Privacy Policy

Last updated: July 2024

About Serapian

Stefano Serapian S.r.l. (“Serapian”, "we", "us" and "our") has its registered offices at via Benigno Crespi 26, 20159 Milano. This is considered to be the “data controller” for the purposes of certain data protection laws and regulations.

Our Privacy Commitments

Our Privacy Policy is centred around the following three privacy commitments:

Commitment 1: Transparency & Trust - Privacy is built into all of our products and services by design and by default. We respect the trust you place in us with your personal information. We will be fully transparent with you regarding the purposes for which we use your personal information and will only use it for those specified purposes when we have a right to do so. This will include, where necessary, obtaining your explicit consent. Any material changes to how we process your personal information will be notified to you.

Commitment 2: Protecting Your Personal information - We commit to implementing leading data protection, privacy and security standards so that you feel comfortable that your personal information is protected – if there is an incident impacting your personal information, we commit to notifying you and/or relevant regulators in accordance with data breach notification requirements. Your personal information will be handled with the same protection when it is shared with third parties or when it is transferred internationally. We will only retain your personal information for as long as is necessary or for as long as required by law.

Commitment 3: Respecting Your Rights - We will respect the choices you make in relation to your personal information. We will respect the legal rights you have in relation to accessing, erasing and updating the personal information that we hold about you. We will also respect the choices you make in relation to objecting to how we process your personal information and will provide channels for you to contact us with questions or complaints.

This Privacy Policy & Updates

Please take a moment to read the following policy as well as our Cookie Policy that explains how we collect, use, disclose and transfer the personal information collected about you at any touchpoint, including on our websites, mobile applications and other digital platforms (together referred to as the “Platforms”), when you visit our boutiques or events, contact us by e-mail, telephone or online chat, or when you interact with us over social media platforms or other marketing and advertising channels. Our Cookie Policy explains how we collect information through the use of cookies and related technologies when you use our Platforms.

Where we offer our products for sale online or by phone through our Client Relations Center, you must read the applicable Conditions of Sale, which will govern the terms and conditions of any such purchases made in this way. Other terms and conditions, such as Conditions of Service, may also apply in respect of any other services that we may provide to you.

From time to time we may update this Privacy Policy. When we do, we will publish the changes on this Platform.

Commitment 1: Transparency & Trust

Information that you provide to us or we collect about you

We collect the following personal information about you as detailed below:

General personal & user account information: To benefit from our products, services, events, boutique appointments and/or other client programmes, you may need to provide your contact details or create an account with us. You may provide personal information about yourself, including name and address, date of birth, e-mail address, telephone number, marital status, nationality and gender. Your account will store information about yourself, your purchasing history, unique account identification number, username, password, time zone, claims and repair history, as well as any conversation history.

Client 360 view data: In order to have a full understanding of our clients, we may also collect and store data about your behaviour, interests, preferences (such as products, topics, and channel and frequency of communication), wish lists, hobbies, client interactions and marketing campaign activities, opinions, customer reviews, demographic data, habits, celebration events, purchasing reviews and feedback as well as your general purchasing tendencies.

Transactional and payment information: When you purchase products and/or services, we collect additional information, such as your shipping address, proof of delivery, billing address and relevant payment information.

Identification information: We may collect identification information from you, such as passport data or national ID data, in circumstances where we need this to provide products and/or services to you.

Correspondence, call recordings, online or video chat: We collect personal information from you when you correspond with us (for example, if you contact us with a query about one of our products and/or services), when you provide your details when you visit our boutiques, contact us or our Client Relations Center by e-mail, telephone, contact form or otherwise participate in online or video chat. Please note that phone calls, online or video chat or other correspondence will on occasion be recorded for security, evidence, training, quality control, analysis and development purposes.

Social media platforms data: If you choose to interact with us via a social media platform or other third party service, we will collect the information you have provided to us through that platform, which may include behavioural data such as your browsing records and purchase history on that platform. In addition, you may grant us access to certain data from your social media profiles for social log-in purposes.

Cookie data: We also collect certain information automatically about visitors to our Platforms, described in our Cookie Policy. This may include data relating to advertising IDs, pixel tags or your unique online personal identifier.

