Database Privacy Policy

Database Privacy Policy
Questions about shipping and returns? Read our FAQs.

REASONS FOR THIS POLICY

This privacy policy (the “Privacy Policy”) contains important information on the personal data that is collected when visiting this Website, the other brand websites of the Company and their respective official social network pages (collectively, the “Websites”), as a registered or unregistered user, and describes how such data is used. Where applicable, it also explains how the data provided by the user or collected during visits to the stores directly managed by the Company or by its affiliated companies (the “Stores”) or to the points of sale managed by its business partners (the “Points of Sale”), or during other contacts with the Company, is processed. This policy is supplementary to any other information that may have been received in such other circumstances.

 

This document contains important information on the following:

1.      PROCESSING OF PERSONAL DATA. 

2.      COLLECTED PERSONAL DATA. 

3.      PURPOSES OF PERSONAL DATA PROCESSING. 

4.      COMMUNICATION OF PERSONAL DATA. 

5.      PROTECTION OF MINORS' PRIVACY. 

6.      STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA. 

7.      SECURITY AND CONFIDENTIALITY OF PERSONAL DATA. 

8.      RIGHTS OF ACCESS TO PERSONAL DATA - MANAGEMENT OF CHOICES. 

9.      PRIVACY RIGHTS PROVIDED for CALIFORNIA citizens. 

10.    DATA RETENTION. 

11.    COOKIE POLICY AND SIMILAR PROCESSES. 

12.    LINKS, ADVERTISERS, SPONSORS AND ADVERTISING. 

13.    DATA CONTROLLER, DATA PROTECTION OFFICER: COMPANY CONTACTS.  

14.    UPDATES TO THIS POLICY - COMMUNICATIONS. 

 

ACCEPTANCE

By visiting the Website, using its services, or interacting with the Company, its Points of Sale, Stores, and/or Websites, the user confirms that they have read and understood this Privacy Policy and agree that the Company may collect, use, store, transmit, and disclose the personal data collected through the Websites, the Stores, and/or the Points of Sale in accordance with this Privacy Policy. Except in cases where the user is already registered, the Company may require the user to provide their consent (for example, by ticking a box), where it deems it appropriate to safeguard their rights or where required by applicable laws. If the user does not accept the conditions of this Privacy Policy, they are requested not to visit this Website, not to create an account, and not to otherwise use this Website or send personal data to it, or not to provide their consent when such option is offered to them under applicable laws.

 

1. PROCESSING OF PERSONAL DATA

In this Privacy Policy, the term “Personal Data” is used to refer to any information that allows the Company to identify the user (or a third party whose data the user provides), directly or indirectly, including any information related to the purchase of goods or services, or that the user chooses to communicate to the Company or to share with it, or with third parties, while using the Websites or at the Points of Sale. The processing of personal data will be carried out in compliance with the General Data Protection Regulation (EU) 2016/679 “Reg. (EU) 2016/679” and, where applicable, with the legislation of the country in which the data is to be collected. The Company reserves the right to perform further data processing, where required by law or in the context of criminal or other investigations or proceedings.

 

2. COLLECTED PERSONAL DATA

 

2.1 Origin of data

The Company collects personal data from the user only when they voluntarily provide information, for example:

 

in the case of Brand Websites that distribute the Company's products: by placing an order through the Website(s) as a “guest”; by opening an account or modifying it; by creating a wishlist; by participating in a contest, sweepstakes, or promotion; by searching on the Website; by contacting the Company through the submission of a comment or question; by subscribing to email newsletters and updates regarding the latest products and services, store openings, events, or promotions; or by requesting to receive confirmation of an order, a shipment, or other notices;

in the case of the Company's Stores and Points of Sale: by filling out the Company's customer card, by having informal conversations during visits to the Company's Stores or Points of Sale, by interacting with it, or by purchasing products;

in the case of events: by participating in events, surveys and market research, challenges, and other promotions, including online, for example, on minisites managed by the Company on third-party social networks such as Facebook;

in the case of the Company's customer service: by requesting assistance, specific services, or after-sales support;

in the case of emails, SMS, and other electronic messages: by exchanging communications between the Company and the user.

 

If the user provides the Company with personal data of third parties (for example, family members, other customers, or potential customers), the user should ensure that such third parties are informed and have authorized the use of their data as described in this Privacy Policy.

