Privacy Policy of the Website

(Pursuant to EU Reg. 2016/679, "Regulations")

 

La Rinascente S.p.A. (hereinafter "Rinascente") based in Milan, 20146, Via Washington 70 is the Data Controller of your personal data collected through this website www.rinascente.it ("Website") and the social media pages in use at Rinascente (hereinafter "Social Pages"). We would like to remind you that Rinascente will process your data in accordance with current regulations and as set forth below.

The Website also hosts a technological platform managed by Rinascente that allows bringing into contact third-party sellers other than Rinascente (the “Sellers”) with purchasers for the purpose of on-line sales of goods (the “Platform”). The marketplace, i.e. the virtual space managed by Rinascente, resides on the Platform, inside of which it is possible to purchase the products of the Sellers and therefore finalize the relevant purchase contracts (“MarketPlace”). You may therefore purchase both products sold by Rinascente and those sold by the Sellers on the website. In this case, Rinascente and the Seller act in the capacity of autonomous data controllers: each processes the personal data of the users for its own purposes, as explained in detail herein.

This privacy policy describes how the personal data of users who access the Website, whether registered or not, and benefits from the related services offered by the Website, including account registration, the purchase of products online, whether sold by Rinascente or by the Sellers, and additional services made available by Rinascente, are processed.

The personal data of the user is then processed by Rinascente and, in the case of a purchase from a Seller, by the latter, in compliance with the legislation in force and according to what is stated hereunder. For more information on the processing of data by the Sellers, you may write an email to the Partner’s contact specified on each page of products (hereinafter the “Product Page”) under point 0.3 Partner’s DPO.

In its capacity of provider of the registration service, of being its own seller, of manager of the MarketPlace and of being the party with whom lies, on an exclusive basis, the identification and implementation of the technical and organizational measures that control the processing of the personal data residing on the Platform, Rinascente is data controller of your personal data for the purposes explained in sections 3.1. (except for letter d), 3.2., 3.3., 3.4. 3.5., 3.6. and 3.7. of this privacy policy.

If a product is purchased from a Seller, the Seller is the data controller of the personal data necessary for executing the purchase contract, the rights arising from the purchase contract and, in particular, the right to withdraw and the legal warranty of compliance for the purposes explained in sections 3.1., letter d), 3.5. (for the purposes expressly stated) and 3.6. of this privacy policy.

This policy applies only to the processing of personal data carried out through the Website; any third-party websites that can be accessed through links remain subject to the privacy policy provided by the operator of the relevant third-party website. We therefore encourage you to review these documents before browsing third-party sites.

 

1. Categories of personal data collected and processed by Rinascente

 

Rinascente collects and processes the following data from those who access and visit the Website and/or Social Pages:

 

1.1 Automatically collected personal data

 

● Navigation data: the computer systems and software procedures used to operate this Website acquire, during their normal operation - including through the use of technical cookies - some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

 

● Aggregate-level information related to user behavior on the Site (e.g., clicks and/or mouse movements) collected through the use of cookies; for more information about Rinascente's use of cookies, please read the relevant policy.

 

1.2 Personal data directly provided by you

 

● Personal information (e.g., first name, last name); contact and contact details (such as email address, address, telephone number, and cell phone number); account name and password; payment details; shipping address and billing address; purchase details (date, quantity and type, product code, sale amount, VAT number where applicable, information on complaints, returns, warranty and refunds, and other information relating to the sale of products on the Website), provided when registering on the Website or when using certain services, such as purchasing products online. Although registration with the Website allows you to enjoy an easier browsing and shopping experience, any online purchases may also be made without registration;

 

● Personal data, contact data and other data you provide when filling in forms or forms on our Website (e.g., to apply for the Rinascentecard or to respond to one of our job advertisements or when accessing and using the area reserved for Rinascentecard holders - for this purpose, we invite you to read the notices that Rinascente publishes from time to time at the bottom of the forms - or attached to the regulations for the use of the Rinascentecard - and which contain more detailed information about the processing of personal data carried out in this context);

 

