Welcome to the website of Golden Goose S.p.A., located at the URL www.goldengoose.com (the "Website").
1. DATA CONTROLLER AND DATA PROTECTION OFFICER
Golden Goose S.p.A., with registered office in Via Privata Ercole Marelli 10, Milano (MI), 20139 - Italy ("GG"), is the autonomous Data Controller with respect to the personal data of Users of the Website, including browsing data, marketing and profiling data, and data connected and correlated with sales made through the Website, as well as pre-sales and post-sales activities.
The appointed Data Protection Officer can be contacted at any time by writing to: email@example.com
2. TYPE AND PURPOSE OF PROCESSING CARRIED OUT ON THE WEBSITE - LEGAL BASIS FOR DATA PROCESSING
The Website collects and processes different types of personal data for a variety of purposes and using various methods. Specifically, these are:
(b) personal data provided voluntarily by the User (email address, telephone number, personal details, password provided by completing the registration form) or otherwise provided while using the Website and/or through interaction with the customer care service made available by GG and processed to respond to User requests and to offer the services, support and information requested regarding GG products and the GG world. It should be noted that registration and access to the Website or to a customer account via a social media profile involves the disclosure of certain data (first name, last name, email address and any other data related to Users and present on the social platform itself) which in any case will be itemized for Users before they confirm that they wish to proceed with authentication via that social platform. At any rate, such communication will only occur following the explicit confirmation of the User's willingness to proceed, expressed before logging in. Some social media platforms require certain feedback and information regarding use of the log-in. For further information, Users should refer to the relevant privacy documentation available on said social media platforms;
(c) personal data provided by the User as part of the processes of purchasing products on the Website, for completion of transactions and for activities functional and instrumental to the sale, as well as for any necessary pre- and post-sales assistance;
(d) personal data, details and contact data, processed by GG, with the User's express consent, for marketing purposes, i.e. to send the User, via traditional and electronic instruments such as newsletters, emails, SMSs, MMSs and smart messages, information and updates on products, sales, promotional campaigns, events and other initiatives promoted by GG or by its commercial partners;
(e) personal data regarding purchases and any preferences expressed, processed by GG, with the User's express consent, in order to analyze consumption habits and choices, so as to bring products, initiatives and individual commercial offers more into line with the tastes and needs of GG's customers;
- The legitimate interest of GG in providing Website services and responding to customer requests, with reference to clauses 2(a) and 2(b), and to carry out discrete e-marketing with reference to clause 2(f);
- Fulfillment of the sales contract and the obligation to meet pre- and post-contractual obligations, for all activities pursuant to clause 2(c);
- Any consent provided by the User for the purposes pursuant to clause 2(b) (with exclusive reference to social log-in) and clauses 2(d) and 2(e).
3. SOURCE OF PERSONAL DATA
The personal data collected by GG are provided directly by the User (by registering on the App or during the sales process), with the exception of the browsing data pursuant to clause 2(a), data collected in case of registration and log-in via a social network profile pursuant to clause 2(b), and the sales data pursuant to clause 2(e).
4. ANALYSIS OF USER CONSUMPTION HABITS AND CHOICES
As specified in clause 2(e), and with the express consent of the User, GG may process the personal data of the User in order to analyze consumption habits and choices, so as to bring GG's products and initiatives more into line with the tastes and needs of its customers.
With the support of automated instruments, GG will process data relating to the value and frequency of purchases, as well as the type of products purchased. Data concerning consumption and preferences may be collected not only by tracking purchases made on the Website and in bricks-and-mortar GG stores, but also through the User's interaction with GG and any information that said User may provide voluntarily, such as consumer preferences (brands and products), hobbies, habits, lifestyle and favorite sports. This information may also be acquired through:
- some social media platforms. However, this will only occur if the User has previously agreed to provide some data through a social media platform when logging in to register;
- the use of the GG APP "Golden Passport" (also used with NFC and RFID technologies which are inserted into the products and duly disclosed to the customers and which enable the User to register and track the purchase of a Golden Goose product). This will only take place if the User has previously given consent to the processing carried out for the purposes of studying and analyzing personal habits, preferences and consumption choices.
The sole objective of this research is to offer products, services and initiatives to customers and Users that increasingly meet their tastes and needs. In this regard, it should be noted that research into User and customer behavior will take place with methods that do not invade the personal sphere. Users may ask at any time for clarifications concerning the logics applied to this processing and the modification of the results obtained by contacting GG using the contact information provided.
As specified in clause 2(a), and with the express consent of the User, GG may also process personal data using automated instruments, so as to analyze cookies with a view to assessing Website browsing activity and thereby offering products and services in line with browsing activities.
5. METHODS USED BY GG TO PROCESS PERSONAL DATA
However, due to the nature of online transmissions, such measures cannot limit or completely exclude any risk of unauthorized access or dissemination of the data collected. To this end, Users are advised to check periodically that their computer is equipped with adequate software devices (such as updated antivirus systems) to protect the online transmission of data, both incoming and outgoing, and that their internet service provider has adopted suitable measures (such as firewalls and anti-spam filters) to ensure the security of online data transmission.
