FENDI wishes to inform you as to the processing of personal data about you that is collected when you visit one of the stores (the ‘Stores’), as well as when you browse the website www.fendi.com (the ‘Website’), and in any case in which you decide to use our services, for example, by registering to our loyalty program, by making purchases, or making requests in Store or through any communication channel, such as the ‘Contact Us’ section, the email address and/or the phone number available on the Website as well as by using our instant messaging platforms and our Live Chat on the Website and on our social channels. If you are browsing the Website, please also read the Website terms of use, as they also contain important information on the security measures we have put in place.
This Information Notice is divided into several sections, which you can choose to read by simply clicking on the title of each section, so that you can also freely and consciously choose whether to provide your consent, where requested.
Your personal data shall be processed using paper, electronic or telematic means in order to pursue the purposes specified in this Information Notice, in compliance with EU Regulation 2016/679 (the ‘GDPR’), the Italian Legislative Decree no. 196/2003 as subsequently amended and supplemented, and with the Singapore Personal Data Protection Act (the ‘PDPA’) (hereinafter, jointly with the GDPR, the ‘Privacy Regulation’).
The data controller of your personal data is:
- FENDI S.r.l. with registered office in Palazzo della Civiltà, Quadrato della Concordia 3, 00144, Rome (RM), Italy, telephone 06334501 e-mail customerprivacy@fendi.com, in relation to all the purposes set forth in this Information Notice, except for processing related to the purchase of products in your country/region, made either through the Website or in the Stores;
- Fendi (Singapore) Pte Ltd. with registered office in 8 Marina Boulevard #05-02 Marina Bay Financial Centre Singapore 018981, e-mail customerprivacy@fendi.com, that manages the sale of products in Singapore, either through the Website as indicated in the Terms and conditions of sale or in Stores, handles any related customer service activities, is in charge of organizing FENDI events in Singapore, and also processes your personal data for the Law Purposes and Business Purposes (as defined below)
(hereinafter jointly referred to as ‘FENDI’ or the ‘Company’).
FENDI has also appointed a Data Protection Officer (‘DPO’), who can be contacted at the dedicated e-mail: dpo@fendi.com.
To the extent that they are necessary to achieve the purposes described in this Information Notice, FENDI shall process your following personal data:
- Browsing Data, i.e. IP address and domain name of the device used, URI (Uniform Resource Identifiers) notation addresses of the resources requested, time of the request, method used to send the request to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (e.g. successful, error, etc.), other parameters related to the device used, operating system and IT environment, as well as geolocation data on the Website through the ‘Locate Me’ function and data collected through cookies and other tracking technologies in accordance with the Cookie Policy;
- Identification Data, i.e.,
- biographical data, such as title, first name, last name, country of residence, nationality, date of birth;
- contact information, such as address, city, postal code, e-mail address, phone number;
- data relating to your Fendi profile/account, such as password, client ID, username;
You may also decide to login to our Website via your Apple ID or Google account. Specifically, by accessing the FENDI Website through social login, you will share certain information and content from those accounts with FENDI. The personal data shared will depend on the configuration of the relevant account or website and will be subject to their privacy notice;
- Contractual Data, i.e.:
- payment information, including payment card information, billing address, and other financial information (such as, routing and account number). Please note that we use third-party payment providers to process payments made to us. FENDI does not retain any personally identifiable financial information, such as payment card number, you provide these third-party payment providers in connection with payments. Rather, all such information is provided directly by you to our third-party payment providers. The payment provider’s use of your personal data is governed by their privacy notice;
- data on purchases made, such as body measurements (sizes), type of product or service, quantity, cost;
- additional data provided by you in connection with a request;
- Customer Experience Data, i.e.:
- preferred language; o data on lifestyle habits and additional data (such as favourite colour, other brands used, marital status, number of family members and dates of birth, hobbies, profession, style, social networks, contact preferences, most visited country);
- data on purchases made (such as products purchased and their features, price, frequency, purchase method, favourite store, favourite customer advisor, type of products purchased/preferred, spending segment, status);
- if you subscribe to our newsletter, supplementary information on your interactions with the communications we send you.
Where you provide personal data of third parties (e.g., to facilitate delivery of purchased products), please ensure that such third parties are aware of and prior consent to the processing carried out under this Information Notice.
FENDI processes your personal data in order to perform a request or a contract concluded with you, in order to comply with legal obligations, for its own marketing and profiling purposes, as well as for meeting legitimate interests.
-
Processing relating to the contractual relationship
FENDI offers you goods and services for which it is necessary to process personal data.
