A. DATA CONTROLLERS:

Pursuant to Article 13 of Regulation (EU) 2016/679 “General Data Protection Regulation” (hereinafter, the “GDPR”):

  • DSQUARED2 HOLDING LIMITED with registered offices at Piazza dell’Indipendenza 11. 6900 Switzerland , support@dsquared2germany.net (hereinafter, “D2”) and

hereby inform you of the following regarding the collection, use, disclosure and processing of your personal data via the www.desuqared2germany.net website (hereinafter, the “Website”) and the Dsquared2 mobile application (hereinafter, the “App”). In particular:

  • D2 is the owner of the Website and the App, and the independent data controller for personal data processed for marketing and profiling purposes.
  • eShopWorld is the independent data controller for personal data processed for sales, billing, payment and delivery purposes with regard to the products purchased via the Website and/or App.
  • D2 and eShopWorld are joint data controllers for the purposes of:
    • registering users on the Website and/or App
    • managing customer services and support services
    • managing multichannel services

The essential content of the joint controller agreement between D2 and eShopWorld is outlined in the table below. For further information about the content of this joint controller agreement, please contact D2 or eShopWorld at the above email addresses, or the DPO at the addresses indicated below.

For more information about the personal data that is processed when browsing the Website and/or the App, please see paragraph I. For more information about the personal data that is processed using cookies and other similar tracking technologies, please see our Cookie Policy.

B. DATA PROTECTION OFFICER (DPO)

D2 has appointed a Data Protection Officer:

C. CATEGORIES OF DATA THAT ARE PROCESSED

Depending on the purpose of the processing, the personal data that we process includes but is not limited to the following:

  • Personal details: name, surname, date of birth, sex.
  • Contact details: phone number, email address.
  • Authentication data: email address, password.
  • Shipping information: shipping address, phone number, email address.
  • Billing and tax information: billing address, name and surname, company name, tax ID number, VAT number, nationality, passport number.
  • Information about the purchases made: item, size and colour, price, date on which it was sold.
  • Data about the customer’s profile and preferences: data relating to purchasing habits.
  • Browsing data: data collected when a user visits and browses the Website or App, including data collected via cookies or other tracking technologies (for more information about how data is processed by these technologies, please see our Cookie Policy).
  • Data on the customer’s location (store locator service): IP address

D. PURPOSE, LEGAL BASIS FOR THE PROCESSING AND DATA RETENTION PERIOD

D.1 PURPOSES AIMED AT THE FULFILLMENT OF A LEGAL OBLIGATION (PURSUANT TO ARTICLE 6(1)(C) GDPR)

 

1. Fulfillment of obligations established by Laws, Regulations and Community Legislation, or by provisions issued by Authorities or Supervisory and Control Bodies in relation or in any case connected to the existing and/or future legal relationship.
The retention period for personal data, in relation to the purposes referred to in this section, is:
For purpose D.1.1: 10 years from the end of the contractual relationship.
These times may be extended in the event of litigation or legal provisions.

 

D.2 PURPOSES AIMED AT THE EXECUTION OF A CONTRACT OR PRE-CONTRACTUAL MEASURES (PURSUANT TO ARTICLE 6(1)(B) GDPR)

 

  1. Management of the creation and maintenance of the account created on the site and use of the services offered to registered users (for example, creation of a wishlist, history of purchases made in the past, etc.);
  2. Fulfillment of contractual obligations and legal transactions and, in particular, of the stipulated sales contract (for example, execution of the order, provision of a service, management of logistics for delivery of the product, management of refunds, etc.);
  3. Management of administrative, accounting, fiscal and financial processes connected to the provision of the product or service provided;
  4. Protection of contractual rights or in any case deriving from the relationships between the parties. It is specified that, if the protection of rights is not directly connected with the fulfillment of the stipulated contract, the related processing has as its legal basis the legitimate interest (pursuant to Article 6(1)(f) GDPR), of a binding nature and deriving from the contractual relationship established between the parties.

 

The retention period for personal data, in relation to the purposes referred to in this section, is:
For purpose D.2.1: until the account is deleted;
For purposes D.2.2, D.2.3, and D.2.4: 10 years from the end of the contractual relationship.
These times may be extended in the event of a dispute.

D.3 PURPOSE COVERED BY THE CONSENT OF THE DATA SUBJECT (PURSUANT TO ARTICLE 6(1)(A) GDPR)

 

  1. Communications of a commercial nature via automated contact methods (for example, e-mail, newsletters, SMS) on products and services (for example, events, news, new arrivals, exclusives, offers and promotions);
  2. Activity of a commercial nature that analyses or predicts aspects of personal preferences, new products, exclusives, the buying habits of the data subject, and promotions, as well as market research and satisfaction surveys in order to improve the company’s services and relationship with users;
  3. Requests for information about products and services.