6. MANDATORY OR OPTIONAL NATURE OF THE PROVISION OF DATA
The provision of personal data, in particular personal details, email addresses, mailing addresses, telephone numbers and bank details (in the case of payments with credit cards) is necessary to complete the product purchase contract through the Website. Hence, if the data is not provided, it may be impossible to complete the purchase via the Website.
Some of said data may also be indispensable for the provision of other services available on the Website and correlated with sales (pre-sales and post-sales services such as customization, etc.) or to fulfill obligations deriving from laws or regulations (tax requirements and anti-money laundering regulations). Depending on the specific case, failure to indicate the data could therefore constitute a legitimate and justified reason for GG not to execute the contract to purchase products on the Website and/or provide the relevant services.
When necessary, the mandatory or optional nature of the communication of the data will be indicated on a case by case basis, with the (*) character appearing alongside information that is required for the provision of services and for the purchase of products on the Website. Failure to provide the personal data indicated as optional will entail no limitation or disadvantage for the User.
7. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
GG communicates the personal data of Website Users only within the limits permitted by law and in line with what is specified below. In addition to what was mentioned in clause 2(b) (i.e. social log-in), a User's personal data may come to the attention of:
- employees and advisors of GG, who will operate as authorized Data Processors for the internal organization of corporate activities;
- companies of the same Group, which will operate as appointed Data Processors in order to carry out contractual activities and services as well as to perform specific marketing activities (such as inviting the User to events, sending discounts, promotions, etc.); and
- companies that, as Data Processors, carry out specific technical and organizational services on behalf of GG connected to the Website (IT services, customer care services and marketing services).
Personal data may also be made known to:
- third parties, with the sole purpose of executing the product purchase contract on the Website (such as the credit institution for the execution of remote electronic payment services using a credit or debit card, couriers);
- the police or the judicial authority, in compliance with the law and at the formal request of such parties, or if there are justified reasons to believe that the communication of such data is reasonably necessary to (1) investigate, prevent or take initiatives relating to suspected unlawful activities or to support state control and supervisory authorities; (2) defend against any complaint or accusation from third parties, or protect the security of the Website and the company; or (3) exercise or protect the rights, property or security of GG, the companies in the same Group, its affiliates, customers, employees or any other party.
User data will not be disseminated and will be transferred abroad only while ensuring adequate levels of protection and safeguards for data protection in accordance with applicable regulations. The data centers used by GG to process the data collected are situated within the European Union. To allow for the processing of data for contractual and marketing purposes by the companies of the same Group, the data will be transferred to the relative countries (including countries outside the EU). In this regard, GG has entered into Standard Contractual Clauses with the subsidiaries with registered offices in countries outside the EU, in compliance with national and supranational regulations on the protection of personal data. Personal data may be transferred to IT service providers with registered offices and data centers located in countries outside the EU. Again in this regard, it should be noted that GG has entered into necessary Standard Contractual Clauses with its providers to protect the personal data transferred (after first verifying the security of the measures implemented by the providers as duly appointed Data Processors).
8. DATA RETENTION PERIOD
The personal data collected for sales purposes are stored for a period not exceeding 10 years from the date of the purchase, in compliance with tax and civil regulations and without prejudice to particular requirements of legal defense that may require storage for a longer period of time. The data provided by the User to request support, information and responses are stored for the period of time required to provide the response requested and for any subsequent activity of additional communication with the customer necessary to handle the request and/or issue in a fully satisfactory manner.
The personal data provided for delicate marketing and profiling purposes are stored for the necessary period based on the specific processing and for up to a maximum of 7 years, including on the basis of the particular business sector (luxury products) and considering the interest displayed by the customer in receiving updates on products and events organized by GG.
9. RIGHTS OF USERS UNDER THE PRIVACY LAW
Users have the right at all times to obtain from GG:
(i) confirmation as to whether or not their personal data is being processed, even if it has not yet recorded, and its communication in an intelligible form;
(ii) information concerning the origin of their personal data, the purposes and methods of processing, the logic applied in the case of processing performed with the support of electronic instruments, the details of the Data Controller and Data Processors, an indication of the subjects and categories of subjects to whom the personal data may be reported or who may be informed thereof in their capacity as Data Processors or in any event parties authorized to process the data;
(iii) the updating, rectification or, where relevant, the integration of the personal data;
(iv) the erasure, the transformation into anonymous form or the blocking of personal data processed unlawfully, including those for which storage is not necessary in relation to the aims for which the data were collected or subsequently processed, as well as certification of the fact that the operations mentioned above were brought to the attention of those to whom the data were communicated, except for cases in which such action is impossible or implies use of means that are clearly disproportionate with respect to the right protected;
(v) the portability of their data;
(vi) the restriction of the processing of their personal data.
Users also have the right to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if said data is relevant to the purpose of its collection, and to revoke consent previously provided. The right to object and revoke consent may also be exercised specifically with respect to one or more methods of transmitting marketing communications.
The rights listed above may be exercised by contacting the Data Protection Officer appointed by GG by writing to firstname.lastname@example.org
Lastly, it should be remembered that Users have the right at all times to make a complaint to the privacy Supervisory Authority (Autorità Garante per la protezione dei dati personali– Italian Regulatory Authority for the Protection of Personal Data).