- Women
- Men
- Kids
- Home & Design
- Beauty
- Food & Drinks
- Promo
- Brands
- Stores & Restaurants
- Events
Privacy policy of the website
(pursuant to EU Regulation 2016/679, “Regulations”)
La Rinascente S.p.A. (hereinafter “Rinascente”), with registered office in Milan, 20146, at Via Washington 70, is the Data Controller of your personal data collected through this website www.rinascente.it (“Website”) and the Social Media Pages in use at Rinascente (hereinafter “Social Pages”). We remind you that Rinascente will process your data in accordance with applicable regulations and as set forth below.
This privacy policy describes the methods for processing the personal data of users who access the Website, whether they are registered or not, and who use the services provided by the Website, including creating a user account, purchasing products sold online by Rinascente and using other services made available by Rinascente.
The user's personal data are therefore processed by Rinascente in accordance with the applicable laws and the provisions set forth below.
In its capacity as the provider of the registration service, the seller and the entity exclusively responsible for identifying and implementing the technical and organisational measures governing the processing of personal data stored on the Website, Rinascente is the Data Controller of your personal data for the purposes set out in sections 3.1. (except for letter d), 3.2., 3.3., 3.4., 3.5., 3.6. and 3.7. of this policy.
This policy applies exclusively to the processing of personal data carried out through the Website and Social Pages; any third-party websites accessible through links are subject to the privacy policy provided by the operator of the relevant third-party website. We therefore recommend that you review these documents before browsing third-party websites.
1. Categories of personal data collected and processed by Rinascente
Rinascente collects and processes the following data from those who access and visit its Website and/or Social Pages:
1.1. Automatically collected personal data
● Browsing data: the information technology systems and software procedures used to run this Website acquire, during their normal operations – also through the use of technical cookies – some personal data whose transmission is implicit when using Internet communication protocols. This information is not collected for the purpose of being associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, enable the identification of users. This category of data includes IP addresses or domain names of computers used by users accessing the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment.
● Aggregate-level data relating to user behaviour on the Website (e.g. clicks and/or mouse movements) collected through the use of cookies; for more information on the use of cookies by Rinascente, please refer to the relevant Cookie Policy.
1.2. Personal data directly provided by you
● Personal data (e.g. first name, surname); contact details and other contact information (such as email address, telephone number and mobile phone number); account name and password; payment details; shipping address and billing address; purchase information (date, quantity and type, product code, sale amount, VAT number, if applicable, information on complaints, returns, warranty and refunds, and other information relating to the sale of products on the Website), provided during registration on the Website or when using certain services, such as purchasing products. Although registering on the Website allows you to enjoy an easier browsing and shopping experience, any online purchases may also be made without registration;
● personal data, contact details and other personal information provided by you when completing forms on our website (for example, to request the Rinascentecard or to respond to one of our job advertisements or when you access and use the area reserved for Rinascentecard holders - to this end, we recommend that you review the policies that Rinascente publishes from time to time at the bottom of the forms - or attached to the regulations for the use of the Rinascentecard - and that provide more detailed information about the processing of personal data carried out in such a context);
● any contact with Rinascente through customer services or the optional and spontaneous sending of messages, e-mails or traditional mail to the Rinascente addresses provided on the Website entail the subsequent acquisition of the sender's address, including e-mail address, or telephone number, necessary to respond to the requests, as well as any other personal data included in the relevant communications;
● data relating to your purchasing habits and preferences;
● any data relating to third parties (e.g. recipients of products sent as gifts) which, although said parties are not using the features and services of the Website, may nevertheless be acquired by Rinascente as they have been entered by the user as the recipients of deliveries. In the case of data provided by third parties, you are required to guarantee to Rinascente that you have obtained their express prior consent and undertake to send them the information contained in this policy.
You are required to ensure that the personal data provided to Rinascente is correct and, in the event of any changes, to update such data by writing to Rinascente or using the options available in your personal area, if you are registered.
