According to USA local data protection applicable laws and the EU Regulation n. 2016/679 “General Data Protection Regulation”, the following data controllers (herein after “Data Controllers”) provide you with the following information on the collection, use, disclosure, or processing of your personal data:
Specific information of the subsidiaries belonging to the Dolce & Gabbana Group through which you have the chance to gain detailed information on the different Data Controllers, may be obtained by visiting the following link www.dolcegabbana.com/corporate-subsidiaries or by writing to firstname.lastname@example.org or to the postal addresses mentioned above.
A. The purposes and legal basis for the processing
A1. The following personal data supplied by you in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); invoicing and tax free information (nationality, passport number, company name, fiscal code, vat number); information regarding the purchases made by the customer (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
A2. The following personal data supplied by you over time in our stores or on our website: personal information (first name, family surname, date/place of birth); contact details (permanent place of residence, domicile, phone number, e-mail); data regarding the customer profile and his/her preferences (hobbies, cultural interests, preferred magazines/websites, style of life/person, associative/cultural clubs of his/her interest, preferred brands and items purchased) and the total amount of individual purchases and details of the same (item, size and color, price, date and shop where the sale takes place) will be collected, used, disclosed or processed:
B. Data retention period
On expiry of the retention terms indicated above or in case Data Controllers become insolvent and cannot continue processing your personal data, data will be automatically erased or made permanently and irreversibly anonymous.
C. Data Provision
Provide the data is necessary to achieve the
administrative or accounting purposes as well as for the completion of the
purchase. The provision of data for customer loyalty, profiling, and marketing
purposes, and thus the retention in theCustomer
Relationship Management (CRM) system of Dolce &
Gabbana Beauty is optional. Any failure in providing data or lack of consent,
shall preclude the pursuit of the purposes of profiling and marketing but will
not affect the ability to complete the purchase.
There exists risk of personal data leakage and misuse, however, Dolce & Gabbana Beauty has implemented several security measures to protect your personal data processed by means of electronic or automated tools, through the CRM system, keeps access logs to the CRM system, of those entitled to use it, with retention of data collected for six months.
D. Data processing methods
The data collected will be processed and stored
both on paper and automated tools. In particular, data processed for profiling
and marketing purposes, will be stored in the CRM system of Dolce & GabbanaBeauty, whose server is located in
You acknowledge that your personal data is being transferred abroad and may become accessible to foreign governments under a lawful order made in that country.
E. Recipients of personal data
Data will be processed by:
Your data may be disclosed:
A full list of the recipients of personal data can
be obtained by writing to the following address:
or to the postal addresses mentioned in theepigraph of this information notice.
For the categories of personal data that could be transferred to third parties, please refer to section A of the present information notice.
F. Data transfer outside of the European Union or of the Country
Your data will be transferred to
other countries in accordance with the safeguards set forth by applicable
A full list of the recipients of personal data established outside of the European Union and a copy of the safeguards adopted by the Data Controllers can be obtained by writing to the following address: email@example.com or to the postal addresses mentioned in theepigraph of this information notice.
G. Data subject’s rights under GDPR
According toapplicable laws, you
can at any time request information on personal datacollected, used, disclosed,
or processed by
the Data Controllers, as well as request for access to such personal data,ask
for their integration, rectification, or erasure, ask for restriction of
processing and object to their processing. Data subjects have the right to
obtain additional information upon a request, including: the (i) types of
personal data being processed; (ii) the decisions taken based on automated processing; (iii) the
rules and criteria of the periods for which the personal data will be stored
and kept; (iv) and the measures to be taken upon the occurrence of a data
In particular, you have the right to object and withdraw your consent, in whole or in part, to the collection, use, disclosure or processing of your personal data for purposes of profiling or for purposes of dispatch of advertising material, direct selling or for the fulfillment of market surveys, customer satisfaction surveys or commercial communication both automated (e-mail, other systems of distance communication as, by way of example: SMS,instant messaging platforms (WhatsApp, Line, WeChat,Viber, Kakao Talk) and traditional (paper mail,operator-assisted phone calls).
If you prefer that the processing of your personal data is carried out solely by means of traditional contact methods, you may object to the processing of your personal data by means of automated contact methods.
Furthermore, youshall have the right to receive the personal data concerning you, which you have provided to the Controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent or on a contract and the processing is carried out by automated means.
In order to exercise your rights above and/or or submit an inquiries or complaints with regard to the processing of your personal data and/or withdraw your consent, you may send a request to the Data Controllers by writing to this email address: firstname.lastname@example.org or to the postal addresses and contacts mentioned in theepigraph of this information notice.
In addition, you can lodge a complaint with the competent supervisory authority.
For the exercise of your rights under local USA data protection regulations, please refer to the following paragraphs.
H. Data Protection Officer (DPO)
The Data Protection Officer is available at the email address email@example.com.
B. Citizens of United States
If you are a citizen of Connecticut, Colorado, Utah or Virginia, the data
protection legislation in force in those states will apply.
Connecticut's privacy legislation, the Connecticut Data Protection Act (“CDPA”), applies from 1 st July 2023.
Colorado’s privacy legislation, the Colorado Privacy Act (“CPA”), applies from 1 st July 2023
Utah’s privacy legislation, the Utah Consumer Privacy Act (“UCPA”), applies 31 December 2023
Virginia’s new privacy legislation, the Consumer Data Protection Act (“CDPA”), applies from 1 st July 2023.
The rights you may exercise under these legislations are as follows:
Targeted advertising means the
display of advertisements to a consumer where the advertisement is selected on
the basis of personal data obtained or inferred from that consumer's activities
over time and on unaffiliated Internet sites or online applications to predict
that consumer's preferences or interests.
The law defines the sale of personal data as “the exchange of personal data for monetary or other value consideration by the Data Controller to a third party”.
In the state of Utah and the state of Virginia the definition of sale includes the exchange of personal data only for monetary consideration by a Data Controller to a third party.
Citizens of California
If you are a citizen of California, the data protection legislation that will
apply is the California Privacy Rights Act (“CPRA”).
The rights you may exercise under this legislation are as follows:
Dolce & Gabbana, as Data Controller, has not shared or sold your personal data in the last 12 months.
Marketing & Communications Opt-In
I agree to the collection, use, disclosure or processing of my personal data for marketing purposes, including advertising communications or direct selling, market research, customer satisfaction surveys, commercial communication that may be customized regarding Dolce & Gabbana products (bags, accessories, shoes and clothes) using automated (e-mail, and traditional (paper mail, operator-assisted phone calls) contact methods, including offering of customized sales services at Dolce & Gabbana stores worldwide.
I agree to the collection, use, disclosure or processing of my personal data for profiling and analysis of shopping preferences through the use of data provided by the customer online and in our Dolce & Gabbana stores worldwide.
Consent To Personal Data Processing
I confirm that I am of legal age in order to give consent, that I have read the information provided by Dolce & Gabbana, and that I understand that the use of my personal data for profiling marketing purposes is optional and it is not required to process a credit card transaction.