Your personal data shall be processed using paper, electronic or telematic means in order to pursue the purposes specified in this Information Notice, in compliance with EU Regulation 2016/679 (the ‘GDPR’), the Italian Legislative Decree no. 196/2003 as subsequently amended and supplemented, and with the Singapore Personal Data Protection Act (the ‘PDPA’) (hereinafter, jointly with the GDPR, the ‘Privacy Regulation’).

The data controller of your personal data is:

• FENDI S.r.l.with registered office in Palazzo della Civiltà, Quadrato della Concordia 3, 00144, Rome (RM), Italy, telephone 06334501, e-mail contact link, in relation to all the purposes set forth in this Information Notice, except for processing related to the purchase of products in your country/region, made either through the Website or in the Stores;
• Fendi (Singapore) Pte Ltd.with registered office in 8 Marina Boulevard #05-02 Marina Bay Financial Centre Singapore 018981, e-mail contact link, that manages the sale of products in Singapore, either through the Website as indicated in the Terms and conditions of sale or in Stores, handles any related customer service activities, is in charge of organizing FENDI events in Singapore, and also processes your personal data for the Law Purposes and Business Purposes (as defined below)

(hereinafter jointly referred to as ‘ FENDI’ or the ‘ Company’).

FENDI has also appointed a Data Protection Officer (‘ DPO’), who can be contacted at the dedicated e-mail: dpo@fendi.com.

To the extent that they are necessary to achieve the purposes described in this Information Notice, FENDI shall process your following personal data:

• Browsing Data, i.e. IP address and domain name of the device used, URI (Uniform Resource Identifiers) notation addresses of the resources requested, time of the request, method used to send the request to the server, size of the file obtained in response, numeric code indicating the status of the response given by the server (e.g. successful, error, etc.), other parameters related to the device used, operating system and IT environment, as well as geolocation data on the Website through the ‘Locate Me’ function and data collected through cookies and other tracking technologies in accordance with the Cookie Policy;
• Identification Data, i.e.,
  • biographical data, such as title, first name, last name, country of residence, nationality, date of birth;
  • contact information, such as address, city, postal code, e-mail address, phone number;
  • data relating to your Fendi profile/account, such as password, client ID, username;

You may also decide to login to our Website via your Apple ID or Google account. Specifically, by accessing the FENDI Website through social login, you will share certain information and content from those accounts with FENDI. The personal data shared will depend on the configuration of the relevant account or website and will be subject to their privacy notice;

• Contractual Data, i.e.:
  • payment information, including payment card information, billing address, and other financial information (such as, routing and account number). Please note that we use third-party payment providers to process payments made to us. FENDI does not retain any personally identifiable financial information, such as payment card number, you provide these third-party payment providers in connection with payments. Rather, all such information is provided directly by you to our third-party payment providers. The payment provider’s use of your personal data is governed by their privacy notice;
  • data on purchases made, such as body measurements (sizes), type of product or service, quantity, cost;
  • additional data provided by you in connection with a request;
• Customer Experience Data, i.e.:
  • preferred language; o data on lifestyle habits and additional data (such as favourite colour, other brands used, marital status, number of family members and dates of birth, hobbies, profession, style, social networks, contact preferences, most visited country);
  • data on purchases made (such as products purchased and their features, price, frequency, purchase method, favourite store, favourite customer advisor, type of products purchased/preferred, spending segment, status);
  • if you subscribe to our newsletter, supplementary information on your interactions with the communications we send you.

Where you provide personal data of third parties (e.g., to facilitate delivery of purchased products), please ensure that such third parties are aware of and prior consent to the processing carried out under this Information Notice.

FENDI may disclose your personal data to the following categories of recipients who are located – as applicable – in Singapore and in territories outside Singapore, including Italy and other countries where the Companies operate:

• personnel of the Companies who need access to the data for the performance of their duties;
• banking and financial intermediaries and credit companies that provide services for the verification and management of collections and payments;
• third parties performing customer verification and fraud prevention activities;
• companies that manage FENDI’s stores and warehouses, transport companies and couriers for the distribution and delivery of purchased products or for the collection and handling of returns;
• Website operators and suppliers in the technology field, including companies that perform documentation storage activities;
• companies that provide services to the Companies for the organisation of events (e.g., fashion shows), activities, campaigns and marketing strategies;
• Companies that perform information assistance and support activities for data subjects (e.g., call centres);
• professionals, consultants, companies or professional firms, that provide assistance, advice or collaboration to the Companies in accounting, administrative, legal, tax and financial matters;
• the parent company as the LVMH Group Holding Company and other companies controlled by or affiliated with FENDI;
• Public Administrations for the fulfilment of legal obligations relating to, inter alia, antimoney laundering regulations, public security laws or tax and fiscal regulations, as well as any other third party to whom the communication is required by law or by order of the Judicial Authority.

