FENDI wishes to inform you as to the processing of personal data about you that is collected when you visit one of the stores (the “Stores”), as well as when you browse the website www.fendi.com (the “Website”), and in any case in which you decide to use our services, for example, by registering to our loyalty program, by making purchases, or making requests in Store or through any communication channel, such as the “Contact Us” section, the email address and/or the phone number available on the Website as well as by using our instant messaging platforms and our Live Chat on the Website and on our social channels. If you are browsing the Website, please also read the “Website terms of use”, as they also contain important information on the security measures we have put in place.
This Privacy Notice is divided into several sections, which you can choose to read by simply clicking on the title of each section, so that you can also freely and consciously choose whether to provide your consent, where requested.
Your personal data shall be processed using paper, electronic or telematic means in order to pursue the purposes specified in this Privacy Notice, in compliance with EU Regulation 2016/679 (the “GDPR”) the Italian Legislative Decree no. 196/2003, as updated in accordance with the GDPR, and other applicable privacy national laws (hereinafter, jointly with the GDPR, the “Privacy Regulation”).
The data controller of your personal data is:
- FENDI S.r.l. with registered office in Palazzo della Civiltà, Quadrato della Concordia 3, 00144, Rome (RM), Italy, e-mail address customerprivacy@fendi.com, in relation to all the purposes set forth in this Privacy Notice, except for processing related to the purchase of products in your country, made either through the Website or in the Stores;
- Fendi Germany Gmbh with registered office in Gisela-Stein-Str. 6, 81671 München, Germany, e-mail address customerprivacy@fendi.com, that manages the sale of products either through the Website or in stores in Germany, as indicated in the Terms and conditions of sale, handles any related customer service activities, in charge of organizing FENDI events in Germany, and also processes your personal data for the Law Purposes and Business Purposes (as defined below).
(hereinafter jointly referred to as “FENDI” or the “Company”).
FENDI has also appointed a Data Protection Officer (“DPO”), who can be contacted at the dedicated e-mail dpo@fendi.com.
To the extent that they are necessary to achieve the purposes described in this Information Notice, FENDI shall process your following personal data:
- Browsing Data, i.e. IP address and domain name of the device used, URI (Uniform Resource Identifiers) notation addresses of the resources requested, time of the request, method used to send the request to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (e.g. successful, error, etc.), other parameters related to the device used, operating system and IT environment, as well as geolocation data on the Website through the ‘Locate Me’ function and data collected through cookies and other tracking technologies in accordance with the Cookie Policy;
- Identification Data, i.e.,
- biographical data, such as title, first name, last name, country of residence, nationality, date of birth;
- contact information, such as address, city, postal code, e-mail address, phone number;
- data relating to your Fendi profile/account, such as password, client ID, username;
You may also decide to login to our Website via your Apple ID or Google account. Specifically, by accessing the FENDI Website through social login, you will share certain information and content from those accounts with FENDI. The personal data shared will depend on the configuration of the relevant account or website and will be subject to their privacy notice;
- Contractual Data, i.e.:
- payment information, including payment card information, billing address, and other financial information (such as, routing and account number). Please note that we use third-party payment providers to process payments made to us. FENDI does not retain any personally identifiable financial information, such as payment card number, you provide these third-party payment providers in connection with payments. Rather, all such information is provided directly by you to our third-party payment providers. The payment provider’s use of your personal data is governed by their privacy notice;
- data on purchases made, such as body measurements (sizes), type of product or service, quantity, cost;
- additional data provided by you in connection with a request;
- Customer Experience Data, i.e.:
- preferred language;
- data on lifestyle habits and additional data (such as favourite colour, other brands used, marital status, number of family members and dates of birth, hobbies, profession, style, social networks, contact preferences, most visited country);
- data on purchases made (such as products purchased and their features, price, frequency, purchase method, favourite store, favourite customer advisor, type of products purchased/preferred, spending segment, status);
- if you subscribe to our newsletter, supplementary information on your interactions with the communications we send you.
Where you provide personal data of third parties (e.g., to facilitate delivery of purchased products), please ensure that such third parties are aware of the processing carried out under this Information Notice.
FENDI processes your personal data in order to perform a request or a contract concluded with you, in order to comply with legal obligations, for its own marketing and profiling purposes, as well as for pursuing our legitimate interests.
- Processing relating to the contractual relationship
FENDI offers you goods and services for which it is necessary to process personal data.
