PRIVACY POLICY FOR SITE MANAGEMENT AND MARKETING ACTIVITIES
The Ermenegildo Zegna Group is aware of the importance of the personal data of its clients and therefore intends to inform and provide them with the greatest possible control over the management of personal information collected through this website (the “Website”).
1) Controller of data collected and processed on the Website and Data Protection Officer
The Data Controller for data collected on the Website is:
- EZ Service S.r.l. with registered office at Viale Roma, 99/100 13835 Valdilana (Biella) Italy – registration number at the Companies Register of Monte Rosa Laghi Alto Piemonte and REA (Economic & Administrative Index) No. 303868, - VAT No. 02741720029, certified electronic mail: ez.service@legalmail.it (hereinafter, "Zegna").
Zegna has appointed a Data Protection Officer, who can be contacted by writing to: privacy@zegna.com (click here).
2) Category of data processed and purposes of processing carried out on the Website
Various types of personal data are collected and processed, for various purposes and by various methods. In particular:
(a) Cookies and browsing trackers : personal data related to browsing, processed to enable the Website to function properly and for marketing and analysis purposes. Please read the specific Cookie Policy for further details;
(b) Registration and Services: personal data provided voluntarily by the user (for example email address, personal details, password provided by filling in the Zegna personal account registration form) or otherwise lawfully obtained in order to respond to user requests (made by telephone, chat, email or online request form) and to offer requested services, assistance or information on Zegna products and the company’s world, or provided directly by a user in order to submit an application and curriculum vitae to Zegna.
(c) Social Media Login: Note that registration and access via a social media profile entails the disclosure of certain data by the relevant social media network (name, surname, email and any other user data that is present on the relevant social media network) and requires specific authorisation to proceed before logging in. In some cases, social media networks require some feedback and information on the purpose of the login. For further information, see the social media network’s relevant privacy documentation.
Facebook (https://www.facebook.com/about/privacy/update?ref=old_policy)
Google + (https://policies.google.com/privacy)
(d) Marketing: with the user's express consent, Zegna may process the user's personal data for marketing purposes, i.e. to send the user (via newsletters, emails, sms, mms and smart messages, including WhatsApp, and ads displayed on Meta and Google social platforms thanks to "customer match/custom audience" processes) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by Zegna, including in collaboration with its business partners, as well as to perform specific market research. These commercial messages also include communications regarding the finalisation of incomplete purchases (reminders about products recently viewed on the Website and on "abandoned shopping carts"), as well as activities and messages designed to assess customer satisfaction and the quality of the service offered by Zegna.
(e) Study of habits and preferences: with the user's express consent, Zegna may process the user's personal data for the purpose of studying the user's habits and consumption choices, in order to send communications and offer products, services and events that better meet the interests and needs of its customers, as well as to measure the effectiveness of marketing campaigns carried out by Zegna online and on social platforms, as described in greater detail below and within the "Cookie Policy". To this end, data on the customer's purchases, habits, hobbies and preferences may be processed, including data on the use of social media and browsing data.
(f) Communication to third parties: With the user's express consent, Zegna may transfer the user's personal data to other companies of the Zegna Group that operate in the luxury and clothing sector, to its business partners operating in the luxury, concierge, travel and automotive sectors, and to social media companies (Google Inc. and Meta Inc.) in order for them to process the data for their own commercial and marketing purposes using traditional as well as telematic means.
3) Source of personal data and legal basis for processing
Personal data collected and processed by Zegna are provided directly by the user, with the exception of the browsing data indicated in point 2(a) above and data collected in the case of registration and access through a social media profile, as specified in point 2 (c) above.
With the exception of browsing data, which is governed by the Cookie Policy, personal data is processed:
- for the purposes of Registration and Services (point 2 b), in the legitimate interest of Zegna in providing information and services and responding to user requests (and in contractual obligations arising in the case of specific services, such as "By appointment" or "Tailor-made" services). The legal basis for the processing of application data lies in Zegna's legitimate interest in evaluating the application for a personnel selection process.
- for the purposes of Social Media Login (point 2 c), Marketing (point 2 d), Study of preferences (point 2 e) and for the purposes of Communication to third parties (point 2 f), with the specific consent of the user.
