2. Data controllers and Data protection officer
Industries acts as Data Controller and will process your personal data in order to manage online sales activity (e.g. managing orders and payments), for "pick-up in store", "return in store", "click from store" and "click and reserve" services as defined in section 3.3, and to carry out marketing activities (e.g. newsletters) and building of group and individual profiles (profiling) as described in section 3.4.
As the Data Controller, Industries will process your personal data. Industries can be contacted by writing to Industries S.p.A., via Stendhal n. 47, 20144 - Milan (MI), Italy or by email at firstname.lastname@example.org.
Industries will manage your personal data in the context of your navigation experience through our website and access to reserved services as defined in sec. 3.1 and 3.2 below.
Industries has appointed a Data Protection Officer (DPO), who is domiciled at the offices of Industries S.p.A. and it is available as follows: email@example.com.
3. Sources of data and the purposes of data processing
3.1 Browsing data
During their normal operation, the computer systems used to operate the Website acquire some of your personal data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected for the purpose of identifying you, but may lead to your identification if, for example, it is combined with information held by a third party. This category of data includes the IP address and domain name of your computer, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server and other parameters relating to your operating system. We use this data for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check it is working properly. The data collected is deleted immediately after processing. The data could be used to ascertain responsibility in the event of cybercrime committed to the detriment of the Services.
3.2 Registration information and further information provided by the user
Use of the Website does not require the creation of a personal account. However, in order to access certain pages reserved for registered users and, for example, to send us a request for information or feedback on the Services, you must create a personal account and become a registered user. When you create your account, you will be asked to enter the following registration information:
In addition, personal data directly provided by you when you place an order to purchase an item will be collected and processed, this consists of data collected by sending electronic mail, interacting with the functionality of the Website and requesting services offered by the Website. The personal data we collect and process includes your first name, surname, gender, nationality, email address, shipping and payment methods, credit and/or debit card number and shopping habits.
Should you wish to avail of our online size recommendation service, we will collect your body sizes (e.g. height, weight, age).
3.3 Purpose of the processing
Providing the above information is necessary in order to create an account and also to respond to and manage requests for information and/or user feedback; to provide the services requested through the Website, including registration and subsequent updates and to manage the activities organized through the Website; to carry out statistical analysis and surveys; to manage sales activities and to provide sales and after-sales services, such as administration, accounting, returns and guarantee management, customer relationship management, including compliance with legal obligations, national and EU regulations (including anti-money laundering regulations), to prevent fraud and to exercise rights in legal proceedings.
Any refusal by you to provide this information would still allow you to use the Website, but would prevent you from using some of our Services reserved for registered users. In addition, your personal data must be processed in order to fulfill the contractual relationship arising from the purchase of Moncler products. The provision of such data is a contractual obligation. Should you need suggestions about sizes, we will process your body sizes with your prior consent.
You are free to disclose your data to us or not, but in the absence of the requested data it will not be possible to conclude or execute the agreement and your requests. This means that you will not be able to purchase Moncler products and that it will not be possible to handle your requests.
3.4 Further purposes of the processing
With your consent, which is optional, Industries will use your personal data for further purposes such as marketing, commercial or advertising communications, direct sales, market research, in-store sales support worldwide through email (newsletter), telephone, SMS, MMS,, instant messaging, and traditional mail, including sending invitations to events. You may at any time indicate your preferred means of contact from among those listed above and you may refuse the receipt of promotional communication by any or all of these means of contact. For profiling and marketing purposes performed through cookies or other tracking technologies, please refer to the cookie section and relevant online consent form.
With your consent, which is optional, Industries collects information about your preferences, habits and lifestyle as well as details of purchases made in order to use these to create group and individual profiles ("profiling") and to send you personalized communications. Personalized communication may be sent by email (newsletter), phone, SMS, MMS, instant messaging and post mail. You may at any time indicate your preferred means of contact from among those listed above and you may refuse the receipt of promotional communication by any or all of these means of contact.
Consent for the above marketing and profiling purposes is optional and refusal will not have any consequences. Data may be provided by you on registration at our points of sale by means of paper and/or electronic forms, acquired during visits to our stores belonging to the Moncler Group or through interaction with websites, Internet applications and mobile applications belonging to the Moncler Group.
3.5 Legal grounds for processing
Your personal data is only processed if one of the legal requirements laid down by current legislation is met, and specifically:
3.6 Information collected through cookies and other technologies
3.6.1 Browsing data and cookies
During their normal operation, the computer systems and software procedures used to operate the Website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified persons, but by its very nature could allow users to be identified through processing and association with data held by third parties.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to monitor its correct operation, and are deleted immediately after processing.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Website. With the exception of this eventuality, the data are stored for the time established by the relevant legal regulations, or in general for the time strictly necessary to provide the user with the service requested to guarantee the transmission of the communication.
