Legal Area

Privacy policy

Information on the processing of personal data pursuant to articles 13 and 14 of regulation (EU) 2016/679.

Interested parties: users and customers of the website www.moschino.com of "AEFFE SPA".

WHY THIS INFORMATION?

Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation", or "GDPR"), this page describes the methods of processing of personal data of users and customers of the website of "AEFFE SPA" accessible electronically at the following address: www.moschino.com This information does not concern other sites, pages or online services that can be reached via hypertext links published on this site, but which refer to resources external to the domain www.moschino.com.

DATA CONTROLLERS

Following consultation of the site or the purchase of products on the site, data relating to identified or identifiable natural persons may be processed.

  • AEFFE SPA with registered office in Via delle Querce 51 - 47842 San Giovanni in Marignano (RN), VAT number: 01928480407, Email: privacy@aeffe.com, Tel: +39 0541965211.

Aeffe SPA is the controller of your personal data relating to navigation on the site, registration on the online portal, orders placed and to respond to customer care requests received and in general to guarantee the functions available on the website; as well as, subject to your free consent, for optional marketing and profiling purposes

  • Drop Srl with registered office in Montegranaro (FM), via Sandro Pertini n.1, postcode 63812, VAT number 01383870431, E-mail: privacy@drop.it.

Drop Srl is the owner of the processing of your personal data for the sole purposes necessary to comply with the regulatory obligations in tax and accounting matters arising from purchases made at the online shop of the site.

  • Legal basis: legal obligation and contractual obligation.

DATA PROTECTION OFFICER

  • The Data Protection Officer ("DPO") for Aeffe SpA is the company Studio Paci & C. Srl (Contact Person Dr. Gloriamaria Paci) who can be contacted at the following address: dpo.aeffe@studiopaciecsrl.it, telephone: +39 05411795431, PEC: studiopaciecsrl@pec.it.
  • The Data Protection Officer ("DPO") of Drop Srl can be contacted at the following email address: dpo@drop.it.

TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING AND LEGAL BASIS

Given that personal data means any information relating to an identified or identifiable natural person, directly or indirectly (art. 4 n. 1 GDPR), that interested party means the natural person (user and/or customer of the Site) to whom the data refers and that processing means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data (art. 4 n. 2 GDPR), the personal data that Aeffe SpA processes as a result of browsing the Site are the following:

1) Browsing data

Legal basis: "data processing necessary for browsing the website" – contractual obligation – art. 6 par. 1 letter b) GDPR.

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.

Such data,necessary to navigate the Site and to use the information contained therein, they are also processed by Aeffe Sp.A. for the purpose of:

  • obtain aggregate statistical information and anonymous regarding the use of the Site (most visited pages, number of visitors per time slot or day, geographical areas of origin of visitors, etc.);
  • check the correct usability of the contents offered by the Site;
  • prevent or counter any possible computer crime, fraudulent use of the functions available on the site, also for the purpose of reconstructing security incidents and their traceability.

Duration of storage: browsing data in compliance with the principles of lawfulness, purpose limitation, data minimization, pursuant to art. 5 of the GDPR, will be retained for a period of time not exceeding the achievement of the technical purposes described above for which they are collected and processed, except for any need to ascertain crimes by the Judicial Authority.

2) Data communicated by the user

Legal basis: "data processing necessary to respond to user questions" – contractual obligation – art. 6 par. 1 letter b) GDPR.

The optional, explicit and voluntary sending of messages to the contact addresses of Aeffe SpA, private messages sent by users to institutional profiles/pages and on social media, as well as the compilation and forwarding of the forms on the owner's website, entail the acquisition of the sender's contact data,necessary to respond, as well as all personal data included in the same communications. Specific information is published on the pages of the site set up for the provision of certain services, where necessary the user's consent is collected by informing from time to time about the purposes and optional nature of the provision.

Duration of storage: The data communicated by the user are stored for the time necessary to manage individual requests, any subsequent storage for statistical purposes involves the anonymization of such data (except for any need to ascertain crimes by the Judicial Authority).

