1. WHO IS THE CONTROLLER
The Site is managed by YOOX NET-A-PORTER GROUP S.p.A., a single-member company subject to the management and coordination activity of Compagnie Financière Richemont S.A., with registered office at via Morimondo, 17 – Milano 20143, Italy. ("YOOX NET-A-PORTER GROUP"), which acts as independent personal data controller for all activities related to the online sale of GIORGIO ARMANI products, such as the signing and performance of the contract; payment; invoice issuance; product shipping; any management of the right of withdrawal, return, and the legal guaranties; the control and prevention of fraud and abusive behaviours; registration on the Site (“My Account”), and the use of services reserved for registered users (for example: Wish List, My Orders, Quick Buy, etc.); the following services are offered to you through the Site (not available in all countries): (i) delivery of products purchased online at the GIORGIO ARMANI stores (“pick up in store”), (ii) return of products purchased online at the GIORGIO ARMANI stores (“return in store”), and (iii) online sale of products at the GIORGIO ARMANI stores (“click from store”); as well as any corresponding assistance that is provided by Customer Care (further information is available in point 3.1) and fulfilment of the legal obligations for personal data processing (more information in point 3.4). Giorgio Armani S.p.A., with registered office at Via Borgonuovo 11, 20121 Milano, Italy (Giorgio Armani S.p.A.) acts as independent data controller for the purposes of marketing, profiling, and sharing your data for these purposes, whenever you provide your express consent to such processing (more information is available in point 3.3). GIORGIO ARMANI also acts as data controller for the services offered through the Site, reserving a product online at GIORGIO ARMANI stores (“click & reserve”, not available in al countries) and finding the GIORGIO ARMANI stores closest to you (“Store Locator”) (more information is available in point 3.2), as well as for fulfilling the legal obligations for personal data processing (more information is available in point 3.4). For any clarification, question, or requirement related to your privacy, or to exercise your rights under the European personal data processing legislation (the General Data Protection Regulation - EU Reg. No. 2016/679, hereinafter “GDPR”) (see point 6) you may contact us at any time by sending a request to Customer Care (selecting the “Privacy” option). If you wish, you may also contact us or our Data Protection Officers (DPOs) directly; to do so you may use the contact details indicated below.
2. WHAT DATA DO WE PROCESS
As concerns the purposes of the processing indicated in point 3 below, we process various types of personal data concerning you, including:
- your identification information (such as first and last name), your contact details (such as email address and telephone number), shipping address and billing address, payment information (such as the method of payment used, cardholder, card number used). This data is processed by YOOX NET-A-PORTER GROUP in reference to the online sale of GIORGIO ARMANI products and the corresponding activities related thereto (such as the signing and performance of the contract; payment; invoice issuance, product shipping; any management of the right of withdrawal, return, and the legal guaranties; customer care; the control and prevention of fraud and abusive behaviours, including by third parties, which conflict with the current standards, the applicable contractual provisions, the rules of correctness and good faith), as well as for the following services offered through the Site and connected to online sales (not available in all countries): (i) delivery of products purchased online at GIORGIO ARMANI stores (“pick up in store”); (ii) return of products purchased online at GIORGIO ARMANI stores (“return in store”); and (iii) online sale of products at GIORGIO ARMANI stores (“click from store”). For customer care activities, the information you choose to provide in your communications is also processed;
- if you register on the Site (“My Account”), this includes your identification information, your email address, and your password, as well as the data needed to provide you with services that are reserved for registered users (for example: Wish List, My Orders, Quick Buy, etc.). For registration/authentication of My Account via Facebook (Facebook Ireland Ltd. Service, which acts as an independent data controller) we collect the data needed for your registration/authentication from this third party. My Account and the relative services reserved for registered users are managed by YOOX NET-A-PORTER GROUP;
- your identification and contact information are also used by GIORGIO ARMANI to manage any requests you may have for information relating to the GIORGIO ARMANI products, as well as to provide you with any service (that you have requested and that is offered through the Site) to reserve a product online at GIORGIO ARMANI stores (“click & reserve”, not available in all countries);
