(according to the EU Reg. 2016/679, the "Regulation")
La Rinascente S.p.A. (hereinafter, “Rinascente”) with offices in Milan, Via Washington 70, is the Data Controller in charge of the processing of your personal data through its website www.rinascente.it (“Website”) and the social media pages used by Rinascente (hereinafter “Social Media Pages”). Please note that Rinascente will process your data in compliance with the regulations in force and pursuant to what is reported hereinafter.
1. Categories of personal data
Rinascente collects and processes the following data from those accessing and visiting the website:
1.1 Automatically-collect personal data
● Browsing data: in the course of their normal operation, the IT systems and software procedures designated to the website’s operations acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to associate it with identified interested parties, but, due to its nature, could allow users to be identified, through processing and association with data held by third parties. This data category includes IP addresses or the domain names of computers used by users connecting to the site, the URIs (Uniform Resource Identifiers) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the response file obtained, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.
1.2 Personal data provided directly by you
● Personal data (for example: name, surname); contact details (such as email address, address, telephone number and mobile phone number); account name and password; payment details; shipping address and billing address; purchase data (date, quantity and type, product code, sales amount, VAT number where applicable, information on complaints, returns, warranty and refunds and other information relating to the sale of products on the Site), provided during registration on the Site or during the use of certain services, such as the purchase of products online. Although the registration on the Site allows you to enjoy an easier browsing and purchasing experience, any online purchases may be made even without registration;
● Personal data, contact details and other personal data that you provide when completing forms on our website [e.g. to request our Rinascentecard/International Visitors Card, respond to a job offer, or when you access and use the area reserved to Rinascentecard/International Visitors Card holders - to this end, please read the related information that Rinascente posts from time to time at the bottom of forms (or attached to the regulations for the use of the Rinascentecard/International Visitors Card) which contain further information on the personal data processing performed in each context];
● any contact with Rinascente through our Customer Service or optional and unprompted messages, emails or letters, to Rinascente contacts indicated on our website entail the subsequent acquisition of the sender’s address, or email address, or their telephone number, which is needed to answer queries, as well as any other personal data included in the related correspondence;
● data related to your shopping habits and preferences;
● any data of third parties (e.g. people who receive products sent as gifts) which, although not using the Site's functions and services, may still be acquired by Rinascente as they are entered by the user as recipients of deliveries. In the case of data provided by third parties, you must guarantee Rinascente that you have expressly obtained their prior consent and you must transfer them the information contained in this policy.
You must ensure that the personal data provided to Rinascente is correct and, in case of any changes, to update such data by writing to Rinascente or using the options within your personal area, if you are registered.
1.3 Personal data collected via social network pages used by Rinascente
Rinascente may also collect your personal data as you interact with the social network pages used by Rinascente (hereinafter “Social Media Pages”). Some information is provided to Rinascente directly by you when you decide to share, via your profile, images published on our Social Media Pages, comment on our posts and/or show your appreciation for one of our products, initiatives, or events by pressing the specific buttons, as well as when you decide to write a message to us using the private chat feature or other channels made available on the various social networks.
We can also acquire certain information collected indirectly as a consequence of your interaction on our Social Media Pages; for example, we can find out the time and day when you liked one of our posts or sent a request via message.
Please be aware that obtaining much of your personal information can depend on the settings that you choose for a particular social network, as well as the content that you decide to make public. This information may include your name, surname, some contact details and the image linked to your social profile. Therefore, please note that some of your information can be seen by Rinascente once you decide to follow our Social Media Pages. In this regard, we kindly request you to read the privacy policies for the various social networks and check the relevant privacy settings.
1.4 Data concerning minors
The services on this Site are intended for people aged 18 years or older. Rinascente does not freely request, collect, use or disclose personal information provided by persons under the age of 18. If Rinascente learns that it has collected data from a minor, it will delete it. If you are under the required age, please do not register or purchase a product online and ask an adult (your parents or guardian) to carry out the necessary procedures.
