A. DATA CONTROLLERS:
Pursuant to Article 13 of Regulation (EU) 2016/679 “General Data Protection Regulation” (hereinafter, the “GDPR”): hereby inform you of the following regarding the collection, use, disclosure and processing of your personal data via the www.dsquared2.com website (hereinafter, the “Website”) and the Dsquared2 mobile application (hereinafter, the “App”). In particular: The essential content of the joint controller agreement between D2 and DB is outlined in the table below. For further information about the content of this joint controller agreement, please contact D2 or DB at the above email addresses, or the DPOs at the addresses indicated below.

For more information about the personal data that is processed when browsing the Website and/or the App, please see paragraph I. For more information about the personal data that is processed using cookies and other similar tracking technologies, please see our Cookie Policy.

B. DATA PROTECTION OFFICER (DPO)
D2 and DB have each appointed a Data Protection Officer:
C. CATEGORIES OF DATA THAT ARE PROCESSED
Depending on the purpose of the processing, the personal data that we process includes but is not limited to the following:
Personal details: name, surname, date of birth, sex.
Contact details: phone number, email address.
Authentication data: email address, password.
Shipping information: shipping address, phone number, email address.
Billing and tax information: billing address, name and surname, company name, tax ID number, VAT number, nationality, passport number.
Information about the purchases made: item, size and colour, price, date on which it was sold.
Data about the customer’s profile and preferences: data relating to purchasing habits.
Browsing data: data collected when a user visits and browses the Website or App, including data collected via cookies or other tracking technologies (for more information about how data is processed by these technologies, please see our Cookie Policy).
Data on the customer’s location (store locator service): IP address

D. PURPOSE, LEGAL BASIS FOR THE PROCESSING AND DATA RETENTION PERIOD

E. PROVISION OF DATA
Where data is provided on the grounds of the legal bases referred to in Article 6(1)(b), (c) and (f) of the GDPR, the provision of data is necessary in order to pursue the aforementioned purposes. Where data is provided on the grounds of the legal basis of consent referred to in Article 6(1)(a) of the GDPR, the provision of data is purely optional and the failure to provide the data or the failure to grant the aforementioned consent will prevent the purposes of profiling, marketing and data enrichment from being pursued, but will not prevent the user from registering on the Website or App or from using the services agreed under a contract.

F. RECIPIENTS OF PERSONAL DATA
The data will be processed by: Personal data may also be transferred to third parties acting as independent processors, in particular freelancers or firms providing consultancy, legal and financial services, and payment processing companies for credit and debit card payments.

A full list of data recipients can be requested by emailing the addresses provided in paragraph A.

G. TASNFER OF DATA OUTSIDE THE EUROPEAN UNION
Personal data will not be transferred outside the European Union.

H. DATA SUBJECT RIGHTS
Users can email the addresses indicated in paragraph A to exercise their rights to access their data, have it erased, have inaccurate data rectified, have incomplete data completed, restrict its processing in the cases listed in Article 18 of the GDPR, and object to its processing on the grounds of their particular situation, in the event that it is being processed on the basis of the legitimate interests of the controller.

In the event that the processing is based on the user’s consent or on the contract and that it is processed automatically, the user has the right to be sent their data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance.

Users have the right to withdraw their consent, at any time, to the processing of their data for marketing and/or profiling purposes and to object to the processing of their data for marketing purposes, including for profiling related to direct marketing.

If the user prefers, they can ask to be contacted for such purposes solely via traditional methods, and can object to receiving communications solely through automated means.

Users also have the right to lodge a complaint with the supervisory authority in the Member State in which they normally live or work or in the State in which the alleged breach occurred.

At any time, users can amend/update their personal data and the consent that they have granted to their data being processed by accessing their personal account or by emailing privacy@digitalboite.com.

I. DATA PROCESSING FOR BROWSER PURPOSES
In the course of their normal operation, the IT systems and software used to run the Website and App acquire certain personal data. This data transfer is inherent to the use of internet communication protocols.
Such data is not collected for the purpose of identifying a particular data subject but, due to its nature, could, when processed and combined with other data held by third parties, enable users to be identified.
Data that may be collected in this way includes the user’s IP address, type of browser or operating system, URI (Uniform Resource Idenfier), domain name and address of the referring/exit pages, time at which the server request was made, the method used and data on the response received, additional browsing data (see our Cookies Policy) and other data relating to the user’s operating system or computer set-up.
This data may also be used to identify a user and determine liability in the event of any cybercrimes against the Website or App.