Location data: We will collect information about your location to the extent that we provide any location services.

CCTV, video surveillance data & Wi-Fi data: In our retail boutiques, corporate premises or other areas, we collect data using CCTV or other video surveillance technology. If you register for our free Wi-Fi service at our stores, events or other premises, we may collect certain information about your device, including device or IP address, connection date and time and the location(s) at which you connected to our Wi-Fi service.

Photos & video recordings: Some of our technology products, including connected mirrors, augmented reality technologies or photo booths, collect photographs or video recordings from you. This data may also allow us to take measurements from you required for our products and/or services. We may also take photographs or make video or voice recordings of you at one of our events.

Surveys and market research: We carry out surveys and market research and we will collect your response data.

Information you provide about third parties: You may provide personal information about a third party (such as your partner or child), including name and address, date of birth, e-mail address, telephone number, marital status, wish list, hobbies and preferences.

Information we collect from third parties about you: We also may collect any of the above information about you from third parties, including our authorised dealers, social media platforms, advertising and marketing partners, analytics providers, and third parties that provide technical or strategic data services to us and we may collate such information with other information that we have. We may also collect personal information about you from publicly-available sources.

Sensitive or special categories of data: We may ask you to provide sensitive or special categories of data (for example, allergens or accessibility requirements for events), in which case we will provide you with enhanced privacy information and ask for your explicit consent at the time of our request. Otherwise, if you provide such data to us without us asking you for it, we will take the fact you have provided such data as your explicit consent for us to process it.

Purposes of processing and our legal justification for processing

We may process your personal information for the purposes listed below on the basis of the following justifications:

Consent: this is the legal basis when you have given clear consent for us to process your personal information (for example, where you consent to receiving marketing information).

Performance of a contract: the processing is necessary for a contract we are entering into with you (including compliance with our Terms of Use), or because we have asked you to take specific steps before entering into a contract (for example, processing your contact information relating to the purchase and delivery of a product).

Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party (for example, for the running of our business, protecting against fraud, or Platform security), unless there is a good reason to protect your personal information which overrides those legitimate interests.

Legal obligation: the processing is necessary for us to comply with the law (for example, a court order).

Other grounds: the processing may on occasion be necessary for other legal reasons such as to prevent and detect crime, to protect life or the processing is otherwise in the public interest.

The purposes of processing and justifications are as follows:

Service-related processing: We process your personal information for service-related purposes, including product reservations and sales, service communications, programme updates, announcements and administrative messages, such as acknowledgment and confirmation of, or changes to, orders and shipment, confirmation of, or changes to, event or appointment bookings, repair notifications as well as to notify you about changes to our terms or privacy policy. In addition, we may send you service-related messages when you abandon your shopping cart or browsing session unexpectedly – our primary justification is for the performance of a contract but we may also rely on legitimate interests (for example, to ensure you are content with your purchase and that we are providing our products and services to you in a secure, effective and efficient manner), legal obligation or consent.

Marketing-related communications and digital advertising: We process your personal information for marketing-related purposes, including sending you marketing communications (including by telephone,
e-mail, post and electronic or text messages, including WhatsApp or other one-to-one communications, and delivering personalised messages or advertising on social media or other digital platforms) relating to us and other third party partners that we think may be of interest to you. We may also share your personal information (such as your e-mail address, usually in an encrypted or ‘hashed’ form, or specific cookie data) with social media and other platforms or other service providers for the purposes of custom audience or lookalike matching, or intra-group client/prospect matching for marketing purposes – our primary justification for marketing-related communications and digital advertising processing is either consent or legitimate interests (for example, to recommend certain products to you). Where we rely on consent,
you may withdraw your consent at any time by e-mailing the address below in the section headed “Contact us” or clicking on the ‘unsubscribe’ link in any marketing e-mails or text messages. Where we request your consent at multiple touchpoints (for example, in-store or on the Platforms) and at different times, any consent collected will remain valid unless you expressly opt-out.

Accounts & records: We process your personal information for the purposes of managing our accounts and records – our primary justification is for the performance of a contract but we may also rely on consent, legitimate interests (for example, to prevent fraud) or legal obligation.