Cookies and other tracking tools
Cookies are usually strings of text that websites (so-called publishers or "first parties") visited by the user or other websites or web servers (so-called "third parties") directly or indirectly place and store on the user’s terminal device.
The information encoded in the cookies may include personal data such as an IP address, a username, a unique identifier or an email address, but may also contain non-personal data such as language settings or information about the type of device a person is using to browse the website.
Cookies can therefore perform important and varied functions including monitoring sessions, storing information on specific configurations regarding the users accessing the server, facilitating the use of online content etc.
Types of cookies
Cookies can have different characteristics in terms of their duration (session or permanent) or subjectivity (depending on whether the publisher is acting on its own or on behalf of a “third party”). However, the classification that mainly meets the needs of protecting the user is one based on two macro categories:
● technical cookies, used for the sole purpose of “transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information service explicitly requested by the contractor or user to provide such service” (see art. 122, paragraph 1 of the Privacy Code). These cookies can be installed on the user's terminal without consent, either based on the need to respond to a request or on the legitimate interest of the Company.
● profiling cookies, used to link specific actions or recurring behavioral patterns in the use of the functions offered (patterns) to specific, identified or identifiable parties in order to group the various profiles within uniform clusters of various sizes, so that among other things the controller can modulate the provision of the service in an increasingly personalized manner beyond what is strictly necessary for the provision of the service, as well as send targeted advertising messages, i.e. in line with the preferences expressed by the user while browsing the web. This type of cookie can be downloaded to the user's terminal only with the user's consent.
Among other things, cookies may also be used to assess the effectiveness of an information society service provided by a publisher, to design a website or to help measure its “traffic,” i.e. the number of visitors, including by geographic area, connection time or other characteristics. These identifiers, defined as analytics cookies, can be included in the category of technical cookies, and as such may be used without the prior consent of the data subject, provided that the following conditions are met:
If these conditions are not met, analytics cookies require the user's consent in order to be downloaded.
Finally, cookies may also be used to enable interaction and easy sharing of content on social networks and/or to enable the sending of targeted advertisements based on user preferences (social cookies). These cookies also require the user's consent.
3.6.2 List of the cookies used by the Website
(A) Technical cookies
Below we list the name, purpose, and duration of each technical cookie used by the Website.
The user’s prior consent is not required for the installation of technical cookies. In any case, all browsers allow changing cookie settings.
(B) Other types of cookies (profiling, analytics, social)
Below we list the name, the relevant third party if the cookie is not first party, the purpose, and the duration for each cookie used by the Website that does not fall into the category of technical cookies.
For all information relating to third-party cookies and how to opt out of individual cookies, see the respective policies and the tool provided by the third party to opt out of the individual cookie.
Using the following link it is possible to opt out of third-party cookies (i.e. companies that are members of the WebChoices tool of the Digital Advertising Alliance, including Facebook) installed on the user’s browser: https://optout.aboutads.info/?c=2&lang=EN
The following tool provided by Your Online Choices can also be used to control your preferences by opting out of third-party cookies: https://www.youronlinechoices.com/
|facebook.com||social network||https://www.facebook.com/privacy/explanation||2 years|
|twitter.com||social network||https://twitter.com/en/privacy||2 years|
|pinterest.com||social network||https://policy.pinterest.com/it/privacy-policy||2 years|
(C) Other social functions (e.g. plugins)
In addition to the cookies mentioned above, the Website also incorporates plugins and/or buttons in order to allow easy sharing of content on the following social networks: Facebook, Instagram, Twitter, YouTube. If a user does not wish the social network to record data relating to their visit to the Website, they must log out of the social network account and delete the cookies that the social network has installed in the user's browser.
For certain activities the Company and social networks may also act as joint controllers pursuant to art. 26 of the GDPR, specifically when the Company jointly determines the purposes and means of the processing with the social network through the collection and transmission of the user's data to the social network via a plugin. In such cases the Company adheres to the contractual terms of the social network, which may include joint controller agreements.
Finally, note that in any case joint control does not extend to processing carried out by social networks in relation to which the Company does not determine the purposes and means of processing (e.g. operations carried out by the social network after the User's data have been disclosed by the Website).
With regard to the collection and use of information by social networks, please refer to their respective privacy policies.
4.Methods of data processing and data storage
Your personal data will be processed both in paper form and using electronic means and always in compliance with the security requirements of applicable legislation, with particular but not exclusive reference to art. 32 of the GDPR. Our security measures include contractual arrangements with any entity (e.g. service providers) in order to protect the security and confidentiality of your personal data in accordance with the provisions of this Policy.
Period of Use and Retention of Personal Data
We will retain your personal data until the purpose for their use is achieved according to our internal data retention policy. In particular, we hereby specify that we have a general retention period of 10 years from the time of initial collection for your personal data that is processed for our invoicing and accounting purposes, save for the circumstances in which national applicable law may provide for different retention requirements. In principle, we will promptly destroy your personal data in our possession once we achieve the purpose of collection and use of your personal data. However, the following categories of your personal data will be retained by us for the duration of the periods specified below.
