WHY THIS NOTICE
These documents provide you with important information about the following:
1. PROCESSING OF PERSONAL DATA.
2. PERSONAL DATA WE COLLECT.
3. HOW WE USE PERSONAL DATA.
4. HOW WE SHARE PERSONAL DATA.
5. CHILDREN'S PRIVACY.
6. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA.
7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA.
8. RIGHTS IN RELATION TO PERSONAL DATA– MANAGING YOUR CHOICES
9. CALIFORNIA PRIVACY RIGHTS.
10. DATA RETENTION.
11. OUR POLICY ON COOKIES AND SIMILAR PROCESSES.
12. LINKS, ADVERTISERS, SPONSORS & ADS.
13. DATA CONTROLLER –DATA PROTECTION OFFICER- AND HOW TO CONTACT US.
14. UPDATING THIS POLICY - NOTICES.
1. PROCESSING OF PERSONAL DATA
2. PERSONAL DATA WE COLLECT
2.1 Source of Data
We collect personal data from you only when you voluntarily provide us with this information, such as:
Branded Websites distributing our products: when placing an order through the Website(s), as a “guest”; establishing an account or modifying your account; by setting up a wish list; entering a contest, sweepstakes or promotion; searching on the Website; contacting us with a comment or question; signing up to receive email newsletters and updates regarding our latest products and services, boutique openings, events or promotions; or requesting to receive an order confirmation, shipping confirmation or other alerts;
Our Boutiques and Points of Sales: when filling in our customer card, during informal chats when you visit our Boutiques or Points of Sales, interact with us, or purchase merchandise;
Events: when participating to our events, surveys and market researches, challenges, and other promotions, also online, e.g., minisites that we run on third party social networks such as Facebook;
Our customer services: when asking for assistance, special services or aftersale care;
E-mail, text and other electronic messages.: when communicating between you and us.
2.2 Types of Data
We may collectand use different types of personal data depending on the specific purpose we have, as described below:
- personal details, such as name, surname, gender, age/date of birth, country of origin, and other personal details as allowed by applicable laws;
- contact details, such as address, email address, phone number, mobile number, fax number (if any), and other contact details as allowed by applicable laws;
- payment details, such as payment instrument (credit card, debit card) if applicable, passport number when required for tax or anti money laundering reasons;
- sales related information, such as date, products or services provided, place of purchase, product codes, amount, total of sales, VAT number, complaints, returns, refunds and other sales related information as allowed by applicable laws;
- habits and profiles, such as data regarding your purchases (purchase history including, boutique where the sale takes place, type, quantity and price of the products purchased by you), information related to customer relationship management activities and initiatives (date and categories of said actions as performed or to be performed and results of said actions), shopping habits and preferences (wish list, preferred categories of products, colour, style, other brands purchased, most visited countries, how you knows our brands, sizes, notes regarding purchase habits or special needs stated by you – i.e. preferred materials), other information (job related information, education, hobbies and lifestyle activities) as allowed by applicable laws; and
- family related information, such as marital status, anniversary date, number of children, children related information and other family related information as allowed by applicable laws.
3. HOW WE USE PERSONAL DATA
Personal data may be used for the following purposes, depending on the specific circumstances in which you interact with us.
3.1 For online and in-store sales (by the local Boutique/Point of Sale at which you make your purchase or the local website vendor as identified in the Terms of Sale of your online purchase)
Your personal data provided by you or collected when you make any purchase, regardless as a guest or registered user, i.e. basic personal details, contact details, data regarding your purchases, fiscal data, payment details, sales related information, and any other data strictly necessary for the delivery of products, will be used:
- to manage, administer and process your purchase of our products, sale and post-sale services, e.g. administrative activities, accounting, returns, warranties, tax free refunds if applicable, fraud prevention, communicating with you, including by e-mail, for any problem relating to the handling of the order or to subsequent requests relating to the order;
- to comply with obligations imposed by laws, regulations or EU legislation (including anti-money laundering laws) and to establish or defend a legal claim.
Providing your personal data for the purposes above is necessary; denial thereof would make it impossible to complete your purchase.
Unless otherwise required to comply with local applicable laws, data may be processed for these purposes without seeking your consent because this is necessary to comply with the contractual and legal obligations.
3.2 For specific purposes for which it was volunteered
Your personal data provided by you or collected when you ask for a specific service (e.g., registering your account on our Websites, handling complains, asking for information) i.e. personal details, contact details, data strictly necessary for follow-up your request, will be used
- to provide the services you requested (e.g., operating the processes of registering your account, managing authentication on the Website, operating your accounts, assisting you, and handling any complaints, handling wish lists, follow up to any question or contact request you may submit to us, also through our customer care service);
- to manage newsletter subscription if you are not also registered with us.