 

The retention period for personal data, in relation to the purposes referred to in this section, is:
For purposes D.3.1 and D.3.2: 24 months from the granting of consent, unless revoked;
For purpose D.3.3: until the request is processed.

 

E. PROVISION OF DATA

Where data is provided on the grounds of the legal bases referred to in Article 6(1)(b), (c) and (f) of the GDPR, the provision of data is necessary in order to pursue the aforementioned purposes. Where data is provided on the grounds of the legal basis of consent referred to in Article 6(1)(a) of the GDPR, the provision of data is purely optional and the failure to provide the data or the failure to grant the aforementioned consent will prevent the purposes of profiling, marketing and data enrichment from being pursued, but will not prevent the user from registering on the Website or App or from using the services agreed under a contract.

F. RECIPIENTS OF PERSONAL DATA

The data will be processed by:

  • a. employees and partners of the data controllers who have been authorised to collect, use, disclose or process the personal data;
  • b. employees and partners of eShopWorld, acting as the data processor, performing marketing and profiling activities on behalf of D2;
  • c. third parties based in the European Union, acting as data processors, used by the data controllers, in particular for data capture and entry, shipping, direct mail, market research, customer satisfaction surveys, and managing and maintaining IT systems.

Personal data may also be transferred to third parties acting as independent processors, in particular freelancers or firms providing consultancy, legal and financial services, and payment processing companies for credit and debit card payments.

A full list of data recipients can be requested by emailing the addresses provided in paragraph A.

G. TASNFER OF DATA OUTSIDE THE EUROPEAN UNION

The Data Controller hereby notifies that it intends to transfer the data subject’s data to countries not included in the EU and EEA. These countries may not be considered by the European Commission as countries that ensure an adequate level of protection for personal data. Therefore, when we transfer your Personal Data outside the EU, we will adopt appropriate safeguarding measures in accordance with the obligations under current EU and Italian legislation, in order to ensure that they are appropriately protected.

In particular, your data may be transferred to Switzerland, in accordance with Article 45 of EU Regulation 2016/679, as a third country deemed appropriate by the European Commission with decision 2000/518/EC of 26 July 2000, to the company Dsquared2 Retail CH SA, for the purposes set out above.

In relation to the personal data that may be transferred to non-EU territories as indicated above, the data subject can obtain information by sending a request to the Data Controller at the following e-mail address: support@dsquared2germany.net.

The updated list of non-EEA countries deemed adequate by the European Commission can be found on the website: European Commission Website

H. DATA SUBJECT RIGHTS

Users can email the addresses indicated in paragraph A to exercise their rights to access their data, have it erased, have inaccurate data rectified, have incomplete data completed, restrict its processing in the cases listed in Article 18 of the GDPR, and object to its processing on the grounds of their particular situation, in the event that it is being processed on the basis of the legitimate interests of the controller.

In the event that the processing is based on the user’s consent or on the contract and that it is processed automatically, the user has the right to be sent their data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance.

Users have the right to withdraw their consent, at any time, to the processing of their data for marketing and/or profiling purposes and to object to the processing of their data for marketing purposes, including for profiling related to direct marketing.

If the user prefers, they can ask to be contacted for such purposes solely via traditional methods, and can object to receiving communications solely through automated means.

Users also have the right to lodge a complaint with the supervisory authority in the Member State in which they normally live or work or in the State in which the alleged breach occurred.

At any time, users can amend/update their personal data and the consent that they have granted to their data being processed by accessing their personal account or by emailing support@dsquared2germany.net.

I. DATA PROCESSING FOR BROWSER PURPOSES

In the course of their normal operation, the IT systems and software used to run the Website and App acquire certain personal data. This data transfer is inherent to the use of internet communication protocols.
Such data is not collected for the purpose of identifying a particular data subject but, due to its nature, could, when processed and combined with other data held by third parties, enable users to be identified.
Data that may be collected in this way includes the user’s IP address, type of browser or operating system, URI (Uniform Resource Idenfier), domain name and address of the referring/exit pages, time at which the server request was made, the method used and data on the response received, additional browsing data (see our Cookies Policy) and other data relating to the user’s operating system or computer set-up.
This data may also be used to identify a user and determine liability in the event of any cybercrimes against the Website or App.