Pursuant to Article 13 of Regulation (EU) 2016/679 “General Data Protection Regulation” (hereinafter, the “GDPR”):
- Dsquared2 S.p.A. with registered offices at Via Ceresio 9, 20154, Milan, Italy, firstname.lastname@example.org (hereinafter, “D2”) and
- Digital Boite s.r.l. with registered offices at Via Cusani 5, 20122, Milan, Italy, email@example.com (hereinafter, “DB”)
- D2 is the owner of the Website and the App, and the independent data controller for personal data processed for marketing and profiling purposes.
- DB is the independent data controller for personal data processed for sales, billing, payment and delivery purposes with regard to the products purchased via the Website and/or App.
D2 and DB are joint data controllers for the purposes of:
- registering users on the Website and/or App
- managing customer services and support services
- managing multichannel services
B. DATA PROTECTION OFFICER (DPO)
D2 and DB have each appointed a Data Protection Officer:
- The DPO for D2 can be contacted by emailing firstname.lastname@example.org;
- The DPO for DB can be contacted by emailing email@example.com
Depending on the purpose of the processing, the personal data that we process includes but is not limited to the following:
Personal details: name, surname, date of birth, sex.
Contact details: phone number, email address.
Authentication data: email address, password.
Shipping information: shipping address, phone number, email address.
Billing and tax information: billing address, name and surname, company name, tax ID number, VAT number, nationality, passport number.
Information about the purchases made: item, size and colour, price, date on which it was sold.
Data about the customer’s profile and preferences: data relating to purchasing habits.
Data on the customer’s location (store locator service): IP address
D. PURPOSE, LEGAL BASIS FOR THE PROCESSING AND DATA RETENTION PERIOD
E. PROVISION OF DATA
Where data is provided on the grounds of the legal bases referred to in Article 6(1)(b), (c) and (f) of the GDPR, the provision of data is necessary in order to pursue the aforementioned purposes. Where data is provided on the grounds of the legal basis of consent referred to in Article 6(1)(a) of the GDPR, the provision of data is purely optional and the failure to provide the data or the failure to grant the aforementioned consent will prevent the purposes of profiling, marketing and data enrichment from being pursued, but will not prevent the user from registering on the Website or App or from using the services agreed under a contract.
F. RECIPIENTS OF PERSONAL DATA
The data will be processed by:
- a. employees and partners of the data controllers who have been authorised to collect, use, disclose or process the personal data;
- b. employees and partners of DB, acting as the data processor, performing marketing and profiling activities on behalf of D2;
- c. third parties based in the European Union, acting as data processors, used by the data controllers, in particular for data capture and entry, shipping, direct mail, market research, customer satisfaction surveys, and managing and maintaining IT systems.
A full list of data recipients can be requested by emailing the addresses provided in paragraph A.
G. TASNFER OF DATA OUTSIDE THE EUROPEAN UNION
Personal data will not be transferred outside the European Union.
H. DATA SUBJECT RIGHTS
Users can email the addresses indicated in paragraph A to exercise their rights to access their data, have it erased, have inaccurate data rectified, have incomplete data completed, restrict its processing in the cases listed in Article 18 of the GDPR, and object to its processing on the grounds of their particular situation, in the event that it is being processed on the basis of the legitimate interests of the controller.
In the event that the processing is based on the user’s consent or on the contract and that it is processed automatically, the user has the right to be sent their data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance.
Users have the right to withdraw their consent, at any time, to the processing of their data for marketing and/or profiling purposes and to object to the processing of their data for marketing purposes, including for profiling related to direct marketing.
If the user prefers, they can ask to be contacted for such purposes solely via traditional methods, and can object to receiving communications solely through automated means.
Users also have the right to lodge a complaint with the supervisory authority in the Member State in which they normally live or work or in the State in which the alleged breach occurred.
At any time, users can amend/update their personal data and the consent that they have granted to their data being processed by accessing their personal account or by emailing firstname.lastname@example.org.
I. DATA PROCESSING FOR BROWSER PURPOSES
In the course of their normal operation, the IT systems and software used to run the Website and App acquire certain personal data. This data transfer is inherent to the use of internet communication protocols.
Such data is not collected for the purpose of identifying a particular data subject but, due to its nature, could, when processed and combined with other data held by third parties, enable users to be identified.
Data that may be collected in this way includes the user’s IP address, type of browser or operating system, URI (Uniform Resource Idenfier), domain name and address of the referring/exit pages, time at which the server request was made, the method used and data on the response received, additional browsing data (see our Cookies Policy) and other data relating to the user’s operating system or computer set-up.
This data may also be used to identify a user and determine liability in the event of any cybercrimes against the Website or App.