INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 679/2016 (“GDPR”)
Your privacy is extremely important to us, please read this information notice carefully.
We wish to inform you in a complete and transparent manner about the personal data processing that the companies listed in paragraph 1 below will carry out on your personal data provided by you and/or collected in the context of the contacts you will possibly have with us, including for example the following:
- visiting the website https://www.jilsander.com/ (hereinafter the “Site”) and/or the other websites referring to the brand, interacting with our pages on the social networks (e.g., Facebook, Twitter, Instagram, Weibo, Wechat, etc.);
- contacting our Customer Service.
When we collect your personal data, we differentiate between active and passive users, depending on how you use our Site or services.
You are an active user (“User”) when you:
- Register an account;
- Sign up for a newsletter on our website;
- Download and use our applications;
- Engage with us on social networks.
You are a passive user (“Passive User”) when you visit any and all websites and applications without registering.
1. WHO COLLECT YOUR PERSONAL DATA
The companies collecting and processing personal data as autonomous data controllers (hereinafter the “Data Controllers” or the “Companies”) or as joint controllers are:
- OTB S.p.A. (“OTB”), with registered office in Italy, Breganze (Vi), Via dell’Industria 2, 36042, telephone +390445306555, email firstname.lastname@example.org; OTB’s Data Protection Officer (“DPO”) can be contacted at email@example.com
- Jil Sander S.p.A. (“Jil Sander”), with registered office in Italy, Foro Bonaparte, 71, 20121 Milan, telephone +39 02 8069131, email firstname.lastname@example.org.
OTB and Jil Sander carry out some activities as joint controllers, taking jointly the decisions regarding the purposes and means of personal data processing. Hereafter, the term “Joint Controllers” means Jil Sander and OTB jointly considered when they process data as Joint Controllers.
To facilitate your understanding of the processing activities carried out by the above-mentioned subjects as Controllers or Joint Controllers, we have prepared this document explaining which processing activities are carried out autonomously by each company.
2. WHAT PERSONAL DATA WE PROCESS
Each Company collects different categories of personal data according to the purpose for which it processes them.
Herein below we specify which categories of personal data are collected; in the following paragraph we will explain for what purposes each category of data is processed by each Data Controller or by the Joint Controllers as appropriate (hereinafter also “Personal Data” if processed jointly).
- Biographical Data: name, middle name, surname, date of birth, gender;
- Contact Data: address of residence (street, city, province, state, cap code), domicile, email address, telephone number, mobile number;
- Sales Data: shipping and billing address, method of delivery and payment, name of the credit card holder and expiry date of the card, information requested by the customer service, VAT number and/or tax code, passport number (the passport number will be used only for purposes related to payment where required by a law and within the limits of that law), Global Blue card number;
- Tracking of Newsletters and Actions Data: information relating to the opening of newsletters or links;
- Purchase Data: detail of the purchased products (e.g., size, price, discount, model, collection, calculated spending level, abandoned cart, etc.);
3. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
In this paragraph, we explain for what purposes each category of data is processed by each Data Controller or Joint Controller.
3.1 PURPOSES OF JIL SANDER S.p.A.
Jil Sander is the company that designs and promotes the Brand’s products. Moreover, it is the company that manages the e-commerce via the Site and to which you have requested assistance services. In some cases, it may be necessary for Jil Sander to become aware of some information concerning you, to process specific requests you may have. Jil Sander will process Personal Data for the following purposes.
Only with your consent, Jil Sander will process the Biographical Data, Contact Data and Purchase Data for marketing purposes, including custom audience purpose, that is for advertising on social networks to which you are registered or sending advertising or direct sales material, carrying out market research, commercial communication with automated contact methods (e-mail, newsletter, SMS, MMS, online messaging platforms, etc.) and traditional contact methods (mail).
Legal basis: this processing is based on the consent you have given via the appropriate Opt-in disclosure.
You can at any time withdraw your consent to receive the above-mentioned communications by clicking on the appropriate option in each marketing email received, as well as by writing to the address email@example.com, or otherwise by contacting the company at the addresses indicated in paragraph 1.
b. Sales activities and response to other requests made by customers
If you purchase Jil Sander’s products through the e-commerce service on the Site, Jil Sander will process your Biographical Data, Contact Data, Sales Data and Purchase Data to conclude the sale, as well as for all activities strictly connected and related to it, such as delivery or other administrative and accounting obligations. These data will be requested also in case of purchases performed without registration. In this case the Personal Data will be stored exclusively for the time necessary to complete the purchase activity.
Similarly, Jil Sander may need to process your Biographical Data or Contact Data to respond to any further requests that you may formulate through the Site or through the Customer Service, through telephone or chat, such as information or assistance requests.