- your geographic location, which is used with your consent by GIORGIO ARMANI for any service (that you have requested and that is offered through the Site) to find the GIORGIO ARMANI store closest to you (“Store Locator”);
- when you have provided the corresponding consent, GIORGIO ARMANI also processes the data relating to your preferences and interests, such as products you’ve purchased or added to your wish list, age and gender, your country, and your preferred language and currency, the newsletters you have subscribed to and the interaction between them and events in the Armani world. GIORGIO ARMANI process your data to analyse your habits and preferences to offer you personalised services and communications that are in line with your interests;
3. WHY DO WE PROCESS YOUR DATA AND ON WHAT LEGAL BASIS
3.1 Purposes related to the online sale of products
YOOX NET-A-PORTER GROUP, as an independent controller, processes your personal data for the online sale of GIORGIO ARMANI products and the relative activities connected thereto. In particular, to:
- enter into and perform a contract for the purchase on the Site of one or more products, for payment, product shipping, any management of the right of withdrawal, return, and the legal warranty. This processing is necessary to perform a contract to which you are party (purchase and sale agreement). You must provide your personal data; otherwise you will not be able to make a purchase on the Site or manage any requests you may have regarding the right of withdrawal, return, and legal warranty, or to receive the dedicated customer service;
- customer care. Processing is necessary to perform a contract to which you are party (provision of customer care). You must provide your personal data; otherwise you will be unable to receive the customer care you requested;
- the fulfilment of the legal obligations relating to the sales activity (such as, for example, issuing and storing the invoice). This processing is necessary to fulfil a legal obligation to which YOOX NET-A-PORTER GROUP is subject. It is thus mandatory that you provide your personal data; otherwise you will be unable to make a purchase on the Site;
- register on the Site (“My Account”), or use the services that are reserved for registered users (for example: Wish List, My Orders, Quick Buy, etc.). This process is necessary to perform a contract to which you are party (registration on the Site and the relative provision of services). It is mandatory that you provide your personal data; otherwise you will be unable to register on the Site and use the registered user services;
- prevention and suppression of fraud and abusive behaviours (including by third parties) that conflict with the current standards, the applicable contractual provisions, and the rules of correctness and good faith. The lawfulness of this processing is based on the legitimate interest of YOOX NET-A-PORTER GROUP to perform security activities and controls for the purpose of preventing and protecting against fraudulent activities and abusive behaviours. Upon your request, YOOX NET-A-PORTER GROUP will be able to provide you with detailed information about the aforementioned legitimate interest and the corresponding so-called balancing test;
- the use of the following services offered through the Site and linked to the online sale (not available in all countries): (i) delivery of products purchased online at GIORGIO ARMANI stores (“pick up in store”); (ii) return of products purchased online at GIORGIO ARMANI stores (“return in store”); and (iii) online sale of products at GIORGIO ARMANI stores (“click from store”). This processing is necessary to perform a contract to which you are party (provision of the corresponding service). It is mandatory that you provide your personal data; otherwise, you will be unable to use the service.
3.2 Purposes related to performing other services you have requested
Through the Site, you may reserve a product online at GIORGIO ARMANI stores (“click & reserve”, not available in all countries), as well as find the GIORGIO ARMANI store closest to you by using your geographic position (“Store Locator”), solely upon your consent. You may also contact GIORGIO ARMANI to get more information about the world of GIORGIO ARMANI and its products.
GIORGIO ARMANI processes the personal data you provide when you use these services on the Site and enter the corresponding areas of the Site. The processing is based on the performance of a contractual obligation between the parties or on precontractual measures adopted upon your request. It is mandatory that you provide your personal data; otherwise, you would be prevented from using the requested service.
3.3 Marketing purposes
With your consent, which is optional, GIORGIO ARMANI uses your personal data for marketing purposes. Indeed GIORGIO ARMANI may send you promotions, commercial or advertising communications about its products, services, and events. The marketing activities may also include market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including using aggregated anonymous data. The processing of your data is based on your voluntary consent, and providing your data is optional. However, without it, you will be unable to purchase our products online.