1.3. Personal data collected through the Social Pages in use at Rinascente
Rinascente may also collect some of your personal data when you interact with the Social Pages. Some information is communicated to Rinascente directly by you when you decide to share – through your profile – images posted on our Social Pages, to comment on our posts and/or to express your liking for one of our products, initiatives or events by selecting the appropriate buttons, as well as when you decide to write us a message using private chat or other channels made available on various social media platforms.
Rinascente may also learn about some data indirectly gathered as a result of your interaction with our Social Pages; for example, the time and day you express your liking for one of our posts or send a request via a message.
Our knowledge of much of your personal information may depend on your social media settings and the content you choose to make public. This information may also include your first name, surname, some contact details, and any images associated with your social media profile. Therefore, we remind you that some of your information will be visible to Rinascente once you decide to follow our Social Pages. For this reason, we recommend that you review the privacy policies of the various social media platforms and check your privacy settings.
1.4. Data relating to minors
Rinascente does not request, collect, use and disseminate personal data provided by persons under the age of 18. If Rinascente learns that it has collected data from a minor, it will delete them. If you are not of the required age, please do not register or purchase any product online and ask an adult (a parent or guardian) to carry out the necessary procedures.
2. Purpose and legal basis of the processing of personal data
Personal data are collected and processed by Rinascente electronically and with the help of electronic and computerised means, according to principles of necessity, integrity, proportionality and transparency for the purposes and according to the conditions of lawfulness (legal bases) envisaged in the GDPR indicated below:
● Enabling you to browse our Website and allowing you to use the services offered therein
a) To provide you with the services you request (e.g. management of the process of registering for and accessing the Site, account management, user assistance, complaints management, wishlist management, consultation of order history, management of shipping and billing addresses, checking the status of orders, purchase and collection in store).
Please note that Rinascentecard holders who decide to register on the Site: (i) receive a code to be entered at the time of registration, (ii) access their reserved area, where the password can be set, and (iii) view the data already provided to Rinascente when requesting the card and any consent given, which they may freely modify when registering on the Site and at any other time.
b) For the management of online orders, for example, carrying out the online transactions necessary for the management of the order; verifying that the information provided for the transaction is complete, valid, correct and not fraudulent; processing the order and delivering the products; providing pre and post-sales assistance services, including returns or the management of legal guarantees; contact you, also by e-mail, for any problem relating to the management of the order or subsequent requests relating to the same. Please note that Rinascente requests information relating to payment methods and the payment card exclusively during the purchase process. This data will be sent securely to certified payment service suppliers for authorisation of the transaction. Rinascente cannot view or access complete payment card details under any circumstances.
c) To provide assistance where requested by you through customer services and to respond to a request by e-mail or by telephone;
d) To issue you with a Rinascentecard and thus allow you to access all the benefits reserved for cardholders (discounts, promotions, participation in prize competitions, invitations and participation in events, etc.). For more information on the use of your personal data for this purpose, read our Information for Rinascentecard holders HERE;
e) For personnel recruitment and selection purposes if you submit your CV on request or spontaneously. For more information on the use of your personal data for this purpose, read our Information for candidates available in the Careers section of website HERE;
f) To contribute to the content of the Archives website by providing historical material on Rinascente. For more information on the use of your personal data for this purpose, read our Policy available in the Archives section of the website HERE;
g) To use the Wedding List service. For more information on the use of your personal data for this purpose, please read our Privacy Policy available on the Wedding List website HERE.
In all the cases indicated above, the legal basis of the processing is the performance of a contract and pre-contractual measures.
h) To allow you to purchase and/or use Rinascente digital Gift Cards and carry out the necessary checks required or authorised by current legislation in the event of use of Rinascente Gift Cards as a means of payment in fulfilment of legal obligations or in the cases required by law.
● Interaction with Social Pages
To allow you to interact with our Social Pages, send comments, express your satisfaction with the initiatives promoted by Rinascente and share our posts. We will process your data to allow this activity and to follow up on any requests sent through these channels.
● Profiling and marketing
The legal basis of the processing is your consent issued by accepting the cookies on the Site. This consent can always be revoked through the cookie settings, as indicated in the Cookie Policy.