Legal basis: this processing is based on the performance of a purchase contract to which you are a party; the provision of the Personal Data listed above is necessary for this purpose, since otherwise Jil Sander will not be able to process your request.
3.2 PURPOSES OF THE JOINT CONTROLLERS (JIL SANDER S.p.A. AND OTB)
Jil Sander and OTB operate as Joint Controllers on the basis of a specific agreement for the purpose indicated below.
a. Customer profiling
With your consent, the Joint Controllers will be entitled to process Biographical Data, Contact Data, Sales Data, the Purchase Data, Tracking of Newsletters Data and Actions Data and the Navigation Data for profiling purposes and for business analysis, that is for analysis on your purchase preferences consisting of automated processing of the above mentioned Personal Data. This processing is aimed at analytically knowing or predicting your purchasing preferences also in order to create customer profiles and customize the commercial offer so that it is more in line with your preferences.
Legal basis: this processing is based on the consent you have given.
You will be entitled at any time to withdraw your consent to be subject to profiling by writing to _ firstname.lastname@example.org or otherwise by contacting the Joint Controllers at the addresses indicated in paragraph 1.
3.3 PURPOSES OF ALL DATA CONTROLLERS OR JOINT CONTROLLERS
Finally, each Data Controller or Joint Controller may need to comply with a specific legal provision to which it is subject or to defend its own right in court.
a. Purposes related to the obligations established by laws or regulations, by decisions/requests of competent authorities or by supervisory and control bodies
Each Data Controller or Joint Controller may process your Personal Data to comply with a legal obligation to which it is subject.
Legal basis: compliance with a legal obligation
The provision of data for this purpose is mandatory because in the absence of data the Data Controller or the Joint Controller will not be in a position to comply with their legal obligations.
b. Defence of rights during judicial, administrative or extra-judicial proceedings and in disputes arising in connection with the services offered
Your Personal Data may be processed by each Data Controller or Joint Controller to defend their rights or take legal action or make claims against you or third parties, including the prevention of fraud.
Legal basis: this processing is based on the legitimate interest pursued by the Data Controller or Joint Controller to protect their rights.
4. WHAT PROCESSING ACTIVITIES WE CARRY OUT WHEN YOU ARE USING OUR SITE AND YOU NAVIGATE WITHOUT BEING LOGGED IN
The Site is managed by Jil Sander. It is possible to browse the Site without having to actively communicate your Personal Data if you are not logged in. In this case, while browsing the Site, we inform you that the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not directly associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow these users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, information regarding access, information regarding location, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the information regarding the user’s visit including data clickstream of the URL, within and from the Site, the duration of the visit on some pages and the interaction on these pages and other parameters relating to the operating system and the user’s IT environment.
The data collected while browsing the Site will be processed to (i) manage the Site and resolve any operating problems, (ii) make sure that the content of the Site is presented in the most effective way for its devices, developing, testing and making improvements to the Site, (iii) as far as possible, to keep the Site safe and secure, (iv) to obtain anonymous statistical information on the use of the Site and to check its correct functioning, (v) identify anomalies and/or abuses in the use of the Site. The data could also be used to ascertain responsibility in case of possible computer crimes committed against the Site or third parties and may be presented to the Judicial Authority, if this makes an explicit request.
5. WHAT HAPPENS IF YOU DO NOT PROVIDE PERSONAL DATA
Some Personal Data that we will indicate you from time to time during the registration are necessary for the completion of the purchase contract and for administrative and accounting purposes.
In the description of the purposes in paragraph 3, we have specified when it is necessary to provide Personal Data. Where not expressly indicated as mandatory, therefore, the provision of Personal Data is optional and there will be no consequences if you do not provide them, if not the impossibility for the Data Controllers or Joint Controllers to act as described (for example, the impossibility to carry out marketing activities).
6. HOW AND HOW LONG WE WILL PROCESS PERSONAL DATA
The Personal Data provided to and/or collected by the Data Controllers or the Joint Controllers are processed and stored with automated tools and, in some cases, may be processed and stored on a paper backing. In particular, the Personal Data processed for purposes of marketing and Customer profiling will be entered and stored in the CRM systems (Customer Relationship Management) that allow the processing of Personal Data for these purposes.
The Personal Data will be stored for the time necessary to achieve the purposes for which they were collected. In particular, the following rules will apply:
- data collected to enter into and perform purchase contracts, including payments: up to the conclusion of administrative and accounting obligations. The billing data will be kept for 10 years from the billing date;
- data related to data subjects’ requests: the data will be stored until the request is satisfied;
- if you have provided your consent, the data processed for purposes of marketing and profiling will be stored for a period of 7 years, unless you revoke your consent. In this case, upon withdrawal of your consent, we will delete your data.
