for 7 years by Dolce & Gabbana S.r.l. in accordance with the provision adopted by the Italian Data Protection Authority on 18 May 2016 at the end of the prior checking submitted by Dolce & Gabbana S.r.l. to the Authority.
On expiry of the retention terms indicated above or in case the Data Controller becomes insolvent and cannot continue processing your personal data, data will be automatically erased or made permanently and irreversibly anonymous.
C. Data Provision
Provide the data marked with an asterisk in the registration form is necessary to achieve the registration to "My Account" (point A1, letter a.) as well as to achieve the customer loyalty purposes (point A2, letter a.).
The provision of data for profiling and marketing purposes, and thus the retention in the Customer Relationship Management (CRM) system of Dolce & Gabbana S.r.l. is optional and occurs only if you give your consent to pursue such purposes. Any failure in providing data or lack of consent, shall preclude the pursuit of the purposes of profiling and marketing but will not affect the ability to register to "My Account".
There exists risk of personal data leakage and misuse, however, Dolce & Gabbana S.r.l. has implemented a number of security measures to protect your personal data processed by means of electronic or automated tools, through the CRM system, keeps access logs to the CRM system, of those entitled to use it, with retention of data collected for six months.
D. Data processing methods
The data collected will be processed and stored both on paper and automated tools. In particular, data processed for profiling and marketing purposes will be stored in the CRM system of Dolce & Gabbana S.r.l., whose server is located in Italy.
E. Recipients of personal data
Data will be processed by:
- employees and associates of the Data Controller authorized to the collection, use, disclosure or processing of your personal data;
employees and associates of the subsidiaries belonging to the Dolce & Gabbana Group worldwide, appointed as external data processors, that manage the traditional or online Dolce & Gabbana stores and that may view, edit and update the data entered into the CRM system;
third party members or not of the EU, data processors, used by the Data Controller in particular for acquisition services and data entry, shipping, distribution of promotional material, market research, customer satisfaction surveys, management and maintenance of CRM system and other corporate IT systems.
Your data may also be disclosed to third parties, independent data controllers, in particular professionals or legal or tax advice and assistance firms and companies managing payments made by debit or credit card.
Moreover, your data may be communicated to the company The Level Group S.r.l. in order to allow the purchase of Dolce & Gabbana products on the Online Store.
A full list of the recipients of personal data can be obtained by writing to the following address: email@example.com
or to the postal address mentioned below.
Moreover, specific information of the subsidiaries belonging to the Dolce & Gabbana Group may be obtained by visiting the following link https://world.dolcegabbana.com/corporate/subsidiaries/
F. Data transfer outside of the European Union or of the country
Your data will be transferred outside of the country or of the European Union, in countries not providing for an adequate level of data protection, only in accordance with the safeguards set forth by applicable laws.
A full list of the recipients of personal data established outside of the European Union and a copy of the safeguards adopted by the Data Controller can be obtained by writing to the following address: firstname.lastname@example.org or to the postal address mentioned below.
G. Data subject rights for Users in the European Union
According to applicable laws, you can at any time request information on personal data collected, used, disclosed or processed by the Data Controller, as well as request for access to such personal data, ask for their integration, rectification or erasure, ask for restriction of processing and object to their processing.
In particular, you have the right to object and withdraw your consent, in whole or in part, to the collection, use, disclosure or processing of your personal data for purposes of profiling or for purposes of dispatch of advertising material, direct selling or for the fulfillment of market surveys, customer satisfaction surveys or commercial communication performed by means of both automated (e.g., e-mail, sms, mms, and certain instant messaging platforms-Whatsapp, Line, WeChat, Viber, KakaoTalk-) and traditional (paper mail, operator-assisted phone calls) contact methods.
If you prefer that the processing of your personal data is carried out solely by means of traditional contact methods, you may object to the processing of your personal data by means of automated contact methods.
Furthermore, you shall have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.
In order to exercise your rights above and/or submit inquiries or complaints with regard to the processing of your personal data and/or withdraw your consent, you may send a request to the Data Controller by writing to this email address: email@example.com or to the postal address mentioned below.
In addition, you are able to lodge a complaint with the competent Supervisory Authority.
You may also modify/update your personal data and your consent to the processing of personal data at any time, as well as manage the types of commercial communications you wish to receive by accessing your "My Account" profile.
H. Data Protection Officer (DPO)
The Data Protection Officer is available at the email address firstname.lastname@example.org.
I. Data Controller
Data Controller is Dolce & Gabbana S.r.l., based in Via Goldoni 10, 20129, Milan, Italy
Additional Information for California Consumers
According to the California Consumer Privacy Act or "CCPA" (California Civil Code Section 1798.100 et seq.), Data Controller is required to make additional disclosures related to the collection, use, disclosure and sale of personal data and the rights California consumers have with respect to such data.
In the last 12 months, Data Controller has collected the following categories of personal data in connection with user accounts: identifiers (such as name and contact information), internet or other electronic network activity information (such as browsing behavior), demographic information (such as gender; note that some demographic information may be considered characteristics of protected classifications under U.S. state or federal law), commercial information (such as products purchased), and inferences we make (such as product preferences). For more details about the personal data Data Controller collects and the sources of such collection, please see Part A "The Purposes and Legal Basis for the Processing" above. Part A, "The Purposes and Legal Basis for the Processing" also describes the business and commercial purposes for which Data Controller collects personal data. Data Controller shares this data with the categories of third parties described in Part E "Recipients of Personal Data" above.
Subject to certain limitations, the CCPA provides California consumers with the right to request to know more details about the categories and specific pieces of personal information Data Controller collects, to delete their personal data, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights. California consumers may make these rights request by writing to email@example.com. Once Data Controller receives a request, it will verify the request by asking you to provide contact information and information related to your recent interactions with Data Controller, such as information related to a recent purchase. If a request is submitted using an authorized agent, Data Controller may request evidence that the consumer has provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on behalf of the consumer. Data Controller reserves the right to deny requests in certain circumstances, such as where it has a reasonable belief the request is fraudulent. Data Controller will not discriminate against you if you exercise your rights under the CCPA.
Last update: 02/28/2020