● Any contact with Rinascente through the customer service or the optional and spontaneous sending of messages, electronic or traditional mail, to the Rinascente contact details indicated on the Website entails the subsequent acquisition of the address, including e-mail, of the sender or the relevant telephone number, necessary to respond to requests, as well as any other personal data included in the relevant communications;

 

● Data related to your purchasing habits and preferences;

 

● Any data of third parties (e.g. recipients of products sent as gifts) which, although not using the features and services of the Website, may still be acquired by Rinascente as they are entered by the user as recipients of deliveries. In the case of data provided by third parties, you are obliged to assure Rinascente that you have expressly obtained their prior consent and you undertake to transfer to them the information contained in this policy.

 

You are responsible for ensuring that the personal information you provide to Rinascente is correct and, if there are any changes, to update this information by writing to Rinascente or by using the options allowed within your personal area, if you are registered.

 

1.3 Personal data collected through social media pages in use at Rinascente

 

Rinascente may also collect some of your personal information when you interact with the Social Pages. Some information is communicated to Rinascente directly by you, when you decide to share - through your profile - images posted on our Social Pages, comment on our posts and/or express your liking to one of our products, to one of our initiatives or even to one of our events through the selection of the appropriate buttons, as well as when you decide to write us a mail message using the private chat or other channels made available on the different social media.

We may also learn about some information indirectly collected as a result of your interaction with our Social Pages; for example, we may learn about the time and day you express your liking to one of our posts or send a request through a mail message.

Knowledge of much of your personal information may depend on the social media settings you choose and the content you choose to make public. This information may include your first name, last name, some contact information, and the image associated with your social profile. Therefore, we remind you that some of your information is visible to Rinascente once you decide to follow our Social Pages. For this reason, we encourage you to view the privacy policy of the different social media and check your privacy settings.

 

1.4 Child data

Rinascente does not request, collect, use, or circulate personal data provided by persons under the age of 18. If Rinascente discovers that it has collected data from a minor, it will delete it. In case you are not of the required age, please do not register or proceed with the purchase of a product online and ask an adult (your parents or guardian) to perform the necessary procedures.

 

2. Categories of personal data collected and processed by the Seller

2.1 Personal data you have personally provided

Personal details (e.g. first name, last name); contact information and addresses (such as email address, street address, landline and mobile phone numbers); Rinascente Gift Card’s number shipping address and invoicing address; data concerning purchases (date, quantity and product category, product code, amount of the sale, VAT registration number, certified email address and SDI number, if applicable, information on complaints, returns, warranty and refunds and other information on the sale of products on the Website) provided during the online purchase of products. Although registration with the Website allows you to enjoy a simpler navigation and purchasing experience, any purchases may be made online even without registration.

 

 

3. Purpose and legal basis of personal data processing

Personal data are collected and processed by Rinascente and, if expressly envisaged, also by the Seller by electronic and informational means, in accordance with the principles of necessity, lawfulness, fairness, proportionality, and transparency for the purposes and under the conditions of lawfulness (so-called legal bases) set forth in the GDPR below:

 

3.1 To enable you to navigate our Website and allow you to take advantage of the services offered therein

a) To provide you with the services you have requested (e.g., managing the registration and access processes to the Website, account management, user support, handling any complaints, managing your wishlist, viewing your order history, managing your shipping and billing addresses, checking the status of your orders, processing data for the provision of individual services you have requested, such as in-store purchase and pickup).

Rinascentecard holders who decide to register on the Website: (i) receive a code to be entered at the time of registration, (ii) access their reserved area, where it is possible to set a password, and (iii) view the data already provided to Rinascente when applying for the card and any consents given, which they can freely change when registering on the Website and at any other time.