In any case, for technical reasons, the termination of the processing and the consequent cancellation or irreversible anonymization of the related Personal Data will be definitive within thirty days from the terms indicated above.
With particular reference to the judicial protection of our rights or in case of requests from the authority, the data processed will be stored for the time necessary to process the request or to protect the right.
7. WHERE PERSONAL DATA MAY BE TRANSFERRED
For the purposes indicated above, we may also transfer your Personal Data to third countries, not belonging to the European Union, which may possibly do not guarantee the same level of protection. The transfer to third countries will always take place in accordance with the provisions of the GDPR, adopting any other measures necessary to ensure the security of the Personal Data being transferred. These measures possibly include agreements incorporating the so-called “standard contractual clauses” issued by the European Commission or your consent. You can ask for information regarding these third countries and how to obtain a copy of the appropriate safeguards using the following email: email@example.com or the contact details indicated in paragraph 1.
8. WHO WILL PROCESS PERSONAL DATA
Personal Data will be processed by:
- employees and collaborators of the Data Controllers or of the Joint Controllers processing data under the authority of the Data Controllers or of the Joint Controllers;
- employees and collaborators of the Data Processors designated by the Data Controllers or Joint Controllers, including (i) the companies managing the online store and who will be entitled to view, modify and update the Personal Data entered in the CRM systems through which the Data Controllers or the Joint Controllers carry out the processing activities for marketing and profiling purposes (ii) the companies managing the storage of the Personal Data of the Data Controllers or Joint Controllers based on agreements or local regulations;
- third parties established in the European Union and also outside the European Union, Data Processors, used by the Data Controllers or Joint Controllers in particular for services of: Personal Data acquisition and data entry, shipping, mailing of promotional material, after sales assistance and Customer Service, market research, management and maintenance of the CRM systems through which the Data Controllers or Joint Controllers carry out processing activities for marketing and profiling purposes and of the other corporate information systems of the Data Controllers or Joint Controllers of the processing. The complete list of Data Processors appointed by the Data Controllers or Joint Controllers can be requested to the following email address firstname.lastname@example.org or writing to the postal addresses indicated above.
Personal Data may also be disclosed to third parties, independent Data Controllers, in particular to freelancers or companies providing legal or tax advice and assistance and to companies managing payments made by debit or credit cards or for fraud prevention and management activities.
Our third-party service providers may also have access to the Personal Data of people who are not users of the Site based on information that you directly disclosed on the Site, in the following instances:
- A User who purchases a product on the Site to be mailed to a friend;
- A User who pays for a product on the Site who is different from the recipient of the product; or
- A User who recommends a product on sale on the Site to a friend.
In all of the above cases, you must make sure you receive the consent from third parties prior to disclosing their Personal Data and inform them about our Information Notice. We will treat this Personal Data in accordance with this Information Notice, just as we treat your Personal Data.
However, you will be responsible in connection with the disclosure of third-parties’ Personal Data, if you failed to obtain the third parties’ express consent to disclose their Personal Data or for any improper or unlawful use of that data.
Lastly, we may share your information with third parties, unrelated to the services provided on the Site, when we believe it is necessary or appropriate, including: (a) as required or necessary in order to comply with applicable law (including laws outside your country of residence); (b) to protect us against liability; (c) to respond to subpoenas, judicial processes, or legitimate requests by law enforcement officials; (d) to purchasers in connection with any sale, assignment, or other transfer of all or a part of our business or company; (e) to protect our operations; (f) to protect our rights, privacy, safety or property; and (g) to allow us to pursue available remedies or limit the damages we may sustain.
Personal Data will not be disseminated in any way.
9. COLLECTION FROM CHILDREN
The Site is not intended for children under the age of 13 and we do not knowingly collect Personal Data from such children. Children under the age of 13 should not use or attempt to use our Site or send Personal Data to us. In the event that we learn that we have inadvertently gathered Personal Data from a child under the age of 13, we will take reasonable measures to erase such information from our records. Parents who believe that we might have any information from or about a child under 13, may submit a request to email@example.com and request that such data be removed.
Pursuant to Chapter III of the GDPR, you have the right to ask each Data Controller or Joint Controller:
- to access to your Personal Data,
- to receive the copy of the Personal Data you provided us (so-called “data portability”) and to have data transmitted to another controller, if technically possible,
- the rectification of the Personal Data in our possession,
- the erasure of any Personal Data in relation to which we no longer have any legal basis for processing,
- the limitation of the way in which we process your Personal Data, within the limits set by the applicable law data protection law.