-
Contractual Purposes
The processing of your Browsing Data, Identification Data and/or Contractual Data pursues the purposes of rendering it possible to:
- browse the Website, in order to use the specific functions and services provided therein, including, for example, the option to create a user account by registering in the Fendi & Me area and thus subscribe, via the Website, to the FENDI loyalty program sub b) and/or, upon your choice, identify your position via the ‘Locate Me’ service in order to inform you of the Store nearest to you;
- sign up and adhere to the FENDI loyalty program by filling out the relevant form, in order to take advantage of the services and benefits reserved by FENDI for its registered clients;
- contact you in the event of your requests and/or reports in Store or through any communication channel, e.g. via the ‘Contact Us’ section, the email address and/or the phone number available on the Website as well as using our instant messaging platforms and our Live Chat on the Website and on our social channels;
- purchase FENDI products in the Stores, on the Website, and at official events (e.g. bookings and purchases at fashion shows, etc.);
- manage payments and collections;
- provide customer care service, including aftersales service, including the management of sales returns, the management of refunds for defective purchases, handling of complaints, etc;
- manage customer relations as part of events organised by FENDI (e.g. to manage invitations for attendance at fashion shows or inclusion on mailing lists for events); and
- send the newsletter, in the event that you subscribe to it.
The above purposes are hereinafter collectively referred to as the ‘Contractual Purposes’.
-
Legal basis for processing for Contractual Purposes
Pursuant to Article 6(1)(b) of the GDPR and Division 2 of the PDPA, the legal basis for the processing is the performance of the contract to which you are a party or in order to take steps at your request.
The processing of your personal data for these purposes is mandatory, and if you do not wish for FENDI to proceed with the aforementioned processing, FENDI may not be able to establish and/or perform a contractual relationship with you, thereby also preventing you from using products and services.
This is without prejudice to the processing of Browsing Data by cookies and other tracking technologies on the Website. With respect to this, please refer to the Cookie Policy.
-
Processing in order to comply with legal obligations
FENDI is required to comply with legal obligations for which the processing of personal data is required.
-
Legal Purposes
Identification Data and Contractual Data will also be processed in order to comply with the obligations provided for by law, regulations and/or EU regulations and for civil, administrative, accounting and tax purposes, such as in the case of processing carried out in antimoney laundering and Tax Free regime (the ‘Legal Purposes’).
-
Legal basis for processing for Legal Purposes
Under Article 6(1)(c) of the GDPR and Division 2 of the PDPA, the legal basis for processing is the need to fulfil a legal obligation to which the Companies are subject.
The processing of your personal data for this purpose is mandatory, as it is required under the applicable regulations.
-
Promotional,advertising and marketing processing in the broader sense
Subject to your prior consent, FENDI carries out business promotional activities for the products and services of the Companies.
-
Marketing Purposes
Subject to your prior consent, FENDI may process your Identification Data and Customer Experience Data for the following purposes:
- market research, surveys, statistics, promotional campaigns, discounts, and/or other promotional activities concerning FENDI’s products and/or services, as well as sending advertising and informative communications and material;
- invitations to events organised by the Companies;
- conducting re-engagement campaigns.
The above purposes are referred to as the ‘Marketing Purposes’. FENDI will carry out the aforesaid processing by means of operator-assisted telephone or other non-electronic means, whether by e-mail, sms, mms, newsletter, telephone call, automated systems without operator assistance and similar, and other electronic means. You may express your preferences on the means used and for marketing communications by merely sending an e-mail to customerprivacy@fendi.com or checking the boxes provided in the consent form.
-
Legal basis for processing for Marketing Purposes
Pursuant to Article 6(1)(a) of the GDPR and Division 2 of the PDPA, the legal basis for the processing, in all cases and processing provided for in this Section, is your prior consent, which you may in any case freely withdraw, at any time, free of charge, in the manner indicated in the Section ‘What are your rights and how you can exercise them’, without prejudice to the processing of data that has been legitimately carried out up to that time.
Should you refuse your consent for Marketing Purposes, this shall not affect your other existing relations with FENDI for which your prior consent is not required. Consent is optional, although failure to provide it will render it impossible for FENDI to keep you updated on new products or services, promotions, and to conduct market surveys.
-
Profiling processing
Subject to your prior consent, FENDI uses your data as part of the profiling activities carried out in order to manage the FENDI world in a manner that is better in accordance with your requirements and preferences.
-
Profiling Purposes
FENDI also processes Identification Data and Customer Experience Data for profiling purposes, namely, to assess certain aspects about a person, and analyse his or her personal preferences and interests, so as to be able to offer him or her personalised products and services or those which are in line with his or her needs. Through profiling, data is structured according to parameters which are defined, from time to time, according to business needs, for the purposes of creating a ‘profile’ of the data subject. For example, FENDI may carry out profiling activities in order to perform targeted marketing campaigns (e.g., ‘look alike’ research or re-engagement).
