PRIVACY INFORMATION NOTICE
Last updated: March, 11th 2019
In accordance with the provisions of Italian Legislative Decree 196/2003 (Privacy Code) and EU Regulation 2016/679
We have the pleasure and duty of providing information on the processing of personal data in accordance with the Privacy Code and EU Regulation 2016/679.
1.Processing purposea) The following personal data are collected and processed by Bulgari S.p.A. and by the companies controlled by Bulgari S.p.A. in Italy and throughout the world, as identified hereinbelow (hereinafter referred to as the “Bulgari Group Companies”) when managing contractual relations with customers and to fulfill relevant legal obligations: Name, family name, address, identification. This data may be collected in a retail store or online on our website.
Subject to your prior express consent, personal data mentioned above and additional data described below are collected and processed by Bulgari S.p.A. and Bulgari Group Companies:
b) To carry out statistical and profiling analysis, also via services provided by third parties. Data is processed in compliance with the guarantees and measures set by the Italian Data Protection Authority on April 24, 2013 in response to the request of prior checking submitted by Bulgari.
c) To provide personalized sales services (by way of example but not limited to: personal shopping services, free assistance services and courtesy services), for the sending of (via mail, email, sms and mms, social networks, instant messaging) information relating to our creations, exclusive sales and events or similar initiatives organized or attended by Bulgari (including potential invitations to such events), and for the sending of questionnaires evaluating levels of satisfaction reached by services offered.
In relation to the purposes set out in points b) and c) above, Bulgari S.p.A. and Bulgari Group Companies may collect and process additional data in addition to those required for the management of contractual relations and to fulfill relevant legal obligations. This includes:
• Data collected during store visits, including use of the Wi-Fi system, during participation to events or while making purchases online: Birthday, age range, dates of family events, profession, hobbies, purchases, use of particular social networks or social network ID, telephone number, email address, photograph, nationality, sex, the method and date of registration within Customer Relationship Management managed by Bulgari S.p.A (henceforth referred to as “CRM”), language, categories of favorite products, details of products purchased, size, price, discount, statistical spending levels, abandoned shopping carts, ways in which services are used, preferences regarding services offered in stores, response to contact activities, events attended by customers, products chosen for purchase but not actually purchased; and
2. Provision of dataThe provision of personal data with respect to the purposes outlined in paragraph 1, sub-section a) is obligatory and if it is not provided, Bulgari Group Companies cannot proceed with contractual services requested. For the purposes detailed in paragraph 1 sub-sections b) and c), provision of data is free and optional and the use of such data is subject to your prior informed consent. Denial thereof would not allow Bulgari Group Companies to proceed with the indicated purposes.
3. Conditions applicable to consent of minorsProcessing the personal data of minors is lawful provided they are at least 16 years of age. If a minor is younger than 16 years of age, data processing is only lawful if, and where, consent is provided or authorized by the holder of parental responsibility. We do not knowingly collect any data from children under the age of 13.
4. Processing methodPersonal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified above.
5. Entering of data in the CRM systemThe entering of personal data in the CRM system is optional and occurs only if consent is given to one of the purposes detailed in paragraph 1 sub-sections b) and c) above; it automatically implies that Bulgari employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.
6.Scope of communication, transfer abroad and publication of dataPersonal data is processed by personnel who are tasked with, or responsible for, data processing. This applies to: Bulgari S.p.A., parent companies, subsidiary companies, associate companies, companies under the same control, or companies that are part of the same group of companies that Bulgari S.p.A. belongs to, in Italy and/or across the world (a complete list of these can be obtained by writing to firstname.lastname@example.org; in this regard, it is specified that Model Clauses made available by the European Commission regarding the transfer of personal data outside of Europe are used. Additionally, personal data may also be processed by: - companies that carry out shipping/delivery services for catalogs and/or products; - companies that deliver newsletters, marketing material and promotional communications; - companies that carry out customer care services; - companies that carry out analysis and market research; - companies that maintain IT systems. Data collected may also be processed by independent third-party data controllers, for example: - persons, companies, associations or professionals that provide assistance or consultancy services (lawyers, accountants, auditors); - companies that manage credit card payment service and tax free. A complete list of third parties able to process personal details, on behalf of Bulgari or as independent third-party data controllers, may be obtained by writing to email@example.com . The data will, under no circumstances, be published.
