Missoni S.p.A., as the Data Controller (hereinafter, "Missoni" or "Data Controller") pursuant to Regulation (EU) 2016/679 (hereinafter, "GDPR") and Legislative Decree n. 196/2003 ("Privacy Code") is committed to protecting the confidentiality of the personal data of users of its website. Pursuant to art. 13 and 14 of the GDPR, the purpose of this Privacy Policy is to inform users who interact with the website www.missoni.com (hereinafter, "Website") about the purposes and means in which personal data may be processed when they simply consult it, or use the specific services that are made available. This Privacy Policy shall not be valid for other websites that may be consulted by the user through links on this Website. 

 

* * * 

 

The processing of your personal data will be based on the principles of fairness, lawfulness, transparency, purpose and storage limitation, minimisation, accuracy, integrity, and confidentiality, as well as on the principle of accountability pursuant to art. 5 of the GDPR.  

Processing of personal data means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 


1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Missoni S.p.A, in the person of its pro tempore legal representative, with registered office in Via Luigi Rossi 52, 21040, Sumirago (VA), which can be reached at privacy@missoni.com. 

The Data Protection Officer of Missoni may be contacted at the Data Controller's registered office at the above address, by writing “to the attention of the Data Protection Officer”, and/or by email at: dpo@missoni.com. 


2. PERSONAL DATA BEING PROCESSED

We inform you that the personal data being processed may consist of an identifier such as your name, identification number, location data, online identifier or one or more characteristics relating to your physical, physiological, psychological, economic, cultural, or social identity that are capable of identifying you or of making you identifiable depending on the type of services requested by you (hereinafter only “personal data”). 

 

The personal data processed through the Website are as follows: 

 

a. Navigation data 

The management of the Website involves the use of computer systems and software procedures that are used to operate the Website, which during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. 

This information includes various parameters relating to the operating system and computer environment of the user connecting to the Website, including the IP address, the location (country), the computer domain names, the URI (Uniform Resource Identifier) addresses of the resources requested on the Website, the time of the requests, the method used to send the requests to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment. 

These data are used solely for the purpose of obtaining anonymous statistical information on the use of the Website as well as to verify its correct functioning and identify any malfunctioning and/or abuse of the Website. The data is deleted after processing, unless it is necessary to identify those responsible in the event of a hypothetical cybercrime against the Website or third parties. 

 

b. Data voluntarily provided by the user 

Without prejudice to any specific information that may be available in the various sections of the Website, this Privacy Policy shall also apply to the processing of data that you voluntarily provide in the various forms contained on the Website, such as in the "Contact Us" section to send support requests to Customer Service, in which you will be asked to enter your personal data (name and surname), your contact details (e-mail address and telephone number), your order number as well as select and formulate your specific request which may possibly contain additional personal data. With reference to these types of data, we invite you to only share the personal data strictly necessary for the purposes of processing your request within the aforementioned form, thus excluding irrelevant information and / or information that may fall within the category of special categories of personal data referred to in art. 9 of the GDPR ([…] personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation). In the event of the transmission of personal data, including documents and/or images that are not pertinent or strictly necessary for the handling of the request, the Data Controller shall refrain from processing such data and shall arrange for their immediate deletion. 

 

c. Data processed for the provision of online services 

Without prejudice to any reference to specific information that may be available in the various sections of the Website, this Privacy Policy shall also apply to the processing of the data that you voluntarily provide in order to perform the services provided online, with particular reference to the following services: 

 

- creation of your personal account and access to the personal area of the Website, in the context of which your personal data (in particular, your first name, surname, date of birth), contact data (e-mail address and telephone number) and, if provided, information relating to the catalogue of your preference will be processed. During registration and access to your personal area, personal data are provided directly by you or transmitted to the Controller by third parties as autonomous data controllers. In particular, it should be noted that following your choice to create an account on the Website by linking it with your pre-existing social network account (e.g. Google, Facebook) and using the log-in button on the log-in form, these third parties, as autonomous data controllers, provide the Controller with the personal data strictly necessary for your identification (personal data and contact details). Within your personal area, in addition to the above-mentioned data, the Data Controller will also process further personal data, such as the shipping addresses you have given for purchases, information relating to the history of purchases you have made, and information relating to the payment methods you have chosen; 