b) For online order processing, e.g. performing online operations necessary for order processing; verifying that the information provided for the transaction is complete, valid, correct, and not fraudulent; processing the order and delivering the products; providing pre- and post-sale support services, including returns or handling legal warranties; and contacting you, including by e-mail, for any problems related to order processing or subsequent inquiries related to the order. Please note that Rinascente requires payment methods and payment card information only during the checkout process. This information will be sent securely to certified payment service providers for transaction authorization. Rinascente cannot view or access full payment card information under any circumstances. In the case of a purchase on the Marketplace from a Seller, the autonomous control of Rinascente for all the purposes explained herein remains in place, the Seller will process the personal data of the user to execute the finalized contract of sale through the Website (including any after-sales assistance in managing returns or legal warranties).

c) To provide you with assistance where requested by you through our Customer Service Department and to respond to your inquiry via e-mail or telephone;

d) To issue you the Rinascentecard and thus enable you to access all the benefits reserved for holders (discounts, promotions, participation in sweepstakes, invitations and participation in events, etc.). For more information on the use of your personal data for this purpose, read our Rinascentecard Policy HERE;

e) For recruitment and selection purposes if you submit, upon request or spontaneously, your CV. For more information on the use of your personal data for this purpose read our Candidate Information available in the Careers section of the Website HERE;

f) To contribute to the content of the Archives Website by providing historical material about Rinascente. For more information on the use of your personal data for this purpose read our Notice available in the Archives section of the Website HERE;

g) To take advantage of the Wedding List service. For more information about the use of your personal information for this purpose, read our Notice available within the Wedding List site.

h) To enable you to purchase and/or use Rinascente's digital Gift Cards and to carry out the necessary checks required or authorized by current regulations in the event of using Rinascente Gift Cards as a means of payment in fulfillment of legal obligations or in cases provided for by law.

 

3.2 Interaction with Social Pages

To allow you to interact with our Social Pages, send comments, express your appreciation for the initiatives promoted by Rinascente, share our posts. We will process your data to allow you such activity and follow up on your requests transmitted through these channels.

 

3.3. Profiling and marketing activities

 

The legal basis for the processing is your consent given by accepting the cookies on the Site. This consent can always be revoked via the cookie settings, as indicated in the Cookie Policy.

If the user has given consent to the use of profiling cookies on the Website, Rinascente may also, process the user's contact information (particularly email address) and data disclosed by the user during interaction with the Social Pages - such as the information provided by the user to the social media according to the privacy settings selected on such social media - to show you marketing ads and content consistent with your interests, based on your preferences and consumption habits identified through cookies and/or other tracking systems of social media companies, including Meta Platforms Ireland Ltd. ("Meta") and/or as a result of the analysis that the social media companies themselves perform on their users.

In particular, we may display through digital platforms relevant marketing content and advertisements based on the interests of the user, whose information about preferences and interests, consumption habits, spending margins, etc. has been acquired: (i) as a result of the profiling activity carried out on the Website and shared (including through APIs) with digital platforms, including Meta; or (ii) based on the correspondence between the preferences and interests expressed by the user who has visited the Website and accepted the profiling cookies and the cluster of users identified by the digital platform (e.g., re-targeting); (iii) using the targeting tools made available by the digital platforms, including Meta, defining the target of users potentially interested in Rinascente's products and addressing the digital platforms to disseminate in a targeted manner advertising messages to the users of the same that coincide with the defined target. In the event that the user of the platform interacts with that advertisement, that interaction may be evaluated for the purposes of the effectiveness of the campaign itself, where the user has agreed to the use of tracking tools, such as, without limitation, the Meta Pixel, installed on the Website, through cookie management tools (e.g., prospecting).

More information about processing by tracking tools is available in the Cookie Policy.

 

 

3.5 Exercise of the right of defense

Rinascente and, in the case of a purchase from a Seller, said Seller shall process your personal data for the ascertainment, exercise or defense of a right in all courts of jurisdiction. The legal basis for such processing is the legitimate interest of Rinascente and of the Seller. Said legitimate interest does not affect the rights and freedoms of users, since the processing is necessary for the exercise of the constitutionally guaranteed right of defense.

 

3.6 Use and control operation of the Website and fulfillment of legal obligations

Rinascente may process your data also to ascertain liability in the case of hypothetical cybercrimes to the detriment of the Website and to manage any conduct in breach of what has been established in the Rinascente Fidelity Card Regulations. Rinascente and, in the case of a purchase from a Seller, said Seller shall process your personal data to fulfil the obligations imposed on them by laws, regulations or orders from competent authorities. The legal basis for the processing is the fulfillment of a legal obligation.

