Welcome to the website of Golden Goose S.p.A., located at the URL www.goldengoose.com (the “Website”).
1. Data Controller
Golden Goose S.p.A., with registered office at Via Privata Ercole Marelli 10, Milan, Italy (hereinafter, “GGDB”) is the autonomous data controller with respect to the personal data of users browsing the Website, including browsing data, marketing and profiling data and data connected and correlated with sales made through the Website and the relative pre-sale and after sale activities.
Please note that you may always exercise your rights (thereby including the right to request a complete list of the appointed data processors) by writing to the DPO at the following email address: firstname.lastname@example.org.
2. Type and purpose of processing carried out on the Website - Legal Basis for the Data Processing
Through the Website different types of personal data are collected and processed for different purposes and with different methods. More specifically:
(b) personal data provided on a voluntary basis by the user (email address, telephone number, biographical details, password provided by completing the registration form) or otherwise provided while browsing the Website and/or through interaction with the customer care service made available by GGDB and processed to respond to user requests and offer the services, support and information requested in relation to the products and the GGDB world. Please note that signing up to and accessing the Website or the customer account through social networks involve the communication of certain data (Name, Surname, E-mail and any other data relating to the user and present on the same social network, which will in any case be listed to the user before their confirmation to proceed with authentication via the social network). This communication will in any case take place only after the explicit confirmation of the user's willingness to proceed before logging in. In some cases, the social networks require some feedback and information about the use of the log in. For further information please refer to the relevant privacy documentation made available by the social network;
(c) the personal data provided by the user during the purchase of products on the Website in order to complete transactions and for activities related and accessory to sales, as well as for all necessary pre-sale and after sale assistance;
(d) personal, biographical and contact data, processed by GGDB - with the user's express consent - for marketing purposes, i.e. in order to send the user (through traditional and electronic means such as newsletters, emails, SMSs, MMSs and smart messages) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by GGDB or by its commercial partners;
(e) personal data regarding purchases and any preferences expressed, processed by GGDB - with the user's express consent - in order to assess consumption habits and choices, so as to bring the products, initiatives and individual commercial offers more in line with the user's preferences and needs;
- GGDB's legitimate interest in providing the Website services and responding to any customer requests, with reference to points (a) and (b);
- Fulfilment of the sale contract and the obligation to meet pre and post contractual obligations, for all activities under point (c);
- Any consent provided by the user for the purposes pursuant to points (b) - with exclusive reference to login via Social network - and to points (d), (e) and (f);
3. Source of personal data
The personal data collected by GGDB are provided directly by the user (by signing up on the Website or during the sale process), with the exception of the browsing data under point 2 (a) above, the data collected in case of login via social network as set forth under point 2 (b) above, and the sale data pursuant to point 2 (e) above.
4. Study of user consumption habits and choices
As specified in point 2 (e) above and with the user's express consent, GGDB may process the personal data of the user in order to assess consumption habits and choices, so as to bring GGDB’s products and initiatives more in line with its customers' preferences and needs.
With the support of automated means, GGDB will process data relating to the value and frequency of purchases, as well as the type of products purchased. Data concerning consumption and preferences may be collected not only by tracking purchases made on the Website and in GGDB stores, but also through the user’s interaction with GGDB and any information that the user may willingly provide. The sole objective of this research is to offer customers and users products, services and initiatives more suited to their preferences and needs. In this regard, please note that research on user and customer behaviour will take place with methods that do not invade the personal sphere. You may always ask for clarifications concerning the rationale applied to this processing and the modification of the results obtained by contacting GGDB using the contact information provided.
As specified in point 2 (a) above and with the user's express consent, GGDB may also process the user's personal data, using automated means, to study cookies in order to check browsing on the Website and offer products and services in line with browsing activities.
5. Methods used by GGDB to process personal data
However, such measures, due to the nature of online transmission, cannot limit or completely exclude any risk of unauthorised access or data dissemination. To such end, we advise you to periodically check that your computer is equipped with adequate software devices to protect the online transmission of data, both incoming and outgoing (such as updated antivirus systems) and that your internet service provider has adopted suitable measures to ensure the security of online data transmission (such as firewalls and antispamming filters).
6. Mandatory or optional nature of the provision of data
The provision of personal data, in particular personal details, email addresses, mailing addresses, telephone numbers and bank details (in case of payments with credit cards) is necessary to conclude the product purchase contract through the Website. Therefore, if the data is not provided, it may be impossible to complete the purchase through the Website.