Logistics, transactional and payment processing: We process your personal information for the purposes of managing and fulfilling purchase, gift and repair orders or returns, communications preferences during repairs, facilitating delivery, and providing after-sales services – our primary justification is for the performance of a contract but we may also rely on legitimate interests (for example, to ensure we are collecting payments effectively), legal obligation or consent.

Enquiries: We process your personal information for the purposes of dealing with your enquiries and requests, and offering client services to you – our primary justification is for the performance of a contract but we may also rely on legitimate interests (for example, to respond to your queries in an effective manner) or consent.

Events, appointments and communities: We process your personal information for the purposes of organising and running events, boutique appointments and membership communities, including registering you as a member, attendee or speaker, or reporting or logging a health and safety incident that you may have suffered or assisted with. We may also take photographs or make video or voice recordings of you at one of our events for promotional purposes – our primary justification is for the performance of a contract but we may also rely on consent, legitimate interests (for example, to respond to your queries or to manage and administer events) or legal obligation.

Competitions, prize draws and other promotions: We process your personal information for the purposes of running competitions, prize draws, and other promotions, and we need to collect information from you to administer such promotions – our primary justification is for the performance of a contract but we may also rely on legitimate interests (for example, to track client engagement), legal obligation or consent.

Regulatory compliance, credit checking and prevention of prohibited activities: We process your personal information for the purposes of undertaking anti-money laundering or international sanctions compliance, credit checking, prevention of fraud and other prohibited or illegal activities as part of our efforts to keep our Platforms and services secure or as otherwise required to respond to a legitimate request from a third party (for example, a regulatory or police authority or financial institution) – our primary justification is legitimate interests (for example, to prevent fraud or other crime) but we may also rely on legal obligation or consent. We reserve our rights not to provide products and/or services to you where we have a legitimate reason not to do so in accordance with applicable law.

Automated technologies & profiling: We process your personal information as part of our use of innovative technologies, including profiling technologies, artificial intelligence, machine learning and advanced algorithms, to help us identify and predict any products, diagnostics, services or other information that may be of interest to you based on the information that you provide to us or we collect from third parties (as detailed in the section ”Information we collect from third parties about you”). This may lead to automated decisions about you being taken using technology without human involvement. It may include decisions regarding our products, services, event invitations, personal benefits and other information. The purpose is to improve your experience of our products and/or services by way of offering you tailored products and/or services, and being able to respond effectively and swiftly to your feedback. This may involve, for example, techniques used to predict your behaviour and may include data clustering, data mining, data fusion or other data intelligence methods used to extract value and meaning from your personal information. This may be completely automated (such as to escalate complaints) or involve human intervention where the final decision is taken by an individual. When we use your personal information for any automated decisions and/or profiling, we will take steps to be transparent and fair and to make decisions free from bias. We will implement reasonable safeguards designed to protect any of your personal information. In certain circumstances, we will provide you with an opportunity to opt-out of automated decisions and/or profiling – our primary justification is legitimate interests (for example, to improve our Client Relations Center training) and consent.

Market research, analysis of feedback and client engagement: We process your personal information for the purposes of conducting market research (including surveys) and analysis and improve consumer engagement as a result of client feedback, comments, preferences and general use of our Platforms, products and/or services so that we can continuously improve our offerings and the products and/or services we provide to our clients – our primary justification is legitimate interests (for example, to improve our Platforms) but we may also rely on consent.

Location services: We process your personal information for the purposes of providing you with location-based services when we are able to use information about your location. For these services, which are typically available on mobile devices or applications, you are provided with the opportunity to provide your consent to the use of location services, which, for example, process information deriving from GPS, sensors, beacons or Wi-Fi access points in order to allow you to benefit from a more personalised service. Your device will have settings that allow you to turn off these services should you no longer wish to benefit from them – our primary justification is consent.

CCTV, video surveillance & WiFi processing: We process your personal information using CCTV and video surveillance data for the prevention and detection of crime, assisting law enforcement agencies in the apprehension, investigation and prosecution of offenders, ensuring the safety of our staff, visitors and property and, occasionally, to monitor in-store activity or WiFi browsing – our primary justification is legitimate interests (for example, to secure our premises) and legal obligation but we may also rely on consent.