In particular, as regards interaction with Social Pages, if the user has given their consent to the use of profiling cookies on the Site, Rinascente may also process the user's contact data (in particular the address and e-mail address) and the data communicated by the user during the interaction with the Social Pages - such as the information provided by the user to the social media based on the privacy settings selected on the site in question - to show the user marketing ads and content consistent with their interests, based on preferences and consumption habits identified through cookies and/or other tracking systems of social media managers, including Meta Platforms Ireland Ltd. (“Meta”) and/or following analysis carried out by social media on their users.
In particular, we can show relevant marketing content and advertising through digital platforms based on the interests of users, whose information about preferences and interests, consumption habits, spending margins, etc. were acquired: (i) following the profiling activity carried out on the Rinascente Site and shared (also through API) with digital platforms, including Meta; or (ii) on the basis of correspondence between the preferences and interests expressed by a user who has visited the Site and accepted the profiling cookies and the cluster of users identified by the digital platform (e.g. retargeting); (iii) using the targeting tools made available by the digital platforms, including Meta, defining the target of users potentially interested in Rinascente products and using digital platforms to disseminate advertising messages to users of the same that match the defined target. In the event that the user of the platform interacts with that advertisement, this interaction may be assessed for the purposes of the effectiveness of the campaign itself, where the user has accepted the use of tracking tools, such as, for example, Meta's Pixel, installed on the Site, using cookie management tools (e.g.,prospecting).
Further information on the processing carried out through the tracking tools is available in the Cookie Policy.
● Exercise of the right of defence
Rinascente will process your personal data for the establishment, exercise or defence of legal claims before all the competent venues. The legal basis of this processing is the legitimate interest of Rinascente. This legitimate interest does not affect the rights and freedoms of users as the processing is necessary for the exercise of the constitutionally guaranteed right of defence.
● Use of the Site and monitoring of its operation, Fulfilment of legal obligations
Rinascente may also process your data to ascertain responsibility in the event of hypothetical cybercrime and to manage any conduct in breach of the provisions of the Rinascente fidelity card Regulation. Rinascente will process your personal data to fulfil the obligations imposed by laws, regulations or orders from the competent authorities. The legal basis of the processing is the fulfilment of a legal obligation.
● Improvement of the Services
Furthermore, at the same time as the communication of the conclusion of the purchase, Rinascente may ask you to express your opinion on the service received. If you decide to give your opinion, the answers you provide will be treated on the basis of Rinascente's legitimate interest in improving its services. Completion of the questionnaire is in any case entirely optional; therefore, failure to contribution data does not entail any consequences for the user.
3. Nature of the contribution of personal data
The contribution of data marked with an asterisk in forms available on the Site is mandatory for the purposes of providing the requested services and failure to do so, or the provision of incomplete or untrue information will make it impossible to provide the requested service. The contribution of personal data other than those indicated above is optional and any rejection does not prejudice in any way the possibility for the user to use the Site and to proceed with the purchase of the products sold by Rinascente, but will make it impossible, even if only in part, to pursue the purposes indicated above (for example, Rinascente may not be able to carry out marketing and profiling activities on products that may be of interest to the user).
4. Recipients of personal data and transfer to third countries
For the purposes of pursuing the aforementioned purposes, your personal data will be processed by authorised Rinascente personnel (including the Director of the store where they were collected, the sales staff, the authorised personnel of the Marketing Department, Human Resources and Information Systems Departments, Customer Services, Omnichannel Division and Logistics Division), as well as by authorised personnel of third parties who operate as data processors (IT service and customer assistance suppliers, virtual infrastructures, CRM solution suppliers, companies that offer data entry and mailing services, brands and, in the case of participation in prize competitions or events, companies that organise and manage competitions and events on behalf of Rinascente). In addition, the data may be communicated to the following categories of recipients, who always operate as data processors: companies of the group to which Rinascente belongs for the performance of IT and logistics support, management and accounting activities; companies appointed by Rinascente to send promotional communications; digital platforms that, as part of marketing campaigns, are limited to processing data on our behalf (e.g. Meta); to the payment service provider to allow the payment of purchases made on the Site, or their repayment if necessary.