Some of that data may also be necessary for the provision of other services available on the Website and related to sales (pre-sale and after sale services such as customisation services, etc.) or to fulfil obligations deriving from laws or regulations (tax requirements and anti-money laundering regulations). Failure to indicate the data could therefore constitute, depending on the case, a legitimate and justified reason not to execute the contract to purchase products on the Online Store and/or provide the related services.
When necessary, the mandatory or optional nature of the communication of the data will be indicated on a case by case basis, with the (*) character appearing alongside information that is required for the provision of services and for the purchase of products on the Website. Failure to provide the personal data indicated as optional will entail no limitation or disadvantage for the user.
7. Categories of recipients of personal data
GGDB communicates the personal data of Website users only within the limits permitted by law and in accordance with what is specified below. In addition to what is set forth under point 2 b. (i.e. Social network login), personal data may be known by:
- GGDB's employees and advisors, who will operate as authorised data processors for the internal organisation of corporate activities;
- companies of the same Group, which will operate as appointed data processors, in order to carry out contractual activities and services as well as to perform specific marketing activities (such as inviting the user to events, sending discounts, promotions, etc.); and
- companies that carry out for GGDB, as data processors, specific technical and organisational services connected to the Website (logistics services, IT services, customer care service and marketing services).
The personal data may also be known by:
- third parties, only to execute the product purchase contract on the Website (such as the credit institution for the execution of remote electronic payment services using a credit/debit card);
- police forces or judicial authorities, in compliance with the law and upon such subjects' formal request, or if there are justified reasons to believe that the communication of such data is reasonably necessary (1) to investigate, prevent or take initiatives relating to suspected unlawful activities or to support national control and supervisory authorities; (2) for the defence against any complaint or accusation from third parties, or to protect the website and the company's security; or (3) to exercise or protect the rights, property or security of GGDB, the companies of the same group, its affiliates, customers, employees or any other party.
Your data will not be distributed and will be transferred abroad only under guarantee of adequate levels of protection and safeguards for the protection of such data, in compliance with regulations in force. The data centres used by GGDB to process the data collected are located within the European Union. In order to allow the processing of data by the companies of the same Group for contractual and marketing purposes, the data will be transferred to the relevant countries (including countries outside the EU). In this regard, GGDB has entered into Standard Contractual Clauses with the subsidiaries having registered offices in countries outside the EU, in compliance with national and supranational regulations on personal data protection. The personal data may be transferred to IT service providers with registered offices and data centres located in countries outside the EU. Please note that, also in this regard, GGDB has entered into the necessary Standard Contractual Clauses with its providers in order to protect transferred personal data (having preventatively verified the security of the measures used by the providers as duly appointed data processors).
8. Period of retention of data
The personal data collected for sale purposes are stored for a period not exceeding 10 years from the purchase, in compliance with tax and civil regulations and without prejudice to particular judicial defence needs that may require storage for a longer period of time. The data provided by the user to request support, information and responses are stored for the period of time required to provide the response requested and to provide any subsequent additional communication with the customer necessary to fully manage the request and/or issue.
The personal data provided for marketing and profiling purposes are stored for the necessary period based on the specific processing and for up to a maximum of 7 years, also on the basis of the particular business sector (luxury products) and considering the interest displayed by the customer in receiving updates on products and events organised by GGDB.
9. Rights granted to the user by privacy laws
Users always have the right to obtain the following from GGDB:
(i) confirmation as to whether or not personal data concerning them exists even if it is not yet recorded, and its communication in an intelligible form;
(ii) information concerning the origin of their personal data, the purposes and methods of processing, the rationale applied in the case of processing performed with the support of electronic means, the details of the data controller and data processors, an indication of the subjects and categories of subjects to whom the personal data may be communicated or who may be informed thereof in their capacity as, for instance, data processors or as subjects authorised to process the data;
(iii) the updating, rectification or, where interested, the integration of the personal data;
(iv) the cancellation, the transformation into anonymous form or the blocking of personal data processed against the law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed, as well as certification that the operations mentioned above were brought to the attention of those to whom the data were communicated, except for the case in which such action is impossible or implies use of means that are clearly disproportionate with respect to the protected right;
(v) the portability of their own data;
(vi) the restriction of the processing of their personal data.
Users also have the right to object in full or in part, on legitimate grounds, to the processing of their personal data, even if it is relevant for the purpose of their collection, and to revoke consent previously provided. The right to object and the revocation of consent may also be exercised specifically, with respect to one or more methods of sending marketing communications.
The rights listed above may be exercised by contacting GGDB, by writing to email@example.com.
Lastly, please be reminded that users always have the right to make a complaint to the competent Supervisory Authority (Autorità Garante per la protezione dei dati personali – Italian Regulatory Authority for the Protection of Personal Data).