CONTROL OF THE PROCESSING OF DATA THAT IS COLLECTED AND PROCESSED ON THE WEBSITE AND THROUGHOUT THE ENTIRE E-STORE
As concerns the processing of data that is collected and processed through the Website, we inform you that:
- VALENTINO S.p.A. (hereinafter also merely “VALENTINO”) is the independent controller of the processing of personal data of users who navigate on the Website, including therein navigation data, marketing data and profiling.
- VALENTINO S.p.A. and VALENTINO USA, Inc. (“VALENTINO US”) are co-controllers of the processing of data that is connected and related to sales made through the E-Store that is integrated into the Website and to the corresponding pre- and post-sales support activities.
Below you will find more specific instructions pertaining to the processing of data that is collected and processed through the Website.
1. Details of the appointed Data Controller and Processors
The Data Controller is VALENTINO S.p.A., with registered office at Via Turati 16/18, 20121 Milano, Italy.
For any information regarding the Controller, and for a complete list of processors, you may contact the DPO writing to firstname.lastname@example.org.
2. Type and purpose of processing performed on the Website, and of which VALENTINO is independent Controller
Through the Website, different types of personal data are collected and processed, for different purposes and with different methods. More precisely:
(b) personal data which is voluntarily provided by the user (such as, for example, the email address, contact information, password provided when completing the "My Account" registration form), or that is otherwise legally acquired, to compare the latter's requests and offer services, assistance and information requested regarding the products and the world, VALENTINO;
(c) with the express consent of the user, VALENTINO may process the latter's personal data for marketing purposes, in other words in order to send the user, including through newsletters, emails, SMS and MMS, information and updates on products, sales, advertising campaigns, about events and other initiatives promoted by VALENTINO;
(d) with the user's express consent, VALENTINO may also process the latter's personal data for the purposes of analyzing user's buying habits and selections, in order to make the VALENTINO products and initiatives more responsive to its customers' tastes and needs.
3. Personal data processing methods carried out by VALENTINO
However, these measures, due to the nature of the online transmission method, cannot limit or absolutely exclude the risk of access without consent, or of dissemination of data. To that end, we recommend that you periodically verify that your computer is equipped with the appropriate software devices to protect from the transmission of incoming and outgoing data on the network (such as up-to-date antivirus systems) and that the Internet service provider has adopted suitable measures to ensure the security of data transmission on the network (such as, for example, firewalls and antispam filters).
4. Study of customer habits and consumption choices
As indicated in paragraph 2 (d) above, with your express permission, VALENTINO may process your Data for the purposes of studying your habits and consumption choices, to make products and initiatives more responsive to your tastes and needs.
With the help of automated tools, VALENTINO may process Data relating to the value and frequency of purchases (even if these were made during the sales period) as well as the type of products purchased (such as accessories, garments from the haute couture and pret-à-porter collections) over a fixed period of time.
5. Legal basis of processing and Data storage period
With reference to the processing carried out for the purposes referred to under the previous Clause 2:
- paragraph 2 (a), the legal basis is providing the sites’ usage and for marketing purposes by cookies, your consent;
- paragraph 2 (b), the legal basis lies in the fulfilment of your requests and to allow you to register to the website;
- paragraph 2 (c) and (d) (marketing purposes and profiling), the legal basis of the processing lies in the respective consents you have provided.
Data collected for sales purposes - paragraph 2 (a), 2 (b) - are stored for a period not exceeding the purposes. These Data may also be kept for a further period of time, to comply with the terms of the contractual guarantee granted to the customer.
The Data provided for marketing purposes and to study consumption habits and choices (paragraphs 2 (c) and 2 (d) are stored for the period necessary for the specific processing, also in consideration of the particular sector of business (luxury goods) and in consideration of the interest shown by the customer to receive updates on products, events and fashion shows organised by VALENTINO, always in compliance with the privacy legislation and the permission you provided and for a period not exceeding 7 years, unless you provide further confirmation of your interest to receive communications from VALENTINO.
6. Mandatory or optional nature of providing data
7. Scope of personal data communications
VALENTINO communicates the personal data of the Website's users solely within the limits allowed by law and in conformity with the terms noted below.
The personal data shall be processed and known by, in addition to employees and consultants of VALENTINO and by companies in the same Group, also by companies performing specific technical and organizational services for VALENTINO that are related to the Website and to the management of marketing and communications activities (including, by way of example, YOOX NET-A-PORTER GROUP, which performs, among other things, Website management activities) as appointed data processors.
