PRIVACY POLICY

Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”) and art 19 LPD

Why this information notice?

Roberto Cavalli S.p.A. and Helier Fashion FZE Lugano subsidiaryinvite you to read the following Information notice in order to acquire all the information required by Article 13 of EU Regulation 2016/679 (hereinafter "EU Reg. 2016/69" or "GDPR") and by art.19 of Federal Law on Data Protection (hereinafter “LPD”). This notice relates to types and methods of processing personal data as stated below and connected to the purchase of a product.

Navigation data

Data belonging to this category: IP addresses, domain name, URI/URL addresses, time and method of request, response from server and a few information regarding the user-agent. More information available in the Cookie Policy. Social media: For more information regarding the processing of personal data carried out by any Social Media platforms deployed on this website, please refer to their respective privacy policies.

Personal data we may collect and process

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30). In this specific case, personal data that will be processed, depending on the relative purpose, are: name, surname, e-mail address, physical address, telephone number, date of birth, nationality, product ID, billing address and one or more postal shipping addresses, the identification data of one or more of your credit cards and information contained in the requests sent to Roberto Cavalli S.p.A.

JOINT CONTROLLERS AND DATA PROTECTION OFFICER (RPD - DPO)

Joint Controllers pursuant to art.26 of UE Reg. 2016/69 and pursuant to art.5 of LPD are:

Roberto Cavalli S.p.A. with registered office in Piazza San Babila 3, 20122 Milano (MI), represented by the legal representative pro tempore. You can freely contact the Data Controller sending an E-Mail to the following address: privacy@robertocavalli.com Roberto Cavalli S.p.A. has appointed the Data Protection Officer (RPD - DPO) pursuant to art.37, 38, 39 of the Reg. UE 2016/679. You can reach the appointed DPO in the above-mentioned registered offices or via E-Mail: dpo@robertocavalli.com

Helier Fashion FZE, Lugano subsudiary with registered office in Vaile Giuseppe Cattori 11, 6900 Paradiso, Svwitzerland, represented by the legal representative pro tempore. You can freely contact the Data Controller by mail at Lardi & Partners SA Via Cantonale 19 6900 Lugano Switzerland

PURPOSES OF PROCESSING

A) Website browsing

Legal Ground:

  • Legitimate interest for technical cookies

    Art. 6 lett. f) and recital 47 GDPR overriding private interest LPD

  • Consent for non-technical cookies

    Art 6.1.a) GDPR

    art. 6 cap. 6, 7; art 31 cap. 1 LPD

Data Retention:

  • More information available in the cookie policy

Data Conferral:

  • For technical cookies, the provision of information is necessary.

  • For non-technical cookies, their provision is optional and the lack of conferral will not affect the website navigation

B) Account creation

The creation of the account will allow you to save contact information, payment methods, keep the history of purchases, book eventual returns, track the shipment, modify any previously provided consents to profiled marketing communications

Legal Ground:

  • Contract Art. 6(1)(b) GDPR

    Art. 31 (a) LPD

Data Retention:

  • Up until the account is active and valid

Data Conferral:

  • In case of creation of a new account the provision of personal data is mandatory; nevertheless, some of them are optional

C) Contact requests

Legal Ground:

  • Pre-contractual measure

    Art. 6(1)(b) GDPR

    Art. 31 (a) LPD

Data Retention:

  • up to 12 months

Data Conferral:

  • The provision is necessary to process the request

D) Personal shopper

Asking for the assistance of a personal shopper you will have the opportunity to receive help, style advice

Legal Ground:

  • Pre-contractual measure

    Art. 6(1)(b) GDPR

    Art. 31 (a) LPD

Data Retention:

  • The information is kept for the necessary time to proceed with the evasion of the request

Data Conferral:

  • The provision is necessary to process the request

E) Soft Spam

Joint Controllers will use the e-mail contact, the telephone number (calls, SMS and WhatsApp) provided by the Data Subject in the context of the purchase of a product, for sending communications concerning similar products to those purchased, without requiring the consent. Data Subject, during the collection or in occasion of sending this kind of communication, is informed about the possibility

Legal Ground:

  • “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child(C47-C50)

    Art.6(1) (f) GDPR and Federal law against unfair competition, art.3 (o)(LCSI)

  • The legitimate interest of Joint Controllers is connected with the possibility to keep in touch with the clients by sending communications withing the limits of products similar to those purchased by the clients.

    (art. 130 co. 4 d.lgs. 30 giugno 2003, n. 196)

Data Retention:

  • Up to 5 years from the last purchase or from the date of registration if never made a purchase until opposition (opt-out) if earlier.

Data Conferral:

  • The provision is necessary. You may object at any time.