2. Purposes and legal bases of personal data processing
The personal data is collected and processed with automated means, and with the aid of electronic and information media, according to the principles of necessity, lawfulness, correctness, proportionality and transparency, for the purposes and according to the conditions of lawfulness (so-called legal basis) indicated hereinafter:
2.1 To enable you to browse our website and use the services offered on it
● To provide you the requested services (e.g. management of the registration and access processes to the Site, account management, user assistance, management of the complaints, wishlist management, consultation of your order history, management of shipping and billing addresses, verification of the status of your orders, processing of data for the provision of individual services requested by you, such as purchase and collection in store). Please note that the Rinascentecard holders who decide to register to the Site: i) receive a code to be entered at the time of the registration, ii) access their own reserved area, where they can set their password, and iii) view the data already provided to Rinascente when requesting a card and any consents given, which they may freely modify when registering with the Site and at any other time.
● For online order processing (e.g., to carry out the necessary online transactions to process your order; to verify that the information you provide for the transaction is complete, valid, correct and not fraudulent; to process your order and deliver the products; to provide pre-sales and after-sales support services, including returns or handling legal warranties; to contact you, by email too, for any problems relating to the processing of your order or subsequent requests relating to your order. Please note that Rinascente requires information regarding payment methods and payment card only during the purchase process. This information will be sent securely to certified payment service providers for authorizing the transaction. Rinascente cannot view or access the complete payment card data under any circumstances.
● To provide you with assistance when requested through our Customer Service and answer your queries via email or telephone;
● To issue you the Rinascentecard and allow you to access all the advantages reserved to the card holders (discounts, promotions, entering prize draws, event invitations and admission, etc.). For further information on the use of your personal data for this purpose please read our Information for Rinascentecard holders;
● To issue you the International Visitors Card and allow you to access all the advantages reserved to the card holders (discounts, promotions, entering prize draws, event invitations and admission, etc.). For further information on personal data use to said ends, please read our Information for International Visitors Card holders;
● When looking for and selecting staff, if you send your CV on request or without prompting. For further information on personal data use to said ends, please read our Information for candidates available on the website’s Careers section;
● To contribute to the website Archives, providing historic material on Rinascente. For further information on personal data use to said ends, please read our Information available on the website’s Archives section.
● To use the wedding gift list service. For further information on personal data use to said ends, please read our Information available on the wedding gift list website.
In all of the above-indicated cases, the legal basis of the processing is the performance of a contract and pre-contractual measures.
2.2 Interaction on social networks
To allow you to interact on our Social Media Pages, send your comments, show your appreciation for the initiatives promoted by Rinascente, and share our posts, we will process your data and also allow you to follow up on your requests sent via these channels.
2.3 Analysis of consumption habits
To analyse your consumption habits and perform market analyses and research to the ends of improving our commercial offer and to send you promotions and invitations which are suited to you and your preferences. The legal basis of the processing is your consent (obtained when you request our Fidelity Cards and said consent may be withdrawn at any time).
To send you advertising and promotional materials, via mail, telephone or electronically, for example via email, sms, and other digital channels which you have authorised. The legal basis of the processing is your consent (obtained when you request our Fidelity Cards and said consent may be withdrawn at any time).
To ascertain liability in the event of potential IT crimes to the detriment of the website and manage any behaviour which violates the rules established in our Fidelity Card Regulations and safeguard our rights before courts of law. The legal basis of the processing is the need to pursue our legitimate interests (safeguarding our rights before courts of law and verifying compliance with our Fidelity Card Regulations).
2.6 Fulfilment of legal obligations
To comply with the obligations established by the law or regulations (e.g. for invoicing, bookkeeping, safety incident reporting obligations, responding to your requests to exercise your rights) or orders from the competent Authorities. The legal basis of the processing is the need to fulfil a legal obligation.
2.7 Services’ improvement
Furthermore, at the same time as the notice of purchase concluded, Rinascente may ask you to express your opinion on the service received. If you decide to give your opinion on the service provided, the answers will be treated in aggregate form and on the basis of Rinascente's legitimate interest in improving its services. Filling in the questionnaire is in any case entirely optional, therefore failure to provide the data does not imply any kind of consequence on the user.