 

2.2 Types of data

The Company may collect and use different types of personal data depending on the specific purposes pursued and described below:

  1. personal information, such as first name, last name, gender, age/date of birth, country of origin, and other personal data that applicable laws allow to be collected;
  2. contact information, such as address, email address, telephone number, mobile phone number, potential fax number, and other contact information that applicable laws allow to be collected;
  3. payment information, such as payment instrument (credit or debit card), if applicable, and passport number, where required for tax reasons or in relation to anti-money laundering legislation;
  4. sales-related information, such as data, products or services provided, place of purchase, product codes, amount, total of the sale, VAT number, complaints, returns, refunds, or other sales-related information that applicable laws allow to be collected;
  5. habits and profiles, such as data concerning purchases (purchase history, including the store where the purchase was made, type, quantity, and price of the products purchased), information on activities and initiatives related to customer relationship management (date and categories of such actions taken or to be taken and their results), purchasing habits and preferences (wishlist, preferred categories of products, color, style, other brands purchased, most visited countries, awareness of the Company's brands, sizes, notes on purchasing habits or special needs of the user – or preferred materials), other information (information on employment, education, hobbies, and lifestyle) that applicable laws allow to be collected; and
  6. family-related information, such as marital status, anniversary date, number of children, information on children, and other family-related information that applicable laws allow to be collected.

 

3.  PURPOSES OF PERSONAL DATA PROCESSING

Depending on the specific circumstances in which the interaction between the user and the Company took place, personal data may be used for the following purposes.

 

3.1 For online and in-store sales (by the Store or Point of Sale where the user makes the purchase or the provider of the local website, as identified in the Conditions of Sale for the online purchase)

The personal data provided by the user or collected at the time of purchase, whether made as a registered user or not, namely basic personal data, contact information, data concerning purchases, tax data, payment details, sales-related information, and any other data strictly necessary for the delivery of the products, will be used to:

  1. manage, administer, and process product purchases, sales and after-sales services, for example administrative activities, accounting, returns, warranties, tax-free refunds where applicable, fraud prevention, and communications with the user, including by email, for any issue related to the management of the order or subsequent requests related to the order;
  2. comply with obligations imposed by laws, regulations, or EU legislation (including anti-money laundering legislation) and to establish or defend a legal claim.

It is necessary to provide personal data for the above purposes, and a refusal would make it impossible to complete the purchase.

Except where otherwise required to comply with applicable local laws, the processing of data for these purposes, as it is necessary to fulfill contractual and legal obligations, may be carried out without requiring the user's consent.

 

3.2 For the specific purposes for which the data was voluntarily provided

The personal data provided by the user or collected when the user requests a specific service (for example, by registering their account on the Websites, managing complaints, or requesting information), namely personal and contact information and data strictly necessary to fulfill the request, will be used to:

  1. provide the requested services (for example, execute the account registration processes, manage authentication on the Website and user accounts, assist them and manage any complaints and wishlists, and respond to a question or contact request that may be forwarded by the user, including through the customer service department);
  2. manage newsletter subscriptions where the user is not registered.

Personal data must be provided for the aforementioned purposes, and a refusal would make it impossible to complete the request.

Except where otherwise required to comply with applicable local laws, the processing of data for these purposes could be carried out without requiring the user's consent, as it is necessary to fulfill the request.

 

3.3 For customer relationship management (CRM) purposes if the user registers

The personal data provided by the user by filling out the Company's forms or collected during visits to the Stores, Points of Sale, or Websites or interacting with the Company, namely personal and contact information and data concerning the user's habits and profile and details about their family, will be entered into the centralized CRM system to:

  1. offer promotions, discounts, and other personalized services and send newsletters, other marketing and commercial communications on products and services, and invitations to events concerning the Company's brands (organized by it or by its distribution chain), surveys and research, market analysis, invitations to contests, sweepstakes, or promotions, and other initiatives for registered users or customers of the Company's brands (“marketing”). The Company may use traditional (standard mail and telephone) and/or digital and automated means of contact (email, SMS, MMS, telephone, and other digital channels, such as social media) and may send such communications to the user based on their profile, if they have provided their consent to profiling (see point 3.3b below));
  2. analyze the user's contacts with the Company, interests, preferences, and purchasing habits, and create individual or aggregated profiles based on them, to understand how to provide a better service, also to offer a better sales experience in all Stores and all Points of Sale in Italy and abroad (“profiling”). The Company may also use personal data to create groups and perform statistical and market analyses aimed at identifying products and/or services of interest to customers of its brands and improving its services (including the Websites). The data collected on the Websites will be combined with information possibly obtained by the Company through interactions with the sales staff of the Stores and/or Points of Sale. The processing of personal data for profiling is carried out respecting the guarantees and parameters established by applicable law.