 

- conclusion and execution of purchase and/or pre-order contracts (including the sending of service communications such as, email confirmation of purchase or receipt of the pre-order proposal, shipping updates, updates on the availability of products at the boutique selected for collection, management of product warranties and related accounting, payment processing, administrative and after-sales services), both as a registered user and as a guest user, whereby your personal data, contact details, details relating to the products purchased, shipping addresses of the products purchased, invoicing data and any other information relating to your purchasing experience will be processed, including also information relating to the payment methods, the data of the credit/debit card possibly used for payment and the information relating to the transaction carried out through the payment method selected by you among those available from time to time. In this regard, we inform you that pursuant to art. 14 of the GDPR, following your choice to use one of the above payment methods, the bank, PayPal, Apple and/or Google, as autonomous data controllers, will only communicate to Missoni the information relative to the fact that the payment has been made. 

 

- order status verification service, in which your order number and the e-mail address linked to your order will be processed; 

 

- return service, in which your personal details, contact details, the address where you wish to collect the returned products, the order number and information relating to the purchase and the products being returned will be processed, as well as any information relating to your purchase and return experience. The return service also includes the sending, of service communications by Missoni such as, the e-mail confirming receipt of your request for return, the e-mail accepting the return, or, if there is a decrease in the value of the returned products, the communication of the amount deducted from the refund; 

 

- the "Book an appointment" function, in which you will be asked to enter your personal information, in particular your personal and contact details, as well as possibly formulating a message for the staff which may contain additional personal data in order to arrange appointments in our boutiques; 

 

- “Wishlist" service, through which you can add items to your wish list in your personal area; 

 

- “Click & reserve" service for online booking of products to pick up from the selected boutique, where your personal data, contact details and information regarding the products booked and the selected boutique will be processed. This service also includes the sending of an email by Missoni to update you on the availability of products at the selected boutique. 

With respect to the "Store locator" service, the data controller of the data relating to your geographical location and other information processed within the scope of this service is Google (whose privacy policy is available here). 

 

Moreover, the Data Controller shall process any other information relating to your purchase, such as the type of product purchased, the date of purchase, the amount spent, information relating to the products you have placed in the Website's "virtual shopping cart" which may be processed subject to your consent in order to send you a reminder e-mail of the products placed in the cart for which the "checkout" process has not been completed (so-called "abandoned cart e-mail") as well as, in general, your purchasing choices, and your preferences for the purposes indicated below. The Data Controller will also process the information deriving from your choices to personalize the contents of the newsletter. 

 

d. Third-party data voluntarily provided by the user  

The use of the Website services may involve the processing of personal data of third parties that you have communicated to Missoni (for example, in the case of data provided in the contact form; in the personalized message that you may have inserted in the greeting card when selecting the "gift" option during purchase; etc.). With respect to these scenarios, you act as autonomous data controller, assuming all the obligations and responsibilities of the law. In this sense, you grant the widest indemnity on this point with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by the Data Controller from third parties whose personal data have been processed through your use of the Website services in violation of the applicable data protection regulations. In any case, should you provide or otherwise process personal data of third parties in the use of the Website, you warrant as of now - assuming all related liability - that this particular hypothesis of processing is, where necessary, based on the prior acquisition - on your part - of the third party's consent to the processing of information concerning him/her. 

 

e. Data processed for sending products/gifts to subjects other than the Website user 

This Privacy Policy is also provided pursuant to art. 14 of the GDPR to those who receive products/gifts purchased through the Website, and whose personal data are provided to the Controller by the user of the Website when purchasing goods for them in order for the Controller to fulfil its contractual obligations, including the shipment of the products/gifts. 

The personal data processed, in particular, are personal data (first name, last name) and contact data (e.g. telephone number, shipping address). 

 

f. Cookies and other tracking technologies 

Information on the cookies served by the Website can be found here.