4) Study of customers' consumption habits and decisions
As indicated in point 2 (e) above, and with the user's express consent, Zegna may process the user's personal data for the purpose of studying the user's consumption habits and decisions in order to make its products, commercial messages and initiatives more responsive to the tastes and needs of its customers and to assess the results of its advertising and marketing campaigns on the basis of purchases made as a result of such campaigns.
The data will be processed using automated tools, through which Zegna will process data on the value and frequency of purchases (including when made during sales periods) and the type of products purchased (accessories, clothes, etc.) over a specific period of time. Zegna may collect further data on the user's preferences, hobbies or lifestyle directly from the user. This information may also be acquired through certain social media platforms or through the use of cookies and other trackers on the Website. This will take place only if the user has previously agreed to the disclosure of some of their data by the social media platform when registering and logging on to the platform, and if they have consented to the use of cookies for marketing and analysis purposes.
Zegna may also use automated tools such as cookies/tags/pixels in order to verify browsing on its Website and suggest products and services based on the user’s browsing, and also to enable it to analyse and measure the performance of advertising campaigns conducted online and on social media networks, and to improve, optimise and personalise advertisements on this channel. To this end, besides browsing data, identification data such as email, account data and purchase data may be shared with Google and Meta in encrypted (hashing) mode. For further information on the processing of this data by the said social media platforms, see: https://www.facebook.com/privacy/policy, https://business.safety.google/privacy/. This specific processing will in any case only take place if the user has previously provided the necessary consents, including consent to the use of cookies and other tracking tools on the Website, including through third-party cookies/tags/pixels. The sole purpose of such study is to offer products, services and initiatives to customers and users that are more suited to their tastes and requirements, and to assess the results of marketing campaigns undertaken by Zegna. Users may at any time make a request to analyse their profile and to update or modify it.
5) Methods of processing personal data and retention period
Personal data collected through the Website are processed using mainly computerised and electronic methods and tools, adopting security measures in order to minimise the risks of destruction or loss, including accidental loss, of the data, unauthorised access, processing without consent or that is not consistent with the purposes of collection as indicated in this Privacy Policy.
However, due to the nature of online transmission, such measures cannot totally restrict or rule out any risk of unauthorised access or data loss. To this end, it is advisable to periodically check that the computer used is equipped with software capable of protecting incoming and outgoing data transmission over the network (such as updated antivirus systems) and that the Internet service provider has adopted appropriate measures to ensure the security of data transmission over the network (such as firewalls and anti-spam filters).
Personal data provided by the user during browsing and inherent to the browsing itself will be stored for a period not exceeding 1 (one) year. Data collected via online trackers and master data, if sent, are stored in non-aggregated form, but protected by hash encryption, for a maximum of 48 hours on Meta and 20 days on Google. Data processed to provide feedback to the data subject or to provide a service will be stored for the time necessary to provide the user with the feedback or service requested and for any further time necessary for Zegna to fulfil the need or request it received. Data collected following the submission of an application will be stored for a period not exceeding [insert the maximum retention period]. Data collected for profiling and marketing purposes will be retained for a period of 5 years after the relevant consent is given, in line with the reference sector and in consideration of the interest shown by the customer in receiving updates on products and events organised by Zegna. For further information, please contact the Data Protection Officer.
6) Mandatory or optional nature of data provision
With the exception of browsing data, the provision and collection of which is governed by the Cookie Policy, the conferring of personal data that is collected through the Website, whether for the purpose of responding to users' requests and queries or for marketing purposes and the study of consumption habits and preferences, is free, voluntary and optional. Failure to provide the data does not limit the use of the Website. However, it may make it impossible for Zegna to respond to requests for information and queries, or to send informative material, updates, newsletters and invitations to events organised by the Zegna Group and/or its business partners.
7) Scope of communication of personal data
Zegna communicates the personal data of users of the Website only within the limits permitted by law and in accordance with the terms set out below.
