Updated: May, 2019
The personal data that you provide may be regarded as jointly controlled by Kering SA, by Gucci and by the Gucci local retail legal entities “Store”.
1. Personal Data We May Collect About You
We will collect various types of personal data (including sensitive personal data, where applicable) about you for the purposes described in this Policy, including:
• Contact information (such as your name, birthday, nationality, email address, postal address, telephone number and any other personal data) that you provide by completing forms on the Website, including if you subscribe to our newsletter and register and create an account on the Website;
• Details of any transactions made by you;
• Personal data that may be contained in communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Website or its content;
• Other personal data that you share voluntarily with our sales assistants
• Information from surveys that we may, from time to time, conduct on the Website for research purposes, if you choose to respond to, or participate in, them;
• Credit/debit card information;
• Information about your use and navigation of our Website, such as your IP address and other device identifiers, your operating system and browser type, and information about the Website pages you visit, collected by cookies or other tracking technologies;
• We may also collect information about how your Device has interacted with us, including the pages accessed and links clicked, how you navigate to and from the Gucci Sites and Gucci Content (such as how you scroll over the Gucci Sites and Gucci Content, which parts you click and how long you spend on each page), your preferences, the products and/or services that you have viewed or searched for, crashes and download errors and response times; and
• Personal information collected from third parties, such as data that you agree to share with us on publicly accessible social networks (e.g., Facebook, Instagram, etc.) and/or that we may collect from other publicly accessible databases.
You are under no obligation to provide any such information. Providing your personal data to us (in particular, your personal details, your email, your address, your credit/debit card numbers and bank code and your telephone number) is necessary for processing your order for the purchase of products on the Website, supplying other services provided on the Website upon your request, or when your personal data is needed to fulfil obligations required by law or regulations. The refusal to provide us with any personal data necessary for performing the above purposes may consequently prevent us from processing your order for the purchase of products sold on the Website or fulfilling obligations required by law and other regulations. Therefore, failure to provide personal data may constitute, in some cases, a legitimate and justified reason for not processing your order for the purchase of products sold on the Website or not providing the Website’s services.
Disclosure of further personal data to us other than that required for fulfilling legal or contractual obligations and to properly browse our services with necessary traffic data is, on the contrary, optional and does not have any effect on the use of the Website and of its services or on the purchase of products on the Website. We will inform you at every step whether disclosing your personal data to us is required or optional by marking with an appropriate symbol (*) the information that is required or data needed for the purchase of products and/or for the provision of requested services on the Website.
2. Minimum Age
Protecting the safety and privacy of children is very important to us. We do not accept registrations or orders submitted by, and will not knowingly collect or use personal data from anyone under the age of sixteen (16) years, or any other age limit set out by the law of his/her country of residence. By registering or making any purchase on the Website, you confirm that you have reached the age of majority in your country of residence. If you have any concerns about your child's privacy, or if you believe that your child may have entered personal data onto our website, please contact us at email@example.com
. We will take steps to delete the information as soon as possible should we learn that we have collected the personal data of a child without first receiving verifiable parental consent.
4. Use Made of Your Personal Data
Whenever we process your personal data (including sensitive personal data, where applicable), we do so on the basis of a lawful "justification" (or legal basis) for processing. In the majority of cases, the processing of your personal data will be justified on one of the following bases:
• processing is necessary to perform a contract with you or take steps that you have requested in order to enter into a contract (e.g., sale contract);
• processing is necessary for us to comply with a legal obligation;
• processing is in our legitimate interests as a business, and our interests are not overridden by your interests, fundamental rights or freedoms. Our legitimate interests may include our interest in using customer and Website user personal data to conduct and develop our business activities (including by carrying out standard marketing activities), with current and potential customers and Website users; and in establishing, exercising or defending legal claims; or
• processing is based on your prior explicit consent, such as segmented and customized marketing activities.
The purposes for which we process your personal data are the following:
The processing of your personal data is justified by the following legal basis:
Process your purchases and to provide you with the services and information offered through the Website and which you request
Performance of a contract
Administer your account with us
Performance of a contract
Verify and carry out financial transactions in relation to payments you make
Performance of a contract
Audit the downloading of data from the Website
Our legitimate interest to get to know our customers better and improve our services accordingly
Improve and customise our Website, and our products, services and our business in general, such as by tracking your product preferences, shopping history and interactions with the Website
Our legitimate interest to improve our products and services
Identify visitors to the Website
Our legitimate interest to get to know our customers better and improve our services accordingly
Data analytics, market research purposes (surveys, customer satisfaction, etc.) and data enrichment. This includes second party data matching (i.e., the activity of matching and sharing trusted partner data where two individual brands contract together to match their own data through clients unique identifiers and reidentification, i.e., enriching our database with additional client insight gathered through activities on our digital media).
On the basis of our legitimate interests in analyzing and learning how customers use and interact with Gucci in order to improve products, services and our business in general.
Correspond with you to resolve your queries or complaints
Your prior explicit consent
Global or local marketing purposes (to communicate with you on Gucci updates about our products and services, invitations and other marketing communications that may be of interest to you by one or several of the following channels: SMS, MMS, e-mail, paper mail, internet, social media or telephone), and (ii) for customizing your experience with us to your interests and shopping habits (e.g., tailored communications) and improving our services, notably via profiling.