Entering data into the CRM system is optional and free of charge (being based on the consent that the user may choose to grant) and can only occur where personal data is provided for both marketing and profiling purposes under points 3.3a) and b) or only for one of the two. The user may unsubscribe or withdraw their consent at any time (see point 8 below). In any case, the refusal to provide personal data for one or both of these CRM purposes does not prevent the user from using the Company's services or making purchases, but the Company will not be able to inform them of the marketing initiatives and events described above and will not be able to understand their interests and offer them a more personalized shopping experience.

4. COMMUNICATION OF PERSONAL DATA

The Company shares the user's personal data with its affiliated companies, its distributors, and affiliates, including those located in other countries, and with other companies that provide services on its behalf (as detailed below), under its direction, or that of third parties. Such companies and organizations will receive only the personal data necessary to perform the services and will not be authorized to use it for any other purpose.

 

4.1  Communication of personal data to data processors

When the user purchases the products or uses the Company's online sales services, their personal data could be shared by the e-commerce provider of this Website with selected third parties who provide services to the provider, including those who fulfill orders, ship products, process credit or debit card payments, and perform anti-fraud checks.

 

The user's personal data could be shared with third parties, including digital platforms (including Meta, Google, and the other operators indicated in point 11 below) to monitor and analyze the Website's activity and/or enable the measurement of marketing campaigns, on behalf of the Company as data processors, or to provide (as independent data controllers, or joint controllers) services within the context of marketing campaigns based on tracking user activities (e.g., retargeting). To learn how these companies process the user's personal data and, if necessary, change the protection settings, you can consult the dedicated privacy section on each digital platform listed in the Cookie Policy section.

 

The user's personal data may also be shared with third parties to host Website content, provide technical and organizational services functional to the aforementioned purposes, maintain the customer database, provide assistance in sending or managing marketing activities (in addition to the above) and manage emails, market analyses, surveys, contests, prize initiatives, or promotions. Such third parties may have access to the user's personal data or store it or process it in order to provide such services, as data processors, on behalf of the Company in Italy, in the country where the user is located, or abroad. The Company's service providers are not authorized to use the personal data for purposes other than the provision of the contracted services.

 

The processing of the user's personal data for CRM purposes will be performed, according to instructions provided by the Company, by the affiliated companies that manage the Company's brands locally in Italy and in other countries or online, and by the Company's business partners (affiliates and distributors) who manage Points of Sale or online sales on their websites, as data processors.

 

4.2  Dissemination of personal data

The user's personal data may need to be shared with companies that handle payment management and anti-fraud checks, which operate independently as data controllers, in order to provide the user with the online sales services.

In the event of asset or corporate transactions (for example, mergers or acquisitions, corporate restructuring, or liquidation), customer data will likely be one of the transferred assets and may be shared with legal successors, to the extent permitted by law based on the legitimate interest of the Company. Personal data will remain subject to the pre-existing privacy policy, unless the user decides otherwise.

 

The Company may also disclose the user's personal data to third parties (i) where required by an EU or Member State regulation; (ii) in the event of legal proceedings; (iii) in response to a request from law enforcement agencies based on legitimate grounds; or (iv) to protect the rights, privacy, security, or property of the Company or the public.

 

Furthermore, to the extent permitted by law, the Company may communicate personal data to third parties in the event of complaints relating to the use of the Website, where deemed necessary to investigate, prevent, or take measures regarding illegal activities, suspected fraud, or if the Company, at its sole discretion, believes that the user's use of the Website is incompatible with the conditions of the Website itself.

 

The complete list of designated data processors and third parties to whom data is communicated can be obtained using our contact details indicated below (point 13).

 

5. PROTECTION OF MINORS' PRIVACY

This Website is intended for a general audience, however, its services are intended for individuals aged 18 or over. The Company does not deliberately request, collect, use, and disclose personal data provided by individuals under the age of 18 online or at the Stores and Points of Sale. Should the Company learn that it has personally collected a minor's data, it will delete it.

In the event that the user is not of the required age, they are asked not to register or proceed with the online purchase and to ask an adult (or their parents or guardian) to perform the necessary procedures.

 

6. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA

The processing of personal data collected through the Websites takes place mainly using electronic or web-based means, including web analytics services hosted by servers of selected suppliers of the Company operating both within the European Union (for example, in Germany and Ireland, for online sales transactions on the Websites directly managed by the Company) and outside of it (for example, in the United States, for the Company's newsletter subscription services). In Stores and Points of Sale, the processing of personal data may also be performed on paper. In both cases, personal data, for CRM purposes, is entered into the Company's centralized and secured database located in Italy and managed by the CRM Managers and the marketing team in Italy and abroad.

