AU - English

Privacy Policy

CUSTOMER AND USER PRIVACY POLICY

This information is provided in accordance with and for the purposes of the General Data Protection Regulation (EU) 2016/679 (hereinafter: "Regulation" or "GDPR"). Its purpose is to explain how the personal data of its visitors and customers (hereinafter: "Users") are collected and used

This information relates exclusively to Biffi Boutique S.p.A. and does not extend to any website other than www.biffi.com (hereinafter: "biffi.com") or to any application/platform linked to biffi.com.

 DATA CONTROLLER

The owner of the treatment of your personal data is Biffi Boutique S.p.A. (hereafter "Biffi"), an Italian company with registered office in Milan, Corso Genova, 6, 20123 Milano, VAT number: 05935720150.
 The contact details of the Data Controller are as follows: Corso Genova 6 - 20123, Milan. Tel. 02 8311 6052 and privacy@biffi.com

DATA COLLECTION

The personal data to be processed is collected via the biffi.com website or by third parties expressly authorized to do so.

The data is collected through various channels (automatic collection by the site, or collection via forms, chat, e-mail, apps, devices, social media and other means).

 PERSONAL DATA PROCESSED AND PURPOSE OF PROCESSING

Biffi.com does not process personal data relating to minors. By accessing biffi.com and using the services offered, the user declares to be of legal age.

Users' personal data are processed within the scope of the activities and for the purposes specified below:

 

1.               Conclusion and execution of purchase contracts.

In order to process and execute purchase orders, we ask users to provide us with some common personal data such as, for example, personal information (first name, last name and tax code), contact data (e-mail address, telephone number, delivery and billing address); any further data necessary for the execution of purchase orders.

The data provided are processed by us for the purpose of order management, within the scope of activities such as, for example, payment, anti-fraud prevention, shipping, management of any returns, customer service, for the execution of administrative- accounting activities related to order management and for the fulfilment of obligations under applicable law.

 

2.               Newsletter subscription and commercial/promotional communications

Following the subscription to the newsletter, we process the e-mail address, the country of belonging and the genre of interest (compulsory data for subscription) and any further optional data (such as name and surname, telephone number) that users give us for a personalization of the offers, in order to carry out the requested service, i.e. the sending of commercial or promotional communications, regarding offers and promotions, updates, events. Promotional material can be sent through e-mails, SMS, mms and instant messaging for services and products of Biffi or third parties. Biffi may also carry out, for the same services and products, direct marketing activities by telephone or carry out its own market research via e-mail. It is understood that we will only contact you on the contact details that you provide us with.

To send communications of real interest, we may divide the subscribers into macro-categories based on raw data (such as location and gender - so-called Classification) and without any further processing.

Such processing is carried out for the following purposes:

-           as for the subscription to the newsletter ", the purpose is to send the interested party promotional material through e-mail, SMS, mms and instant messaging for services and products of Biffi or third parties; to carry out, for the same services and products, direct marketing activities by telephone; as well as to send promotional material for the same services and products or to carry out its own market research. Legal basis is therefore Art. 6 (1) (a) Regulation insofar as the person concerned has given consent and provided data for these contact methods.

-           regarding classification, the purpose is to subdivide the Data Subjects, within our database, into macro-categories based only on raw data (e.g. age range, gender, area of residence) and provided that the Data Subjects do not object. The legal basis for such processing is, therefore, Article 6 (1) (f) of the Regulation, as it is necessary to pursue our legitimate interest in carrying out promotional activities in compliance with the principle of data minimization.

You may at any time revoke your consent to receive such communications or exercise your right to object to classification by clicking on the unsubscribe link at the bottom of the e-mails or contact our Customer Service by sending an e-mail to support@biffi.com.

 

3.               Registration on biffi.com

In order to register on the site, we ask the user to provide a series of compulsory common data (such as: personal data (first name, last name, gender); contact data (e-mail address); other necessary data for registration (password) ], plus any other optional data (e.g. date of birth, telephone number, shipping and billing address), which are processed to create and manage a personal profile useful to speed up the purchase process, to view the status of orders placed and any returns.

The user is solely responsible for the truthfulness and correctness of the information and data provided to biffi.com and agrees to promptly communicate any changes to previously communicated data.