Your prior explicit consent
5. Direct Marketing
From time to time, we would like to send you (by SMS, email or telephone) marketing communications containing news, information and updates about our products and services, offers, promotions and special events, and other marketing communications that may be of interest to you, but we may only do this with your consent.
We would also like to share (for gain) such data about you with other entities within the Gucci group so that we or they may send you information, news updates, offers, promotions, and special events, as regards their products and services, but we also cannot do so without your consent.
If you prefer not to receive direct marketing communications from us in any form or if you change your mind after providing your consent, you may withdraw your consent by clicking the "unsubscribe" link provided in our communications at any time. Alternatively, you may contact us at firstname.lastname@example.org
to withdraw your consent.
6. Disclosure of Your Personal Data
We may disclose your personal data (including sensitive personal data, where applicable) to any of our affiliate companies, or to our service providers who assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in performing other tasks, from time to time.
For the avoidance of doubt, we will obtain your express opt-in consent before we share your personal data with any third party company outside of Gucci and Kering for marketing purposes.
Your personal data will be accessible by authorized personnel of Kering, Gucci and affiliated companies, and service providers acting on our behalf on a need-to-know basis. Transfer of your personal data from your country of residence to third countries (notably to countries where we operate, such as France, Italy, Switzerland and the United States of America) will be involved; some of these countries are subject to a data protection and privacy regulations similar to yours, whereas others are not. To ensure the protection of your personal data is consistent with applicable law, such transfers and processing outside your country of residence or the EEA will be made pursuant to the EU Model Clauses, or any similar legal mechanisms acceptable locally.
We may also share your personal data with potential acquirers and their professional advisers in connection with potential or actual sale or restructuring of our company or any of our assets, or those of any associated company, in which case personal data held by us about our users may be one of the transferred assets.
We will also respond to requests for personal data where required by or permitted to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us, in each case anywhere in the world.
We place great importance on the security of all personal data associated with our users. We have adopted security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access. For the best possible protection of your personal data outside the limits of our control, your device should be protected (such as by updated antivirus systems) and your internet service provider should take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
While we take all reasonable steps to protect your personal data, we cannot guarantee that the personal data you disclose to us will be 100% secure, nor that any data breach will not occur.
You accept the inherent security implications of dealing on-line over the Internet and will not hold Gucci, Kering or their processors responsible for any data breach unless it is due to our negligence.
8. Retention of Your Personal Data
Our general approach is to retain your personal data only for as long as required to fulfil the purposes for which it was collected. We generally retain your personal data for 5 years from the last contact you initiated with either Gucci or Kering. Last Contact shall be defined as the last contact initiated by the customer and traceable by our systems or a sales associate.
As examples of such contacts there could be the last time a call, sales email, or meeting was proposed to you to which you responded favorably by, for instance clicking on the link to our website included in the email or attending an appointment in one of our stores. Opening an email from Gucci or Kering would not qualify as Last Contact. Clicking on a link included in an email would.
We apply reasonable technical and other security measures to protect your Personal Data and keep it confidential.
However, in some circumstances we may retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time corresponding to the applicable statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
9. Your Rights
You have the following rights with respect to your personal data:
• Right to withdraw consent - where applicable, you have the right to withdraw your consent at any time. For example, if you wish to opt-out of receiving electronic marketing communications, you can change your settings in your account on the Website, use the 'unsubscribe' link provided in our emails or text the STOP number in our SMS, or otherwise contact us directly and we will stop sending you communications.
Right of access, rectification and erasure - you have the right to request access to and obtain a copy of any of your personal data that we may hold, to request correction of any inaccurate data relating to you and to request the deletion of your personal data under certain circumstances. You can see and update most of this data yourself online, or by contacting us directly at email@example.com
• Right of data portability - Under certain conditions, you have the right to receive all such personal data which you have provided to us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
• Right to restriction of processing - you have the right to restrict our processing of your personal data where:
o you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
o the processing is unlawful but you do not want us to erase the data;
o we no longer need your personal data for the purposes of the processing, but you require such data for the establishment, exercise or defence of legal claims; or
o you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether we have overriding compelling legitimate grounds to continue processing.
Where personal data is subject to restriction in this way, we will only process it with your consent or for the establishment, exercise or defence of legal claims.
• Right to object to processing justified on legitimate interest grounds - where we are relying upon legitimate interest to process personal data, then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a justification for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
• Right to object to processing for marketing purposes - where we process personal data for direct marketing purposes, then you have the right to object to that processing at any time.
You also have the right to lodge a complaint with your local supervisory authority if you consider that the processing of your personal data infringes applicable law or the CNIL, as Kering Lead Supervisory Authority under the GDPR: COMMISSION NATIONALE DE L'INFORMATIQUE ET DES LIBERTÉS, 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, Tel: +331 53 73 22 22.
For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data please contact firstname.lastname@example.org
Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavour to respond to your request as soon as possible and in any case within the applicable timeframes.
10. Changes to this Policy
We may occasionally change this Policy, for example, to comply with new requirements imposed by the applicable laws or technical requirements. We will post the updated Policy on the Website. We may also notify you in case of material changes and seek your consent to those changes, where required by applicable law. If your personal information may be processed for a new purpose not described in this Policy, or may be transferred to a different class of recipient, we will seek your consent. You are thus encouraged to periodically review this page.