PRIVACY POLICY

Welcome to the website of Golden Goose S.p.A., located at the URL www.goldengoose.com (the “Website”).

Please carefully read this Privacy Policy, which applies every time you access the Website, irrespective of whether you purchase the products for sale on it.

Please recall that this Privacy Policy is governed by European Regulation no. 2016/679 (the “Regulation”). The Regulation guarantees that personal data will be processed with respect for the basic freedoms and dignity of the data subject, with particular reference to confidentiality and personal identity.

1. Data Controller

Golden Goose S.p.A., with registered office at Via Privata Ercole Marelli 10, Milan, Italy (“GGDB”) is the autonomous data controller with respect to the personal data of users browsing on the Website, including browsing data, marketing and profiling data and data connected and correlated with sales made through the Website and the relative pre-sale and after sale activities.

Please recall that you may always exercise your rights (and also request a complete list of the appointed processors) by writing to the following email address: privacy@goldengoose.com

2. Type and purpose of processing carried out on the Website - Legal Basis for the Data Processing

The Website collects and processes different types of personal data for different purposes and with different methods. More specifically:

(a) personal data concerning browsing, processed to allow for the proper functioning of the Website, as well as for marketing purposes. In this regard, please read the Cookie policy present on the Website;

(b) personal data provided voluntarily by the user (email address, telephone number, personal details, password provided by completing the registration form) or otherwise provided while using the Website and/or through interaction with the customer care service made available by GGDB and processed to respond to user requests and offer the services, support and information requested concerning the products and the world of GGDB;

(c) the personal data provided by the user during product purchasing processes on the Website to complete transactions and for activities functional and instrumental to sales, as well as for all necessary pre-sale and after sale assistance;

(d) personal data, details and contact data, processed by GGDB - with your express consent - for marketing purposes, that is to send the user (through traditional instruments and through electronic instruments such as newsletters, emails, SMSs, MMSs and smart messages) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by GGDB or by its commercial partners;

(e) personal data regarding purchases and any preferences expressed, processed by GGDB - with your express consent - in order to study consumption habits and choices, so as to bring the products, initiatives and individual commercial offers more into line with the tastes and needs of its customers;

(f) personal details and contact data communicated by GGDB - with your express consent - to third parties belonging to the Lifestyle and Fashion categories for their own marketing activities.

With the exception of browsing data, governed by the Cookie Policy, the processing of personal data is based on:

  1. The legitimate interest of GGDB in providing the Website services and responding to any customer requests, with reference to points (a) and (b);
  2. Fulfilment of the sale contract and the obligation to meet pre and post contractual obligations, for all activities pursuant to point (c);
  3. Any consent provided by the user for the purposes pursuant to points (d), (e) and (f);

3. Source of personal data

The personal data collected by GGDB are provided directly by the user (by registering on the Website or during the sale process), with the exception of the browsing data pursuant to point 2 (a) above and the sale data pursuant to point 2 (e) above.

4. Study of user consumption habits and choices

As specified in point 2 (e) above and with the express consent of the user, GGDB may process the personal data of the user in order to study consumption habits and choices, so as to bring GGDB’s products and initiatives more into line with the tastes and needs of its customers.

With the support of automated instruments, GGDB will process data relating to the value and frequency of purchases, as well as the type of products purchased. Data concerning consumption and preferences may be collected not only by tracking purchases made on the Website and in bricks-and-mortar GGDB stores, but also through the user’s interaction with GGDB and any information that the user may voluntarily provide. The sole objective of this research is to offer products, services and initiatives to customers and users that increasingly meet their tastes and needs. In this regard, please note that research on user and customer behaviour will take place with methods that do not invade the personal sphere. You may always ask for clarifications concerning the logics applied to this processing and the modification of the results obtained by contacting GGDB using the contact information provided.

As specified in point 2 (a) above and with the express consent of the user, GGDB may also process the personal data of the user, using automated instruments, to study cookies in order to check browsing on the Website and offer products and services in line with browsing activities.

5. Methods used by GGDB to process personal data

The personal data collected through the GGDB Website are processed with primarily IT and electronic methods and instruments, adopting the security measures required to reduce to a minimum the risks of destruction or loss, even accidental, of the data, unauthorised access or processing that is not permitted or not compliant with the purposes of collection specified in this Privacy Policy.

However, such measures, due to the nature of online transmission, cannot limit or completely exclude any risk of unauthorised access or dissemination of the data. To that end, we advise that you periodically check that your computer is equipped with adequate software devices to protect the online transmission of data, both incoming and outgoing (such as updated antivirus systems) and that your internet service provider has adopted suitable measures to ensure the security of online data transmission (such as firewalls and antispamming filters).

6. Mandatory or optional nature of the provision of data

With the exception of browsing data (the provision and collection of which is governed by the Cookie policy), the provision to GGDB of personal data collected through the Website to respond to user requests and queries as well as for marketing purposes, to study consumer habits and preferences and for communication to third parties is free, optional and facultative. Not providing data does not limit the use of the Website, however it may make it impossible for GGDB to respond to requests for information and queries, or send informational materials, updates, newsletters and invitations to GGDB events.
The provision of personal data, in particular personal details, email addresses, mailing addresses, telephone numbers and bank details (in the case of payments with credit cards) is necessary to conclude the product purchase contract through the Website. Therefore, if the data is not provided, it may be impossible to complete the purchase through the Website.