With your optional consent, GIORGIO ARMANI uses the data collected in its stores and online, through this or other sites, or through GIORGIO ARMANI accounts on social media, to collect information relating to your preferences, habits, lifestyle, as well as details about what you have purchased. The data is used to create group and/or individual profiles (“profiling”) which allow us to send you personalised communications that are in line with your interests, or to conduct market research and statistical analyses, including with aggregated anonymous data. The processing of your data is based on your voluntary consent, and providing your data is optional. However, without it, you will be unable to purchase our products online.
With your optional consent, GIORGIO ARMANI shares your personal data with companies in the Armani group, and others operating in the beauty, lifestyle, food, or sports sector. These companies will process your data for their own marketing purposes, i.e. to send you promotions, commercial or advertising communications about their products, services, events, including market research and surveys to determine your level of satisfaction and to conduct statistical analyses, including with anonymous data, organised in aggregate form. The processing of your data is based on your voluntary consent; providing your data is optional. However, without it, you will be unable to purchase our products online.
To send you marketing communications or personalised offers, methods such as email, newsletters, operator-assisted telephone calls, SMS, MMS, chat, instant messaging, social networks and traditional mail, including invitations to organised events from GIORGIO ARMANI or in which GIORGIO ARMANI participates. You may unsubscribe from newsletters in the corresponding section of your personal account or by clicking the respective link, which appears at the bottom of every commercial communication.
3.4 Other purposes
Your personal data is processed by each controller, within their own area of authority, and also for:
- managing requests to exercise personal data protection rights (further information in point 6). This processing is necessary to fulfil a legal obligation to which the data controller is subject;
4. WHO WILL PROCESS YOUR DATA
Duly informed personnel (employees and associates) of GIORGIO ARMANI and YOOX NET-A-PORTER GROUP, as well as third parties (providers and/or business partners) who were appropriately selected by the controllers and offer a suitable guarantee of compliance with personal data processing rules, may have access to your personal data. These third parties, based on an appropriate designation by the controllers (each of them with respect to their own area of authority) may conduct their activities as “data processors” (thus under the direct responsibility of the data controller who designated them: for example, Internet providers, companies specialised in IT and electronic services, customer care service companies, companies that perform marketing activities, companies specialised in market research and data processing, physical stores) or as “independent data controllers (for example, couriers and shippers, bank operators, independent professionals, or consulting, legal or tax assistance firms).
Your personal data may also be disclosed to third parties, including in the following cases:
(i) when disclosure is required by the applicable laws and regulations for legitimate third party recipients of communications, such as public entities and authorities that process your data as independent controllers for the respective institutional purposes;
(ii) in case of extraordinary operations (for example mergers, acquisitions, disposal of business, etc.);
(iii) when you provide your consent to the companies of the Armani Group for independent marketing purposes.
You may request an updated list of the parties to whom we disclose your data by contacting us using the contact details indicatedbelow.
Some of the parties indicated above may also be established outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guaranty an adequate level of protection of personal data according to the standards established by the GDPR. GIORGIO ARMANI and YOOX NET-A-PORTER GROUP have adopted the necessary precautions to ensure a lawful transfer of data (in particular, through the use of the Standard Contractual Clauses approved by the European Commission). You may request information about the transfer of your personal data abroad at any time by contacting us using the contact details indicatedbelow.
5. HOW LONG DO WE RETAIN YOUR DATA
We retain your personal data for a limited period of time, which is strictly related to the purpose for which it was collected, and in conformity with the applicable legal or regulatory obligations. At the end of the established retention period, your personal data will be deleted, or in any case irreversibly anonymised, unless GIORGIO ARMANI or YOOX NET-A-PORTER GROUP is required to retain the data for an additional period of time to comply with legal or regulatory obligations, or to exercise or defend a right in a judicial proceeding.