Following registration to the site, we may process e-mail address, first name and last name and gender (mandatory data for registration) and any additional optional data (such as date of birth) that users provide us with to personalize offers, to send promotional communications regarding our products and services like those for which the user has shown interest (so-called soft spam). It is understood that, to send communications of actual interest, we may divide the registrants of the website into macro-categories based on raw data (such as location and gender - so-called Classification) and without any further processing. The legal basis for both processing operations is, therefore, Article 6 (1) (f) Regulation, insofar as it is necessary to pursue our legitimate interest in carrying out promotional activities in compliance with the principle of data minimization and as long as the user does not object.

If you give your specific consent and until you revoke it, we may process your personal data for the following additional purposes

-                  in the case of consent to receive the newsletter, to send the interested party promotional material via e-mail, SMS, mms and instant messaging for Biffi or third-party services and products; to carry out, for the same services and products, direct marketing activities by telephone; to send promotional material for the same services and products or to carry out its own market research via e-mail;

-                  in case of consent for profiling activities, to carry out analysis activities, through automated tools, of the consumption habits and use of services by the interested parties (Profiling). This processing will involve the analysis of correlations and trends between the information collected and the analysis of activities carried out, purchases and the use of services offered by Biffi. Such processing is aimed at sending personalized promotional material based on the habits of the interested party and will in no case result in discrimination or negative effects for the interested party. This activity also allows Biffi to evaluate its services and products, allowing them to be improved, making them more efficient and usable for the interested party.

It is understood that, in these two cases, the legal basis of the processing is Article 6 (1) (a) of the Regulation, since the Data Subject has given his consent.

Users may give/revoke the afore mentioned consent at any time by accessing their personal profile and selecting/deselecting the appropriate flags or contacting our Customer Service by sending an e-mail to support@biffi.com. Consent to the sending of promotional material may also be revoked or by clicking on the unsubscribe link at the bottom of the e-mail.

To cancel and request the deletion of the data provided, the user may contact our Customer Service or send an e-mail to support@biffi.com.

 

4.               Navigation

The website biffi.com automatically collects (also from third-party systems integrated into biffi.com) some non-sensitive information, including: IP addresses or domain names of the devices used by the user who connects to the site, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to forward the request to the server, the size of the file in response, the code indicating the status of the response from the server, the state of origin, the connotations of the browser and operating system used by the user, the time references of the visit (for example the time spent on each page) and details regarding the path followed within the site.

The collection of this data, which may also be processed - in anonymous form - for statistical purposes, is functional to enable access to the site and its services, as well as to allow us to monitor its functionality to optimize the browsing experience and to improve our services and our offer.

 

5.               Cookies

The biffi.com website makes use of cookies. For further information on this point, please refer to the relevant section of the Cookie Policy.

PROCESSING METHODS AND ACCESSIBILITY

For Biffi, the privacy and security of its users' personal data is very important to us. Therefore, we collect and handle personal data with the utmost care and take specific measures to keep it safe.

We process personal data mainly by means of computerized and electronic tools; the tools we use guarantee high security standards, in compliance with current legislation.

Personal data can be accessed by persons and companies in the following categories:

- employees, collaborators and other authorized persons (pursuant to Article 29 of the Regulation).

- parties that need access to the data to fulfil their contractual obligations: consultants; companies that provide banking, financial and insurance services; parties that carry out printing, transmission, enveloping, transport and sorting of communications to customers; couriers and postal operators; advertising, digital, marketing and social media agencies; parties that provide IT services appointed as data processors (pursuant to Article 28 of the Regulation) or independent data controllers.

Some of these entities may also be based in countries outside the EU and, in these cases, the transfer of your personal data to these countries is carried out in compliance with the guarantees provided by law.

In particular, the transfer of personal data to countries that do not belong to the European Union and that do not ensure an adequate level of protection (as established in specific decisions of the European Commission) will only be carried out after the conclusion of specific agreements between the data controller and these subjects, containing safeguard clauses also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between you and the data controller (for the purchase of goods offered on our Site, for the registration to the Site or the use of services on the Site) or for the management of your requests.

Personal data may be communicated to the competent authorities according to the applicable legislation.
 Personal data will not be disseminated.

The updated list of data processors can be requested by e-mail at privacy@biffi.com.

 

DATA RETENTION PERIOD

Data processed for the performance of contractual services are retained for the period required by tax and civil law, also for the purpose of handling any disputes.