Furthermore, the data may be communicated to police forces or to the judicial authority, in conformity with the law and upon formal request by such parties.
Personal data shall not be disseminated, and shall be transferred abroad solely by guaranteeing suitable levels of protection and safeguards, according to the legal norms.
The Data will not be disclosed and will be transferred abroad only by guaranteeing adequate levels of protection and safekeeping of the aforesaid Data, in compliance with applicable regulations. In order to allow the processing of Data for contractual and marketing purposes by the companies of the Group, the Data will be processed in the relevant countries (even outside the EU). In addition, VALENTINO has drawn up Standard Contractual Clauses with the companies of the group established in countries outside the European Union, in compliance with national and international legislation regarding the protection of personal data. You may always contact the Data Processor to know the location of the Data and to obtain a copy.
We remind you that Articles 15, 16, 17, 18, 20 and 21 of the General Data Protection Regulation No. 2016/679 of the European Parliament and Council grant several rights, including the right to: (a) access your personal data; (b) obtain the correction and updating of your data, request the limitation of the processing performed on your personal data (including, where possible, the right to be forgotten and cancellation); (c) object to the processing of your data for legitimate purposes and to exercise your right to data portability; (d) submit a complaint to the competent Supervisory Authority; (e) ask to know the logic applied to the studies and to request the modification of the results of the study activities on your consumption habits and choices. We remind you that, if you have freely provided your permission to the activities referred to in paragraphs 2 (ii), (iii) and (iv) (marketing, profiling and communication to other Group companies), you may withdraw your permission at any time, even limited to specific methods of contact. It should be noted that the right to object to the processing of personal Data for direct marketing purposes, exercised by means of automated methods, also extends to traditional means, without prejudice to your power to exercise this right only partially. The rights listed above may be exercised by sending a request to VALENTINO at the following address: email@example.com.
The Website uses automatic data collection systems, such as cookie files.
8. Children Under the Age of 13
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us firstname.lastname@example.org
1. References of Co-Data Controllers and Appointed Processors
As concerns data related to sales made through the E-Store integrated into the Website, and the activities related thereto, VALENTINO S.p.A., with registered office at Via Turati 16/18, 20121 Milano, Italy, (VALENTINO) and VALENTINO USA, having an address at 311, West 42nd street, 26th Floor, New York, NY 10013 (USA), an affiliate of VALENTINO S.p.A. (VALENTINO US), operate jointly as Co-Data Controllers (hereinafter, for brevity's sake, the “Co-Controllers”).
VALENTINO and VALENTINO US have taken steps to appoint YNAP Corporation and YOOX NET-A-PORTER GROUP as processor.
Furthermore, due to exclusively organizational and functional requirements, the Co-Controllers have appointed specific outside parties as personal data processors, for purposes that are strictly connected and related to the sale of products and to activities that are useful and instrumental thereto (such as, for example, delivery). These processors were selected because they have demonstrated to have experience, capacity and reliability, and to provide a suitable guarantee of full compliance with the current processing provisions, including therein the data security profile. The processors process the personal data of users of www.redvalentino.com according to the instructions provided by the Co-Controllers. There is also a periodic check that the processors have fulfilled their tasks in a timely manner, and that they continue to provide suitable guarantees that the personal data protection provisions are fully respected. To obtain a full list of the processors who process your data, you may contact email@example.com, or send a request to the Co-Controllers at the address of the respective registered offices noted above.
2. Type and purpose of processing performed by the Co-Controllers – Legal basis and data retention
The Co-Controllers directly collect personal data from users within the context of online registration processes on the Website, the sending of order forms for purchasing products from the E-Store to conclude e-commerce transactions, and as part of the interrelation with users for activities that are functional and instrumental to sales, as well as for any needed pre- and post-sales assistance. Additionally, specific purposes may be better illustrated by specific notices which are periodically presented on the Website.
The legal basis of the processing is the fulfilment of the sale agreement and relevant services. The data will be stored and retained for the time necessary for the fulfilment and for the time necessary as per the civil and fiscal laws.
3. Procedures for processing personal data
However, these measures, due to the nature of the online transmission method, cannot limit or absolutely exclude any risk of access without consent or dissemination of data. To that end, we advise periodically checking that the computer is equipped with suitable software to protect from incoming and outgoing transmission of data on networks (such as up-to-date antivirus systems), and that your Internet service provider has adopted suitable measures to ensure the security of the data transmitted on the network (such as, for example, firewalls and antispam filters).
