The Ermenegildo Zegna Group is aware that the personal data of its customers are important and it therefore intends to inform and provide them with as much control as possible on how their personal data collected and processed during the purchases made on this website are handled (the “Website”).
1) Joint Data Controllers and Data Processors
With reference to the data connected to the online sales carried out through the Website and to any activity related to such sales
- Ermenegildo Zegna HOLDITALIA S.p.A., Via Roma 99/100, 13835 TRIVERO (BI), ITALY (hereinafter referred to as, "Zegna").
- Ermenegildo Zegna (Hong Kong) Limited, Via Units 3701P, 02 & 03P, 1 Kowloon, 1 Wang Yuen Street, Kowloon, Hong Kong (hereinafter, the "Subsidiary")
together, hereinafter referred to as, the “Joint Data Controllers”, have designated the Privacy Manager as data processor, the “Data Processor”.
The Joint Data Controller have also engaged, for reasons of an exclusively organizational and functional nature, a number of companies that will act as external data processors for purposes that are strictly related and connected to the sales of the products as well as to any activity that is incidental or conducive to such sales (like, without limitation, delivery). The external data processors were selected by taking into account their proven expertise, competence, reliability, and ability to give adequate guarantees on the fact that they will act in strict compliance with the legislation currently in force and applicable to personal data, including data security. The Data Processors shall process the data of the Website’s users in accordance with the instructions received from the Joint Data Controllers. On a regular basis, the Joint Data Controllers will verify that the Data Processors have punctually performed the assigned tasks, and are still in a position to guarantee their full compliance with any data protection law. A complete list of the data processors can be obtained by contacting the Joint Data Controllers at the following email address: email@example.com.
2) Data collected by the Joint Data Controllers and purposes of the processing
Joint Data Controllers will collect personal data directly from the users during their registration or when they place their orders for the products, complete their e-transactions, exchange correspondence in relation to activities that are incidental or conducive to the sales, as well as when receive pre-sale and post-sale support. The data related to the identification document (such as ID Cards) will also be checked and retained in copy when there’s the necessity in case of product collection within the boutique. Further specific purposes will be illustrated in greater details in specific privacy policies posted from time to time on the Website.
Without your express consent, your data will not be used for any purpose other than for the purposes stated above.
3) How data will be processed
However, since the data will be transmitted via electronic networks, the above measures cannot limit or completely exclude the risk of unauthorized access or dissemination of the data. To this end, we recommend you check regularly that your PC is endowed with software capable of providing adequate protection (like updated antivirus systems) for the online transmission, inbound and outbound, of the data, and that your Internet Service Provider has adopted adequate security measures for a secure transmission online of your data (like, for instance, firewall and anti-spamming).
4) Obligatory or voluntary nature of providing the requested data
The provision of the data, especially personal details, email address, postal address, telephone number, and also bank details in case of credit card payments, is compulsory for executing, through the Website, the product purchase agreement.
Some of said data, however, may be necessary for providing to the user other services made available on the Website in connection with the sales, or for discharging the obligations deriving from the law or regulatory provisions.
Any failure to provide some of the data required for such purposes might result in us being unable to perform the agreement for the products purchased through the Website, or to provide the user with other services related to their purchase - such as, for instance, support services (Customer Care), use of the Wish List - or, also, to correctly perform the obligations provided for by the law and regulatory provisions. Any failure by the data subject to provide us with the data may therefore constitute, as the case may be, a lawful and justified reason for not performing the agreement of the products purchased on the Website and not providing the related services.
The provisions of data other than the data the provision of which is mandatory, for the purposes of complying with legal or contractual obligations or for providing, upon request, specific services, is instead voluntary and it does neither affect the purchase of the products nor any of the connected/related services.
The mandatory or voluntary nature of the data to be provided will be, if necessary, and as the case may be, indicated by means of a special character (*) placed next to the relevant information or to the data the provision of which is necessary for the purpose of providing the services and for purchasing the products on the Website. Any failure to furnish the data the provision of which is voluntary, does not entail obligations or disadvantages of whatever type.
5) Scope of dissemination of the data
Your data may be disclosed to third parties in or outside Italy and Hong Kong, which, acting in their capacity as Data Processors, carry out on behalf of the Joint Data Controllers specific services (including, without limitation, logistics services and IT services), companies of the same group, and other recipients of the data collected by the Joint Data Controllers – the names of which will be specified from time to time - which will autonomously process the data for the sole purpose of performing the agreement of the products purchased on the Website (including, without limitation, the financial institutions in charge of providing remote card payment services through credit/debit cards) and only if such purpose is not in conflict with the purposes for which the data were collected and subsequently processed and, in any case, in a manner that is consistent with the law.
None of the data will be communicated, transferred or otherwise disclosed to third parties other than the parties mentioned above, unless the relevant data subject has been previously informed of and has consent (if his/her consent is required by the law) to any such communication, transfer or disclosure. The data will not be disseminated, and will be transferred abroad only and if adequate levels of protection and sufficient safeguards, as provided for by the law, have been guaranteed.
6) Data subjects’rights
The data subject shall also have the right to obtain at any time from the Joint Data Controllers:
a. the access, updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
The data subject shall have in any case the right to object, in whole or in part, on reasonable grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection.
In the case where any of the above data access requests made by the data subject is refused, Zegna shall provide to the data subject the reason(s) for refusing such requests. The data subject shall also have the right to object to Zegna’s refusal for any of the above data access requests.
The above rights may be exercised at any time provided that such exercise is compliant with the law, by sending the relevant request to the Joint Data Controllers, to the Privacy Manager at the following address: firstname.lastname@example.org.