- Contractual Purposes
The processing of your Browsing Data, Identification Data and/or Contractual Data pursues the purposes of rendering it possible to:
- browse the Website, in order to use the specific functions and services provided therein, including, for example, the option to create a user account by registering in the Fendi & Me area and thus subscribe, via the Website, to the FENDI loyalty program noted in b) below and/or, upon your choice, identify your position via the ‘Locate Me’ service in order to inform you of the Store nearest to you;
- sign up and adhere to the FENDI loyalty program by filling out the relevant form, in order to take advantage of the services and benefits reserved by FENDI for its registered clients;
- contact you in the event of your requests and/or statements/complaints in Store or through any communication channel, e.g. via the ‘Contact Us’ section, the email address and/or the phone number available on the Website as well as using our instant messaging platforms and our Live Chat on the Website and on our social channels;
- purchase FENDI products in the Stores, on the Website, and at official events (e.g. bookings and purchases at fashion shows, etc.);
- manage payments and collections;
- provide customer care service, including aftersales service, including the management of sales returns, the management of refunds for defective purchases, handling of complaints, etc;
- manage customer relations as part of events organised by FENDI (e.g. to manage invitations for attendance at fashion shows or inclusion on mailing lists for events); and
- send our newsletter, in the event that you subscribe to it.
The above purposes are hereinafter collectively referred to as the ‘Contractual Purposes’.
- Legal basis for processing for Contractual Purposes
Pursuant to Article 6(1)(b) of the GDPR, the legal basis for the processing is the performance of the contract to which you are a party or in order to take steps at your request.
The processing of your personal data for these purposes is mandatory, and if you do not wish for FENDI to proceed with the aforementioned processing, FENDI may not be able to establish and/or perform a contractual relationship with you, thereby also preventing you from using products and services.
This is without prejudice to the processing of Browsing Data by cookies and other tracking technologies on the Website. With respect to this, please refer to the Cookie Policy.
- Processing in order to comply with legal obligations
FENDI is required to comply with legal obligations for which the processing of personal data is required.
- Legal Purposes
Identification Data and Contractual Data will also be processed in order to comply with the obligations provided for by law, regulations and/or EU regulations and for civil, administrative, accounting and tax purposes, such as in the case of processing carried out in antimoney laundering and TaxFree shopping arrangements (the ‘Legal Purposes’).
- Legal basis for processing for Legal Purposes
Under Article 6(1)(c) of the GDPR, the legal basis for processing is the requirement to fulfil a legal obligation to which the Companies are subject.
The processing of your personal data for this purpose is mandatory, as it is required under the applicable regulations.
- Promotional, advertising and marketing processing in the broader sense
Subject to your consent, FENDI carries out business promotional activities for the products and services of the Companies.
- Marketing Purposes
Subject to your consent, FENDI may process your Identification Data and Customer Experience Data for the following purposes:
- market research, surveys, statistics, promotional campaigns, discounts, and/or other promotional activities concerning FENDI’s products and/or services, as well as sending advertising and informative communications and material;
- invitations to events organised by the Companies;
- conducting reengagement campaigns.
The above purposes are referred to as the ‘Marketing Purposes’. FENDI will carry out the aforesaid processing by means of operatorassisted telephone or other non-electronic means, whether by e-mail, sms, mms, automated systems without operator assistance and similar, and other electronic means. You may express your preferences on the means used for marketing communications by merely sending an e-mail to customerprivacy@fendi.com.
- Legal basis for processing for Marketing Purposes
Pursuant to Article 6(1)(a) of the GDPR, the legal basis for the processing, in all cases and processing provided for in this Section, is your prior consent, which you may in any case freely withdraw, at any time, free of charge, in the manner indicated in the Section ‘What are your rights and how you can exercise them’, without prejudice to the processing of data that has been legitimately carried out up to that time.
Should you refuse your consent for Marketing Purposes, this shall not affect your other existing relations with FENDI for which your prior consent is not required. Consent is optional, although failure to provide it may render it impossible for FENDI to keep you updated on new products or services, promotions, and to conduct market surveys.
- Profiling processing
Subject to your consent, FENDI uses your data as part of the profiling activities carried out in order to manage the FENDI world to improve your customer experience in accordance with your requirements and preferences.
- Profiling Purposes
FENDI also processes Identification Data and Customer Experience Data for profiling purposes, namely, to assess certain aspects about a person, and analyse his or her personal preferences and interests, so as to be able to offer him or her personalised products and services or those which are in line with his or her needs. Through profiling, data is structured according to parameters which are defined, from time to time, according to business needs, for the purposes of creating a ‘profile’ of the data subject. For example, FENDI may carry out profiling activities in order to perform targeted marketing campaigns (e.g., ‘look alike’ research or re-engagement).