Providing your personal data for the purposes above is necessary; denial thereof would make it impossible to complete your request.
Unless otherwise required to comply with local applicable laws, data may be processed for these purposes without seeking your consent because this is necessary to follow up your request.
3.3 For CRM purposes if you register with us
Your personal data provided by you filling in our forms or collected when you visit our Boutiques, Points of Sales or Websites and you interact with us, i.e. personal details, contact details, data regarding your habits and profile, family details, will be entered into our centralized CRM:
- to offer you with promotions, discounts, and other tailored services, and send you newsletters, other marketing and commercial communications on products, services and invitations to events about our brands (either organized by us or our distributing chain), surveys and researches, market analysis, invitation to contests, sweepstakes or promotions and other initiatives for registered customers or contacts of our brands (“marketing”). We may use traditional (postal mail, and phone) and/or digital and automated (e-mail, SMS, MMS, telephone and other digital channels, e.g., social media) contact means, and may send you these communications based on your profile, if you agreed to our profiling (see point 3.3.b) below);
- to analyze your contacts with us, interests, preferences and purchase habits, and create individual or aggregated profiles based on that, to work out how to provide you with a better service, including to provide you with a customized sales experience in any and every Boutiques and Points of Sales in Italy and abroad (“profiling”). We may use the personal data also to create clusters and conduct market and statistical analyses directed at identifying products and/or services of interest to the customers of our brands and to improve our services (including the Websites). We will combine your data collected on the Websites with information that we may have obtained through your interaction with the sales persons at the Boutiques and/or the Points of Sales. The processing for the personal data for profiling is carried out in compliance with the guarantees and measures set by the applicable law.
Your data entry into the CRM system is optional and free (based on your selective opt-in) and only if you provide your personal data for both the purposes of marketing and profiling under points 3.3.a) and b), or one of them. You may unsubscribe or opt-out at any time (see point 8 below). Denial to provide your personal data for both or one of these CRM purposes does not prevent you, in any way, from using our the services or making your purchases, but we will not be able to inform you on the marketing initiatives and events described above and we could not understand your interests and offer you a more personalized shopping experience.
4. HOW WE SHARE PERSONAL DATA
We share your personal data collected with our affiliates, distributors, and franchisees, including those located in other countries, and with other companies that provide services on our behalf (as further described below), whether upon our direction or the direction of a third party .We will only provide those companies and organizations the personal data required to deliver the services and will prohibit them from using that personal data for any other purpose.
4.1 Sharing with data processors
When you purchase our products or use our online sale services your personal data may be shared by the e-commerce vendor of this Website with selected third parties who provide services to the vendor, including those that fulfill orders, ship products, process credit and debit card payments, and anti-fraud controls.
Your personal data may be shared with third parties to monitor and analyze Website activity, host Website content, provide technical and organizational services functional to the purposes above, maintain our customer database, assist in marketing and administer emails, market analysis, surveys, contests, sweepstakes or promotions. Such third parties may have access to, store and process your personal data to provide those services on our behalf, which may occur in Italy, your country or abroad. Our service providers are not authorized to use personal data for any purpose other than to provide the contracted services.
Our affiliated companies operating our brand business locally in Italy and in the other countries or online and our business partners (franchisees, distributors) operating the Points of Sales or the online sales on their websites will process your personal data for the CRM purposes as data processors upon our instructions.
4.2 Sharing with other third parties
Your personal data may need to be shared with companies providing payments management, and anti-fraud controls acting independently as data controllers, for providing you with the online sales services.
We may also disclose your personal data to third parties (i) when required by a law of the EU or of a Member State (ii) in response to legal proceedings; (iii) in response to a request from a law enforcement agency under legitimate basis; or (iv) to protect our rights, privacy, safety or property, or the public.
Moreover, to the extent permitted by law, we may also communicate personal data to third parties in the event of a complaint about your use of the Website and, where we deem it necessary to investigate, prevent or take measures regarding illegal activities, suspected fraud, or where we believe, at our sole discretion, that your use of the Website is incompatible with the terms of the Website.
The full list of data processors appointed and of the third parties to which data are communicated can be obtained at the contact point below (point 13).
5. CHILDREN'S PRIVACY
This Website is a general audience site; however our services are intended for people aged 18 years or older. We do not knowingly request or collect, use and disclose personal data provided by a person under the age of 18 both online and at the Boutiques/Points of Sales. In the event we learn we have collected personally data from a child, we will delete that information.
If you are under this age, please do not register or proceed with the online purchase and ask an adult (i.e. your parents or your legal guardian) to proceed with the required procedures.
6. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA
The personal data collected through the Websites is processed mainly using electronic or web means, including web analytics services hosted by servers of our selected providers both in the European Union (e.g., Germany and Ireland, for online sales transactions on our directly managed Websites) and outside the European Union (e.g., USA, for our newsletter subscription services). In Boutiques and Points of Sales, personal data may also be processed in hard copy. In both cases, the personal data will be feeded for the CRM purposes into our centralized and secured data base stored in Italy and is managed by our Customer Relationship Managers and marketing team in Italy and abroad.
Personal data will be accessed, on a need-to-know and under multi-level access control tools, only by authorized staff of our Boutiques, Points of Sales and of the local e-commerce vendor (e.g. staff in the digital & IT, marketing, retail, administration, security departments). This staff engaged to be bound by confidentiality obligations and expressly appointed as person in charge of the processing, as required by the applicable law. In particular, if you agreed to the processing of your personal data for the CRM purposes, the related data may be read, amended and updated by our staff and the staff at the, Boutiques, Points of Sales and/or local e-commerce vendors (especially the sales and marketing personnel). The staff is based in Italy or abroad, and is trained and bound by confidentiality obligations. We may use them, indeed, to collect, use and disclose the data as instructed by us.
7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
We have implemented appropriate measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration and disclosure. For example, when you provide any order information, we use Secure Socket Layer (SSL) technology, an encryption tool that provides security while transmitting this information over the Internet. We also use firewall technology, password controls, and other technological and procedural safeguards in maintaining this Website. Although we have implemented the above security measures for this Website, you should be aware that 100% security is not possible. Therefore, your providing of your personal data is done at your own risk and, to the greatest extent permitted under applicable law, we shall have no liability as a result of the disclosure of your personal information due to errors, omissions or unauthorized acts of third parties during or after the transmission thereof to us. We recommend you (i) to periodically update your software for protecting data transmission over networks (for example, antivirus software) and check that your provider of electronic communication services has adopted suitable means for the security of data transmission over networks (for example,firewalls and ant spamming filters); (ii) keep confidential, and not to disclose to any else, your username and password to access to your account; and (iii) to change your password from time to time.
In the unlikely event we believe that the security of your personal information in our possession or control was or may have been compromised, we will notify you of that development as required by applicable law using any of the methods prescribed thereunder (by providing us with your email address, you hereby consent to receiving any such notification in electronic form through such email address).
8. RIGHTS IN RELATION TO PERSONAL DATA– MANAGING YOUR CHOICES
8.1 Your rights
At any time and free of charge, you may access your data, receive your electronic personal data in a structured, commonly used machine-readable format and transmit it to another data controller (data portability), have your data corrected, updated, changed or removed (subject to exemptions which may apply). You may update any information you have given to us by contacting us at the addresses given below. Requests to delete your data are subject to any applicable legal and document retention obligations imposed on us.
If you think there is a problem with the way we are handling personal data, you have a right to file a complaint to your national and/or any other data protection authority in the EU or the EEA.
To exercise those rights you may send your request sending an email at email@example.com or regular mail at the address appearing below (point 13). When contacting us, please be sure to provide us with your name, email address, mailing address and/or telephone number(s) in order to be sure we handle your request correctly.
8.2 Accuracy - Keep Personal Data Updated
To allow us to serve you better we encourage you to regularly review and update your personal data. If you are a registered user you may access and edit your personal data through your user account settings on the Website; otherwise you may contact us (see point 13) to assist you in updating your personal data.
8.3 Managing your choices in relation to direct marketing and profiling
If you wish to opt-out from any of the CRM purposes, marketing and/or profiling, or manage your advertising preferences, you can simply send your request to us (see point 13), or indicated below, or manage your choices account accordingly. The same procedure applies if you wish to withdraw your consentto profiling.
9. CALIFORNIA PRIVACY RIGHTS
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. If you are a California resident and would like a copy of our information disclosures pursuant to such law, please submit a written request to us . Please allow 30 days for a response.
10. DATA RETENTION
Your personal data processed for the CRM purposes (points 3.3) will be retained until you close your account or you withdraw your consent to the processing of your personal data for these purposes. Personal data relating to the details of your purchases processed for profiling and marketing purposes will be retained for a limited period of time in line with the timing permitted by the applicable law; upon expiration of this time limit, the personal data will be deleted or permanently anonymized.
11. OUR POLICY ON COOKIES AND SIMILAR PROCESSES
Please consult the Cookie and Advertising Management section of the Website pennyblack.com/cookie-policy for more information about cookies generally and how to turn cookies on and off.
12. LINKS, ADVERTISERS, SPONSORS & ADS
13. DATA CONTROLLER - HOW TO CONTACT US
14. UPDATING THIS POLICY - NOTICES
This policy is effective 2018-MAY-25