Privacy Policy

(Information notice on the processing of personal data in accordance with Art. 13 of Italian Legislative Decree 196/2003, and EU Regulation 679/2016)

Brunello Cucinelli S.p.A., as the Data Controller (hereinafter: “Brunello Cucinelli” or “Data Controller”) in accordance with Italian Legislative Decree 196/2003 (“Code”), and EU Regulation 679/2016 (hereinafter: “Regulation”) – considers the privacy and protection of personal data to be one of the main objectives of its activity. Therefore, we invite you, prior to communicating any personal data to the Controller, to carefully read this Privacy Policy as it contains important information on the protection of your personal data.

This Privacy Policy:

Is considered applicable to the website www.brunellocucinelli.com, and to the section thereof dedicated to Investors (hereinafter: “Website”);

constitutes an integral part of the Website and of the services we offer;

is issued in accordance with Art. 13 of the Code, as well as Art. 13 of the Regulation, for anyone interacting with the web services of the Website;

is not considered applicable to the section of the Website dedicated to “Human Resources” or to “Online boutique” websites, for which reference is made to the specific information notices contained therein.

The processing of your personal data shall be based on the principles of correctness, lawfulness, transparency, limitation of the aims and storage, minimization and exactness, integrity and confidentiality, and the principle of accountability in accordance with Art. 5 of the Regulation. Your personal data shall therefore be processed in accordance with the legislative provisions of the Regulation and the confidentiality obligations envisaged therein.

Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data such as the collection, recording, organization, structuring, storage, adaptation or amendment, extraction, consultation, use, communication through transmission, disclosure or any other form of provision, comparison or interconnection, limitation, deletion or destruction.

Contents

The contents of the Privacy Policy are provided below, so that you can easily find the information inherent to the processing of your personal data affecting you.

1. Data controller and processor
2. Personal data subject to processing:
   1. Navigation data
   2. Cookies
3. Processing Aims
4. Legal basis and compulsory or voluntary nature of processing
5. Personal data recipients
6. Transfers of personal data
7. Storage of personal data
8. Rights of the interested party
9. Modifications
10. Contacts

1. Data controller and processor

The Data Controller is Brunello Cucinelli S.p.A. having its registered office in Corciano (Perugia, Italy), frazione Solomeo, Viale Parco dell’Industria n. 5, tax code and registration number with the Perugia Companies Register 0188612054. The Data Protection Officer of Brunello Cucinelli S.p.A. can be contacted at the headquarters of the Data Controller at the address indicated above and by email at: dpo@brunellocucinelli.it

2. Personal data subject to processing

We would like to inform you that the personal data subject to processing may comprise an identification label such as the name, identification number, data related to the location, an online ID or one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity suitable to make the interested party identified or identifiable, according to the type of services requested (hereinafter “personal data”). The personal data processed through the Website are as follows:

a. Navigation data

During their normal process, the IT systems and software procedures in place for the operation of the Website acquire some personal data whose transmission is implicit in the use of internet communication protocols. This refers to information that is not collected to be associated with identified interested parties, but that by its very nature could, through processing and association with data held by third parties, allow the users to be identified. IP addresses or domain names of the computers used by the users who connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used for making the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the IT environment of the user all fit into this category of data. These data used for the sole purpose of gaining anonymous statistical information on the use of the Website to control the correct operation thereof, to identify any anomalies and/or abuse, are deleted straight after being processed. The data could be used for ascertaining responsibility in the event of any IT crimes that may damage the Website or third parties.

b. Cookies

The information on the cookies served by the Website is available here.

3. Processing Aims

Your personal data shall be processed for the following aims:

1. 3.1 To allow navigation of the Website and the provision of the services made available there by the Controller, including the management of the Website security;

2. 3.2 To fulfil any obligations envisaged by laws in force, regulations or EU legislation or to comply with any requests from authorities;

3. 3.3 To process statistics, without it being possible to trace your identity.

Specific security measures are observed in order to prevent the loss of data, illicit use or incorrect use and unauthorized access.