 

3. PURPOSE OF PROCESSING, LEGAL BASIS AND OBLIGATORY OR OPTIONAL NATURE OF PROCESSING

Your personal data will be processed with your consent, where necessary for the following purposes: 

 

a) to allow navigation through the Website, the registration in the personal area as well as the provision of all the other services made available by the Data Controller (such as, by way of example, the online sales service, returns, the 'Wishlist' service, 'Click & Reserve', the 'Book an appointment' function, the order status check, as well as contractual and administrative-accounting relations and after-sales services, etc.), including the management of the security of the Website; 

 

b) to respond to specific requests made to the Data Controller, also in relation to post-sales, including customer service and information requests submitted by filling out the relative forms on the Website; 

 

c) to subscribe to the newsletter (the contents of which you will be able to personalise) to receive communications and information of a commercial, promotional and direct marketing nature by e-mail regarding Missoni’s services, products and offers; 

 

d) to send you direct marketing communications, including newsletters, market surveys, commercial and promotional communications, and invitations to events through automated (e-mail, SMS, instant messaging systems, Missoni’s social media channels) and non-automated (mail and telephone) contact systems. It should be noted that the Data Controller collects a single consent for the marketing purposes described herein, pursuant to the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali) Guidelines - “Linee guida in materia di attività promozionale e contrasto allo spam” of July 4, 2013; if, in any case, you wish to object to the processing of your data for marketing purposes carried out by the means indicated herein, you may do so at any time by contacting the Data Controller at the contact details indicated in paragraph 1 of this Privacy Policy, without prejudice to the lawfulness of the processing carried out prior to your objection; 

 

e) to analyze your data for profiling purposes by Missoni S.p.A, including profiling related to the sending of offers, discounts and any other benefits and promotional initiatives modelled based on your interests, purchasing behavior and propensities (e.g. purchase volumes, consumption habits and choices), including data collected online through trackers (e.g. cookies, pixel, tags, etc.) on the Missoni Website or third party websites to personalize marketing communications based on your profile, interests and purchasing propensities;   

 

 f) to send advertising material and commercial communications by e-mail and/or posted mail in relation to products or services similar to those purchased by you, pursuant to art. 130, par. 4 of the Privacy Code as well as the Decision of the Italian Supervisory Authority of June 19, 2008, unless you expressly refuse to receive such communications, which you may express when registering on the Website or on subsequent occasions; 

 

g) to fulfil any obligations under applicable laws, regulations or EU legislation, or to comply with requests from the authorities; 

 

h) to meet any defence requirements, both in and out of court. 

 

The legal basis for the processing of personal data for the purposes referred to in section a) and b) is art. 6, par. 1, letter b) of the GDPR ([...] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing operations are necessary for the provision of the services. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to access the services requested. 

 

The processing operations carried out for the marketing purposes referred to in section c), d) and e) are based on the granting of your consent pursuant to art. 6, par. 1, letter a) ([...] the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and art.  22, par. 2, letter c) of the GDPR.  

It should be noted that with reference to the sending of e-mails relating to the abandoned shopping cart, such processing may be carried out by the Data Controller only in the presence of the consents previously given by you for the purpose of receiving commercial and promotional communications by e-mail referred to in letters c) or d) above, and for the purpose of profiling referred to in letter e) above.  

The consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out prior to withdrawal, in accordance with the provisions of art. 7 of the GDPR. The provision of your personal data for these purposes is therefore entirely optional and does not affect the use of the services. Should you wish to object to the processing of your data for marketing and/or profiling purposes, you may do so at any time by contacting the Controller and/or the DPO at the contact details indicated in paragraph 1 of this Privacy Policy. 

 

With reference to the purpose referred to in section f), it should be noted that if the Data Controller uses the e-mail or posted mail details provided by the data subject for the purpose of direct sales of its products or services, pursuant to Section 130, par. 4 of the Privacy Code, the Data Controller does not need to request consent, provided that the products or services in question are similar to those being sold and that the data subject, having been adequately informed, does not refuse such use, either initially or in connection with subsequent communications.  