Furthermore, the LVMH Group, to which FENDI belongs, includes many famous Maisons offering high quality products and services throughout all sectors, including Fashion and Leather Goods, Perfumes and Cosmetics, Watches and Jewellery, Wines and Spirits, Hotelerie, and Culture and Leisure (a list of all LVMH Maisons is available at https://www.lvmh.com. If you are a FENDI customer, you may also be a customer of one or more of the other LVMH Maisons. Our desire is to always improve your customer experience by providing you with personalised offers and services and marketing communications that most closely match your expectations. For this purpose, data relating to purchases you have made with us over the past 36 months will be disclosed to LVMH as the parent company in pseudonymised form (and thus without unencrypted indication of your name and your further contact details). Your purchase data will be analysed and combined with data on other purchases you may have made with other LVMH Group Maisons during the same time period and for which you have provided similar consent. On the basis of the analysis and combination performed on such data, FENDI will receive additional information regarding your purchasing habits and preferences (without knowing, however, from which other Maison the data comes from). FENDI shall remain the sole data controller. LVMH shall act as a data processor and will not use your data for any purpose other than the one stated above, and under no circumstances will it share your data with other LVMH Group Maisons of which you are not a customer or to which you have not given your consent.
The above purposes are hereafter jointly referred to as ‘Profiling Purposes’.
-
Legal basis for processing for Profiling Purposes
In order to process for Profiling Purposes, it is mandatory to acquire your specific, prior and separate consent (also from the consent for Marketing Purposes), which you may however freely revoke, at any time, free of charge, in the manner indicated in the Section ‘What are your rights and how can you exercise them’, without prejudice to the data processing legitimately carried out up to that time.
The provision of consent to the processing for Profiling Purposes is entirely voluntary and optional and, in the event of refusal of such consent, this will not affect the other existing relationships. However, failure to provide consent will entail that FENDI will not be able to provide products and services which are in accordance with your requirements and preferences.
-
Processing in pursuit of FENDI’s legitimate interests
FENDI processes your personal data as part of operations to ensure the security and proper and effective operation of the Website, to make sure our services are effective and satisfying to you, as well as during corporate transactions and/or litigation proceedings, if any.
-
Business Purposes
FENDI processes:
- Browsing Data, in order to ensure the security of the Website, verify its proper functioning and evaluate its use in order to obtain statistics regarding its use;
- Identification Data and Customer Experience Data to measure the effectiveness of our services, perform customer satisfaction evaluations and analyse the commercial performance of the relationship established with you, in order to provide a service that is more in line with your needs;
- Identification Data, Contractual Data and Customer Experience Data to carry out activities which are functional to transactions concerning transfer of businesses and business units, acquisitions, mergers, demergers or other transformations and for the performance of such transactions; and
- Browsing Data, Identification Data, Contractual Data, and Customer Experience Data in order to assert and defend the Companies’ rights vis-à-vis you and/or third parties in any litigation proceedings, including the detection of fraud.
The above purposes are hereinafter collectively referred to as ‘Business Purposes’.
-
Legal basis for processing for Business Purposes
The processing of your personal data for these purposes is functional to the pursuit of FENDI’s legitimate interests, which are appropriately balanced against your interests, subject to the limits imposed on the relevant processing activities, and is not mandatory. You shall be entitled to object to the processing activities carried out for this purpose, as set out in the ‘What are your rights and how can you exercise them’ Section of this Information Notice, except where FENDI has an overriding interest in continuing the processing of your personal data or in asserting or defending a right pursuant to Article 21 of the GDPR and the PDPA.
FENDI may disclose your personal data to the following categories of recipients who are located – as applicable – in Singapore and in territories outside Singapore, including Italy and other countries where the Companies operate:
- personnel of the Companies who need access to the data for the performance of their duties;
- banking and financial intermediaries and credit companies that provide services for the verification and management of collections and payments;
- third parties performing customer verification and fraud prevention activities;
- companies that manage FENDI’s stores and warehouses, transport companies and couriers for the distribution and delivery of purchased products or for the collection and handling of returns;
- Website operators and suppliers in the technology field, including companies that perform documentation storage activities;
- companies that provide services to the Companies for the organisation of events (e.g., fashion shows), activities, campaigns and marketing strategies;
- Companies that perform information assistance and support activities for data subjects (e.g., call centres);
- professionals, consultants, companies or professional firms, that provide assistance, advice or collaboration to the Companies in accounting, administrative, legal, tax and financial matters;
- the parent company as the LVMH Group Holding Company and other companies controlled by or affiliated with FENDI;
- Public Administrations for the fulfilment of legal obligations relating to, inter alia, antimoney laundering regulations, public security laws or tax and fiscal regulations, as well as any other third party to whom the communication is required by law or by order of the Judicial Authority.
To obtain the full and named list of data recipients, you may contact us at customerprivacy@fendi.com.