4. Legal basis and compulsory or voluntary nature of processing

The legal basis for the processing of personal data for the aims according to section 3.1 is Art. 6(1)(b) of the Regulation ([…]processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), since the processing is necessary for the provision of services. The legal basis for the processing of personal data for the aims according to section 3.2 is instead, Art. 6(1)(c) of the Regulation ([…]processing is necessary for compliance with a legal obligation to which the controller is subject). The provision of personal data for these purposes is optional, but any failure to provide data could imply the impossibility to activate the required services. It is instead specified that the processing according to section 3.3 is not performed on personal data and therefore can be freely performed by the Controller.

5. Personal data recipients

Your personal data may be shared, for the purposes according to section 3 of this Privacy Policy, with:

1. 5.1 Subjects who typically act as processors in accordance with Articles 29 of the Code and 28 of the Regulation, i.e., subjects that cooperate with the Data Controller for pursuing the above aims, including subjects appointed to perform technical maintenance activities (collectively “Recipients”);

2. 5.2 Subjects, bodies or authorities to whom it is compulsory to communicate your personal data on the basis of legal provisions or orders of the authorities;

3. 5.3 Persons authorized by the Data Controller, in accordance with Articles 30 of the Code and 29 of the Regulation, to process the personal data necessary for performing activities strictly connected with the provision of services, who have committed to confidentiality or who have a suitable legal confidentiality obligation. The updated list of subjects who could process your personal data as processors is available by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice.

6. Transfer of personal data

Some of your personal data may be shared with Recipients who are located outside the European Economic Area. The Data Controller guarantees that the processing of your personal data by these Recipients takes place in compliance with Articles 43 and 44 of the Code, and with Articles 44 - 49 of the Regulation. More information is available by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice.

7. Storage of personal data

The personal data processed for the aims according to section 3.1 shall be stored for the amount of time strictly necessary to achieve such purposes. However, since the processing is performed in order to provide services, the Data Controller shall store the personal data for the amount of time envisaged and permitted by Italian legislation for the protection of its interests (Art. 2946 of the Civil Code et seq.). The personal data processed for the aims according to section 3.2 shall be stored for the amount of time envisaged by the specific obligation or applicable legal standard. More information related to the data storage period and the criteria used to determine such period can be requested by sending a written request to the Data Controller to the addresses indicated in the “Contacts” section of this information notice. This is notwithstanding the possibility for the Data Controller to store your personal data for the period of time envisaged and permitted by Italian law to protect his interests (Art. 2947(1)(3) of the Civil Code).

8. Rights of the interested party

In accordance with Art. 7 of the Code, you have the right at any time to obtain confirmation of the existence or not of your personal data and to find out the contents and origin thereof, verify the accuracy or request the addition, updating or correction thereof; you have the right to request the deletion, transformation into anonymous format or blocking of data processed against the law, or to oppose in any case, for legitimate reasons, the processing thereof. Starting from 25 May 2018 you also have the right to request access to your data, to oppose processing and to request the limitation of processing in the cases envisaged by Art. 18 of the Regulation, where technically possible, and to obtain in a structured format, of common use and legible by an automatic device, the data regarding you, in the cases envisaged by Art. 20 of the Regulation. Requests are to be sent in writing to the Data Controller to the addresses indicated in the “Contacts” section of this information notice. You always have the right to lodge a complaint with the competent control authority (Data Protection Authority) in accordance with Art. 77 of the Regulation, should you consider that the processing of your data infringes legislation in force.

9. Amendments

Il Titolare si riserva di modificarne o semplicemente aggiornarne il contenuto, in parte o completamente, anche a causa di variazioni della normativa applicabile. Il Titolare La invita, quindi, a visitare con regolarità questa sezione per prendere cognizione della più recente ed aggiornata versione della Privacy Policy, in modo da essere sempre aggiornato sui dati raccolti e sull’uso che ne fa Brunello Cucinelli.

10. Contacts

To exercise the above rights or for any other requests, please write to the Data Controller at the physical address indicated above, or via the dedicated contact details, preferably inserting the wording "request for exercise of privacy rights" in the subject field of the communication.