PRIVACY POLICY

PERSONAL DATA PROCESSING NOTICE

Art. 13 of EU Regulation 2016/679

The Stefano Ricci S.p.A. company (henceforth also referred to as “Stefano Ricci” or “the Company” or “the Controller”), with head offices at no. 171, Via Faentina, Fiesole (Florence), the holding of the Stefano Ricci group, takes the protection of your personal data seriously. The Company aims to ensure the personal data of its users is protected at all times.

This privacy Notice concerns the use of this website (www.stefanoricci.com, henceforth also referred to as the “Website”) managed by Stefano Ricci S.p.A., and use of all the services offered by said website. As a result, users are asked to read this Notice on the processing of personal data carefully, to ensure they understand which data is gathered, and the purposes for which it is processed.

1. Reasons for the Privacy Notice, and the Data Controller

Stefano Ricci S.p.A. hereby informs you that it is Controller of the processing – in accordance with articles 4, no. 7 and 24 of EU regulation 2016/679 “General Data Protection Regulation” (hereafter also referred to as the “Regulation” or “GDPR”) of the Personal Data you have supplied to Stefano Ricci S.p.A. through this Website, along with Personal Data supplied to boutiques of the Stefano Ricci group. This may also include data supplied via controlled and/or part-owned companies and/or business partners, or during events organised by the Company. In the latter cases, this notice supplements any other notices received.

You are also hereby informed that your Personal Data will be processed in accordance with European privacy laws currently in force (EU Regulation 2016/679), and specific local regulations that apply to processing conducted outside of the European Union.

2. Type and source of data

The Personal Data which Stefano Ricci gathers and processes according to the specific purposes pursued and indicated herewith shall include, by way of example, personal information such as title, name and surname, date of birth, country and language; contact information such as postal address and email address, telephone number. With regard to the purchase, it may include any information pertaining to payment, such as credit card or other payment method (hereafter also referred to overall as “the Data”).

Stefano Ricci shall process the Personal Data you directly and consciously supply when making your online purchase through this Website, and/or upon registering on the Website by creating an account, and/or signing up for the Stefano Ricci newsletter service and/or submitting a request to our Customer Service department, along with any data that should be supplied on filling out customer forms at any of the boutiques of the Stefano Ricci group, or by taking part in any events organised.

When registering an account on the Website, the user is obliged to submit personal information such as title, name and surname, language, date of birth, email address and telephone number. The user will also be asked to choose a password for his or her account.

When the Company is contacted by a user, for example by sending an email, the message received is kept with an end to answering questions, fulfilling requests and improving the services offered.

Each time the user accesses the Website, certain pieces of data are gathered automatically. These include IP address, type and version of the browser, operating system and platform used through what are known as “cookies”. Cookies are a particular type of data which is transferred and memorised on the user’s hard disk through the browser adopted by the user. Cookies allow the company to create mechanisms for authenticating access, memorising selected navigation settings, and customising the Website to suit the personal needs of its users. Users can disable cookies on their browser settings, but it should be borne in mind that doing so may make it impossible to use certain services on the Website.

In the event of users supplying the personal data of third parties, said users must first ensure the parties concerned have been informed, and that they have authorised the processing of their data as described in this Notice.

3. Processing method, purpose of the data processing and nature of the conferment

The Company hereby informs you that it will process the Personal Data for the purposes described herewith. It will do so manually and/or with the support of computerised or telecommunications means.

The Personal Data will be acquired to manage the relationship between yourself and Stefano Ricci, and to answer or satisfy any requests you should submit. It shall also be acquired to fulfil your online purchase placed via the website www.stefanoricci.com, and accordingly all activities for handling the order, including administrative management of the contract, dispatching the products, accounting, fraud prevention, management of any disputes, communicating with the user in respect of any problems arising from management of the order, or subsequent requests concerning the order itself. Personal Data is also acquired in order to comply with all the obligations stipulated by the law and regulations in force.

It is necessary to supply the Personal Data for the abovementioned purposes. Refusal to do so might render it impossible to complete the purchase.