Right to object: in addition to the rights listed above, you always have the right to object at any time to the processing of your Personal Data carried out by the Data Controller or Joint Controller for the pursuit of its legitimate interest. You have the right to object to direct marketing, which includes profiling. If you prefer that the processing of your Personal Data is carried out solely through traditional contact methods, you can object to the processing of your Personal Data carried out through automated contact methods.
You also have the right to withdraw, in whole or in part, the consent to the processing of Personal Data concerning you for the purpose of sending advertisements or direct selling or for carrying out market research or commercial communication with automated contact methods (e-mail, other remote communication systems via communication networks such as, for instance: SMS, MMS, messaging platforms, etc.) and traditional contact methods (mail).
The exercise of these rights, which can be done through the contact details indicated in paragraph 1, is not subject to formal constraints. In the event that you exercise any of the above mentioned rights, it will be the responsibility of the Data Controller or Joint Controller that you contacted to verify if you are entitled to exercise the right and to provide you with an answer, normally within a month.
As regards the Joint Controllers relationship, please note that OTB and Jil Sander entered into a specific agreement pursuant to article 26 of the GDPR, an extract of which is available for consultation contacting each of the Joint Controllers using the contact details indicated under paragraph 1.
If you believe that the processing of your Personal Data is carried out in breach of the provisions of the GDPR, you have the right to lodge a complaint with the Supervisory Authority or to start the appropriate legal actions before the competent courts.
To exercise your rights, you can send a request to the Data Controllers or Joint Controllers by writing to the addresses indicated in paragraph 1. The OTB’s Data Protection Officer can be contacted at the email address firstname.lastname@example.org.
11. HOW WE RESPOND TO “DO NOT TRACK” SIGNALS
The “Do Not Track” (“DNT”) privacy preference is an option that may be made in some web browsers allowing you to opt-out of tracking by websites and online services. At this time, global standard DNT technology is not yet finalized and not all browsers support DNT. We therefore do not recognize DNT signals and do not respond to them.
12. THIRD-PARTY ADVERTISING
We may use advertisers, third-party ad platforms, tracking technologies and other advertising companies to serve advertisements on the Site and to improve the performance of our advertising across the Internet.
Please be advised that such advertising companies may gather Personal Data about your visit to our Site or other websites (such as through cookies, web beacons, and other technologies) to enable such advertising companies to market products or services to you, to monitor which ads have been served to your browser and which webpages you were viewing when such ads were delivered.
You can also generally opt-out of receiving personalized ads from third-party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out pages on the NAI website and DAA website. https://optout.networkadvertising.org/?c=1 and https://youradchoices.ca/choices
Please note that even if you opt-out of interest-based advertising by a third party, these tracking technologies may still collect data for other purposes including analytics and you will still see ads from us, but the ads will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
To successfully opt-out, you must have cookies enabled in your web browser. Please see your browser’s instructions for information on cookies and how to enable them. Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each device that you use. Once you opt-out, if you delete your browser’s saved cookies, you may need to opt-out again.
13. LINKS TO THIRD-PARTY WEBSITES
Again, please note that this information notice does not cover the collection and use of information by such third-party websites and advertisers.
We have adopted commercially reasonable security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.
We may use third-party products and services to secure or store your information. We encrypt credit card numbers from e-commerce transactions conducted on our Site.
However, no method of Internet transmission or electronic storage is 100% secure or error free. Consequently, we cannot ensure or warrant the security of any information you transmit to us. If we learn of data security systems’ breach we may attempt to notify you electronically so that you can take appropriate protective steps.
By using the Site or providing Personal Data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. We may post a notice via the Site if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances.
Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach. If you have any reason to believe that your interactions with the Site are no longer secure, please notify us immediately at the addresses provided above.
Additionally, please do not forget that it is essential for the safety of your data that your device is equipped with tools such as constant antivirus updates and that your Internet provider provides a connection ensuring a secure data transmission through firewalls, spam filters, and similar measures.
15. CHANGES TO OUR INFORMATION NOTICE
We reserve the right to amend all or part of our Information Notice from time to time. The version published on the Site is the version currently in force.
Changes to our Information Notice are communicated by placing a notice on the Site stating “Revised Information Notice” Changes to our Information Notice will be effective immediately once published on the Site unless otherwise noted. If we make material changes to our Information Notice, we will notify you by prominently posting the changes on our Site as described and by using the contact information you have on file with us.
Your use of the Site following any amendments, indicates your consent to the practices described in the revised Information Notice. We invite you to periodically review our Information Notice to be informed of any relevant changes, especially before providing any data to us.
We may share or transfer your Personal Data in the course of any direct or indirect reorganization process including, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or a part of our assets.
LAST UPDATE: OCTOBER 2021