3. Nature of personal data provided
With respect to the purposes set out in points 2(a), (e) and (f), in the forms available on our website, data marked with an asterisk is mandatory to the provision of the requested services (for example, on issuing the Rinascentecard/International Visitors Card or when forwarding a CV). Missing, incomplete or untrue communication will lead to the Service not being provided. Conferring personal data other than those indicated is optional and refusing to provide such data will lead to the above-indicated ends not being pursued, possibly only in part (for example, Rinascente may not be able to send you promotional materials about products that may be of interest to you).
4. Personal data recipients and transfer to third countries
In order to pursue the above-indicated purposes, your personal data will be processed by authorised Rinascente staff (including the Director of the Store where it was collected, the sales staff, the authorised staff of Marketing, Human Resources, Information System, Customer Service, Omnichannel and Logistics departments), as well as authorised staff of third parties acting as data processors (IT service and customer service suppliers, CRM providers, companies providing services such as data entry and mailing, brands and, in the event of entering prize draws or attending events, companies that take care of the organisation and management of competitions and events on our behalf). Furthermore, your personal data may also be disclosed the following recipients, who always operate as our data processors: companies of the same group to which Rinascente belongs for the performance of IT and logistic support, administration and accounting activities; companies appointed by Rinascente to send promotional communications; payment service provider to allow payment of purchases made on the Site, or their refund if necessary.
Where strictly necessary to the ends of pursuing the purposes indicated above, your personal data may also be disclosed to independent third-party data controllers, such as the competent Authorities (for example, in the event of card theft being reported or dispute management), a notary and the chamber of commerce (in the event of entering prize draws) or PR companies (event attendance), legal, fiscal or administrative consultancy firms (if the communication is necessary or functional to the correct fulfilment of the contractual obligations referred to in the services offered by the Site, including the purchase contract, as well as obligations deriving from the law or in the case of assessment, exercise or defence of a right), to the acquirer (in order to allow the payment of purchases), to shippers and companies that deal with logistic support and that manage the collection points for the products purchased on the Site (Access Point).
When purchasing a product on the Site, Rinascente may communicate the transaction data to Coöperatieve Vereniging Smart2Pay Global Services U.A., based in the Netherlands, which will carry out anti-fraud and security checks on the transactions made on the Site. This company processes your transaction data as an independent data controller in order to: i) examine the purchase to ascertain whether there is any fraudulent activity, ii) store the transaction data in its databases, iii) anti-money laundering purposes in accordance with its information available at the following link: https://smart2pay.com/en/Privacy.
When interacting with the Social Media Pages, your data may become known to those companies acting as data processors that provide Rinascente with assistance and support in the management of its profiles on the main social networks. Furthermore, in the same instances, please note that your data may become known to the companies managing the social networks as autonomous data controllers. To learn more about how these companies process your data and, if applicable, how to change data protection settings, please consult the relevant privacy section available on each of the social networks.
Further information on recipient categories is available in the respective information on personal data processing according to point 2.
Personal data will not be disclosed or transferred to third parties to use for their own purposes; it is understood that, in the event of any extraordinary corporate transactions (e.g. transfer or lease of company, merger, etc.), the data may be transferred or given to third party purchasers / tenants or assignees.
For specific needs related to the location of Rinascente's servers and/or its suppliers, Rinascente also uses suppliers located in third countries outside the European Economic Area (in particular in Thailand and the United States) to provide the services. In this case, Rinascente guarantees adequate levels of protection and safeguard also through contractual agreements, including the stipulation of standard contractual clauses.
The list of the recipients of the processing is available by writing to the Rinascente addresses indicated in the "Contact Data" section below.
5. Personal data storage
Rinascente stores your personal data for the time period strictly necessary to pursue the purposes indicated above (e.g. where the user has an account, until the account is closed) in compliance with civil and tax obligations on data storage and the limits provided for by the law. The data processed to fulfil any contractual obligations with you may be stored for the whole duration of the contract, plus another 10 years after the end of the fiscal year in question, in order to deal with any tax-related audits and/or disputes.
