PRIVACY INFORMATION NOTICE
In accordance with the provisions of EU Regulation 2016/679
Last updated: April 20th, 2022
We have the pleasure and duty of providing information on the processing of personal data in accordance with the Privacy Code and EU Regulation 2016/679.
1. Processing purpose
The following personal data: Your name, address, image when you visit our stores (when CCTV is in place), or voice when you call Bulgari after sale services (since your call may be recorded) are collected and processed by Bulgari S.p.A. and by the companies controlled by Bulgari S.p.A. in Italy and throughout the world, as identified herein below (hereinafter referred to as the “Bulgari Group Companies”) for the following purpose:
a) to manage contractual relations with customers, to fulfil relevant legal obligations, to perform the so-called Know Your Customer (KYC) procedures in accordance with applicable law and to manage reports of alleged illegal conduct in order to carry out the necessary preliminary activities aimed at verifying the validity of the fact being reported and the adoption of the consequent measures.
The following additional personal data:
- Data collected during store visits, including use of the Wi-Fi system, during participation of events or while making purchases online, when you create a loyalty account in store or online or participate in a loyalty program: Birthday, age range, dates of family events, profession, hobbies, purchases, use of particular social networks or social network ID, telephone number, email address, photograph, nationality, gender, the method and date of registration within Customer Relationship Management managed by Bulgari S.p.A (henceforth referred to as “CRM”), language, categories of favorite products, details of products purchased, size, price, discount, statistical spending levels, abandoned shopping carts, ways in which services are used, preferences regarding services offered in stores, response to contact activities, events attended by customers, products chosen for purchase but not actually purchased; and
Are collected and processed for the following purposes:
a) To carry out statistical analysis of interests, preferences and purchasing habits (profiling) based on purchases made at BULGARI and/or other LVMH Maisons, also via services provided by third parties. Data is processed in compliance with the guarantees and measures set by the Italian Data Protection Authority on April 24, 2013 in response to the request of prior checking submitted by Bulgari.
b) To provide personalized sales services (by way of example but not limited to: personal shopping services, free assistance services and courtesy services), for the sending of (via mail, email, SMS and MMS, social networks and instant messaging) information relating to our creations, exclusive sales and events or similar initiatives organized or attended by Bulgari (including potential invitations to such events), for the sending of questionnaires evaluating levels of satisfaction reached by services offered and/or in case of virtual try-on usages.
2. Provision of data
The provision of personal data with respect to the purposes outlined in paragraph 1, sub-section a) is obligatory and if it is not provided, Bulgari Group Companies cannot proceed with the contractual services requested. For the purposes detailed in paragraph 1 sub-sections b) and c), provision of data is free and optional and the use of such data is subject to consent. Denial thereof would not allow Bulgari Group Companies to proceed with the indicated purposes.
3. Conditions applicable to consent of minors
Processing the personal data of minors is lawful provided they are at least 16 years of age. If a minor is younger than 16 years of age, data processing is only lawful if, and where, consent is provided or authorized by the holder of parental responsibility.
4. Processing method
Personal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified above.
5. Entering of data in the CRM system
The entering of personal data in the CRM system is optional and occurs only if consent is given to one of the purposes detailed in paragraph 1 sub-sections b) and c) above; it automatically implies that Bulgari employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.
6. Scope of communication, transfer abroad and publication of data
Personal data is processed by personnel who are tasked with, or responsible for, data processing. This applies to: Bulgari S.p.A., parent companies, subsidiary companies, associate companies, companies under the same control, or companies that are part of the same group of companies that Bulgari S.p.A. belongs to, in Italy and/or across the world (a complete list of these can be obtained by writing to firstname.lastname@example.org); in this regard, it is specified that Model Clauses made available by the European Commission regarding the transfer of personal data outside of Europe are used.
Additionally, personal data may also be processed by:
- companies that carry out shipping/delivery services for catalogues and/or products;
- companies that deliver newsletters, marketing material and promotional communications;
- companies that carry out customer care services;
- companies that carry out analysis and market research;
- companies that maintain IT systems
Data collected may also be processed by independent third-party data controllers, for example:
- persons, companies, associations or professionals that provide assistance or consultancy services (lawyers, accountants, auditors);
- companies that manage credit card payment services and tax free.
- companies that assist us in the performance of the KYC procedure
- companies that manage the so called Virtual Try On.
A complete list of third parties able to process personal details, on behalf of Bulgari or as independent third-party data controllers, may be obtained by writing to email@example.com.
The data will, under no circumstances, be published.
7. Data retention period
Data collected for the purposes outlined in paragraph 1, sub-section a) will be retained by Bulgari S.p.A. and Bulgari Group Companies for the time period necessary for the performance of a contract, with legal and conventional guarantees provided for, or in accordance with obligatory legal terms regarding the retention of data. Data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be retained until the client revokes consent to process his/her personal data and in any event, with particular reference to data collected for the purposes outlined in paragraph 1, sub-section b), for no longer than ten years (in compliance with the measure issued by the Italian Data Protection Authority on 24 April 2013 in response to the request of prior checking submitted by Bulgari S.p.A.). When said consent is revoked or if the time limit for the retention of data collected for the purposes outlined in paragraph 1, sub-section b) expires earlier, the data will be automatically erased or made permanently anonymous.
8. Data subjects’ rights
The following may be requested at any time: information regarding the existence of personal-data processing and its characteristics, correction and deletion of data or limited processing. It is also possible to object to processing and/or to request that data be sent to another controller. Bulgari S.p.A. must respond to requests within deadlines provided by applicable regulations; it must also correct incorrect data, ensure that incomplete data is completed, and update data that is no longer correct; and finally, when required, it must delete data and limit it and/or stop it from being processed, or ensure that it is, where technically possible, sent to another controller. When exercising rights, as listed above and provided for by law, or in order to obtain any related information and/or report potential misunderstandings and issues, the party concerned is invited to send an email to firstname.lastname@example.org for prompt replies, or to send a written letter to the Data Protection Officer ('DPO') at Bulgari S.p.A., Lungotevere Marzio 11, Rome. If the response is not considered satisfactory, the party concerned may contact the Italian Data Protection Authority. Any electronic communication sent shall contain an appropriate section outlining how data processing is objected to and how clients no longer receive material and promotional information.
9. Data controllers and processors
Data controllers are:
Bulgari S.p.A. – Via dei Condotti 11 – 00186 Rome (RM) and Bulgari Group Companies whose details may be obtained writing to email@example.com. A complete list of data processors designated by Controllers may as well be obtained by writing to firstname.lastname@example.org.