1. WHO IS THE DATA CONTROLLER
The owner of your personal data is Benetton Group Srl, with headquarters in Via Villa Minelli 1, 31050 Ponzano Veneto (TV), Italy, email@example.com. Benetton Group Srl owns websites benetton.com, inside.benetton.com, sisley.com, familycard.benetton.com, blackcard.sisley.com, benettongroup.com (hereinafter “Digital Properties”).
You can contact the Data Controller in writing at the above address.
You can also contact the Benetton Group Srl Data Protection Officer directly at the e-mail address firstname.lastname@example.org, or by writing to the following address: Data Protection Manager, at Benetton Group S.r.l., via Villa Minelli 1, 31050 Ponzano Veneto (TV), Italy.
2. TYPE OF DATA
Depending on the products, services or functions of the platform you wish to use on each occasion, as indicated above, certain data may be necessary rather than others.
In general, the data being processed can be:
- user identification data (e.g. first name, last name, date of birth, language and country from which you are operating, etc.);
- contact data (e.g. email address, phone number, home address...)
- transaction data (e.g. your payment or card details, information concerning your purchases, orders, returns, etc.);
- connection, geo-location and navigation data (if, for example, IP address, mobile app, cookie or similar technologies);
- commercial data (e.g., loyalty program subscription, newsletter subscription),
- tastes and preferences data.
Depending on the services and/or functionalities requested, some data may be required mandatorily as they are needed for providing the service or product you require or in order to allow you to access that function.
Therefore, these data are necessary for correctly fulfilling our obligations under the contract, or necessary for complying with obligations which arise from applicable legal or regulatory provisions.
Failure to enter these data may result in the inability to complete your registration as a user or the inability to receive such services or products or to benefit from the functionality required.
3. PURPOSE OF PROCESSING, LEGAL BASIS AND RETENTION PERIOD
Below we indicate the processing purposes, the legal basis on which the data are processed and for how long they are retained, based on the types of services and/or functions requested.
|PURPOSES||DESCRIPTION OF THE PURPOSES||LEGAL BASIS||RETENTION TIME|
Management of the registration as user of the Digital Properties.
|Should you decide to register on the Benetton/Sisley website, some of your personal data will be processed in order to identify you as a user and to authorise you to access its various functions and services.||Terms and conditions governing the use of the website (Art. 6.1.b GDPR)||Until the customer requests account cancellation or after 10 years if no transactions are made in the last 24 months.|
|Fulfilment and execution of the contract for the purchase of goods and/or services||
Personal data are subject to processing in the following cases:
|(Art. 6.1.b GDPR)||Personal data is kept for up to 10 years from the last transaction. Transaction data is kept for up to 24 months after the purchase.|
|Fulfilments related to joining the loyalty program||Your personal data will be processed to award loyalty points, rewards and to allow you to take advantage of the various benefits associated with the loyalty program.||(Loyalty Program Regulation) (Art. 6.1.b GDPR)||Personal data is normally kept for the entire duration of the loyalty program. In any case, data is erased after 10 years if no purchase transactions are made the last 24 months. Transaction data is kept for up to 24 months after the purchase.|
|Processing of requests received through customer service channels||Your personal data will be processed to handle inquiries, to process complaints and product warranties, to provide technical support through e-mail, telephone calls and social media.||Legitimate interest (Art. 6.1.f GDPR)||For the time strictly necessary for managing the requests (and in any case not beyond two years from the date of receipt of the request).|
We will process your personal data to manage your subscription to the newsletter and to send you personalised information about our products or services, using various means of electronic communication (e.g., e-mail or SMS). In addition, we may also send you such newsletters and communications via push notifications, if this service is activated on your mobile device.
In order to stop receiving push notifications, you can deactivate this function on your mobile device.
|Consent (Art. 6.1.a GDPR)||24 months from marketing consent or from the date of the last interaction with the Owner. (in fact, our commercial emails incorporate a tracking feature with which each email opening updates the Marketing consent date you provided when registering for our services. The marketing consent will not be updated if the applicant is unsubscribed with a date prior to the opening of the email.)|
|Profiling purposes||We will use data concerning your web browsing behaviour, social iteration and transaction data to define consumer clusters in order to improve communications and the offer of products and services dedicated to you.||Consent (Art. 6.1.a GDPR)||24 months|
|Analysis of the use of platforms and services in order to improve the user experience and the offer||When you access our digital properties, we inform you that your navigation and interaction data with social channels will be processed for analytical and statistical purposes, i.e. to understand how users interact with our Platform and to enable us to improve it.||Consent (Art. 6.1.a GDPR) or Legitimate interest (Art. 6.1.f GDPR)||Until the browsing data is made anonymous as stated in the cookie information in the cookie bar.|
|Analysis of some aggregate data and performance data in order to improve the commercial offer to the general public||Exclusively for subjects registered with digital properties or loyalty card holders, a series of attributes are used in aggregate mode aimed at understanding the trends and the main interactions with the company.||Legitimate interest (Art. 6.1.f GDPR)||24 months|
4. SHARING INFORMATION WITH OTHER PARTIES
For the purposes indicated in this information notice, your personal data may be communicated to other companies controlled by the Data Controller or to third parties who work in collaboration with the Data Controller in the provision of services, duly appointed as data processors or persons in charge of processing. These include:
- a) Franchise partners.
- b) Financial institutions and companies specialising in online payments and in the detection and prevention of frauds and scams.
- c) Technology service providers.
- d) Suppliers and collaborators of logistics, transport and delivery services.
- e) Providers of services related to customer service.
- f) Providers, collaborators and partners of marketing and advertising services.
Furthermore, for all the purposes indicated in the information notice, your data may also be transmitted abroad, inside or outside the European Union, in compliance with the rights and guarantees provided for by current legislation and subject to verification of the adequacy of the level of protection ensured by the Third Country.
Finally, your data will be processed by adequately trained personnel within the Data Controller’s offices, who operate as authorised personnel for the processing of personal data.
5. DATA SUBJECT RIGHTS
We wish to inform you that you have the right to ask the Data Controller for access to your personal data and to rectify these if inaccurate, to cancel or limit processing if the conditions are met, or to oppose their processing for legitimate interests pursued by our Company, and to obtain the portability of the data provided, only if subject to automated processing based on your consent or on the contract.
You also have the right to revoke the consent given for the purposes of processing which require it, without prejudice to the lawfulness of the processing carried out until the time of revocation.
Pursuant to article 17 of the GDPR, your personal information will be deleted, otherwise you can ask for a full deletion by contacting us at email@example.com.
You may exercise these rights by contacting the Data Controller at the addresses listed in point 1, indicating the reason for your request and the right you intend to exercise. If deemed necessary for identification purposes, we may ask you to provide us with a copy of a document which certifies your identity.
We also inform you that you have the right to lodge a complaint with the Data Protection Supervisor (https://www.garanteprivacy.it/en) for the protection of personal data.
6. CHANGES TO THE POLICY
When deemed appropriate, we may modify the information contained in this statement. In this case, we will notify you in various ways (for example, by posting on websites, newsletters, with a banner, pop-up or push notification) or by forwarding a specific e-mail if the change affects the purposes for which the data were collected, so that you can view the changes, make your assessments and, where appropriate, oppose or terminate any services or functions.
7. INFORMATION ON COOKIES