Furthermore, the LVMH Group, to which FENDI belongs, includes many famous Maisons offering high quality products and services throughout all sectors, including Fashion and Leather Goods, Perfumes and Cosmetics, Watches and Jewellery, Wines and Spirits, Hotelerie, and Culture and Leisure (a list of all LVMH Maisons is available at https://www.lvmh.com. If you are a FENDI customer, you may also be a customer of one or more of the other LVMH Maisons. Our desire is to always improve your customer experience by providing you with personalised offers and services and marketing communications that most closely match your expectations. For this purpose, data relating to purchases you have made with us over the past 36 months will be disclosed to LVMH as the parent company in pseudonymised form (and thus without unencrypted indication of your name and your further contact details). Your purchase data will be analysed and combined with data on other purchases you may have made with other LVMH Group Maisons during the same time period and for which you have provided similar consent. On the basis of the analysis and combination performed on such data, FENDI will receive additional information regarding your purchasing habits and preferences (without knowing, however, from which other Maison the data comes from). FENDI shall remain the sole data controller. LVMH shall act as a data processor and will not use your data for any purpose other than the one stated above, and under no circumstances will it share your data with other LVMH Group Maisons of which you are not a customer or to which you have not given your consent.
The above purposes are hereafter collectively referred to as ‘Profiling Purposes’.
- Legal basis for processing for Profiling Purposes
In order to process for Profiling Purposes, it is mandatory to acquire your specific and separate consent (distinct from the consent for Marketing Purposes), which you may however freely revoke, at any time, free of charge, in the manner indicated in the Section ‘What are your rights and how can you exercise them’, without prejudice to the data processing legitimately carried out up to that time.
Providing your consent to the processing for Profiling Purposes is entirely voluntary and optional and, in the event of refusal of such consent, this will not affect the other existing relationships. However, if you do not provide your consent, FENDI will not be able to provide products and services which are in accordance with your preferences.
- Processing in pursuit of FENDI’s legitimate interests
FENDI processes your personal data as part of operations to ensure the security and proper and effective operation of the Website, to make sure our services are effective, as well as during corporate transactions and/or litigation proceedings, if any.
- Business Purposes
FENDI processes:
- Browsing Data, in order to ensure the security of the Website, verify its proper functioning and evaluate its use in order to obtain statistics regarding its use;
- Identification Data and Customer Experience Data to measure the effectiveness of our services, perform customer satisfaction evaluations and analyse the commercial performance of the relationship established with you, in order to provide a service that is more in line with your needs;
- Identification Data, Contractual Data and Customer Experience Data to carry out activities which are functional to transactions concerning transfer of businesses and business units, acquisitions, mergers, demergers or other transformations and for the performance of such transactions; and
- Browsing Data, Identification Data, Contractual Data, and Customer Experience Data in order to assert and defend the Companies’ rights vis-à-vis you and/or third parties in any litigation proceedings, including the detection of fraud.
The above purposes are hereinafter collectively referred to as ‘Business Purposes’.
- Legal basis for processing for Business Purposes
The processing of your personal data for these purposes is functional to the pursuit of FENDI’s legitimate interests, which are appropriately balanced against your interests, subject to the limits imposed on the relevant processing activities, and is not mandatory. You shall be entitled to object to the processing activities carried out for this purpose, as set out in the ‘What are your rights and how can you exercise them’ Section of this Information Notice, except where FENDI has an overriding interest in continuing the processing of your personal data or in asserting or defending a right pursuant to Article 21 of the GDPR.
The Companies disclose personal data to the following categories of recipients who are located – as applicable – in Italy, in the territory of the European Economic Area (“EEA”) and in territories outside the EEA where the Companies operate:
- personnel of the Companies who need access to the data for the performance of their duties;
- banking and financial intermediaries and credit companies that provide services for the verification and management of collections and payments;
- third parties performing customer verification and fraud prevention activities;
- companies that manage FENDI’s stores and warehouses, transport companies and couriers for the distribution and delivery of purchased products or for the collection and handling of returns;
- Website operators and suppliers in the technology field, including companies that perform documentation storage activities;
- companies that provide services to the Companies for the organisation of events (e.g., fashion shows), activities, campaigns and marketing strategies;
- Companies that perform information assistance and support activities for data subjects (e.g., call centres);
- professionals, consultants, companies or professional firms, that provide assistance, advice or collaboration to the Companies in accounting, administrative, legal, tax and financial matters;
- the parent company as the LVMH Group Holding Company and other companies controlled by or affiliated with FENDI;
- Public Administrations for the fulfilment of legal obligations relating to, inter alia, anti-money laundering regulations, public security laws or tax and fiscal regulations (e.g., Italian Internal Revenue Agency), as well as any other third party to whom the communication is required by law or by order of the Judicial Authority.