In the event of disputes: if we must defend ourselves or act or make claims against you or third parties, we may store personal data whose processing we consider reasonably necessary to these ends, for the time in which the claim may be pursued.
Further information on the storage times of the data processed is available in the respective policies on personal data processing according to point 2.
For Rinascente, protecting the personal data (e.g. identification and transaction data) of users of the Website is really important. For this reason, Rinascente adopts policies and security measures of a technical and organizational nature to protect, in compliance with current regulations, the personal data of users and the computer systems used to manage the Website. In particular, Rinascente has implemented measures to protect personal data against accidental or intentional tampering, loss, destruction, disclosure or unauthorized access to data collected online.
However, although Rinascente continues to implement and improve security measures in line with the development of technology and industry standards, due to the very nature of Internet, these measures cannot limit or totally exclude the risk of unauthorized access or dissemination of data. It is therefore recommended that you regularly update your software for the protection of network data transmission (e.g. antivirus) and verify that your electronic communications service provider has taken appropriate measures for the security of network data transmission (e.g. firewalls and spam filters). We would also like to remind you that the access to your personal account, which contains your personal data, is only possible through a username and a password: in order to help us better protect this data, we therefore recommend that you do not communicate or make this information available to third parties.
With regard to payments made for online purchases, the Website uses systems designed to ensure maximum security through the use of the most advanced technological and coding systems (SSL).
7. Your rights
As interested party, pursuant to articles 15 et seq. of the Regulations you have the right to:
get confirmation of the existence of your personal data, access their content and get a copy (right of access);
update, amend and/or correct your personal data (right to rectification);
request the cancellation or restriction of data processing in the cases provided for by the Regulation, including where data have been processed in violation of the law or storage is not necessary for the purposes for which the data were collected or otherwise processed (right to erasure and right to restriction);
withdraw consent, where given, at any time, without prejudice to the lawfulness of the processing based on consent given before withdrawal (right to withdraw consent);
within the limits of what is provided for by the Regulation, get a copy of the data you provided in a structured, commonly used, machine- readable format and request this data to be transmitted to another data controller where technically feasible (right to data portability).
You also have the right to object to the processing of your data, at any time, for the purpose of direct marketing, including profiling connected to direct marketing and in the event that the processing is founded on legitimate interest (right to object).
You may exercise your right at any time by writing to the following email address: firstname.lastname@example.org or by sending a registered letter to the following address: Via Washington 70, Milan (FAO Rinascente DPO).
When contacting us, you must include your name, email address, postal address and/or telephone number if provided and your Rinascentecard number (if you are a Rinascentecard holder) in order to process your request correctly.
We remind you that requests for the cancellation of data are subject to current legal and regulatory obligations regarding the retention of documents.
Please, remember that to manage consent where given (including withdrawal) and amend or update your personal data and your profile, you may access your reserved area at any time and use the functions available in the “edit profile” section.
Rinascente may require you to prove your identity and provide you with information regarding the action taken on a request within one month of receiving the request. In accordance with the Regulation, this deadline may be extended by two months, if necessary, taking into account the complexity and number of requests, in which case Rinascente will inform you of this extension, and the reasons for the delay, within one month of receipt of the request.
You also have right to lodge a complaint with a Supervisory Authority for Data Protection at any time in the event of a breach of data protection regulations. For further information: https://www.garanteprivacy.it/home_en/rights#how
8. Data controller and data protection officer contact info
The Data controller is: la Rinascente S.p.A., with offices in Milan, Via Washington 70, VAT 05034580968, Telephone No, +39 02/46771.
The Data protection officer or DPO is available at the following email address: email@example.com or by sending a registered letter to the following address: Via Washington 70, Milan (FAO Rinascente DPO).
This Policy may be updated over time also in consideration of changes in laws or regulations regarding the protection of personal data and, in this case, we will inform you. The changes and updates will apply from the moment they are published on the Website (in case of changes for which the applicable legislation requires the collection of consent, you will be allowed to express your choice freely). We therefore invite you to periodically consult this page to check the most up-to-date version of the Website's Policy.
To know more about the previous versions of the Policy, please visit the following page [●].
Last update: April, 2020.