Moreover, on providing your consent, the Personal Data may be entered into the CRM programme of the Stefano Ricci group and be processed, along with the details of your purchases, for the following purposes:

a) Marketing through traditional contact means (ordinary post and telephone) and/or via email for sending promotional news, sales communications, newsletters, advertising material, catalogues and invitations to events organised by the Company.

b) Profiling to analyse the user’s contact with the Company, interests, preferences and purchasing habits. The Company may also use the Personal Data for conducting statistical surveys and market surveys to identify products and/or services that might prove of interest to clients of its brand.

c) Transferring Data within the Stefano Ricci group (both within and outside of the EU).

The companies of the STEFANO RICCI S.p.A. group are located worldwide. As a result, your personal data may be transferred outside of the country you are located in, including to countries both inside and outside of the European Union ("EU") to provide a coherent level of service.

Entry of data in the CRM programme is optional. It is also free of charge, as it is based on the user’s choice to give permission when his or her Personal Data is submitted for both marketing and profiling (points a) and b)), or just either of the two. Users may cancel registration or revoke their permission at any time (see point 6). Failure to supply the Personal Data for one or both of the aforementioned CRM purposes shall not prevent the user from making use of the Company’s services, nor shall it prevent the user from making purchases. The Company will not, however, be able to inform the customer of any marketing initiatives and/or events it is organising. Nor will it be able to form an understanding of his or her interests, and offer services tailored to suit his or her requirements.

In addition, the Company hereby informs you that, if you should give your permission for your Personal Data to be processed for marketing and profiling purposes as per above points a) and b), said data shall be visible to and/or shared with other companies in the Stefano Ricci group (both inside and outside the EU). All appropriate confidentiality and security measures shall be adopted as required by the applicable regulations.

4. Communication and diffusion of data

Users are assured that their personal data is always in good hands, as protecting data is a priority for the company. Information concerning users shall be shared exclusively with third parties which adhere to the legal provisions in force governing data protection, and which guarantee an appropriate level of protection for the data. Personal data of users shall be shared with the Stefano Ricci S.p.A. group.

Data may be communicated to any other third party when the communication is rendered obligatory by law, including to prevent/repress any unlawful activity. In all other cases, user personal data shall be shared with third parties solely with prior and explicit consent.

Your Data shall not be disseminated in any way. The Data Controller may communicate the Data, solely for the purposes described above, to third parties (such as suppliers and partners) which have been duly appointed Data Processor in accordance with article 28 of the GDPR. Moreover, the Data may be communicated to any other party if required by law. Lastly, the Data may be brought to the attention of persons authorised by the Data Processor for the purpose concerned.

5. Data Transfer

The Personal Data provided by the user may, where consent is given, be transferred to companies belonging to the Stefano Ricci group located outside of the European Economic Area, in compliance with the provisions of the applicable regulations. Suitable, opportune and adequate security measures shall be adopted.

6. Personal data security

In order to protect the personal data of users from unauthorised access, disclosure and alteration, measures of a technical nature, as well as measures of other kinds, have been adopted. These security measures are periodically adapted in an attempt to ensure the security offered is always of a high standard. Users should nonetheless bear in mind that, in spite of all efforts made, no security measure is perfect or impenetrable. As a result, the Company may not in any way be deemed responsible for breaches due to errors, omissions or the unauthorised actions of third parties.

In addition, in order to help maintain a high security standard, users are kindly asked to ensure they keep the username and password chosen secret at all time, and that they do not reveal them to third parties. Certain information concerning users will be memorised on two third-party servers. At present these are an Amazon Web Services server in Ireland, and a server belonging to eCommerce Outsourcing located in Milan.

The third-party provider has been chosen based on the best knowledge currently available, and may be replaced from time to time, particularly if it is felt that user personal data is no longer receiving appropriate protection. The third-party provider shall undertake to offer a high standard of security at all times.