 

The purpose referred to in section g) constitutes lawful processing of personal data within the meaning of art. 6, per. 1, let. c) of the GDPR ([...]processing is necessary for compliance with a legal obligation to which the controller is subject). Once the personal data has been provided, in fact, the processing is indeed necessary to comply with legal obligations to which the Controller is subject. 

 

The processing referred to in section h) is carried out for the purpose of pursuing the legitimate interest of the Controller pursuant to art. 6, par. 1, letter f) and 9, par. 2, letter f) of the GDPR, since once personal data has been provided, the relevant processing may become necessary in order to establish, exercise or defend a right in court or whenever the judicial authorities exercise their functions. 

 

4. RECIPIENTS OF PERSONAL DATA

For the purposes set out in section 3 of this Privacy Policy, your personal data may be shared with: 

 

1. persons authorised by the Data Controller to process personal data pursuant to art. 29 of the GDPR and art. 2-quaterdecies of the Privacy Code (e.g. sales, administration and accounting staff, after-sales service, CRM, information systems management, etc.); 

2. third parties who, in providing their services (e.g. technology services, accounting, administrative, legal, tax and financial assistance and consulting services, hosting providers, technical maintenance service providers, marketing and communication service providers, transport services, etc.), typically act as data processors pursuant to art. 28 of the GDPR. The Data Controller keeps an up-to-date list of the appointed data processors and guarantees that the data subject will be able to view it at the offices indicated above or by sending a written request to the Controller at the addresses indicated in paragraph 1 of this Privacy Policy; 

3. subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities; 

4. companies of the Missoni business group, as autonomous data controllers, for administrative-accounting purposes on the basis of our legitimate interest pursuant to art. 6, par. 1, let. f) and recitals 47 and 48 of the GDPR. 

 

These subjects are hereinafter collectively referred to as "Recipients".  


5. TRANSFERS OF PERSONAL DATA

The personal data provided through the Website will be processed and stored in the Data Controller's information systems, whose servers are located within the European Economic Area. However, some of your personal data may be shared with Recipients located outside the European Economic Area. In such cases, the transfer will take place in compliance with the conditions indicated in articles 44-49 of the GDPR, such as, the adoption of Standard Contractual Clauses approved by the European Commission, the selection of subjects adhering to international commitments for the free movement of data or operating in countries considered adequate by the European Commission in compliance with Recommendations 01/2020 adopted on 10 November 2020 by the European Data Protection Board.  

Further information is available by sending a written request to the Data Controller and/or or the DPO at the contacts indicated in paragraph 1 of this Privacy Policy. 


6. STORAGE OF PERSONAL DATA

Your personal data will be collected and stored in accordance with the principles of minimisation and storage limitation as referred to in art. 5.1.c) and e) of the GDPR, also while guaranteeing the necessary security measures to prevent data loss, illegal or incorrect use and unauthorised access.  

The personal data processed for the purposes referred to in sections a) and b) of paragraph 3 of this Privacy Policy shall be retained for a period strictly necessary to achieve those same purposes, i.e., the period required to perform the contract, or to provide legal or contractual guarantees in accordance with the retention periods required by law.  

For the purposes of direct marketing referred to in sections c) and d) of paragraph 3 of this Policy, your personal contact data will be processed until you object or withdraw your consent. Please also note that your personal data processed for profiling purposes as referred to in section e) of paragraph 3 of this Policy and personal data relating to your profile processed for the purpose of sending personalized commercial and promotional communications will be kept for these purposes for a period of time not exceeding seven years from their collection and/or registration, after which the Company automatically deletes your personal data, or transforms them into anonymous data in a permanent and non-reversible manner, unless you withdraw consent or object to the processing before the expiry of this period. 

 

In general, the Data Controller reserves the right, in any case, to keep your data for the time necessary to comply with any regulatory obligation to which it is subject or to meet any defensive needs. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access. 