F) Direct Marketing

by means of E-mail, phone calls and any kind of instant messages (calls, SMS and WhatsApp), paper mail depending on the provided information.

Legal Ground:

  • Consent

Data Retention:

  • Up to 5 years from the last purchase or from the date of registration if never made a purchase until opposition (opt-out) if earlier

Data Conferral:

  • The provision is optional and where lacking you won’t be affected from carrying out other activities on this website

G) Profiled marketing communication

by means of E-mail, phone calls, any kind of instant messages, paper mail depending on the provided information.

We inform you that the profiling activity is carried out taking into account previous purchases and any product included in the wish-list

Legal Ground:

  • Consent art. 6 par. 1 lett. a) GDPR e art. 6 cap. 6, 7; art 31 cap. 1 LPD

Data Retention:

  • Up to 5 years from the last purchase or from the date of registration if never made a purchase until opposition (opt-out) if earlier

Data Conferral:

  • The provision is optional and where lacking you won’t be affected from carrying out other activities on this website

DATA RECIPIENTS

Personal data provided may be communicated to recipients acting as Processors (art. 28 of the Reg. EU 2016/679) and/or persons under the authority of the Controller and the Processor (art.29 of the Reg. UE 2016/679) for the pointed ahead purposes. You can request a complete listing of processors at the abovementioned addresses. Your data may be disclosed to recipients being part of the following categories: - subjects providing services and assistance to the database collecting all the data and to the commercial communications system; - Subjects providing services for the management of the information system and telecommunication networks, including e-mail, host and management of the website; - Companies in the context of assistance and consultancy relationships; - Companies of the group to which Roberto Cavalli S.p.A. belongs; - Competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request

WILL DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EEA?

Data are transferred outside the EEA and specifically in Switzerland, Country that guarantees an adequate level of protection, and to the United Arab Emirates through Standard Contractual Clauses.

DATA SUBJECT RIGHTS

You may freely exercise your rights as indicated in sections 15 of GDPR and Section 4 of LPD, contacting the Joint Controllers at the abovementioned address. You have the right, at any time, to request the access to your personal data, their rectification, erasure, to ask for restriction. The controller shall communicate any rectification or erasure of data or processing restriction to each recipient to whom personal data have been disclosed. Upon data subject’s request the controller shall inform him regarding these latter. If the processing is based on a contract, you have the right to portability and in this case you will receive the data in a structured, commonly used and machine-readable format. You have the right to object, at any time, to the processing of personal data grounded on a legitimate interest and in cases where the legal basis is consent, you have the right to revoke the given consent without prejudice to the lawfulness of the processing based on the consent before the revocation. Personal data will be processed manually, electronically and by mean of automated processed. Please note that fully automated decision-making processes are not carried out. Without prejudice to any other administrative or judicial remedy, in case you consider the processing in contrast with Reg. UE 2016/679 or LPD you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it https://www.edoeb.admin.ch/edoeb/it/home.html)

CHANGES TO THE INFORMATION NOTICE

Data Controllers reserve the right to modify, update, add or remove parts of this information. In order to facilitate the verification and modification of the text, the information will contain the date of revision.

Update date: 8 October 2024

COOKIE POLICY

What are cookies

Cookies are small text files that are sent from the web site visited by the user to the user’s device (usually to the browser), where they are stored so that they can recognize such device the time of the next visit. At ever subsequent visit, in fact, cookies are re-sent from the user’s device to the site.

Each cookie generally contains: the name of the server from which the cookie was sent; the expiration and a number, usually a unique number randomly generated by the computer. The server of the web site that transfers the cookie uses this number to recognize you when you return to a site or browse from one page to another.

Cookies can be installed not only by the site manager of the site visited by the user (first party cookie), but also by a different site that installs cookies through the first site (third party cookies) and is able to recognize them. This occurs because there may be elements (images, maps, sounds, links to web pages of other domains, etc.) on the visited site that reside on servers other than the server of the visited site. Depending on their purpose, cookies can be distinguished as technical cookies and profiling cookies.

Technical cookies are those used for the sole purpose of transmitting a communication on an electronic communications network, or, to the extent strictly necessary to the service provider of the information company explicitly requested by the subscriber or by the user to provide such service. In particular, such cookies are usually used to allow efficient browsing among pages, store users’ preferences (language, country, etc.), make electronic authentications, manage the shopping cart or allow online purchases, etc. Some of these cookies (called essential or strictly necessary) enable features without which it would not be possible to perform some transactions. The use of technical cookies does not require the users’ consent.

Analytics cookies are assimilated to technical cookies if used directly by the site manager to collect aggregate data on the number of users and how they visit such site. These cookies allow data controllers and/or web site managers to understand how users interact with the site content for optimization purposes.