7. Duration of the processing

The Data is acquired and processed by the Company subject to your consent, in accordance with article 6 paragraph 1, letter a) of the Regulation. There is no obligation to submit Data, but failure to do so shall result in the Controller being unable to proceed with the abovementioned activities. Your Data shall be kept in accordance with the principle of proportionality, and solely for as long as is deemed necessary for legitimate business purposes, or for the amount of time stipulated by law. Generally speaking, we keep data for a maximum of 24 months for marketingpurposes, and 12 months for profiling. Upon expiry of this period, your Data shall be made anonymous, or in any case kept in aggregate form for statistical purposes regarding consumer choices.

8. Rights of users over Data processed

You may alter the Data pertaining to your account at any time by accessing the “Account” area using your credentials.

You may also exercise the rights which apply to you (as described under article 15 and subsequent articles of the GDPR) against the Controller. These rights include the entitlement to ask the Controller, at any time, to grant access to the Data, to rectify, cancel the data or restrict the processing. You can also request data portability or oppose its processing.

It should be noted that if a user requests the cancellation of his or her own personal data, the user may no longer receive the services offered by the Website.

You are also entitled to change and/or cancel your registrations at any time using the UNSUBSCRIBE link in the newsletter, or adopting other specific procedures made available to the user.

We would also remind you that you may enter a complaint to the Ombudsman for the protection of personal data, or to other competent Supervisory Authorities.

9. Contacts

For any request pertaining to the Personal Data covered by this notice, and for the purposes of exercising your rights, you may contact the Controller or the DPO – Data Protection Officer of Stefano Ricci by sending an email to the following email address: dpo@stefanoricci.com and/or by sending a letter to the following postal address: Stefano Ricci S.p.A., C.A. Data Protection Officer via Faentina, n. 171, 50014 Fiesole (FI) - Italia.

10. Changes to this privacy notice

We would remind you that this Privacy Notice may undergo periodic changes with an end to improving protection afforded to the personal data of users. In the event of any change being made, we will update the “date of last change” to indicate when it came into force.

We advise users to check this Privacy Notice periodically.

In the event of any substantial changes, we will notify users thereof and request their consent, where required by the applicable law.

In continuing to use the Website, the user declares that he/she accepts the new Privacy Notice.

11. Press Lounge

Stefano Ricci will handle the Personal Data which you directly and consciously supplied to this Website upon registering with the platform and creating an “SR Press Lounge” account, and/or the dedicated newsletter service “SR Press Lounge”.

The Personal Data which Stefano Ricci gathers through the SR Press Lounge, which it processes according to the specific and relevant purposes, includes, by way of example, personal information such as title, name and surname, country and language; contact information such as email and telephone number; Media/Magazine/Web Platform and Qualification (hereafter also referred to collectively as “the Data”).

When the request is submitted to create a Press Lounge account, the request is handled by Stefano Ricci S.p.A. The contact Data is acquired and processed for managing the relationship between the user and Stefano Ricci, and to fulfil your request to create the account. An automatic email will be sent to users to confirm that the access request has been received, and that it will be managed. After checking the identity of the requesting party, the Company will issue authorisation to create the account. Once registration has been approved, it will send the password to the user.

Moreover, by giving your consent when you request the creation of a Press Lounge account, the Personal Data may be entered into the CRM programme of the Stefano Ricci group, and processed for the following purpose:

a) Marketing, via email, with the “SR Newsletter Press” containing news of the arrival of new materials, for downloading from the platform.

Users who sign up for the Press Lounge and who have agreed to receive the “SR Press Lounge” newsletter may unsubscribe by clicking on the UNSUBSCRIBE link in the newsletter, or by writing to presslounge@stefanoricci.com. In this case, you will no longer receive the newsletter, but the Press Lounge account will remain active until such time as it is cancelled, as described below.

Users registered with the Press Lounge can change their Data by writing to presslounge@stefanoricci.com. n addition, users will be able to cancel their Press Lounge account using a button on the website. This generates an automatic email requesting cancellation to be sent to the service address presslounge@stefanoricci.com.

12. Correlated information

Before using the Website, users are asked to read theCOOKIE POLICY with care.

Date of last change: 21/06/2019