3) Registration and purchase data

Legal basis: User registration and purchase - contractual obligation - art. 6 par. 1 letter b) GDPR. Invoicing and tax and accounting obligations - legal obligation - art. 6 par. 1 letter c) GDPR.

Registration on the portal is a prerequisite for correct identification in anticipation of and in the face of a purchase. Registration will allow you to create your own user profile without having to re-enter your data for subsequent purchases. Your data relating to your residential address, any shipping address (if different from your residence), your tax code if required by law, and your purchase history will be stored in the user profile. You may request the cancellation of your user profile at any time. It is possible to make an online purchase even without registering on the portal; your data will be processed exclusively for your correct identification, to allow you to make a purchase and ship in accordance with the general conditions of sale, and to allow invoicing in accordance with the law.

Information on the processing of first level data is available in the specific information available in the registration and purchase form.

4) Data acquired through cookies and other tracking systems

Use is made of:

  • technical cookies necessary for user navigation, facilitate correct navigation of the site and the usability of the contents by the user. Legal basis: "contract as functional and necessary";
  • analytical cookies used to process aggregate statistical analyses on the use and interaction with the site by the user. Subject to the user's consent. Legal basis: "consent";
  • profiling cookies allow us to collect information about the preferences expressed by the user during navigation and to process reports intended to be used for targeted advertising and marketing campaigns. Legal basis: "consent".

For analytical and profiling cookies, consent to the processing of personal data, pursuant to art. 6, par. 1 letter a) GDPR, is expressed by the interested party by clicking on the acceptance button for all cookies or by managing the available preferences by clicking on the customization button, in accordance with the provisions of the "Cookie Guidelines and other tracking tools" attached to the Provision of the GPDP (Guarantor for the Protection of Personal Data) no. 231 of 10.06.2021.

Information on data processing, purpose, duration and complete management of cookies, including their consent and revocation, are available in the "Cookie Policy" document also present in the footer.

5) Direct marketing

Legal basis: consent of the interested party – art. 6 par. 1 letter a) GDPR.

By entering the personal data (identification and contact) requested in the forms that require the release of consent for direct marketing activities (including registration for the newsletter), the User declares that he/she has read this information, and gives his/her optional consent to the processing of personal data for marketing activities. In addition to the data communicated by the User, Aeffe SpA also acquires the date and time of sending the form, the page of origin, as well as the IP address of the device used to register the consent. The data communicated and in any case acquired by Aeffe SpA are functional to receive periodic communications via e-mail containing information regarding new products on sale at the e-commerce site, events and promotions (marketing purposes) of Aeffe SpA. In relation to the sending of promotional material to your email address, they may form interactions with the communications transmitted are also processed (e.g. email opening rate, any clicks on links and/or banners and/or buttons)

6) Profiling

Legal basis: consent of the interested party – art. 6 par. 1 letter a) GDPR.

By entering the personal data (identification and contact) requested in the forms that require the release of consent for profiling, the User declares that he/she has read this information, that he/she is over 16 years of age and gives consent, however optional, to the processing of personal data for profiling activities. In addition to the data communicated by the User, Aeffe SpA also acquires the date and time of sending the form, the page of origin, as well as the IP address of the device used to register the consent. As a result of the specific consent given to the profiling activity, Aeffe SpA acquires a series of data and information suitable for revealing consumer habits and lifestyles based on the preferences demonstrated by the User in interacting with the pages of the Site, the products purchased and with the contents of the communications received from Aeffe SpA. These data, associated with each other, contribute to defining, through the insertion into clusters, i.e. into groups of Users distinguished on the basis of the preferences demonstrated, the User's profile and are functional to receiving personalized communications based on the membership profile. In relation to the sending of promotional material to your email inbox, interactions with the communications transmitted may also be processed (e.g. email opening rate, any clicks on links and/or banners and/or buttons).