 

3.7. Improvement of Services

In addition, concurrently with the communication of concluded purchase, Rinascente may ask you to express your opinion on the service received. If you decide to provide your opinion on the service rendered, the answers you provide will be processed in aggregate form and on the basis of Rinascente's legitimate interest in improving its services. However, completion of the questionnaire is entirely optional, so failure to provide the data does not have any kind of consequence on the user.

 

 

4. Nature of provision of personal data

 

The provision of data marked with an asterisk within forms or forms available on the Website is mandatory for the purposes of providing the requested services and failure to provide, incomplete or untruthful communication will result in the impossibility of the provision of the requested service. The provision of personal data other than those indicated above is optional and any refusal will in no way affect the user's ability to use the Website and to proceed to purchase products sold by Rinascente, but will result in the impossibility, even partial, of pursuing the purposes indicated above (for example, Rinascente may not be able to carry out marketing and profiling activities related to products that may be of interest to the user). 

 

5. Recipients of personal data and transfer to third countries

 

For the purposes of pursuing the above purposes, your personal data will be processed by authorized personnel of Rinascente (including the Director of the store from which it was collected, sales staff, authorized personnel of the Marketing Department, Human Resources Department and the Information Systems Department, Customer Service, Omnichannel Division and Logistics Division), as well as by authorized personnel of third parties acting as data processors (IT and customer service providers, virtual infrastructures, CRM solution providers, companies offering data entry and mailing services, brands, and, in the case of participation in sweepstakes or events, companies that deal on behalf of Rinascente with the organization and management of contests and events). In addition, the data may be communicated to the following categories of recipients, who always act as data processors: companies of the group to which Rinascente belongs for the performance of IT and logistical support, administration and accounting activities; companies appointed by Rinascente to send promotional communications; digital platforms that as part of marketing campaigns merely process data on our behalf (e.g. , Meta); to the payment service provider to enable the payment of purchases made on the Website, or their reimbursement if appropriate.

 

With respect to payments made for purchases on the Website Data pertaining to economic transactions are processed exclusively by online payment providers as autonomous controllers.

Where strictly necessary for the pursuit of the above-mentioned purposes, your personal data may also be communicated to autonomous third party data controllers, such as the competent Authorities (for example, in case of unlawful activities carried out on the Site), notary and chamber of commerce (in case of participation in prize competitions) or PR companies (for participation in events), legal, tax or administrative consulting firms (if the communication is necessary or functional to the proper fulfillment of contractual obligations referred to the services offered by the Website, including the purchase contract, as well as obligations arising from the law or in the case of ascertaining, exercising or defending a right), to the acquirer (in order to enable the payment of purchases), to the provider of fraud prevention services (in order to carry out an analysis of the order to detect possible fraudulent transactions), to shippers and companies that deal with logistical support and manage the pick-up points for products purchased on the Website (Access Point).

 

When you purchase a product on the Website, both from Rinascente and from a Seller (that has chosen to use said service), Rinascente may disclose your transaction-related data to Coöperatieve Vereniging Smart2Pay Global Services U.A., based in the Netherlands. That company will process your transaction data as an autonomous data controller for the purpose of: i) examining your purchase for fraudulent activity, ii) storing transaction data in its databases, iii) fulfil the obligations set out in legislation in force on the subject of anti-money laundering and financial supervision (in accordance with its own policy available at the following link: https:https://smart2pay.com/en/Privacy

 

In addition, again for the purpose of verifying that the payment transaction is not fraudulent, Rinascente may disclose, including through its acquirer, your transaction and browsing data to Riskified Ltd. based in Israel, which will proceed to perform browsing and payment transaction data analysis for anti-fraud audits. This company processes your data as an autonomous data controller in accordance with its own policy available at the following link: https://www.riskified.com/terms/?term=privacy

 

In the event that you interact with the Social Pages, your data may be known to the companies that as data processors provide assistance and support to Rinascente in the management of its profiles present on the main social media.