To obtain the full and named list of data recipients, you may contact us through our Contact Form.

In any event, your personal data will not be disseminated.

Your personal data is transferred to countries outside Singapore and, in particular, to those in where FENDI Group companies are operational and active including: EEA Countries, Australia, Bahrain, Brazil, Canada, China, South Korea, Philippines, Japan, Hong Kong SAR, India, Kuwait, Macau SAR, Malaysia, Mexico, Qatar, United Kingdom, United States of America, Switzerland, and Thailand.

The transfer of personal data outside of the EEA and Singapore for the purposes specified in this Information Notice shall take place on the basis of appropriate safeguards in accordance with Article 46(2)(c) of the GDPR and Article 26 of the PDPA, including taking reasonable steps to ensure the collected personal data is held, managed, transferred or accessed according to the obligations required under Singapore laws and the recipient outside of Singapore is bound by legally enforceable obligations to provide a standard of protection to the personal data transferred that is comparable to that under Singapore, and through the signing of standard contractual clauses adopted by the European Commission, as well as through the adoption of technical and organisational measures necessary to ensure, from time to time, adequate protection of your data, as required by the applicable Privacy Regulation, with the exception of countries that have obtained an adequacy decision from the European Commission.

The personal data transfer agreement is available at the registered office of each of the Companies, of which you may request an excerpt should you wish to do so.

Personal data shall not be retained for longer than necessary to fulfil the purposes for which your personal data is processed by FENDI as set forth in this Information Notice.

Once the time limits below have passed, personal data will be deleted or anonymised.

1. Retention periods and deletion of data processed for Contractual Purposes

For Contractual Purposes, data is retained for the term of the contract and/or service requested (e.g., in the case of accounts created on the Website or in connection with services provided by FENDI), as well as for up to 10 years thereafter. 

2. Retention times and deletion of data processed for Legal Purposes

For Legal Purposes, data is retained for a period equal to the duration prescribed for each type of data by law.

3. Retention periods and deletion of data processed for Marketing Purposes and Profiling Purposes

Purchase detail data processed for Marketing Purposes and Profiling Purposes is retained for 7 years following its collection. 

You may at any time terminate the processing and storage of data regarding you by notifying the Companies of your withdrawal of consent or objection to processing under Article 21 of the GDPR.

4. Retention periods and deletion of data processed for Business Purposes

Personal data processed for Business Purposes is retained for a period equal to the relationship established with you from time to time and for 10 years thereafter, in the event that the personal data is necessary to assert and defend the Companies’ rights vis-à-vis you and/or third parties in any litigation proceedings. In the event that the processing is for the purpose of carrying out activities which are functional to transactions concerning the transfers of business and business units, acquisitions, mergers, spin-offs, or other transformations, and with respect to the performance of such transactions, the retention periods listed above will apply with respect to the main processing that takes place.
 

Pursuant to Articles 15 to 22 of the GDPR and Part 4 and 5 of the PDPA, we hereby inform you that you may exercise the following rights:

Right of access to your personal data in order to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, to know the source of the data, the purposes and methods of processing, and the logic adopted.

Right to rectification of inaccurate or incomplete personal data concerning you.

Right to erasure (and where there are no specific reasons that otherwise relieve FENDI of the obligation to erase) if (i) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) you withdraw consent and there is no other legal basis for processing, without affecting the lawfulness of the processing based on the consent provided before such withdrawal; (iii) you object to processing for legitimate interests purposes; (iv) the personal data has been processed unlawfully.

Right to restriction of processing in cases where (i) you contest the accuracy of personal data, for the period necessary to verify the accuracy of such personal data; (ii) the processing is unlawful and you object to the erase of the personal data and instead request that its use be restricted; (iii) although the Company no longer needs it for processing purposes, the personal data is necessary for you to establish, exercise or defend a right in court; (iv) you object to the processing pursuant to Article 21(1) of the GDPR pending verification as to whether FENDI’s legitimate reasons prevail over yours.

Right to object to the processing of personal data regarding you based on FENDI’s legitimate interest.

Right to portability i.e. to receive your personal data in a structured, commonly used and readable format, so that such data may be retained for further use for personal purposes, and to ask us to arrange for the transmission of such data to another data controller.

You may exercise your rights as provided for by the GDPR and the PDPA by sending an e-mail through our Contact Form.

The exercise of rights is not subject to any formal requirements and is free of charge. A response will be given without undue delay and, at the latest, within 30 days from receipt of the request.

You also have the right to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the Personal Data Protection Commission in Singapore (www.pdpc.gov.sg).

This Information Notice is effective from the time of its publication. FENDI may amend and/or supplement this Information Notice, including as a result of any subsequent regulatory amendments and/or additions to the Privacy Regulation. Amendments will be notified in advance and you can view the updated information notice at the Information Notice link.