Profiling cookies are used to trace the user’s browsing, analyze his behavior for marketing purposes and to create profiles of his tastes, habits, choices, etc. in order to send targeted advertising messages related to the user’s interests and in line with the preferences shown from his online browsing. Such cookies may be installed on the user’s terminal only if he has expressed his consent in the simplified manner indicated in the Measure.

Depending on their duration, cookies are distinguished as persistent, which remain stored until their expiration on the user’s device, unless the user removes them, or as sessions, which are not stored for a lengthy period on the user’s device, and which vanish when the browser is closed.

Cookie used by this site

Following is a table containing all the information about the cookies installed through this site, and the necessary indications on how to manage your preferences regarding them.

  • Google Doubleclick Cookie Type: Profiling (Behavioral Advertising) Purpose and legal basis of the processing: Used to provide advertising, based on the interests expressed through Internet browsing (OBA). The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 13 months

  • Salesforce Cookie Type: Profiling (Behavioral Advertising) Purpose and legal basis of the processing: Used to provide advertising, based on the interests expressed through Internet browsing (OBA). The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 180 days

  • Bing Cookie Type: Profiling (Behavioral Advertising) Purpose and legal basis of the processing: Used to provide advertising, based on the interests expressed through Internet browsing (OBA). The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 13 months

  • Sizmek Cookie Type: Retargeting Purpose and legal basis of the processing: Used to send advertising to subjects who have previously visited the site. The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 90 days

  • Facebook BM Cookie Type: Retargeting Purpose and legal basis of the processing: Used to send advertising to subjects who have previously visited the site. The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 180 days

  • Fanplayr Cookie Type: Analytics Purpose and legal basis of the processing: Monitoring of users' browsing experience and interaction with page contents (images, text and CTA). The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 12 months

  • Google Analytics Cookie Type: Analytics Purpose and legal basis of the processing: A cookie that helps website and app owners to understand how visitors interact with their own contents. This service may use a set of cookies in order to collect information and generate statistics. First or Third party: Third Party Cookie lifespan: 24 months

  • Hotjar Cookie Type: Analytics Purpose and legal basis of the processing: Monitoring of users' browsing experience and interaction with page contents (images, text and CTA). The legal basis of the processing is the users' consent. First or Third party: Third Party Cookie lifespan: 12 months

  • Pinterest Cookie Type: Social Purpose and legal basis of the processing: Used to share content on social networks. The legal basis of the processing is the users' consent. First or Third party: Third Party

  • Twitter Cookie Type: Social Purpose and legal basis of the processing: Used to share content on social networks. The legal basis of the processing is the users' consent. First or Third party: Third Party

  • Youtube Cookie Type: Social Purpose and legal basis of the processing: Used to share content on social networks. The legal basis of the processing is the users' consent. First or Third party: Third Party

  • Facebook Cookie Type: Social Purpose and legal basis of the processing: Used to share content on social networks. The legal basis of the processing is the users' consent. First or Third party: Third Party

We remind you that you can also manage your preferences on cookies through the browser you use (the main browsers are listed below):

Internet Explorer

Google Chrome

Mozilla Firefox

Safari

If you do not know the type and version of the browser that you are using, we suggest that you click on the “Help” button in the upper part of the window of the browser, from which you can access all necessary information.

At the time any page of the site is accessed, a Banner appears containing summary information. By closing the Banner or by continuing to browse the site, through access to another area of the site or by selecting one of its elements (for example, an image or a link), you consent to the use of the profiling cookies. Such consent is registered through the use of a “technical cookie”. You can obtain information and the way to disable third party cookies by clicking on the links contained in the table showing the list of cookies, which is provided in the table set forth on this page.

Data Controller

The Data Controller is Roberto Cavalli S.p.A. with registered office in Piazza San Babila 3, 20122 Milano (MI) and Auriel Investment SA, with registered office in Vaile Giuseppe Cattori 11, 6900 Paradiso, Switzerland.

Data Protection Officer (DPO)

The DPO can be contacted by writing to the address dpo@robertocavalli.com.

Full Cookie policy of The Level S.r.l. for the robertocavalli.com

This Cookie Policy explains to users how the Site adopts cookies and, furthermore, provides guidance as to how cookies can be managed.

This Cookie Policy should be read together with the Privacy Policy.

By continuing to browse or use the Site, users agree to the use of cookies as described in this Cookie Policy.

Contact

Users wishing to contact the Site concerning any matter relating cookies are encouraged to write to: privacy@thelevelgroup.com

Changes to this Cookie Policy

Any future changes to this Cookie Policy will be posted on the Site and, where appropriate, notified to users by email. Users are encouraged to read this Cookie Policy frequently to check for any updates or changes.

Last update: October 2024