With reference to payments made for purchases on the Site, the data relating to economic transactions could be processed by the online payment providers as independent data controllers.
Where strictly necessary for the pursuit of the aforementioned purposes, your personal data may also be disclosed to independent third parties responsible for processing, such as the competent authorities (for example, in the case of offences committed on the Site), notary public and chamber of commerce (in the case of participation in prize competitions) or PR companies (for participation in events), legal, tax or administrative consulting firms (if the communication is necessary or functional for the correct fulfilment of the contractual obligations referred to in the services offered by the Site, including the purchase contract, as well as obligations deriving from law or in the case of accrual, exercise or defence of a right), to the acquirer (in order to enable payment for purchases), to the supplier of fraud prevention services (in order to carry out an analysis of the order to identify any fraudulent transactions), to the shippers and companies that deal with the logistics support and that manage the collection points of the products purchased on the Site (Access Point).
When purchasing a product on the Site, Rinascente may communicate the data concerning the transaction to Coöperatieve Vereniging Smart2Pay Global Services UA, based in the Netherlands. This company processes your data relating to the transaction as an independent data controller in order to: i) examine the purchase to check for the presence of fraudulent activity, ii) store the data relating to the transactions in its databases, iii) fulfil the obligations envisaged by current legislation on anti-money laundering and financial supervision (in compliance with its report available at the following link: https://smart2pay.com/en/Privacy).
Furthermore, again in order to verify that the payment transaction is not fraudulent, Rinascente may communicate, also through its acquirer, your transaction and browsing data to Riskified Ltd., based in Israel, which will proceed to carry out the analysis of browsing data and payment transaction for anti-fraud checks. This company processes your data as an independent data controller in compliance with its own report available at the following link: https://www.riskified.com/terms/?term=privacy.
If you interact with the Social Pages, your data may be known by the companies that, as data processors, provide assistance and support to Rinascente in the management of their profiles on the main social media. Furthermore, your personal data may be shared with digital platforms (including Meta) as independent data controllers or joint data controllers (with Rinascente), as part of marketing campaigns based on the tracking of user activities (i.e. eg, retargeting and prospecting).
To find out how these companies process your personal data and, if necessary, change the settings on the protection of the same, you can consult the section dedicated to privacy on the websites of Meta and on each digital platform listed in the Cookie Policy.
Personal data will not be disclosed or transferred to third parties for use for their own purposes; it is understood that, in the event of any extraordinary corporate operation (e.g. sale or rental of a company, merger, etc.), the data could be transferred or conferred to third-party purchasers/assignees or entitled parties.
For specific needs related to the location of the servers of Rinascente and/or its suppliers, Rinascente also makes use of services from suppliers located in third countries outside the European Economic Area (in particular, in Thailand and in the United States). In this case, Rinascente undertakes to ensure adequate levels of protection and safeguarding also through contractual agreements, including the stipulation of standard contractual clauses pursuant to Article 46 of the GDPR.
The list of recipients of the processing is available by writing to the addresses of Rinascente indicated in section 8 of this Policy.
5. Personal data retention
Rinascente retains the Personal Data of users for the time strictly necessary for the pursuit of the purposes referred to in section 2, in compliance with the statutory and tax archiving obligations and the limits established by the GDPR and by current legislation.
To this end, Rinascente specifies that the retention period of Personal Data for the purposes indicated above is as follows:
a. Navigation on the site and use of the services offered therein: the personal data processed for this purpose will be kept for a period of 10 years from the termination of the contract in the context of which the aforementioned processing is carried out, in accordance with the provisions of the legislation on limitation.
b. Interaction with Social Pages: the Personal Data processed for this purpose will be processed for a period of time equivalent to that determined by each social page with reference to the storage of posts and comments and, in general, User interactions on it.
c. Profiling and marketing: the Personal Data processed for these activities will be kept for a maximum of 36 months (48 months in the case of profiling relating to luxury brands), as described in the Cookie Policy, and deleted during the following 30 days;
d. Exercise of the right of defence
Personal data will be stored in accordance with the provisions of the statute of limitations with reference to contractual/non-contractual offences.
e. Use and monitoring of the functioning of the Site and Fulfilment of legal obligations: the Personal Data processed for these purposes will be processed for as long as they are necessary to resolve any bugs and malfunctions of the Site, as well as for the entire time required by the legal regulations by which Rinascente must abide.