Data required to fulfil legal obligations are kept for the period stipulated by the applicable legislation.

The data collected as part of the subscription to the newsletter or otherwise processed as part of the marketing activities connected with the registration to the site are respectively stored until the objection or revocation of consent. It is understood that objection and revocation may be exercised at any time.

 

RIGHTS

The user has numerous rights, listed below:

- the right to obtain access to and rectification of personal data (Articles 15-16 of the Regulation).

- where provided for by the legislation, the right to obtain their deletion (right to be forgotten, Art. 17 of the Regulation),

- the right to obtain the restriction of processing concerning him/her (Art. 18 of the Regulation),

- the right to data portability (Art. 20 of the Regulation),

- the right to object to their processing in the cases provided for by the legislation (Art. 21 of the Regulation).

- in the case of processing based on consent, the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent subsequently withdrawn (Art. 7 of the Regulation).

Users can request to exercise their rights by contacting the data controller at the following addresses:
Biffi Boutique S.p.A. Corso Genova 6 - 20123, Milan and privacy@biffi.com.

In the event of processing that the user considers to be in breach of the law, the user has the right to lodge a complaint with the supervisory authority which, for Italy, is the Garante per la protezione dei dati personali. Alternatively, the user may lodge a complaint with the competent authority of the EU State where he/she normally resides, or where he/she carries out his/her work, or where the alleged infringement occurred.

 

SUPPLIERS PRIVACY POLICY

 

This information is provided pursuant to and in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter: "Regulation" or "GDPR"). Its purpose is to explain how the personal data of our suppliers (and relevant contact personnel) is collected and used.

 

Data Controller

The data controller is Biffi Boutique S.p.A., with headquarters in Corso Genova, n. 6, 20123, Milan (Italy), p.i. n. 05935720152. If you have any requests regarding the processing of your Personal Data, you can write to us at privacy@biffi.com.

 

Purpose and legal basis of processing

All personal data that you will be asked to provide us with or that will be voluntarily provided by you will be processed for the purposes of:

(a) managing our contractual relationship - legal basis: Article 6.1.b of the GDPR - processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual activities undertaken at the data subject's request.

(b) to comply with any laws, regulations, EU provisions, provisions issued by any competent authorities and/or other supervisory authorities, as well as to fulfil any obligations arising from the contractual relationship (such as, for example, accounting, salary, social security, occupational safety, tax obligations) - legal basis: Article 6.1.c of the GDPR.

(c) if it is necessary for the establishment, exercise or defence of its rights through legal proceedings or if it is necessary to comply with a request from a judicial authority - legal basis Art. 9.2.f. of the GDPR.

 

Nature of data provision.

The provision of the data required for the execution of the contractual relationship is obligatory. iThe provision of any further data is, on the other hand, optional.

 

Categories of persons to whom the data may be disclosed

We will share your personal information with third parties where required to do so by law, where it is necessary to manage our relationship with you and your company or where we have another legitimate interest in doing so. For example (but not limited to) your personal information will be made accessible to those charged with the execution of the contractual relationship and to public and private entities in fulfilment of specific legal obligations.

 

Data retention period

Data will be retained for administration, accounting, payroll, contract management and labour law, and the management of any litigation, in compliance with applicable law.

 

Exercise of rights by the data subject.

Pursuant to Article 13(2)(b) and (d) and Articles 15 to 23 of the GDPR, we inform you that, under the GDPR, the data subject has the following specific rights, to the extent applicable:

a) be informed about the collection and use of their personal data.

(b) have access to their personal data at no cost.

c) obtain the correction or completion of inaccurate or incomplete personal data.

d) under certain conditions, obtain the restriction or deletion of personal data.

(e) obtain and re-use their personal data for their own purposes within different services when the processing is under contract or consent and is performed automatically ('right to data portability').

f) under certain conditions, object to the processing of their personal data.

(g) lodge complaints in relation to the collection and processing of personal data before the competent supervisory authority - consult the relevant information at www.garanteprivacy.it.

(h) where the processing is based on consent, withdraw such consent at any time, without prejudice to processing lawfully carried out based on the consent then withdrawn.

The exercise of rights is not subject to any formal constraints and is free of charge. To exercise any of the above rights, you may write to the following e-mail address privacy@biffi.com