PRIVACY INFORMATION NOTICE
Last updated: April 14, 2021
In accordance with applicable law, including the provisions of Italian Legislative Decree 196/2003 (Privacy Code), EU Regulation 2016/679, and California Consumer Privacy Act
We have the pleasure and duty of providing information on the processing of personal data in accordance with the Privacy Code and EU Regulation 2016/679.
1.Processing purposea) The following personal data are collected and processed by Bulgari S.p.A. and by the companies controlled by Bulgari S.p.A. in Italy and throughout the world, as identified hereinbelow (hereinafter referred to as the “Bulgari Group Companies”) when managing contractual relations with customers and to fulfill relevant legal obligations: Name, family name, address, identification. This data may be collected in a retail store or online on our website. This data may be collected from you directly, third parties, business partners, other Bulgari Group Companies, or publicly available sources.
Subject to your prior express consent, personal data mentioned above and additional data described below are collected and processed by Bulgari S.p.A. and Bulgari Group Companies:
b) To carry out statistical and profiling analysis, also via services provided by third parties. Data is processed in compliance with the guarantees and measures set by the Italian Data Protection Authority on April 24, 2013 in response to the request of prior checking submitted by Bulgari.
c) To provide personalized sales services (by way of example but not limited to: personal shopping services, free assistance services and courtesy services), for the sending of (via mail, email, sms and mms, social networks, instant messaging) information relating to our creations, exclusive sales and events or similar initiatives organized or attended by Bulgari (including potential invitations to such events), and for the sending of questionnaires evaluating levels of satisfaction reached by services offered.
In relation to the purposes set out in points b) and c) above, Bulgari S.p.A. and Bulgari Group Companies may collect and process additional data in addition to those required for the management of contractual relations and to fulfill relevant legal obligations. This includes:
• Data collected during store visits, including use of the Wi-Fi system, during your use of our virtual shopping service, including your contact information, video feed, and preferences, during participation to events or while making purchases online: Birthday, age range, dates of family events, profession, hobbies, purchases, use of particular social networks or social network ID, telephone number, email address, photograph, nationality, sex, the method and date of registration within Customer Relationship Management managed by Bulgari S.p.A (henceforth referred to as “CRM”), language, categories of favorite products, details of products purchased, size, price, discount, statistical spending levels, abandoned shopping carts, ways in which services are used, preferences regarding services offered in stores, response to contact activities, events attended by customers, products chosen for purchase but not actually purchased; and
2. Provision of dataThe provision of personal data with respect to the purposes outlined in paragraph 1, sub-section a) is obligatory and if it is not provided, Bulgari Group Companies cannot proceed with contractual services requested. For the purposes detailed in paragraph 1 sub-sections b) and c), provision of data is free and optional and the use of such data is subject to your prior informed consent. Denial thereof would not allow Bulgari Group Companies to proceed with the indicated purposes.
3. Conditions applicable to consent of minorsProcessing the personal data of minors is lawful provided they are at least 16 years of age. If a minor is younger than 16 years of age, data processing is only lawful if, and where, consent is provided or authorized by the holder of parental responsibility. We do not knowingly collect any data from children under the age of 13.
4. Processing methodPersonal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified above.
5. Entering of data in the CRM systemThe entering of personal data in the CRM system is optional and occurs only if consent is given to one of the purposes detailed in paragraph 1 sub-sections b) and c) above; it automatically implies that Bulgari employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.
6.Scope of communication, transfer abroad and publication of data• Personal data is transferred to and processed by personnel who are tasked with, or responsible for, data processing. This applies to: Bulgari S.p.A., parent companies, subsidiary companies, associate companies, companies under the same control, or companies that are part of the same group of companies that Bulgari S.p.A. belongs to, in Italy and/or across the world (a complete list of these can be obtained by writing to email@example.com; in this regard, it is specified that Model Clauses made available by the European Commission regarding the transfer of personal data outside of Europe are used.
• If another company acquires, or plans to acquire, any entity in the Bulgari Group Companies, their business, or their assets, personal data may be transferred to and processed by the acquiring company, including at the negotiation stage.
• Personal data may be transferred to and processed by third party service providers including: - companies that carry out shipping/delivery services for catalogs and/or products; - companies that deliver newsletters, marketing material and promotional communications; - companies that carry out customer care services; - companies that carry out analysis and market research; - companies that maintain IT systems.
• Data collected may be processed by independent third-party data controllers, for example: - persons, companies, associations or professionals that provide assistance or consultancy services (lawyers, accountants, auditors); - companies that manage credit card payment service and tax free.
• Data collected may also be transferred to and processed by third parties if necessary to respond to subpoenas, warrants, or court orders, or in connection with any legal process, to comply with relevant laws, in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
• Personal data be transferred to and processed by other third parties who are not described in this policy with your prior consent.
A complete list of third parties able to process personal details, on behalf of Bulgari or as independent third-party data controllers, may be obtained by writing to firstname.lastname@example.org . The data will, under no circumstances, be published.