7) Further data acquired by the Data Controller

Subscribing to the newsletter, any request to receive personalized commercial communications and also the interaction with the pages of the Site which the User can reach also through social networks, as a result of the marketing campaigns promoted by Aeffe SpA which determine the redirection to a specific page (so-called "landing page"), allows Aeffe SpA to acquire other data in addition to those communicated by the Users, such as, for example, the date and time of opening of the e-mails containing newsletters and commercial communications, the contents of interest and therefore the preferences demonstrated by the recipients. Such data are functional to the establishment of a relationship with customers and also to the sending of news and/or information selected on the basis of the preferences demonstrated. For the purposes set out above, the legal basis that legitimises the processing is represented by the consent to processing, pursuant to art. 6, par. 1 lett. a) GDPR, expressed by the interested party by clicking on the relevant boxes in the form intended for registration to the newsletter and the request to receive personalised communications. Further details about the processing of data communicated by Users, the legal bases and the methods of processing are available in the complete information of the data acquisition forms of the marketing campaigns

8) Social Media Policy

Information about the processing of personal data carried out through the Social Media platforms used.

For information on the processing of personal data carried out by the managers of Social Media platforms, please refer to the information provided by them through their respective privacy policies. Aeffe SpA processes the personal data provided by users through the pages of dedicated Social Media platforms, as part of its corporate promotion and advertising purposes, to manage interactions with the users themselves (comments, public posts, messages, sharing, etc.) in compliance with current legislation on the protection of personal data and this information; where necessary, the user's consent is collected, informing each time about the purposes and optional nature of the provision. Personal or "sensitive" data included in comments or public posts within social media channels may be removed.

9) Customer Care

Legal basis: contractual obligation - art. 6 par. 1 letter b) GDPR.

Management and responses to any reports, requests for post-sale information (including order status and tracking), purchase assistance, returns, refunds, order cancellations and complaints submitted by the Customer, in compliance with the general conditions of sale.

OPTIONAL PROVISION OF DATA AND REVOCABILITY OF CONSENT

Except for navigation data acquired automatically, the provision of personal data is always voluntary and optional, even if any refusal to communicate may prevent the sending of messages, requests for information or assistance, as well as the submission of any complaints, reports and requests for assistance in general. Even consent to data processing, where required, is optional but necessary in the event that the interested party wishes to subscribe to the newsletter and/or receive personalized commercial communications. complete information on data processing is available in the information attached to the aforementioned forms, to which reference is made. The right to withdraw consent to the processing given, both for marketing and profiling activities, is recognized at any time to the interested party and can be exercised by accessing your personal area, after registering, or by using the unsubscribe function present at the bottom of the commercial communications received and/or profiling or by sending a communication to privacy@aeffe.com .

PERSONAL DATA OTHER THAN THOSE IDENTIFIED IN THE CONTACT FORMS

Since the contact forms on the pages of the Site contain free text fields or allow in some cases the sending of files, the User is invited to verify the personal data that he intends to share, avoiding communicating the socalled particular data, i.e. data suitable to reveal the political opinions, religious or philosophical beliefs, health status, sexual life or sexual orientation of the person. With regard to such data, if Aeffe SpA believes that the communication has occurred by mistake or does not consider it necessary to process the request received, it will not take it into account and/or will proceed to their immediate cancellation.

PERSONAL DATA RELATING TO OTHER PERSONS (OTHER THAN THE INTERESTED PARTY)

For the same reasons explained above, the contact forms and files sent in attachment may in fact contain personal data relating to other interested parties (for example, in the case in which the order is requested to be shipped to a person other than the buyer). In the event that the User decides to communicate such data, he/she assumes full responsibility for it, even through delegation of the interested party.

DATA RETENTION PERIOD

in compliance with the principle of limitation of conservation pursuant to art. 5 GDPR, the data are stored for the time strictly necessary to achieve the purposes described above. In particular:

  • in the event of registration on the portal, your data will be retained until you cancel your user account or following a period of inactivity of 5 years.
  • data relating to optional purposes (4. Direct Marketing - 5. Profiling) are retained until the consent is revoked, which can be requested either by accessing your personal area, or through the automatic methods present in the emails, or by sending the request to the contact details of the Data Controller. At the end of 2 years from the acquisition of consent, a communication will be sent to the contact channels provided to allow the revocation of consent or its continuation.
  • for activities carried out in execution of a contract or pre-contractual measures adopted at the request of the interested party, pursuant to art. 6, par. 1, letter b) GDPR, the data are retained for the entire duration of the contract; for example, for registration on the portal, your data will be retained until your eventual cancellation of the user account or following a period of inactivity of 5 years. If you have made a purchase, the same may be retained for a period of time in compliance with the obligations prescribed by the laws in force, for example on the basis of tax legislation for at least 10 years.