In addition, your personal data may be shared with digital platforms (including Meta)as autonomous data controllers or joint data controllers (with Rinascente), as part of marketing campaigns based on tracking user activity (e.g., re-targeting and prospecting).

To find out how these companies process your personal data and, if necessary, change your settings on protecting it, you can consult the privacy section on Meta's websites and on each digital platform listed in the cookie policy.

Personal data will not be disclosed or transferred to third parties for use for their own purposes; it is understood that in the event of any extraordinary corporate transactions (e.g., sale or lease of a business, merger, etc.), the data may be transferred or given to third-party purchasers/tenants or assignees.

Personal data will not be disclosed or transferred to third parties for use for their own purposes; it is understood that in the event of any extraordinary corporate transactions (e.g., sale or lease of a business, merger, etc.), the data may be transferred or given to third-party purchasers/tenants or assignees.

For specific needs related to the location of Rinascente's and/or its suppliers' servers, Rinascente also makes use of suppliers located in third countries outside the European Economic Area (in particular Thailand and the United States) for the provision of services. In this case, Rinascente is committed to ensuring adequate levels of protection and safeguards also through contractual agreements, including the stipulation of standard contractual clauses referred to in Article 46 of the GDPR.

The list of data recipients is available by writing to the Rinascente addresses listed in the "Contact Information" section below.

In the case of a purchase from a Seller, you can verify the information regarding the recipients of your personal data and their transfer by the Partner by writing an email to the contact specified under point 0.3 Partner’s DPO of each Product Page.

 

6. Retention of personal data

 

Rinascente retains users' Personal Data for as long as is strictly necessary to pursue the purposes set forth in Paragraph 2, in compliance with civil and tax retention obligations and the limits provided by the GDPR and the law in general.

To this end, Rinascente specifies that the retention period of Personal Data for the above purposes is as follows:

a. Browsing the Website and using the services offered therein (e.g., registration on the Website and obtaining the Rinascentecard, purchasing products as a guest, and sending service communications): personal data processed for said purpose will be kept for a period of 10 years from the termination of the contract under which the above-mentioned processing is carried out, in accordance with the provisions of the statute of limitations.

b. Interaction with Social Pages: the Personal Data processed for said purpose will be processed for a period of time equivalent to that determined by each Social Page with reference to the retention of posts and comments and, in general, User interactions on it.

c. Profiling: Personal Data processed for said purpose will be retained for a maximum of 36 months (48 months in case of profiling related to luxury brands), as described in the Cookie Policy, and deleted in the following 30 days.

d. Marketing: Personal Data processed for said purpose will be retained for up to 24 months from the date consent is obtained, as described in the Cookie Policy, and deleted within 30 days thereafter.

e. Exercise of the right of defense

Personal data will be retained in accordance with the statutes of limitations with reference to torts of a contractual/tort nature.

f. Operation and Control Functioning of the Website and Fulfillment of Legal Obligations: the Personal Data processed for said purposes will be processed for as long as it is necessary to resolve any bugs and malfunctions of the Website, as well as for as long as required by the legal regulations with which Rinascente must comply.

In the case of a purchase of a product from a Seller, additional information on the retention period is available by visiting the website of the Seller,  by writing an email to the privacy leader specified under point 0.3 Partner’s DPO of each Product Page.

 

7. Security

 

Rinascente recognizes the importance of protecting the personal data (e.g., identification and transaction data) of users of the Website. For this reason, Rinascente adopts policies and security measures of a technical and organizational nature to protect, in compliance with applicable regulations, users' personal data and the information systems used to manage the Website. In particular, Rinascente has implemented technical, legal, and organizational measures to protect personal data against accidental or intentional tampering, loss, destruction, disclosure, or unauthorized access to data collected online.