4. Mandatory or optional nature of providing data
Providing your personal data, in particular personal details, email address, mailing address and telephone number, is necessary to enter into a product purchase agreement through the E-Store.
Some of this data may be essential for providing other services rendered on the Website, that are related to the sale, or to perform obligations arising from the legal norms or regulations.
Any refusal to provide certain data that is needed for these purposes could make it impossible to perform the E-Store product purchase agreement, or to correctly perform other services related thereto - such as, for example, customer care services (Customer Care), the use of the Wish List - or, even, of properly performing the legal or regulatory obligations. Failure to provide data may therefore constitute, depending on the case, a legitimate and justified reason to not perform the E-Store product purchase agreement for provision of the services related thereto.
The disclosure of subsequent data, other than what it was mandatory to provide, for the purposes of performing one's own legal or contractual obligations, or for providing certain services upon request is, conversely, optional, and does not entail any consequence for use of the Website and its services, or to purchase products from the E-Store.
Depending on the case, and where needed, the mandatory or optional nature of disclosing data shall be periodically indicated, by affixing an appropriate (*) sign next to the mandatory information, or merely data that is needed to provide services and purchase products on the Website. Failure to provide optional personal data shall not result in any obligation or disadvantage.
5. Scope of communication of personal data
Personal data may be made available to third party companies that perform, on behalf of the Co-Controllers, specific services, as Data Processors (such as, for example, logistics and IT services) and/or those that are disclosed to other recipients of data that has been collected by the Co-Controllers - whose names shall be periodically specified - which process the data independently, solely to perform the agreement to purchase products from the Website (such as, for example, the credit institution to perform remote e-payment services via credit/debit card) and solely when this purpose is not incompatible with the purposes for which the data was collected and subsequently processed and, in any event, in a manner that is in conformity with the law.
The data shall not be communicated, assigned or in any other way transferred to third parties unless this has been required by law. The data shall not be disseminated in any way and shall only be transferred abroad having assured suitable levels of protection and safeguards, according to the legal standards.
6. User rights
We remind you that the law grant several rights, including the right to:
(a) access your personal data;
(b) obtain the correction and updating of your data, request the limitation of the processing performed on your personal data (including, where possible, the right to be forgotten and cancellation);
(c) object to the processing of your data for legitimate purposes and to exercise your right to data portability;
(d) submit a complaint to the competent Supervisory Authority;
(e) ask to know the logic applied to the studies and to request the modification of the results of the study activities on your consumption habits and choices.
We remind you that, if you have freely provided your permission to the activities referred to in paragraphs 2 (ii), (iii) and (iv) (marketing, profiling and communication to other Group companies), you may withdraw your permission at any time, even limited to specific methods of contact. It should be noted that the right to object to the processing of personal Data for direct marketing purposes, exercised by means of automated methods, also extends to traditional means, without prejudice to your power to exercise this right only partially. The rights listed above may be exercised by sending a request at the following address: firstname.lastname@example.org.
7. Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com or write us at 311, West 42nd street, 26th Floor, New York, NY 10013 (USA).
Privacy Notice for California Residents
- Selling your information: we have not sold personal information in exchange for monetary compensation. We may allow certain third parties (such as certain advertising partners) to collect your personal information via automated technologies on our platforms in an effort to serve you content and advertisements that may be of interest to you. You have the right to opt out of this disclosure of your information, as described in the cookie section.
- Your rights: subject to exceptions under applicable law, you may have certain choices regarding our use and disclosure of your personal information, as described below:
- Access: you have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected about you during the past 12 months and details regarding our collection, use, disclosure of such information.
- Deletion: you have the right to request that we delete the personal information we have collected from you subject to certain exceptions.
- Opt-Out: You have the right to manage the activation of the cookies as described in the cookie section.
- To exercise your rights, described above, you can:
- call the toll-free number 1 855 967 1970 from Monday to Friday from 9 a.m. to 7 p.m., excluding public holidays; or
- write to Customer Care by selecting the "privacy" topic in the relevant webform in the "Contact us" section of the Website; or
- contact us directly at the address indicated above. If you exercise your rights, we may require you to provide certain information to verify your identity (such as your name, email address, phone number and/or address).
- No discrimination: If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us.
- Personal, family and household clients: California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email message to our email address below firstname.lastname@example.org with "Request for California Privacy Information" in the subject line. You may make such a request up to once per calendar year. If applicable, we will provide you with a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the preceding calendar year, along with the third parties' names and addresses. Please note that not all personal information sharing is covered by Section 1798.83's requirements.