 

Access to personal data will be granted only to authorized personnel of the Stores, Points of Sale, and the local e-commerce provider (for example, to the personnel of the digital marketing and IT, retail sales, administration, and security departments), based on a strict need-to-know basis and using multi-level access control tools. Such personnel are bound by confidentiality obligations and have been expressly designated as persons in charge of processing, as required by applicable law. In particular, where the user has given their consent to the processing of their personal data for CRM purposes, the relative data can be read, modified, and updated by the Company's personnel and by the personnel employed at Stores, Points of Sale, and/or local e-commerce providers (especially by sales and marketing personnel). The personnel, present in Italy or abroad, have received specific training and are bound by confidentiality obligations. The Company may use them to collect, use, and disclose data according to its instructions.

 

If the Company needs to transfer personal data abroad in order to pursue the purposes stated in this Privacy Policy, even where the personal data legislation differs from that applicable in the country where the user is located, it will take measures to ensure that such communications take place in compliance with European data protection standards or other local standards used in the country where the data is collected, so that the user's data remains secure and confidential.

 

7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

The Company has implemented appropriate measures aimed at protecting the user's personal data from accidental loss and from unauthorized access, use, modification, and disclosure. When the user provides order information, for example, the Company uses SSL (Secure Socket Layer) technology, an encryption tool that guarantees security during the transmission of information over the Internet. In managing this Website, password controls, firewall technology, and other technological and procedure-based security measures are also used. Although the Company has implemented the aforementioned security measures for the Website, the user must be aware that it is not possible to guarantee 100% security. Therefore, the user provides their personal data at their own risk and, to the maximum extent permitted by applicable law, the Company will in no way be responsible for their disclosure due to errors, omissions, or unauthorized actions by third parties during or after their transmission to it. The Company recommends that the user (i) periodically update their software to protect data transmission over networks (for example, antivirus software) and check that their electronic communications service provider has adopted suitable means for the security of data transmission over networks (for example, firewalls and spam filters); (ii) keep confidential and not communicate the username and password for accessing the account to anyone; and (iii) periodically change the password.

 

In the unlikely event that the Company believes that the security of the user's personal data in its possession or under its control has been or may have been compromised, it will inform the user of the incident according to the methods provided by applicable law, using the methods prescribed by it (by providing the Company with their email address, the user consents to receive such communications in electronic format through that email address).

 

8. RIGHTS OF ACCESS TO PERSONAL DATA - MANAGEMENT OF CHOICES

 

8.1 User rights

At any time and free of charge, the user will be able to access their data, receive their electronic personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller (data portability), as well as have it corrected, updated, modified, or deleted (subject to any applicable exceptions). The user can update the data provided to the Company by contacting it at the address provided below. Requests for data deletion are subject to the current legal and document retention obligations imposed on the Company.

If they believe there is a problem in the way their personal data is managed, the user will have the right to lodge a complaint with the national personal data protection authority or that of any other EU or European Economic Area country.

To exercise these rights, the user may send a request by sending an email to infoprivacy@maxandco.com or a letter by regular mail to the address provided below (point 13). When contacting the Company, the user should make sure to include their name, email address, postal address, and/or telephone number(s) to be sure that it can correctly handle their request.

 

8.2  Accuracy - Updating personal data

To enable the Company to best serve the user, they are invited to regularly verify and update their personal data.  If registered, the user may access their personal data and modify it using the user account settings on the Website; otherwise, they may contact the Company (see point 13) to receive assistance in updating their personal data.

 

8.3 Management of choices regarding direct marketing and profiling

If the user wishes not to give their consent to the use of data for CRM, marketing, and/or profiling purposes, or to manage their advertising preferences, they may send a simple request to the Company (see point 13) indicated below or manage their account choices accordingly. The same procedure applies where the user wishes to withdraw their consent to profiling.  

 

9. PRIVACY RIGHTS PROVIDED IN CALIFORNIA

Pursuant to Section 1798.83 of the California Civil Code, California residents have the right to request from companies with which they have established a business relationship certain information regarding the types of personal data that it shares with third parties conducting direct marketing activities, as well as to know the identity of the third parties with whom the Company has shared such information during the immediately preceding calendar year. If the user is a California resident and wishes to receive a copy of the information provided pursuant to this law, they may send a written request to the Company. The response will be provided within 30 days of the request.