Registered user data: this data will be stored for as long as the account is active to the extent that is strictly necessary to provide the user with the services. Even after the account is closed, we will retain your information if it is necessary to do so in order to comply with legal or regulatory obligations, to protect our rights, to prevent fraud, or to comply with this Policy.
Data relating to payment: until such time as the payment has been confirmed and the administrative and accounting formalities relating thereto have been completed, after the expiry of the right of withdrawal and after the deadline for contesting the payment.
Data collected in connection with the use of Services offered on the Website (e.g. "pick-up in store", "return in store", "click from store", "click and reserve"): such data is stored until the service has been fully performed.
data related to user requests to our Customer Service department: relevant data will be retained until your request is resolved.
With particular reference to the legal protection of our rights, we hereby specify that we keep data in accordance with any restrictions imposed by local regulations.
If you have consented to your personal data being processed for marketing and profiling purposes, the data relating to your purchases will be kept a period of 7 years as per the authorization obtained from the Italian Data Protection Authority, issued on May 25, 2018 in favor of Industries S.p.A., which is the entity in charge of such processing operations. After this retention period, the data will be automatically deleted or permanently and irreversibly anonymised.
In any case, for technical reasons, the termination of the processing and the subsequent cancellation or irreversible anonymization of the related personal data will be final within thirty days of the terms indicated above.
Procedure and Method for Destruction of Personal Data
In principle, we will promptly destroy your personal data in our possession once we achieve the purpose of collection and use of your personal data.
The process and means of destroying your personal data are as follows.
Your personal data will be transferred to a separate database (or separate document file for paper documents) and destroyed after storage for a certain period pursuant to our internal policy or applicable laws and regulations (please refer to the provisions on retention and use period). Such personal data will not be used for any purpose other than the purpose permitted under the applicable laws and regulations.
Paper documents containing personal data will be shredded through the use of document shredder or incinerated.
The personal data stored in electronic file format will be deleted by using technical means that will not allow data recovery.
5.Scope of disclosure
5.1 Internal and external communication of personal data
Personal data is accessible to our duly authorized personnel (e.g., Digital, CRM, Retail, IT personnel) as necessary and is disclosed to third parties in the following cases: (i) when disclosure is required by laws and regulations applicable to legitimate third party recipients, such as authorities and public bodies for their respective institutional purposes, e.g. anti-money laundering legislation, court authorities; (ii) disclosure to third parties in the event of extraordinary transactions (e.g. mergers, acquisitions, sale of business, etc.); (iii) communication to the third party in charge of fraud prevention services.
Personal data is also shared with our service providers, e.g. for services of a technical and organizational nature that are necessary for the purposes indicated above, such as independent partners, including associates, shipping companies, marketing, payment management, etc, the list of which could be communicated upon request. We provide such parties only with the data necessary to perform the agreed services and they act as data processors in accordance with art. 28 GDPR, based on instructions received from Industries. It is expressly stated that Industries does not disclose your personal data to third parties for marketing or profiling purposes.
Finally, for the purposes of profiling, marketing and customer relationship management (to provide you with the same level of service worldwide), other companies in the Moncler Group may access your personal data as data processors in accordance with art. 28 GDPR, based on instructions received from Industries.
5.2 Data transfer abroad
For the performance of certain processing of your Personal Data, Moncler may communicate such data to external parties located in countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (hereinafter referred to as "Third Countries”).
In particular, Moncler informs you that your Personal Data may be transferred to Third Countries, the list of which will be updated from time to time and/or available upon request. The lawfulness of such transfer is in any case guaranteed through the mechanisms envisaged by art. 46 of the GDPR, since Moncler has executed the Standard Contractual Clauses approved by the European Commission (supplemented by additional technical/organizational/legal measures) or, as applicable, due to the existence of an adequacy decision pursuant to art. 45 of the GDPR issued by the European Commission.
These external parties will process your Personal Data as independent data controllers or as data processors, regularly appointed by Moncler in accordance with the legislation regulating data protection (depending on the role they have in relation to the processing).
6.Rights of the data subject
Below is a general description of them and how to exercise them:
§ When you challenge the accuracy of your personal data for the period necessary for Moncler to verify the accuracy of such data.
§ When the processing is unlawful, but you object to the deletion of your data.
§ When, although your data is no longer needed by Moncler for processing purposes, you need it to ascertain, exercise or defend your rights in legal proceedings.
§ When you object to the processing, pending verification of whether Industries has legitimate grounds to continue processing the data.
National laws may provide for additional data subjects rights. For additional information you can contact us at the contact details indicated below.
To exercise the rights described above, you can:
If you believe that your personal data has not been processed correctly, you may lodge a complaint with the local supervisory authority.
To obtain the list of our external data processors, of the third parties with whom Moncler share your personal data please contact the Data Controller through the modalities set forth above.