Welcome to the VALENTINO S.p.A. website, at the URL www.valentino.com (the “Website”).
1. Personal Data Controller
VALENTINO S.p.A., with registered offices in Via Turati 16/18, 20121 Milano, Italy (hereinafter also “VALENTINO”) is the data controller for the data processing related to the Website, including therein navigation data, marketing data and profiling data, as well as all the data related to sales made through the Online Boutique and to the corresponding pre- and post-sales support activities.
The appointed data processor is YOOX NET-A-PORTER GROUP S.p.A., company subject to the management and coordination of Compagnie Financière Richemont S.A., with registered offices in via Morimondo, 17 – Milano 20143, Italy.
To contact the Data Protection Officer and to exercise your rights (also for having a complete list of processors), you may write to firstname.lastname@example.org, or send a request to VALENTINO (to the attention to the Data protection Officer) to the address of the registered office noted above.
2. Personal Data Protection Officer
VALENTINO has appointed a personal data protection officer, who can be contacted at the following e-mail address email@example.com for any information regarding the processing of your personal data and to exercise the rights set out below.
You can also submit any queries regarding privacy by selecting the appropriate section in the Customer Service contact form.
3. Type and purpose of processing performed on the Website – Legal basis for Processing
Through the Website, different types of personal data are collected and processed, for different purposes and with different methods. More precisely:
(b) personal data provided voluntarily by the user (such as, for example, e-mail address, personal information, password provided by filling in the "My Account" registration form), or otherwise lawfully acquired during the user's visit to the website, or during the user’s subsequent contact request addressed to the customer care via telephone or email, to respond to the user's requests and to offer the requested services, assistance and information regarding products and the VALENTINO world. Please note that registration and access through a social profile involves the disclosure of certain data (including first name, last name, email and any other data relating to the user and present on the same social profile) by the chosen social network and therefore requires explicit permission to be given before logging in, which will allow you to carry out activities with the user account. In some cases, social networks require some feedback and information about the use of the log-in. For more information please refer to the relevant privacy documentation on the social network;
(c) personal data provided by the user as part of the processes of online registration on the Website, of sending purchase orders for products on the Online Boutique for the conclusion of e-commerce transactions and of interacting with users for activities that are operational and essential to the sale, as well as for any necessary pre- and after-sales assistance;
(d) with the express consent of the user, VALENTINO may process the user's personal data for marketing purposes, i.e. to send the user information and updates on products, sales, promotional campaigns, events and other initiatives promoted by VALENTINO (using traditional tools and by means of telematic tools such as newsletters, e-mails, text messages, MMS and smart messages); as well as messages suggesting that purchases on hold be completed (reminders on products viewed and abandoned carts)
(e) with the express consent of the user, VALENTINO may also process the user's personal data for the purpose of studying shopping habits and choices in order to make products and initiatives more responsive to the tastes and needs of its customers.
- consent that the user may provide for the purposes referred to in point b) - with exclusive reference to the Social Network Login - and in points d) and e);
- the legitimate interest of both VALENTINO in providing the Website's services and of the user in browsing the Website and/or the legitimate interest of VALENTINO in responding to any customer requests.
With reference to point 2 (c) above, the legal basis of the processing referred to therein lies in the fulfilment of the contract and the obligation to fulfil pre and post contractual obligations.
Please note that, based on the principle of legitimate interest, VALENTINO may contact you in order to offer you services and products similar to those you have previously purchased. Please also note that, under current legislation, this type of contact (known as "soft spam") does not require consent. You may, however, request the discontinuation of the processing at any time and VALENTINO will do so without delay.
4. Source of personal data
VALENTINO collects personal data directly from the user (by registration or during the purchase steps) with the exception of the data collected with the navigation as per section 2 (a) above and data collected with the social log-in as per section 2 (b) above).
5. Analysis of user's buying habits and selections
As indicated in Section 2 (e) above, with the user's express consent, VALENTINO may also process the latter's personal data for the purposes of analysing user's buying habits and selections, in order to make the VALENTINO products, services and initiatives more responsive to its customers' tastes and needs.
VALENTINO will process, by automatic means the value purchased within a framework of time, the frequency of the purchases (even if the purchases are made during the sale period) and the kind of product purchased (accessories, clothes, haute couture, pret-a-porter). VALENTINO will not proceed with an intrusive study of the users’ behaviour and the study is only intended to propose to clients and users products, services and initiatives more responsive to their tastes and needs.
Moreover, please note that as per Section 2 (a), with the user's express consent, VALENTINO can process personal data through an automatic means to study cookies in order to verify the navigation through the Website and too purpose products and services in line with the navigation.
6. Personal data processing methods carried out by VALENTINO
However, these measures, due to the nature of the online transmission method, cannot limit or absolutely exclude the risk of access without consent, or of dissemination of data. To that end, we recommend that you periodically verify that your computer is equipped with the appropriate software devices to protect from the transmission of incoming and outgoing data on the network (such as up-to-date antivirus systems) and that the Internet service provider has adopted suitable measures to ensure the security of data transmission on the network (such as, for example, firewalls and antispam filters).
Each purchase on the Website is made with the utmost security thanks to the use of the most advanced technological systems and coding (SSL).