To obtain the full and named list of data recipients, you may contact us at customerprivacy@fendi.com.
In any event, your personal data will not be disseminated.
Your personal data is transferred to countries outside the EEA and, in particular, to those in where FENDI Group companies are operational and active including: Australia, Bahrain, Brazil, Canada, China, South Korea, the Philippines, Japan, Hong Kong, India, Kuwait, Macau, Malaysia, Mexico, Qatar, the United Kingdom, Singapore, the United States of America, Switzerland, and Thailand.
The transfer to non-EEA countries of your personal data for the purposes specified in this Privacy Notice shall take place on the basis of appropriate safeguards in accordance with Article 46(2)(c) of the GDPR, namely through the signing of standard contractual clauses adopted by the European Commission, as well as through the adoption of technical and organisational measures necessary to ensure, from time to time, adequate protection of your data, as required by the applicable Privacy Regulation, with the exception of countries that have obtained an adequacy decision from the European Commission.
The personal data transfer agreement is available at the registered office of each of the Companies, of which you may request an excerpt should you wish to do so.
Personal data shall be retained for the time periods specified below, which are necessary for carrying out the data processing in connection with the purposes from time to time pursued by FENDI as set forth in this Information Notice.
Once the time limits below have passed, personal data will be deleted or anonymised.
- Retention periods and deletion of data processed for Contractual Purposes
For Contractual Purposes, data is retained for the term of the contract and/or service requested (e.g., in the case of accounts created on the Website or in connection with services provided by FENDI), as well as for up to 10 years thereafter.
- Retention periods and deletion of data processed for Legal Purposes
For Legal Purposes, data is retained for a period appropriate for the duration prescribed for each type of data by law.
- Retention periods and deletion of data processed for Marketing Purposes and Profiling Purposes
Purchase detail data processed for Marketing Purposes and Profiling Purposes is retained for 7 years following its collection.
You may at any time terminate the processing and storage of your purchase detail data by notifying the Companies of your withdrawal of consent or objection to processing under Article 21 of the GDPR.
- Retention periods and deletion of data processed for Business Purposes
Personal data processed for Business Purposes is retained for a period equal to the relationship established with you from time to time and for 10 years thereafter, in the event that the personal data is necessary to assert and defend the Companies’ rights vis-à-vis you and/or third parties in any litigation proceedings. In the event that the processing is for the purpose of carrying out activities which are functional to transactions concerning the transfers of business and business units, acquisitions, mergers, spin-offs, or other transformations, and with respect to the performance of such transactions, the retention periods listed above will apply with respect to the processing that takes place.
Pursuant to Articles 15 to 22 of the GDPR, we hereby inform you that you may exercise the following rights:
Right of access to your personal data in order to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, to know the origin of the data, the purposes and methods of processing, and the logic adopted.
Right to rectification and integration of inaccurate or incomplete personal data concerning you.
Right to erasure (and where there are no specific reasons that otherwise relieve FENDI of the obligation to erase) if (i) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) you revoke consent and there is no other legal basis for processing; (iii) you object to processing for marketing or profiling purposes; (iv) the personal data has been processed unlawfully.
Right to restriction of processing in cases where (i) you contest the accuracy of personal data, for the period necessary to verify the accuracy of such personal data; (ii) the processing is unlawful and you object to the erase of the personal data and instead request that its use be restricted; (iii) although the Company no longer needs it for processing purposes, the personal data is necessary for you to establish, exercise or defend a right in court; (iv) you object to the processing pursuant to Article 21(1) of the GDPR pending verification as to whether FENDI’s legitimate reasons prevail over yours.
Right to object to the processing of personal data regarding you based on FENDI’s legitimate interest. You also have the absolute right to object at any time to the processing of your personal data for Marketing Purposes and Profiling Purposes.
Right to portability i.e. to receive your personal data in a structured, commonly used and readable format, so that such data may be retained for further use for personal purposes, and to ask us to arrange for the transmission of such data to another data controller.
Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may exercise your rights as provided for by the GDPR by sending an e-mail to customerprivacy@fendi.com.
The exercise of rights is not subject to any formal requirements and is free of charge. A response will be given without undue delay and, at the latest, within one month from receipt of the request.
You also have the right to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the country where you habitually reside, work, or where the alleged violation occurred, if the conditions are met.
This Privacy Notice is effective from the time of its publication. FENDI may amend and/or supplement this Privacy Notice, including as a result of any subsequent regulatory amendments and/or additions to the Privacy Regulation. Amendments will be notified in advance and you can view the updated Privacy Notice at the Privacy Policy link.