In any event, your personal data will not be disseminated.
Your personal data is transferred to countries outside Singapore and, in particular, to those in where FENDI Group companies are operational and active including: EEA Countries, Australia, Bahrain, Brazil, Canada, China, South Korea, Philippines, Japan, Hong Kong SAR, India, Kuwait, Macau SAR, Malaysia, Mexico, Qatar, United Kingdom, United States of America, Switzerland, and Thailand.
The transfer of personal data outside of the EEA and Singapore for the purposes specified in this Information Notice shall take place on the basis of appropriate safeguards in accordance with Article 46(2)(c) of the GDPR and Article 26 of the PDPA, including taking reasonable steps to ensure the collected personal data is held, managed, transferred or accessed according to the obligations required under Singapore laws and the recipient outside of Singapore is bound by legally enforceable obligations to provide a standard of protection to the personal data transferred that is comparable to that under Singapore, and through the signing of standard contractual clauses adopted by the European Commission, as well as through the adoption of technical and organisational measures necessary to ensure, from time to time, adequate protection of your data, as required by the applicable Privacy Regulation, with the exception of countries that have obtained an adequacy decision from the European Commission.
The personal data transfer agreement is available at the registered office of each of the Companies, of which you may request an excerpt should you wish to do so.
Personal data shall not be retained for longer than necessary to fulfil the purposes for which your personal data is processed by FENDI as set forth in this Information Notice.
Once the time limits below have passed, personal data will be deleted or anonymised.
- Retention periods and deletion of data processed for Contractual Purposes
For Contractual Purposes, data is retained for the term of the contract and/or service requested (e.g., in the case of accounts created on the Website or in connection with services provided by FENDI), as well as for up to 10 years thereafter.
- Retention times and deletion of data processed for Legal Purposes
For Legal Purposes, data is retained for a period equal to the duration prescribed for each type of data by law.
- Retention periods and deletion of data processed for Marketing Purposes and Profiling Purposes
Purchase detail data processed for Marketing Purposes and Profiling Purposes is retained for 7 years following its collection.
You may at any time terminate the processing and storage of data regarding you by notifying the Companies of your withdrawal of consent or objection to processing under Article 21 of the GDPR.
- Retention periods and deletion of data processed for Business Purposes
Personal data processed for Business Purposes is retained for a period equal to the relationship established with you from time to time and for 10 years thereafter, in the event that the personal data is necessary to assert and defend the Companies’ rights vis-à-vis you and/or third parties in any litigation proceedings. In the event that the processing is for the purpose of carrying out activities which are functional to transactions concerning the transfers of business and business units, acquisitions, mergers, spin-offs, or other transformations, and with respect to the performance of such transactions, the retention periods listed above will apply with respect to the main processing that takes place.
Pursuant to Articles 15 to 22 of the GDPR and Part 4 and 5 of the PDPA, we hereby inform you that you may exercise the following rights:
Right of access to your personal data in order to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, to know the source of the data, the purposes and methods of processing, and the logic adopted.
Right to rectification of inaccurate or incomplete personal data concerning you.
Right to erasure (and where there are no specific reasons that otherwise relieve FENDI of the obligation to erase) if (i) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) you withdraw consent and there is no other legal basis for processing, without affecting the lawfulness of the processing based on the consent provided before such withdrawal; (iii) you object to processing for legitimate interests purposes; (iv) the personal data has been processed unlawfully.
Right to restriction of processing in cases where (i) you contest the accuracy of personal data, for the period necessary to verify the accuracy of such personal data; (ii) the processing is unlawful and you object to the erase of the personal data and instead request that its use be restricted; (iii) although the Company no longer needs it for processing purposes, the personal data is necessary for you to establish, exercise or defend a right in court; (iv) you object to the processing pursuant to Article 21(1) of the GDPR pending verification as to whether FENDI’s legitimate reasons prevail over yours.
Right to object to the processing of personal data regarding you based on FENDI’s legitimate interest.
Right to portability i.e. to receive your personal data in a structured, commonly used and readable format, so that such data may be retained for further use for personal purposes, and to ask us to arrange for the transmission of such data to another data controller.
You may exercise your rights as provided for by the GDPR and the PDPA by sending an e-mail to customerprivacy@fendi.com.
The exercise of rights is not subject to any formal requirements and is free of charge. A response will be given without undue delay and, at the latest, within 30 days from receipt of the request.
You also have the right to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the Personal Data Protection Commission in Singapore (www.pdpc.gov.sg).
This Information Notice is effective from the time of its publication. FENDI may amend and/or supplement this Information Notice, including as a result of any subsequent regulatory amendments and/or additions to the Privacy Regulation. Amendments will be notified in advance and you can view the updated information notice at the Information Notice link.