  

Further information on the data retention period and the criteria used to determine this period may be requested by sending a written request to the Data Controller and/or the DPO at the addresses indicated in paragraph 1 of this Privacy Policy. 

 

7. AUTOMATED DECISION-MAKING PROCESSING

Missoni does not use automated decision-making processes without your consent, including profiling as referred to in art. 22, par. 1 and 4 of the GDPR. If you consent to profiling, the data you provide may be used to analyze or predict your likes and dislikes in order to customize the content of marketing communications and offer you personalized products and services. In particular, the analysis may include the number, type, value and regularity of product purchases made over a 7-year period. As a result of this analysis, which may also be carried out automatically, you may be classified in one or more groups with different characteristics and receive communications that Missoni considers personalized to your tastes and preferences. For example, if within a 7-year period, you only purchase certain types of products for a certain value, you may receive future marketing communications about similar products in a similar price range. Conversely, you may receive fewer communications and promotions about other types of products if you have not purchased them during the relevant period, as the system assumes that these are not products that you can be interested in. Regarding this data processing activity, Missoni has conducted a specific data protection impact assessment prior to its commencement to ensure that profiling is carried out with neutrality, accuracy, efficiency and without harmful consequences to the data subject. As required by art. 22, par. 3, of the GDPR, the Data Controller implements the most appropriate measures to protect your rights and freedoms also in the case of profiling, in addition to any further and legitimate right as better explained within the following section 8 of this Privacy Policy. 



8. RIGHTS OF THE DATA SUBJECT

You, as data subject, may assert your rights and/or request information on the processing of your data by contacting the Data Controller or the DPO at the addresses indicated in section 1 of this Privacy Policy, preferably by including "Request to exercise privacy rights" in the subject line of the communication. 

In particular, you may at any time exercise the following rights: 

 

- right to withdraw any consent given (art. 7 of the GDPR) - You have the right to withdraw any consent given at any time, without prejudice to the lawfulness of the processing carried out prior to the withdrawal; 

- right of access (art. 15 of the GDPR) - You have the right to obtain confirmation as to whether or not personal data relating to you are being processed, as well as the right to receive any information relating to such processing; 

- right to rectification (art. 16 of the GDPR) - You have the right to obtain the rectification of your personal data, should they be incomplete or inaccurate; it should be noted that with respect to personal data collected through audio and video recording systems, the right to rectification cannot be exercised in practice in view of the intrinsic nature of the data collected which relate to an objective and determined fact; 

- right to erasure (art. 17 GDPR) - in certain circumstances, you have the right to obtain the erasure of your personal data in our archives; 

- right to restriction of processing (art. 18 GDPR) - under certain circumstances, you have the right to obtain the restriction of the processing of your personal data; 

- the right to portability (art. 20 of the GDPR) - you have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain in a structured, commonly used and machine-readable format the data concerning you; 

- the right to object (art. 21 of the GDPR) - You have the right to make a request to object to the processing of your personal data in which you give evidence of the reasons justifying the objection; the Controller reserves the right to assess this request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms. You also have the right to object, at any time and without justification, to the sending of commercial, promotional and direct marketing communications, including newsletters, market surveys, invitations to events through automated and non-automated contact systems, including profiling insofar as it is related to such direct marketing. With regard to this type of communication, this is without prejudice to the possibility of exercising this right also in part, i.e. by opposing, for example, only the sending of promotional communications by automated means. We also inform you that you have the right to object to profiling at any time and without justification; 

- the right to lodge a complaint with the Supervisory Authority (art. 77 of the GDPR) - in accordance with the procedures indicated in the paragraph below, if you believe that the processing concerning you is in breach of data protection legislation, you may lodge a complaint with the Supervisory Authority of the Member State in which you habitually reside or work, or of the place where the alleged breach occurred; 

- the right to take appropriate legal action (art. 79 of the GDPR). 


9. MODIFICATIONS

The Data Controller reserves the right to modify or simply update the content, in part or in full, also due to changes in the applicable legislation. The Data Controller therefore invites you to visit this section regularly in order to be informed of the most recent and updated version of the Privacy Policy.