The retention period differs according to the purpose of the processing, in particular:
- for the online sale of products and the relative activities connected thereto (point 3.1), your personal data will be retained by YOOX NET-A-PORTER GROUP for the entire duration of the contractual relationship and for 10 (ten) years after the termination thereof, except for registration on the Site (“My Account”) and the use of confidential services for registered users (for example: Wish List, My Orders, Quick Buy, etc.), in relation to which your personal data will be retained until you request the deletion of your account;
- when GIORGIO ARMANI processes your data for personalised marketing or profiling purposes, your data is retained for a period of 7 (seven) years from the time you provide your consent for the aforementioned purposes, following an evaluation of the impact on data protection conducted by GIORGIO ARMANI, with the participation of its Data Protection Officer;
- for general marketing activities, your data is retained by GIORGIO ARMANI until deletion is requested, consent revoked, or processing opposed; GIORGIO ARMANI furthermore wishes to protect your data and ensure that you wish to continue to receive its communications. Therefore, it deletes your data when 4 (four) years have elapsed since your last interaction with the GIORGIO ARMANI sphere, for example through purchases made at GIORGIO ARMANI stores or the Site, participation in GIORGIO ARMANI events or newsletters;
- to comply with legal obligations relating to personal data processing matters (point 3.4), your personal data will be processed by each controller, as concerns their specific area of authority, for the period needed to manage your request to exercise the rights recognised under the GDPR or to meet the legal obligation to which the data controller is subject. The data necessary to demonstrate compliance with the legal obligations to which the controller is subject shall be retained for 10 (ten) years;
- in case of a legal or administrative dispute, your data shall be retained for the time needed for GIORGIO ARMANI or YOOX NET-A-PORTER GROUP or a third party to seek legal protection of a right, or within the limits imposed by the legal or administrative authority.
6. WHAT ARE YOUR RIGHTS
You may contact each data controller or the respective Data Protection Officers at any time, using the contact details specified below, to exercise your rights pursuant to the GDPR, and particular:
- to obtain confirmation of whether or not your personal data is being processed and, if it is, to obtain access to or a copy of such personal data (”right of access”);
- correction of your personal data, i.e. to obtain the correction, modification, or updating of any data that is inaccurate or no longer correct, as well as to supplement incomplete personal data, including by providing a supplementary declaration (“right of rectification”);
- to revoke your consent (“right to revoke consent”): you may revoke the consent you have given to process your personal data at any time, including in relation to any activity whatsoever with a marketing purpose, including profiling. To that end, we remind you that marketing activities are considered to be the sending of commercial and advertising communications, the completion of market research and surveys to determine level of satisfaction, and the personalisation of commercial offers based on your interests. Once your request has been received, the controller will be responsible for stopping the processing of your personal data that was based on such consent, while different instances of processing, or processing based on other requirements, will continue to be performed in full compliance with the current provisions;
- to request the deletion of your personal data when such data, in particular, (i) is no longer necessary for the purposes for which it was collected or processed, or (ii) was unlawfully processed, or (iii) must be deleted to perform a legal obligation, or, lastly, (iv) you have opposed such processing (see below “right to object”) and there is no prevailing legitimate reason that would allow the controller to nevertheless proceed with the processing (“right to erasure” or “right to be forgotten”);
- to obtain a limitation on the processing of your personal data, i.e. that the controller retains such data, but without being able to use it, save for any requests or exceptions prescribed by law. This right may only be exercised when, in particular (i) you object to the accuracy of the personal data, for the period needed for the controller to verify the accuracy of such personal data, or (ii) the processing of data is unlawful and you ask to limit its use, instead of deleting it, or (iii) even though the controller no longer needs it for processing purposes, you require the personal data to assess, exercise, or defend a right in a legal proceeding, or (iv) you have opposed its processing (see below “right to object”), while awaiting a verification as to any legitimate grounds of the controller that prevail over those of the data subject (right to restriction);
- to request your data or transfer it to a party other than the controller (“right to data portability”). You may ask to receive the data we process based on your consent or based on a contract entered with you, in a form that is structured, commonly used, and readable on an automatic device. If you so desire, where technically possible, we may, upon your request, transfer your data directly to a third party you indicate;
- submit a claim to one of the competent supervisory authorities on compliance with the personal data protection standards, if you believe that your data was unlawfully processed (“right to submit a claim”). In Italy, a claim may be filed with the Personal Data Protection Authority [Garante per la Protezione dei Dati Personali] (http://www.garanteprivacy.it/).