7. Data retention periodData collected for the purposes outlined in paragraph 1, sub-section a) will be retained by Bulgari S.p.A. and Bulgari Group Companies for the time period necessary for the performance of a contract, with legal and conventional guarantees provided for, or in accordance with obligatory legal terms regarding the retention of data. Data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be retained until the client revokes consent to process his/her personal data and in any event, with particular reference to data collected for the purposes outlined in paragraph 1, sub-section b), for no longer than ten years (in compliance with the measure issued by the Italian Data Protection Authority on April 24, 2013 in response to the request of prior checking submitted by Bulgari S.p.A.). When said consent is revoked or if earlier the time limit for the retention of data collected for the purposes outlined in paragraph 1, sub-section b) expires, the data will be automatically erased or made permanently anonymous.
8. Data subjects’ rightsThe following may be requested at any time: Information regarding the existence of personal data processing and its characteristics, correction and deletion of data or limited processing. It is also possible to object to processing and/or to request that data be sent to another controller. Bulgari S.p.A. must respond to requests within deadlines provided for by applicable regulations; it must also correct incorrect data, ensure that incomplete data is completed, and update data that is no longer correct; and finally, when required, it must delete data and limit it and/or stop it from being processed, or ensure that it is, where technically possible, sent to another controller. When exercising rights, as listed above and provided for by law, or in order to obtain any related information and/or report potential misunderstandings and issues, the party concerned is invited to send an email to firstname.lastname@example.org. for prompt replies,or to send a written letter to the Data Protection Officer ('DPO') at Bulgari S.p.A. in Lungotevere Marzio 11, Rome. If the response is not considered satisfactory, the party concerned may contact the Italian Data Protection Authority. Any electronic communication sent shall contain an appropriate section outlining how data processing is objected to and how clients no longer receive material and promotional information.
9. Data controllers and processorsData controllers are:
- Bulgari S.p.A. – Via dei Condotti 11 – 00186 Rome (RM) and Bulgari Group Companies as identified hereinbelow. Data controllers may be contacted or a complete list of data processors designated by the former may be obtained by writing to email@example.com.
Bulgari S.p.A. (Italy), Bulgari Italia S.p.A. (Italy), Bulgari Asia Pacific Ltd (Hong Kong), Bulgari Australia PTY Ltd (Australia), Bulgari Belgium SA (Belgium), Bulgari Canada Ltd (Canada), Bulgari Commercial de Mexico Ltd (Mexico), Bulgari Commercial Shanghai CO Ltd (People’s Republic of China), Bulgari Corporation of America (U.S.A.), Bulgari Deutschland GmbH (Germany), Bulgari do Brazil Lda (Brasil), Bulgari España SA (Spain), Bulgari France SA (France), Bulgari International Corporation (BIC) NV (the Netherlands), Bulgari Ireland Ltd (Ireland), Bulgari Japan Ltd (Japan), Bulgari Korea Ltd (Korea), Bulgari Malaysia SDN BHD (Malaysia), Bulgari Montecarlo SAM (Principality of Monaco), Bulgari Panama Inc. (Panama), Bulgari Portugal Lda (Portugal), Bulgari Qatar Llc (State of Qatar), Bulgari SA (Switzerland), Bulgari South Asian Operation PTE Ltd (Republic of Singapore), Bulgari St Barth SAS (Saint Barthelemy), Bulgari Taiwan Ltd (Taiwan), Bulgari Turkey Luxury and Trade Llc (Republic of Turkey), Bulgari Thailand Ltd (Thailand), Bulgari UK Ltd (United Kingdom), Gulf Luxury Trading Llc (Dubai), Lux Jewels Bahrain Wll (Kingdom of Bahrain), Lux Jewels Kuwait Wll (State of Kuwait), India Luxco Retail Private Ltd (Republic of India), Bulgari Prague Sro (Czech Republic), Bulgari Russia Llc (Russian Federation).