 

10. DATA RETENTION

Personal data will be stored for the duration of the business relationship and for as long as necessary to pursue the purposes described in this Privacy Policy (for example, where the user subscribes to a newsletter, for the duration of that subscription, or where they have a user account, until it is closed). After this period, the user's personal data will be kept only to comply with legal and regulatory obligations (for example, for 10 years, in the case of accounting purposes; for the duration of the mandatory retention obligation, in the case of tax purposes; etc.) or to allow the Company to maintain proof of its respective rights and obligations.

 

The user's personal data that is processed for CRM purposes (point 3.3) will be stored until the account is closed or until consent to its processing for such purposes is withdrawn. Personal data relating to purchase information processed for profiling and marketing purposes will be retained for a limited period, in line with the period allowed by applicable law, and, upon expiration of this period, will be permanently deleted or anonymized.

11. COOKIES AND ONLINE TRACKING TOOLS

The Company uses tracking tools that use unique identifiers on the Website to collect and save information (for example through the use of Cookies, i.e., small text files stored on the browser of the device used by the user to visit the Website) or use resources (for example by executing a script) on the user's device when the latter interacts with this Website.

If the user has given consent to the use of tracking tools on the Website, choosing their preferences as available via the banner or in the Cookie Preferences area, the Company may also use personal data, such as the email or postal address or telephone number provided by the user to improve, for example, the measurement of the actual conversions of its potential customers on the Websites, through the monitoring of its marketing campaigns, as well as to show the user marketing ads and content consistent with their interests, based on the preferences and consumption habits identified via cookies and/or other tracking tools of media platform operators, including Meta Platforms Ireland Ltd., Google Ireland Limited, and other operators, also following the analysis they perform on their users based on their interactions. For further information on the cookies and tracking tools that the Company uses, as well as to learn how to enable or disable them, please consult the Cookie Policy section.

 

12. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING

This Website may contain links to various websites owned by or controlled by the Company, as well as to third-party websites. Where the user chooses to provide their personal data on such linked website or websites, such information will be subject to the privacy policy and security policies of such linked websites - including the Websites administered and managed by the Company's approved distributors, with the exception of the data collected therein by the Company's distributors for CRM purposes if the Company's privacy policy is published - and not to this Privacy Policy. Since the Company is not responsible for the information sent to or collected, used, disclosed, or otherwise processed by third-party websites, the user should familiarise themselves with such other privacy policies.

 

13. DATA CONTROLLER, DATA PROTECTION OFFICER: COMPANY CONTACTS

For the purposes of this Privacy Policy and the data processing described herein, it is specified that the term “Company” refers to Max Mara Fashion Group S.r.l., with registered office in Via Pietro Giannone, 10 - 10122 Turin, Italy. As the parent company and ultimate beneficiary of various brands, including "MAX&Co.", through its affiliated companies, the Company is the data controller (as defined in Reg. (EU) 2016/679) of the data collected at Stores, Points of Sale, and/or Websites in Italy and abroad for the CRM purposes referred to in points 3.2 and 3.3. The Company has appointed its Data Protection Officer, in charge of managing any questions or claims regarding the processing of personal data for CRM purposes, who can be contacted at the following addresses: Via Pietro Giannone 10, 10122 Turin, email: dpo@mmfg.it.

The data controller of the data collected at the local Store, Point of Sale, and/or Website for purposes related to the sales referred to in point 3.1, is the MAX&Co. Store, Point of Sale, or online shop.

where the purchase is made and/or which collected the data. The local seller may be required to process the data in accordance with the data protection laws in force in the country where it is located. Nevertheless, except where mandatory conflicting rules apply in that jurisdiction, the local seller undertakes to process the user's personal data following the principles set forth in this Privacy Policy.

 

14. UPDATES TO THIS POLICY - COMMUNICATIONS

The Company, at its own discretion, reserves the right to change, modify, add, or delete portions of this Privacy Policy at any time, by publishing the revised version on this page of the Website and updating the "Last modification" date indicated below. It is the user's responsibility to review the Privacy Policy from time to time to be aware of any changes made. In some cases, the Company may provide further communications regarding significant changes to this Privacy Policy by publishing a notice on the homepage of this Website or, in the case of registered users, by sending an email notification or placing a notice on their account page. By accepting such revised Privacy Policy by clicking on the “accept” button present in such notification email or in the communication published on the account page (where required to comply with applicable laws), by completing a purchase on the Website or in any store after the revision of the Privacy Policy, or otherwise by using or sending information to the Website after the publication of the revised Privacy Policy, the user accepts such revised Privacy Policy. Following the changes, where required by applicable law, the user's data will not be processed without the explicit consent of the user.

 

LAST MODIFICATION

This policy is effective as of May 25, 2018