New retail technologies: We may process your personal information for the purposes of our use of new retail technologies to provide you with enhanced in-store and online experiences, including virtual try-ons, augmented reality and product configurators. For example, we may use images or videos of your hand to generate and send you a photograph or a video clip showing product(s) on your hand – our primary justification is both legitimate interests (for example, to monitor client engagement with new technologies) and consent.

Platform support, maintenance and security: We process your personal information in connection with administering and protecting our business and the Platforms (including troubleshooting, dealing with error messages, data analysis, testing, system maintenance, support, reporting and hosting of data) – our primary justification is legitimate interests (for example, to ensure our Platforms run effectively and securely) but we may also rely on legal obligation or consent.

Receipt of products and services from suppliers: We process your personal information for the purposes of benefiting from any products or services provided by you or your organisation, where you are, or your organisation is, a supplier – our primary justification is performance of a contract but we may also rely on legitimate interests (for example, to receive services) or consent.

Business administration and legal compliance: We process your personal information for the purposes of the administration of our business or to comply with our legal obligations – our primary justification is legal obligation but we may also rely on legitimate interests (for example, to maintain our records) or consent.

Enable a corporate transaction such as a merger or acquisition: We process your personal information for the purposes of any merger or acquisition activity and we will disclose your personal information to any third party that purchases, or to which we transfer, all or substantially all of our assets and business – our primary justification is legitimate interests (for example, to facilitate discussions with third party stakeholders) but we may also rely on legal obligation or consent.

Cookie and other automated technologies: We process your personal information in accordance with our Cookie Policy – our primary justification is consent, performance of a contract and legitimate interests (for example, where cookies are strictly necessary).

Material changes

Where we materially change the way in which we process your personal information, or if we plan to use your personal information for a new purpose not set out in the section above, we will take the appropriate measures required under applicable law, such as to notify you by e-mail or other suitable means.

Our Cookie Policy

This website uses cookies according to our Cookie Policy. This Cookie Policy is available to users on each page of the website linked to this Privacy Policy and on each information banner regarding cookies.

Commitment 2: Protecting Your Personal Information

Protecting your personal information

We want you to feel confident about sharing your personal information with us, and we are committed to protecting the personal information we collect by implementing leading data protection, privacy and security standards. We limit access to personal information about you to employees who reasonably need access to it, to provide products or services to you or in order to do their jobs. We have appropriate technical and organisational physical, electronic, and procedural safeguards to protect the personal information that you provide to us against unauthorised or unlawful processing and against accidental loss, damage or destruction. However, where we ask you to choose a password in order to access certain parts of our Platforms, you are responsible for selecting a secure password and keeping that password confidential. You should choose a password which you do not use on any other site, and you should not share it with anyone else.

Sharing your personal information

We only share personal information with others when we are permitted by law to do so. When we share personal information with others, we put contractual arrangements and security mechanisms in place to protect the personal information shared and to comply with our data protection, confidentiality and security standards and obligations. We share your personal information with third parties in the following circumstances:

Our affiliated group companies: We may share your personal information with our affiliated group companies for the purposes specified above, where we are permitted by law to do so (including where we have a lawful basis to do so).

Service providers (including data processors): We will disclose your personal information to our appointed third party service providers (which may process your personal information as data processors on our behalf), including for the purposes of providing online and other payment services, handling credit checks and fraud prevention, product shipment, cloud storage and any other services required in order for us to use your personal information for the purposes specified in this Privacy Policy. In certain circumstances, certain fraud-prevention service providers consider themselves to be independent data controllers.

Regulatory, authority and other third party disclosures: We will disclose your personal information to any law enforcement agency, court, police, regulator, government authority or any other third party, including a relevant financial institution, where we believe this is necessary to comply with a legal or regulatory obligation, to protect our rights or the rights of any third party, or where it is otherwise in the public interest or our legitimate interests or those of a third party (for example to respond to a request from a third party to disclose personal information to investigate an alleged crime, to check that we are complying with applicable law and regulations, or to establish, exercise or defend legal rights). In addition, we may share your data with insurance providers and/or lost or stolen organisations to facilitate the recovery of any lost or stolen items.