However, although Rinascente continues to implement and improve security measures in line with the development of technology and industry standards, by the very nature of the Internet such measures cannot totally limit or exclude the risk of unauthorized access or dissemination of data. It is therefore recommended that you periodically update software for the protection of network data transmission (e.g., antivirus) and check that your electronic communication service provider has taken appropriate measures for the security of network data transmission (e.g., firewalls and spam filters). We would also like to remind you that access to your personal account, containing your personal data, is only possible by means of your username and password: to help us better protect this data, we therefore recommend that you do not communicate or make this information available to third parties.

With regard to payments made for online purchases, the Website uses systems designed to ensure maximum security through the use of the most advanced technological and encryption systems (SSL).

 

8. The rights of users

8.1 As a data subject, pursuant to Articles 15 et seq. of the Regulations You have the right to:

● Receive confirmation of the existence of your personal data, access their content and obtain a copy (right of access);

● Update, amend, and/or correct your personal data (right of rectification);

● to request the deletion or limitation of the processing of data in the cases provided for in the Regulations, including where the data have been processed in violation of the law or where storage is not necessary in relation to the purposes for which the data were collected or otherwise processed (right to deletion and right to limitation);

● revoke consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given before revocation (right to withdraw consent);

● within the limits of the Regulation, receive copies of the data you have provided in a structured, commonly used, machine-readable format and request that such data be transmitted to another data controller if technically feasible (right to data portability).

You also have the right to object at any time to the processing of your data for direct marketing purposes including profiling insofar as it is related to such direct marketing and in cases where the processing is based on our legitimate interest (right to object).

You may exercise your rights at any time by writing to the following email address: customerservice@rinascente.it or by sending a registered letter A/R to the following address: via Washington 70, 20146, Milan (c.a. DPO Rinascente), or directly in the store where employees will either handle the request directly – where it falls within their allowed activities – or proceed to forward it to customer service. 

When contacting us, you will need to include your name, e-mail address, mailing address and/or phone number if provided, and your Rinascentecard or Friends Card number (if you are a Rinascente fidelity card holder) in order to properly process your request.

Please note that requests for deletion of data are subject to existing legal and regulatory obligations regarding record retention.

We remind you that to manage your consents provided via cookies You will need to follow the directions in the Cookie Policy.

Rinascente may require you to prove your identity and provide you with information regarding the action taken regarding a request within one month of receipt of the request. In accordance with the provisions of the Regulations, this period may be extended by two months if necessary, taking into account the complexity and number of requests: in such case, Rinascente shall inform you of such extension, and the reasons for the delay, within one month of receipt of the request.

If the data controller is the Seller, you may exercise the above rights by writing to the email reference specified in the paragraph 0.3 Partner’s DPO on each Product Page.

At any time, he/she may file a complaint with the Supervisory Authority in case of violation of data protection regulations. For more information: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali 

 

8.2 In the case of a purchase from the Seller – therefore if the Seller acts as data controller for the purposes explained in sections 3.1, letter d), 3.5. (for the purposes expressly stated) and 3.6. herein – you may exercise the rights under this article by contacting the relevant Seller at the email address specified in paragraph 0.3 Partner’s DPO on each Product Page.

 

 

9. Data controller and data protection officer contact info

The Data Controller is: La Rinascente S.p.A., based in Milan, 20146, Via Washington 70, P.IVA 05034580968, Phone No. 02/46771.

The Data Protection Officer or DPO (Data Protection Officer) is available at the following e-mail address: dpo@rinascente.it or by sending a registered letter A/R to the following address, via Washington 70, Milan (c.a. DPO Rinascente).

In the case of a purchase of a product from a Seller, the Seller is also data controller of the data necessary for executing the purchase contract finalized through the Website and additional ones collected at the time the rights arising from said contract are exercised.

 

10. Updates

This Privacy Policy may also be updated over time in consideration of changes in data protection laws or regulations, in which case we will notify you. Changes and updates will apply from the time of their publication on the Website (in case of changes for which the applicable legislation requires the collection of consent you will be allowed to express your choice freely). We therefore invite you to periodically consult this page to check for the most up-to-date version of the Website's notice.

 

Last update: October 2023.

 

 

 

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente

Rinascente