Privacy policy
INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA ON THE BROOKS BROTHERS WEBSITE
Welcome to the Brooks Brothers website. Pursuant to art. 13 of the Regulations (EU) 2016/679 (hereinafter the "GDPR"), this page provides information on how we process your personal data that we collect when you visit the Site and interact with its services.
The information is provided only for the Website and possible sub-domains and not for the other websites that can be visited via hypertextual connections or links.
Please read this information carefully before providing your personal details.
1. DATA CONTROLLER
Progetto 17 S.r.l., with registered office in Piazza Arcole 4, 20124, Milan (MI), [email protected] and The Level S.r.l., with registered office in Piazza Arcole 4, 20124, Milan (MI), [email protected] ("TLG") are joint controllers of data processing for activities related to the sale of products offered on the Site. You can find out more about the essential content of the agreement pursuant to art. 26 GDPR between TLG and Progetto 17 S.r.l. by sending an email to [email protected]
Progetto 17 S.r.l is also the autonomous controller for the purposes of managing the Site and your registration on the Site (personal account), and for the marketing and profiling activities described in greater detail below.
TLG is also an autonomous controller for administrative and accounting purposes relating to the sale, as well as for any assistance relating to your purchase.
Hereinafter, when we use the expression "Joint Controllers", we will be referring jointly to Progetto 17 S.r.l and TLG. Conversely, you will find the reference to Progetto 17 S.r.l or TLG in the event that the information refers to only one of the two data controllers.
2. DATA PROTECTION OFFICER (DPO)
TLG has appointed a Data Protection Officer (DPO) whom you can contact by sending an email to: [email protected]
3. CATEGORIES OF PERSONAL DATA COLLECTED
a) Browsing data
Browsing the Site and accessing the related services involve the acquisition of some personal data relating to your browsing, such as, for example, the IP addresses or domain names of the devices you use to connect to the Site, the uniform resource identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment you use.
b) Personal data you voluntarily provide
The personal data that you voluntarily provide to us when you register on the Website, access its services, purchase a product or interact with the customer support service, such as, for example, personal data, contact details, data relating to purchases and banking data.
c) Cookies
The Site uses cookies. For more information on cookies and their use on the Site, consult the cookie policy.
4. PURPOSE, LEGAL BASIS AND RETENTION PERIOD
I. Your personal data will be processed by the Joint Controllers as follows:
| PURPOSE | LEGAL BASIS | DATA RETENTION PERIOD | |
|---|---|---|---|
| A | A Site registration* (personal account): to allow you to create your personal account on the Website and to access and use the related services Performance of the contract or pre-contractual measures you have requested Until your request for cancellation of the account or the termination of the service | Performance of the contract or pre-contractual measures you have requested | Until your request for cancellation of the account or the termination of the service |
| B | For assistance with purchases made in brick and mortar stores or at another online store; for general and company-related information*: to respond to your request for general product or brand information | Performance of the contract or pre-contractual measures you have requested (responding to requests from the data subject) | For the time needed to respond to your request |
| C | Marketing: to send information and commercial communications, including promotional, regarding the Joint Controllers' products and services | Consent | For 24 months following the last communication sent |
| D | Profiling: to analyse the data subject's tastes, preferences, habits and behaviours so as to send personalised commercial communications based on the data subject's commercial and behavioural profile. | Consent | For a period of 12 months from collection |
II. Your personal data will be processed by the Joint Controllers as follows:
| PURPOSE | LEGAL BASIS | DATA RETENTION PERIOD | |
|---|---|---|---|
| E | Sale of products*: to enter into and perform the sales contract for the products offered on the Site, including the management and fulfilment of purchase orders, the delivery of the products, the communication of any facts relating to the order, the management of payments and anti-fraud controls | Performance of the contract or pre-contractual measures you have requested | For the period necessary to process the purchase order (without prejudice to the further retention of the data where necessary for subsequent purposes) |
III. Your personal data will be processed by TLG as follows:
| PURPOSE | LEGAL BASIS | DATA RETENTION PERIOD | |
|---|---|---|---|
| F | After-sales assistance*: to manage and respond to requests you send us in relation to the products purchased on the Site, for example in relation to returns, refunds or complaints | Performance of the contract or pre-contractual measures you have requested | For the period necessary to respond to your request (without prejudice to the further retention of the data where necessary for subsequent purposes). |
| G | Compliance with legal obligations*: to comply with legal obligations (in particular civil, tax, public security, banking and personal data protection) | Compliance with legal obligations | For the period provided for by legislation. Billing data is kept for 10 years from the invoice issue date. |
| H | Disputes and the prevention of criminal acts*: to defend or assert a right and/or to ascertain and prevent fraud and other crimes or offences | Legitimate interest of the Controller | For the period necessary for the purpose for which the data are collected in accordance with the applicable legislation (e.g. provisions applicable to limitation periods). |
5. NATURE OF DATA PROVISION
The provision of data in the fields marked with an asterisk (*) for the purposes referred to in section 4(I) (A) and (B) and 4(II) and (III) above, is necessary to register on the Site, use the related services and purchase products on the Site. Failure to provide these data will make it impossible to obtain the products and services requested. The provision of data in the fields not marked with an asterisk, although useful in facilitating relations with the Joint Controllers, is optional and the failure to provide them will not affect your ability to obtain the requested products and services. Regarding the marketing and profiling purposes referred to in section 4(I)(C) and (D), the provision of data is optional and your refusal means the Joint Controllers will not be able to process the data you provide for marketing and profiling purposes. You may still register on the Site, purchase products and use the related services in accordance with the provisions of section 4(I)(A) and (B), (II) and (III).
6. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS (PROFILING)
The Joint Controllers intend to pursue the purposes referred to in section 4(I)(D) (profiling) by analysing information about the data subject (derived, for example, from the purchases made), so as to send personalised commercial communications and carry out targeted promotional and business intelligence actions. The processing will be carried out with data and/or information processing tools and, once the data are cross-checked, a commercial profile will be created of the data subject on the web. For the same purpose, such data and/or information will be associated with data and/or information subsequently provided by the data subject or already held by the Joint Controllers, including following the acceptance, if any, of the services offered by the latter.
7. METHODS OF PROCESSING DATA
Your data will be processed by the Joint Controllers using mainly information technology and telematics. Specific security measures have been implemented to prevent data loss, unlawful or improper use of and unauthorised access to data. The Joint Controllers have adopted all appropriate security measures required by law. Your data will be processed by the Joint Controllers as autonomous Controllers using mainly information technology and telematics in compliance with the technical and organisational rules aimed at preventing the unlawful, improper or unauthorised use of data.
8. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND DISCLOSURE OF DATA
To pursue the purposes for which the data are collected, the Joint Controllers as autonomous Controllers may communicate the data to the following categories of recipients or data processors:
• information technology service providers, including internet service providers and cloud service providers;
• persons who perform logistics, warehousing, promotional and delivery services for the Joint Controllers;
• entities that perform customer service activities;
• firms and other persons that provide assistance and consultancy services and services such as legal, fiscal, accounting, economic-financial, technical-organisational, data processing, communications;
• entities that provide banking, financial, insurance and debt recovery services;
• entities that perform fraud control activities with respect to payments;
• subsidiaries, parent companies, associated and affiliated companies;
• public authorities and supervisory and control bodies.
The updated list of data processors is available upon specific request made via the methods indicated in section 12. For the sole purposes specified above, your personal data may also be communicated to the Joint Controllers'/autonomous Controllers' authorised in-house personnel to process the data by reason of their respective duties. No data collected on the Site are disclosed.
9. TRANSFER OF DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANISATION
Your personal data may be transferred, for the purposes for which they are collected, to the United States of America (USA), a country not belonging to the European Union. The transfer of personal data to entities located in the USA will take place exclusively after the signing, by the Joint Controllers and the non-EU recipient, of the standard contractual clauses adopted or approved by the European Commission (Article 46(2)(c) and (d) of the GDPR). To obtain a copy of such data, contact the Joint Controllers using the methods indicated in section 12
10. SOCIAL BUTTONS AND WIDGETS
The Site also includes social buttons/widgets. These social network icons (such as Facebook, Twitter, YouTube, and Instagram) allow you to access the social network by clicking on the relevant icon. Through these tools, you can share content and recommend products from the Site on social networks. By clicking on the social buttons/widgets, the social network may collect data relating to your visit to the Site. As stated above, this privacy policy does not concern the processing of your data by the social network and, as such, you should consult the privacy policy provided by such social network for more information.
Aside from the data you voluntarily share with the selected social network by clicking on the social buttons/widgets, the Joint Controllers do not disclose or share any personal data with the social network.
11. MINORS
The Site and services are intended for the sale of products and services to persons of legal age. As such, the Joint Controllers do not intentionally collect the personal data of persons under the age of 18. By accessing the services of the Site, you declare that you are of legal age.
12. RIGHTS OF DATA SUBJECTS
With respect to the personal data you provide, you have the right, at any time:
• to obtain confirmation as to whether or not personal data concerning you are being processed, and, if so, to access the personal data and obtain a copy (Article 15 of the GDPR);
• to obtain the rectification of inaccurate personal data concerning you or to have incomplete personal data completed, taking into account the purposes of the processing (Article 16 of the GDPR);
• to obtain the erasure of personal data concerning you in the cases referred to in Article 17 of the GDPR;
• to obtain restriction of processing in the cases referred to in Article 18 of the GDPR;
• to object to the processing of personal data concerning you in the cases referred to in Article 21 of the GDPR;
• to data portability if the processing is based on your consent or on a contract and it is carried out with automated means (see Article 20 of the GDPR);
• if you have expressly authorised the processing of your personal data for one or more specific purposes (Article 6(1)(a) of the GDPR), to withdraw your consent without affecting the legality of the processing based on the authorisation given before such withdrawal.
To exercise these rights, please send a message to: [email protected] You may also exercise your rights by sending a letter to each Joint Controller at the address indicated in section 1, if the processing is carried out by them under a Joint Controller Agreement. Finally, you also have the right to lodge a complaint with the control body—the Personal Data Protection Authority—in accordance with the established procedures.