Some of that data may also be indispensable for the provision of other services rendered on the Website and correlated with sales (pre-sale and after sale services such as customisation services, etc.) or to fulfil obligations deriving from laws or regulations (tax requirements and anti-money laundering regulations). The failure to indicate the data could therefore constitute, depending on the case, a legitimate and justified reason not to execute the contract to purchase products in the Online Store and/or provide the related services.

When necessary, the obligatory or optional nature of the communication of the data will be indicated on a case by case basis, with the (*) character appearing alongside information that is required for the provision of services and for the purchase of products on the Website. The failure to provide the personal data indicated as optional will entail no limitation or disadvantage for the user.

7. Categories of recipients of personal data

GGDB communicates the personal data of Website users only within the limits permitted by law and in line with what is specified below. The personal data may be known by:

  • employees and advisors of GGDB, who will operate as authorised data processors for the internal organisation of company activities;
  • companies of the same Group, which will operate as appointed data processors, in order to carry out contractual activities and services as well as perform specific marketing activities (such as inviting the user to events, sending discounts, promotions, etc.); and
  • companies that carry out for GGDB, as data processors, specific technical and organisational services connected to the Website (logistics services, IT services, customer care service and marketing services).

The personal data may also be known by:

  • third parties, only to execute the product purchase contract on the Website (such as the credit institution for the execution of remote electronic payment services using a credit/debit card);
  • the police forces or the judicial authority, in compliance with the law and at the formal request of such parties, or if there are justified reasons to believe that the communication of such data is reasonably necessary to (1) investigate, prevent or take initiatives relating to suspected unlawful activities or support the state control and supervisory authorities; (2) defend against any complaint or accusation from third parties, or protect the security of the website itself and the company; or (3) exercise or protect the rights, property or security of GGDB, the companies of the same group, its affiliates, customers, employees or any other party.

Your data will not be distributed and will be transferred abroad only while guaranteeing adequate levels of protection and safeguards for the protection of such data, in compliance with regulations in force. The data centres used by GGDB to process the data collected are situated inside the European Union. To allow for the processing of data for contractual and marketing purposes by the companies of the same Group, the data will be transferred to the relative countries (including countries outside the EU). In this regard, GGDB has entered into Standard Contractual Clauses with the subsidiaries with registered offices in countries outside the EU, in compliance with national and supranational regulations on the protection of personal data. The personal data may be transferred to IT service providers with registered offices and data centres located in countries outside the EU. Please note that, also in this regard, GGDB has entered into the necessary Standard Contractual Clauses with its providers to protect the personal data transferred (after first verifying the security of the measures used by the providers as duly appointed data processors).

8. Period of retention of data

The personal data collected for sale purposes are stored for a period not exceeding 10 years from the purchase, in compliance with tax and civil regulations and without prejudice to particular requirements of defence in court that may require storage for a longer period of time. The data provided by the user to request support, information and responses are stored for the period of time required to provide the response requested and for any subsequent activity of additional communication with the customer necessary to fully manage the request and/or issue.

The personal data provided for marketing and profiling purposes are stored for the necessary period based on the specific processing and for up to a maximum of 7 years, also on the basis of the particular business sector (luxury products) and considering the interest displayed by the customer in receiving updates on products and events organised by GGDB.

For information about the period of storage and persistence of the cookies, please review the Cookie policy.

9. Rights recognised to the user by the privacy law

Users always have the right to obtain the following from GGDB:

(i) confirmation as to whether or not personal data concerning them is being processed even if not yet recorded, and its communication in an intelligible form;

(ii) information concerning the origin of their personal data, the purposes and methods of processing the logic applied in the case of processing performed with the support of electronic instruments, the details of the data controller and data processors, an indication of the subjects and categories of subjects to whom the personal data may be reported or who may be informed thereof in their capacity as data processors or in any event parties authorised to process the data;

(iii) the updating, rectification or, where interested, the integration of the personal data;

(iv) the erasure, the transformation into anonymous form or the blocking of personal data processed against the law, including those for which storage is not necessary in relation to the aims for which the data were collected or subsequently processed, as well as certification of the fact that the operations mentioned above were brought to the awareness of those to whom the data were communicated, except for the case in which such action is impossible or implies use of means that are clearly disproportionate with respect to the protected right;

(v) the portability of their own data;

(vi) the restriction of the processing of their personal data.

Users also have the right to object all or in part, on legitimate grounds, to the processing of personal data concerning them, even if it is relevant to the purpose of the collection, and to revoke consent provided previously. The right to objection and the revocation of consent may also be exercised specifically, with respect to one or more methods of sending marketing communications.

The rights listed above may be exercised by contacting GGDB, by writing to privacy@goldengoose.com

Lastly, please recall that users always have the right to make a complaint to the Supervisory Authority (Autorità Garante per la protezione dei dati personali – Italian Regulatory Authority for the Protection of Personal Data).