We have the pleasure and duty of providing information on the processing of personal data in accordance with the Privacy Code and EU Regulation 2016/679.
1. WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT AND WHY DO WE NEED TO PROCESS IT?
The following data is collected and processed by Shelli and by the companies controlled by Shelli in Spain and throughout the world, as identified below (hereinafter referred to as the Shelli) and for the purposes therein mentioned:
a) Your first name, surname, address, image when you visit our stores (as CCTV is in place) or voice when you call the Shelli after sale services (since your call may be recorded), and payment information => to manage contractual relations with customers, to fulfil relevant legal obligations, to perform the so-called Know Your Customer (KYC) procedures in accordance with applicable law, and to manage reports of alleged illegal conduct in order to carry out the necessary preliminary activities aimed at verifying the validity of an incident it is reported and the adoption of any consequent measures.
b) Data collected during store visits, including from the use of the Wi-Fi system, while participating in events or making purchases online, when you participate in a loyalty programme. Information such as your birthday, age range, dates of family events, profession, hobbies, purchases, use of particular social networks or social network ID, telephone number, email address, photograph, nationality, gender, language, favourite product categories and details of products purchased, as well as sizes, prices, discounts, statistical spending levels, abandoned shopping carts, ways in which services are used, etc. Preferences and interests which you choose to disclose in the course of your privileged contacts or encounters with our client advisors in-store (which may include your preferences about our collections or other luxury brands, your size, lifestyle or basic information about your family circle), response to contact activities, information which may include health information related to possible adverse effects caused by our cosmetic products) => To carry out statistical analysis of interests, preferences and purchasing habits (profiling) based on purchases made at Shelli , as well as via services provided by third parties.
c) Data collected when browsing or when using social media applications, including behaviour-related data recorded using cookies or similar technology, as described in more detail within the cookie policy available via the website https://www.shelliboutique.com/cookie-policy, or data contained within the so-called “Wish List” => To provide personalised sales services (by way of example but not limited to: personal shopping services, free assistance services and courtesy services), for the sending of (via mail, email, SMS, MMS, social networks and instant messaging) information relating to our creations, exclusive sales and events or similar initiatives organised or attended by Shelli (including potential invitations to such events), for the sending of questionnaires evaluating levels of satisfaction reached by services offered and/or in the case of virtual try-on experiences.
Your personal information is collected either directly from you (e.g. if you create an account on one of our websites/apps, make a purchase or otherwise interact with our client advisors in-store or with our Client Services), or from you passively (e.g. when using tracking tools like browser cookies), or from third parties (e.g. through social media platforms).
2. PROVISION OF DATA
The provision of personal data with respect to the purposes outlined in paragraph 1, subsection a) is obligatory and if it is not provided, Shelli cannot proceed with contractual services requested. For the purposes detailed in paragraph 1 subsections b) and c), provision of data is free and optional and the use of such data is subject to consent. Denial thereof would not allow Shelli to proceed with the indicated purposes.
3. CHILDREN
Processing the personal data of minors is lawful provided they are at least 16 years of age. If a minor is younger than 16 years of age, data processing is only lawful if, and where, consent is provided or authorised by the holder of parental responsibility. We do not knowingly collect personally identifiable information from children without permission from a parent or guardian, unless permitted by applicable law.
4. PROCESSING METHOD
Personal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outlined in paragraph 1, sub-sections b) and c) will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified above.
5. ENTERING OF DATA IN THE CRM SYSTEM
The entering of personal data in the CRM system is optional and occurs only if consent is given to one of the purposes detailed in paragraph 1 sub-sections b) and c) above; it automatically implies that Shelli employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.
6. SCOPE OF COMMUNICATION, TRANSFER ABROAD AND PUBLICATION OF DATA
We do not disclose or otherwise share your personal information we collect, except with Shelli , to provide you with the same level of services around the world; in this regard, it is specified that Model Clauses made available by the European Commission regarding the transfer of personal data outside of Europe are used.
Personal data is processed only on a need-to-know basis by authorised personnel, who have access to the information and are tasked with or responsible for data processing.
Additionally, personal data may also be processed by service providers and agents who perform services on our behalf (such as companies that carry out shipping/delivery services for catalogues and/or products, companies that deliver newsletters, marketing material and promotional communications, companies that provide customer care services, companies that perform analyses and market research, companies that maintain IT systems, and companies managing session replay web configurations to ensure seamless end-user experience).
Data collected may also be processed by independent third-party data controllers, for example:
- banks or other payment services companies (credit card payment services and tax-free services);
- individuals, companies, associations or professionals that provide assistance or consultancy services (lawyers, accountants, auditors, etc.);
- when we are required to do so in order to comply with applicable law, to respond to a court order, or more generally to respond to any request from a competent authority
- that assist us in the performance of the KYC procedure
- companies that manage the so called Virtual Try On experience.
A complete list of third parties able to process personal details, on behalf of Shelli or as independent third-party data controllers, may be obtained by writing to shellnatallia9@gmail.com
The data will, under no circumstances, be published.
7. DATA RETENTION PERIOD
Your personal information will not be kept in a form that allows you to be identified for any longer than is reasonably considered necessary by Shelli for achieving the purposes for which it was collected or processed or as it is established in the applicable laws related to data retention periods. Data collected for the purposes outlined in paragraph 1, sub-section a) will be retained by Shelli for the time period necessary for the performance of a contract, with legal and conventional guarantees provided for, or in accordance with obligatory legal terms regarding the retention of data.
8. DATA SUBJECTS’ RIGHTS
The following may be requested at any time: information regarding the existence of personal-data processing and its characteristics, correction and deletion of data or limited processing. It is also possible to object to processing and/or to request that data be sent to another controller. Shelli must respond to requests within deadlines provided by applicable regulations; it must also correct incorrect data, ensure that incomplete data is completed, and update data that is no longer correct; and finally, when required, it must delete data and limit it and/or stop it from being processed, or ensure that it is, where technically possible, sent to another controller. When exercising rights, as listed above and provided for by law, or in order to obtain any related information and/or report potential misunderstandings and issues, the party concerned is invited to send an email to Shellnatallia9@gmail.com for prompt replies, or to send a written letter to the Data Protection Officer . If the response is not considered satisfactory, the party concerned may contact the Italian Data Protection Authority. Any electronic communication sent shall contain an appropriate section outlining how data processing is objected to and how clients no longer receive material and promotional information.
9. PROTECTING YOUR PERSONAL INFORMATION
We have obtained the BS 10012:2017 international certification related to data protection management in order to strengthen our focus on data protection, while also confirming our commitment to respecting current data protection legislation in force. As the internet is not completely secure, we cannot guarantee that any of your personal information that has been stored or sent to us will be completely safe. We encourage you to be cautious when using the internet to access our websites, apps or social media.
Safety and protection of buyers
If you pay by credit card, your financial information (for example, credit/debit card number or expiration date) will be sent to an external payment service provider (PSP), which, using an SSL certified encrypted protocol, guarantees the security of the transaction. Payment gateways use the 3D Secure system, which redirects data to secure servers without the seller being able to access them. Your financial information will never be used by the Seller, except to perform a procedure related to your purchase, or to issue a refund in the event of a refund in accordance with the exercise of your right to a refund, or to report fraud cases on dolcegabbana.com to the police. The purchase price of the goods and the shipping costs specified in the order form will be deducted from your current account only when the purchased goods are actually shipped.
10. DATA CONTROLLERS AND PROCESSORS
The data controllers are Shelli whose details may be obtained writing to Shellnatallia9@gmail.com. A complete list of data processors designated by controllers may also be obtained by writing to Shellnatallia9@gmail.com