6. Security
Rinascente recognises the importance of protecting the personal data (e.g. identifying data and data relating to transactions) of users of the Site. For this reason, Rinascente adopts technical and organisational security policies and measures to protect, in compliance with current regulations, the personal data of users and the IT systems used to manage the Site. In particular, Rinascente has implemented technical, legal and organisational measures to protect personal data against accidental or intentional tampering, loss, destruction, disclosure or unauthorised access to data collected online.
However, even though Rinascente continues to implement and improve security measures in line with the development of technology and industry standards, due to the very nature of the Internet, these measures cannot limit or fully exclude the risk of unauthorised access or dissemination of data. It is therefore recommended to periodically update the software for the protection of data transmission over the network (e.g. anti-virus) and to verify that your electronic communication service supplier has adopted suitable measures for secure data transmission over the Internet (e.g. firewalls and anti-spam filters). We also remind you that your personal account, containing your personal data, can only be accessed by means of a username and password: to help us better protect such data, it is therefore recommended not to communicate or make this information available to third parties.
With regard to payments made for online purchases, the Site uses systems aimed at ensuring maximum security thanks to the use of the most advanced technological and coding systems (SSL).
7. User rights
7.1 As the data subject, pursuant to articles 15-21 of the GDPR, the reporting party is entitled to:
● receive confirmation of the existence of your personal data, access their content and obtain a copy (right of access);
● update, modify and/or correct your personal data (right of rectification);
● request the erasure or limitation of data processing in the cases envisaged in the GDPR, including those where the data have been processed in violation of the law or if storage is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to erasure and right to limitation);
● revoke consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given before the revocation (right to revoke consent);
● within the limits of the provisions of the GDPR, receive a copy of the data provided in a structured, commonly used, machine-readable and interoperable format and request that such data be transmitted to another data controller if technically feasible (right to data portability).
You also have the right to object at any time to the processing of your data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing and in cases where the processing is based on our legitimate interest (right to object)).
You can exercise your rights at any time by writing to the following email address: dpo@rinascente.it or by sending a registered letter with confirmation of receipt to the following address: via Washington 70, 20146 Milano, (c.a. DPO Rinascente), or directly in the store where the employees will manage the request - if it falls within their duties - or will forward it to customer services.
When contacting us, you must include your name, e-mail address, postal address and/or telephone number if provided and your Rinascente fidelity card number, in order to correctly manage your request.
We remind you that requests for deletion of data are subject to current legal and regulatory obligations regarding the storage of documents.
We remind you that for the management of the consents issued through cookies you must follow the instructions in the Cookie Policy.
Rinascente may ask you to prove your identity and provide you with information on the action to take in response to such a request within one month of receiving it. In accordance with the provisions of the Regulation, this deadline may be extended by two months, if necessary, taking into account the complexity and number of requests: in this case Rinascente shall inform you of this extension, and the reasons for the it, within one month of receipt of the request.
At any time, you can lodge a complaint with the Supervisory Authorities in the event of a breach of the regulations on the protection of personal data. For more information, visit https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali
8. Contact details of the Data Controller and Data Protection Officer
The Data Controller is: Rinascente S.p.A., with registered office in Milan, 20146, at Via Washington 70, VAT no. 05034580968, telephone no. 02/46771.
The Data Protection Officer (DPO) can be contacted at the following e-mail address: dpo@rinascente.it or by sending a registered letter with return receipt to the following address: via Washington 70, Milano (c.a. DPO Rinascente).
9. Updates
This policy may be updated over time, also in consideration of changes to the law or regulations on the protection of personal data and, in this case, we will inform you. The changes and updates will apply from the time of their publication on the Site (in the event of changes for which the applicable legislation requires the collection of consent, you will be able to express your choice freely). We therefore invite the user to periodically consult this page to check the most updated version of the Site policy.
Latest update: June 2025