7. Mandatory or voluntary nature of providing data
The provision of the data, especially personal details, email address, postal address, telephone number and bank details in case of credit card payments, is compulsory for executing, through the Website, the product purchase agreement.
Some of said data, moreover, may be necessary for providing to the user other services made available on the Website in connection with the sales (post sales and pre sales services such as made to measure services, pickup in boutique service, delivery, exchange, etc.) or for discharging the obligations deriving from the law or regulatory provisions (tax obligations and antimony laundering). Any failure by the data subject to provide us with the data may therefore constitute, as the case may be, a lawful and justified reason for not performing the agreement of the products purchased on the Website and not providing the related services.
The mandatory or voluntary nature of the data to be provided will be, if necessary, and as the case may be indicated by means of a special character (*) placed next to the relevant information or to the data the provision of which is necessary for the purpose of providing the services and for purchasing the products on the Website. Any failure to furnish the data the provision of which is voluntary, does not entail obligations or disadvantages of whatever type.
8. Categories of recipient of personal data
VALENTINO communicates the personal data of the Website's users only as permitted by the law and as indicated below. Further to what indicated in point 2 b. (namely the Social log-in) personal data shall be processed and disclosed to
- (i) employees and consultants of VALENTINO processing data in their capacity of persons in charge of the processing for internal organization of the activities;
- (ii) other companies of the same Group acting as data processors in order to carry out contractual activities and services (such as the pick-up in boutique services) and to carry out specific marketing activities (such as inviting the user to local events); and
- (iii) companies acting in their capacity of data processors and providing VALENTINO with specific technical and organizational services in relation to the Website (logistics services, IT services and marketing services).
Personal data may also be disclosed to
- (i) third parties for the sole purpose of performing the agreement of the products purchased on the Website (the financial institutions in charge of providing remote card payment services through credit/debit cards).
- (ii) police officers and judicial authorities, in compliance with the law and upon their request, or in case there are good reasons to believe that such disclosure is reasonably necessary to (1) investigate, prevent or take initiatives in relation to suspected unlawful activities, or assist national supervisory authorities; (2) prepare a defence against third party claims or charges, protect the security of its own website and of the company; (3) exercise or protect the rights, property or security of VALENTINO, the VALENTINO Group companies, its affiliates, customers, employees and third parties.
Your data will not be disseminated, and will be transferred abroad only and if adequate levels of protection and sufficient safeguards, as provided for by the law, are guaranteed. VALENTINO mainly process personal data using data centres located in EU (Varese - Italy, Ireland and the Netherlands). In order to allow the processing by the subsidiaries for contractual and marketing activities, the data will be transferred to the relevant country (also non-EU countries). For this reason, VALENTINO entered into with all its non-EU subsidiaries the Standard Model Clauses in order to protect the transferred personal data. Persona data may be transferred to non IT services providers in order to grant the subsidiaries to have access to the transferred personal data (such as AWS) and VALENTINO also entered with them a data processing agreement and Standard Model Clauses in order to protect the transferred personal data (previously verifying the security measures applied by said processors to the data).
9. Storage Period
Personal data linked to the purchase will be stored for at least 10 years to comply with tax and civil law. Moreover, the data linked to the purchase may be stored for a longer period of time in order to comply with the contractual unlimited warranty granted to the client.
Personal data provided for marketing and profiling activities are kept as long as necessary for the particular processing also with reference to the specific sector of activity (luxury products-7 years) and considering the interest demonstrated by the clients to be updated on the products, events and runaways of VALENTINO.
10. User rights recognized by the privacy law
A user always has the right to obtain from VALENTINO confirmation of whether or not personal data concerning him/her exists, even if it is not yet recorded, and to have it communicated to him/her in an intelligible form. A user also has the right to obtain information about the source of personal data; the purposes and methods of processing it, the logic applied in the event of processing that is performed with the aid of electronic instruments; the identification details of the controller and data processors; and indication of the persons or categories of persons whose personal data may be communicated, or who could end up being known by, for example, data processors or agents as data supervisors or data processors. A user also has the right to request an update, correction or, when s/he has an interest in doing so, an inclusion of personal data, deletion, conversion to an anonymous form or the blocking of personal data, that has been processed in violation of the law, including data which it is not necessary to keep in relation to the purposes for which it was collected or subsequently processed; a statement that the above operations were disclosed, including in terms of their content, to those parties to whom the data was communicated, except in the case in which such performance proves impossible or entails the use of methods that are clearly disproportionate to the right protected. The user can also ask for the portability of his/her data.
A user nevertheless has the right to object, in part or in full, for legitimate reasons, the processing of personal data concerning him/her, even if it is pertinent to the scope of the collection, the processing of personal data concerning him/her for the purposes of sending advertising or direct marketing materials, or to conduct market research or commercial communications and he has the right to ask restriction of processing concerning itself. The right to object may also be exercised specifically with regard to one or more methods of sending marketing communications.
The above rights may be exercised by contacting the Data Protection Officer by writing to firstname.lastname@example.org.
The elective, explicit and voluntary sending of electronic mail to the addresses provided on the Site entails the subsequent acquisition of the sender's address, necessary to respond to requests and keep track of them, as well as any other personal data included in the electronic communication, for legal purposes.
The user also has the right to lodge a complaint with the competent supervisory authority, as well as the right to revoke the consent previously given.
Last update: December 2020