However, the Data Controllers retain the right to retain the data for a longer period than that indicated above in order to ascertain and/or defend your rights in court (for example in the case of complaints). In such cases, the retention times are those related to the aforementioned defensive needs and the terms may coincide with the forfeiture and prescription periods provided for by law

DATA RECIPIENTS

The recipients of the data collected following the consultation of some of the services listed above are some subjects designated by the Data Controllers pursuant to Article 28 of the Regulation, as data controllers, and other additional service providers in the field of web agencies, digital communication, system assistance, social networks in the field of data collection through marketing campaigns and any other digital service providers for which it is possible to request the complete list by writing to privacy@aeffe.com and privacy@drop.it. Some data and information may be transmitted or acquired by subjects identified as independent data controllers, including thirdparty companies such as managers of the payment methods chosen by the interested party (e.g. PayPal, Scalapay, Klarna), data relating to cookies that are usually anonymized before sending, for statistical purposes. The personal data collected are also processed by the personnel of the Data Controllers who act on the basis of specific instructions provided by the owners regarding the purposes and methods of the processing itself.

SECURITY OF TREATMENT

The personal data transmitted and stored for the time necessary for the declared purposes are protected by specific technical and organizational security measures in reference to art. 32 of the Regulation, capable of guaranteeing on a permanent basis the confidentiality, integrity, availability, as well as the ability to promptly restore the availability and access to personal data in the event of a physical or technical incident, even in the face of the risks of destruction, loss, modification, unauthorized disclosure or access, in an accidental or illicit manner, to personal data transmitted, stored or otherwise processed. The communication of data via the web is protected by SSL encryption of the communication channel, the compilation of the contact forms on the Site is protected by Google's "ReCaptcha" system which allows distinguishing between so-called "human" and automated access in order to prevent "robotic" systems from simulating the insertion of non-human data. attributable to a person with the intention of compromising the functionality of the Site.

TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

Aeffe SpA uses the hosting provider Amazon.com, Inc., located in the USA, a non-EU country. Aeffe SpA has verified the existence of adequacy decisions for the recipient country by the Commission, with particular reference to the registration of the supplier in the Data Privacy Framework (adequacy decision of 10/07/2023, pursuant to art. 45 of the GDPR, "EU-US Data Privacy Framework".). Other guarantee measures for the transfer to the recipients, depending on the case, may be: signing standard contractual clauses, verification of the adoption of any additional measures in implementation of recommendation 01/2020 EDPB. In derogation of these guarantees, for data processing (in ref. of art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favor of the interested party or consent to the transfer is verified. Your personal data of which Drop Srl is the Data Controller are processed by Drop Srl within the European Union and are not transferred to other non-EU countries.

RIGHTS OF INTERESTED PARTIES

The exercise of rights is guaranteed by both data controllers, respectively for the purposes of their competence, by writing to the contact details indicated above. The interested parties have the right to obtain, in the cases provided for, access to their personal data, rectification, cancellation of the same, limitation of the processing that concerns them, portability, or to oppose the processing and to withdraw consent (where used as a legal basis) in reference to articles 15 to 22 of the Regulation). The request is presented through the contact details of the Owners. To exercise your rights, you can also use the form provided and available on the website of the Data Protection Authority at this link:

  • https://www.garanteprivacy.it/web/guest/home/docweb/-/docwebdisplay/docweb/9038275.

RIGHT TO COMPLAIN

Interested parties who believe that the processing of their personal data carried out through this site is in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation). The form for lodging a complaint is available on the website of the Data Protection Authority at this link:

  • https://www.garanteprivacy.it/home/docweb/-/docweb display/docweb/4535524