Mergers & acquisitions: We will disclose your personal information to any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this Privacy Policy.

Social media platforms and other third party digital vendors: We may share your personal information with social media platforms as explained above or in the Cookie Policy.

Transferring your personal information globally

If the country we transfer your personal information to does not provide an adequate level of data protection, we have implemented standard contractual clauses to ensure adequate safeguards are in place to protect your personal information where it is transferred to our affiliated companies, boutiques or third party service providers in territories outside the European Economic Area, the United Kingdom and Switzerland. While other territories may not have the same standards of data protection as those within your home country, we will continue to protect the personal information we transfer in accordance with this Privacy Policy.

Privacy risk assessments

We may periodically conduct risk assessments related to the processing of your personal information, especially when introducing new technologies or functionalities. In certain circumstances, these new technologies or functionalities may require us to provide enhanced privacy notices and/or consent forms to ensure that we continue to meet our privacy commitments towards you.

Retaining your personal information

We keep your personal information only for as long as is necessary for our purposes of processing, and in particular to protect ourselves in the event of a legal claim (for example, information relating to a contract with you will be kept for the lifetime of the contract and up to ten years after) as well as necessary to comply with statutory retention obligations. After this period it will be deleted or in some cases anonymised. Where we have your consent to process your personal information and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent we will delete your personal information.

If you request that we no longer send you direct marketing communications or you exercise your right to be forgotten, we will keep a record of your request and contact details to ensure that your request is respected.

Commitment 3: Respecting your rights

We commit to respecting your rights. If you wish to exercise any of the rights set out below, which are available to you under applicable law, please write to us at the address listed below.

Right of access

You have the right to ask for access to any personal information that is being processed by us.

Right to erasure / restriction of processing

In some circumstances, you have the right to request the erasure of your personal information or to restrict how we use it.

Right to update or correct

You have the right to ask us to correct any inaccurate personal information and to update any out-of-date personal information.

Right to object

You have in certain circumstances the right to object, on grounds relating to your particular situation, at any time to the processing of personal information concerning you which is carried out on the basis of legitimate interests or in the public interest.

Furthermore, you have the right to object where your personal information is processed for direct marketing purposes.

Right to data portability

In some circumstances, you have the right to request from us the personal information concerning you that you have provided to us in a structured, commonly used, machine-readable format.

Right to withdraw consent

If you have given us consent to process your personal information, you can withdraw this consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out on the basis of this consent until the withdrawal.

Right to complain

If you have a concern about how we use your personal information, as a first step please contact us using the details set out below and we will do our best to resolve your concern. After investigating your concern, we will respond to you in writing within a reasonable time setting out our proposed remedial action.

If you think we have processed your personal information in a manner that is unlawful or breaches your rights, you also have the right to complain to a relevant data protection authority, for example in your place of residence, or the jurisdiction in which the processing took place.

Right to object to advertising using e-mail

In the event that we have obtained your e-mail address in connection with the sale of a product and/or service and use your e-mail address for direct advertising of our own similar products and/or services, you may object to such use of your e-mail address at any time with effect for the future by e-mailing the address below in the section headed “Contact us” or clicking the ‘unsubscribe’ link in any of our marketing e-mails.

However, please note that we may continue to send you service-related (i.e. non-marketing) communications, such as e-mail updates on your order status.

Children

The Platforms are not directed at anyone who we know to be a child in the relevant country of data collection (for example, in the US this is under 13 and in certain European countries this is under 16), nor do we collect any personal information from anyone who we know to be a child unless we have parental or guardian consent. Children should not use the Platforms and should not submit any personal information to us without parental or guardian consent.

Contact us

If you have any questions, comments or complaints about this Privacy Policy or Cookie Policy, or privacy matters generally, please contact us at the address provided below. You can also use this address if you wish to request access to the personal information about you that we process or to unsubscribe from any further e-mail marketing communications.

Stefano Serapian S.r.l.,

Via Benigno Crespi 26

20159 Milano, Italy

eshop@serapian.com