- object at any time, for reasons related to your specific situation, to the processing of your personal data for the purpose of a legitimate interest of the controller or for marketing purposes, including profiling. The controller shall refrain from further processing your personal data, unless it demonstrates that there are compelling, legitimate reasons to proceed with the processing that prevail over the interests, rights, and freedoms of the data subject, or to assess, exercise, or defend a right in judicial proceedings.
8. WEB PUSH NOTIFICATION
GIORGIO ARMANI uses some of your personal data to send you personalised notifications about products and commercial news (so-called “web push notification”) on your device, upon your express consent. In order to be able to send you these notices, we use technologies similar to cookies (in particular, “HTLM5 Local Storage”), which archive information in your device’s Local Storage area. Some of your personal data is also stored on servers, located in the European Union, which are used to manage the “web push notification”. Communications are personalised based on how you navigate and use the Site and, in particular on the products you have viewed, purchased, or placed in your cart, or on the data you entered on the Site registration form or when purchasing products on the Site (in particular, your name, to personalise communications sent to you and your date of birth to offer you special birthday promotions and discounts. The categories of personal data that are used for this purpose are:
- products that are purchased, viewed, or placed in your cart;
- date of birth;
- gender (male or female); language used to navigate and version of the Site used (country);
- information about the device and browser you used;
- date and time when you gave consent to receive web push notifications;
- date My Account created;
- date of last visit to Site.
- Chrome: Settings > Show Advanced Settings > Privacy – Content Settings > Notifications - Manage exceptions > Enter www.armani.com and select “Block”
- Firefox: Options > Content > Notifications – Choose > www.armani.com – “Block”
- Safari: Preferences > Notifications > From here select “Refuse”.
- Desktop: Right-click on notifications> disable notifications from www.armani.com
- Mobile: Access the notification centre > Site parameters > Notifications > Block notifications from www.armani.com
9. DATA SECURITY
We adopt specific technical and organisational security measures to safeguard the confidentiality of Site users’ personal data, which are aimed at preventing the unlawful or fraudulent use of their personal data.
We remind you to take suitable precautions when using the Site, such as, for example, keeping your access credentials strictly private, and changing them periodically.
10. CONTACT DETAILS OF DATA CONTROLLERS AND THE CORRESPONDING DATA PROTECTION OFFICERS
The data controller, for the purposes indicated in points 3.1 and 3.4 is YOOX NET-A-PORTER GROUP S.p.A., a company subject to the management and coordination activity of Compagnie Financière Richemont S.A., with registered office at via Morimondo, 17 – Milano 20143, Italy.
The Data Protection Officer for YOOX NET-A-PORTER GROUP, domiciled at the registered office thereof, may be contacted at the following email address: DPO@ynap.com.
The data controller, for the purposes indicated in points 3.2, 3.3 and 3.4, is Giorgio Armani S.p.A., with registered office at Via Borgonuovo 11, 20121 – Milan (MI), Italy, email: firstname.lastname@example.org.
The Data Protection Officer for Giorgio Armani S.p.A., domiciled at the registered office thereof, may be contacted at the following email address: DPO@giorgioarmani.it.
For any clarification, question, or requirement related to your privacy, or to exercise your rights recognised under the GDPR (see point 6) you may contact us by sending a request to our Customer Care, selecting “Privacy”. If you so wish, you may also contact us and our Data Protection Officers (DPOs) directly; to do so, you may use the contact details noted above.
11. HERO CHAT
Last updated April 2021.