7. Data retention periodData collected for the purposes outlined in paragraph 1, sub-section a) will be retained by Bulgari S.p.A. and Bulgari Group Companies for the time period necessary for the performance of a contract, with legal and conventional guarantees provided for, or in accordance with obligatory legal terms regarding the retention of data. Data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be retained until the client revokes consent to process his/her personal data and in any event, with particular reference to data collected for the purposes outlined in paragraph 1, sub-section b), for no longer than ten years (in compliance with the measure issued by the Italian Data Protection Authority on April 24, 2013 in response to the request of prior checking submitted by Bulgari S.p.A.). When said consent is revoked or if earlier the time limit for the retention of data collected for the purposes outlined in paragraph 1, sub-section b) expires, the data will be automatically erased or made permanently anonymous.
8. Data subjects’ rightsThe following may be requested at any time: Information regarding the existence of personal data processing and its characteristics, a copy of the specific pieces of personal data being processed, correction and deletion of data or limited processing. It is also possible to object to processing and/or to request that data be sent to another controller. Bulgari S.p.A. must respond to requests within deadlines provided for by applicable regulations. When required, it must also correct incorrect data, ensure that incomplete data is completed, and update data that is no longer correct; and finally, when required, it must delete data and limit it and/or stop it from being processed, or ensure that it is, where technically possible, sent to another controller. When exercising rights, as listed above and provided for by law, or in order to obtain any related information and/or report potential misunderstandings and issues, the party concerned is invited to send an email to email@example.com. for prompt replies,or to send a written letter to the Data Protection Officer ('DPO') at Bulgari S.p.A. in Lungotevere Marzio 11, Rome. If the response is not considered satisfactory, the party concerned may contact the Italian Data Protection Authority. Any electronic communication sent shall contain an appropriate section outlining how data processing is objected to and how clients no longer receive material and promotional information.
If you would like to exercise any of the rights listed above, we are legally required to have you prove your identity. We will conduct an identity verification by phone call or email and, depending on the request, will ask for information such as name, your last order number, the email address on file, and the mailing address on file. If necessary, we may also ask you to provide a signed declaration confirming your identity or to provide copy of your identity document.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and also verify your own identity.
Authorized agents submitting a request on behalf of a California resident must attach a copy of the following information to the request:
1. A copy of a written and signed permission giving the agent permission to submit requests on the individual’s behalf; and
2. If the agent is a business, proof that the agent is registered with the Secretary of State to conduct business in California.
9. RIGHTS OF CALIFORNIA RESIDENTSCalifornia law indicates that organizations should disclose whether certain categories of information are collected, “sold” or transferred for an organization’s “business purpose” (as those terms are defined under California law). You can find a list of the categories of information that we collect and shares here. California residents may request more information concerning the categories of personal information (if any) shared with third parties or affiliates for those parties to use for direct marketing purposes by sending an email to firstname.lastname@example.org for prompt replies, or sending a written letter to the Data Protection Officer ('DPO') at Bulgari S.p.A. in Lungotevere Marzio 11, Rome. Bulgari S.p.A. and Bulgari Group Companies do not discriminate against California residents who exercise any of their privacy rights.
10. HOW WE PROTECT PERSONAL DATANo method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect personal data from unauthorized access, use, or disclosure, the security of your personal data cannot be guaranteed. In the event that we are required by law to inform you of a breach of personal data, this notification may come electronically, in writing, or by telephone, as permitted by law.
Our website may permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
11. DATA CONTROLLERS AND PROCESSORSData controllers are:
- Bulgari S.p.A. – Via dei Condotti 11 – 00186 Rome (RM) and Bulgari Group Companies as identified hereinbelow. Data controllers may be contacted or a complete list of data processors designated by the former may be obtained by writing to email@example.com.
Bulgari S.p.A. (Italy), Bulgari Italia S.p.A. (Italy), Bulgari Asia Pacific Ltd (Hong Kong), Bulgari Australia PTY Ltd (Australia), Bulgari Belgium SA (Belgium), Bulgari Canada Ltd (Canada), Bulgari Commercial de Mexico Ltd (Mexico), Bulgari Commercial Shanghai CO Ltd (People’s Republic of China), Bulgari Corporation of America (U.S.A.), Bulgari Deutschland GmbH (Germany), Bulgari do Brazil Lda (Brasil), Bulgari España SA (Spain), Bulgari France SA (France), Bulgari International Corporation (BIC) NV (the Netherlands), Bulgari Ireland Ltd (Ireland), Bulgari Japan Ltd (Japan), Bulgari Korea Ltd (Korea), Bulgari Malaysia SDN BHD (Malaysia), Bulgari Montecarlo SAM (Principality of Monaco), Bulgari Panama Inc. (Panama), Bulgari Portugal Lda (Portugal), Bulgari Qatar Llc (State of Qatar), Bulgari SA (Switzerland), Bulgari South Asian Operation PTE Ltd (Republic of Singapore), Bulgari St Barth SAS (Saint Barthelemy), Bulgari Taiwan Ltd (Taiwan), Bulgari Turkey Luxury and Trade Llc (Republic of Turkey), Bulgari Thailand Ltd (Thailand), Bulgari UK Ltd (United Kingdom), Gulf Luxury Trading Llc (Dubai), Lux Jewels Bahrain Wll (Kingdom of Bahrain), Lux Jewels Kuwait Wll (State of Kuwait), India Luxco Retail Private Ltd (Republic of India), Bulgari Prague Sro (Czech Republic), Bulgari Russia Llc (Russian Federation).