In addition to what is indicated in point 2 (f) above (i.e. the disclosure of personal data to third parties belonging to the Zegna Group or to business partners following express consent) and in point 2 (c) above (i.e. the use of a Social Media Login), personal data will be processed and made known only to (i) employees and consultants of Zegna, in their capacity as persons authorised to process the data and instructed by the Controller to do so (ii) companies of the same Group, in their capacity as data processors, and (iii) companies that provide to Zegna specific technical and organisational services related to the Website and the management of marketing and communication activities (advertising agencies, technology suppliers), in their capacity as data processors, and social media platforms in order to assess the results of advertising campaigns and for the display of advertising on social media platforms (Meta and Google).
Furthermore, the data may be disclosed to the police or to judicial authorities, in accordance with law and upon formal request, or in the event that there are reasonable grounds to believe that the disclosure of such data is reasonably necessary to (1) investigate, prevent or take initiatives in relation to suspected illegal activities or assist state surveillance and monitoring authorities; (2) defend against any claim or accusation by third parties, or protect the security of the company and its website, or (3) exercise or protect the rights, property or security of Zegna, companies of the same group, its affiliates, customers, employees or any other person.
Personal data shall not be disclosed and may be transferred abroad, including to non-EU countries and to multi-territory companies, only after guaranteeing adequate levels of protection and safeguards in accordance with legal provisions, such as the Standard Contractual Clauses approved by the European Commission. Zegna also conducts the necessary risk analyses in relation to transfers outside the EU. For further information on data localisation, contact the Data Protection Officer.
8) User's rights under the Privacy Law
Users are always entitled to obtain from Zegna access to their personal data, confirmation of the existence or otherwise of such data, even if not yet registered, and communication of the data in intelligible form. Users also have the right to obtain information on the origin of the personal data; the purpose and method of processing; the logic applied in the case of processing carried out by electronic means; the identification details of the data controller and data processors; the names of persons or categories of persons to whom the personal data may be communicated or who may become aware of the data such as, for example, data processors or persons in charge of processing.
Users also have the right to request the updating, rectification or, should there be an interest, completion of personal data, the restriction of processing of data concerning them, the deletion, transformation into anonymous form or blocking of personal data processed in breach of the law, including data the retention of which is not necessary in relation to the purposes for which the data was collected or subsequently processed; certification to the effect that the operations described above have been brought to the attention, including with regard to their content, of those to whom the data has been communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. The user also has the right to data portability and to revoke previously given consent.
In all cases, users have the right to object in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection, to the processing of personal data concerning them for the purpose of sending advertising or direct marketing material, or for the conduct of market research or commercial communication. The right to object may also be exercised specifically with regard to one or more methods of sending marketing communications.
The rights listed above may be exercised by contacting Zegna, for the attention of the Data Protection Officer, at privacy@zegna.com.
Note that it is always possible to make a complaint to the Supervisory Authority (the Italian Data Protection Authority: www.garanteprivacy.it).
_____________________________________________________________
PRIVACY POLICY FOR SALES THROUGH THE WEBSITE
The Ermenegildo Zegna Group is aware of the importance of the personal data of its clients and therefore intends to inform and provide them with the greatest possible control over the management of personal information collected and processed when purchases are made through this website (the “Website”).
1) Contact details of the Joint Data Controllers and Data Protection Officers
With reference to data concerning sales made through the Website and related activities, the following companies:
- EZ Service S.r.l. with registered office at Viale Roma, 99/100 13835 Valdilana (Biella) Italy – registration number at the Companies Register of Monte Rosa Laghi Alto Piemonte and REA (Economic & Administrative Index) No. 303868, - VAT No. 02741720029, certified electronic mail: ez.service@legalmail.it (hereinafter, "Zegna"), and
- EZI S.p.A, Via Trieste 13, Biella, Italy (hereinafter, "EZI"), are hereinafter jointly referred to as the "Joint Data Controllers".
To contact the Zegna and EZI Data Protection Officer, write to the following email address privacy@zegna.com.
2) Type of data collected and purposes of the processing carried out by the Joint Data Controllers
The Joint Controllers collect personal data directly from users as part of the registration processes, the sending of product purchase order forms, the conclusion of electronic commerce transactions, interactions with users that are functional and instrumental to a sale, and for any necessary pre and post-sale assistance. Further specific purposes may be described in greater detail by means of policy statements posted from time to time on the Website.
The Joint Controllers may also process personal data (e.g. identification data, payment data, location data, purchase data) for the prevention and countering of fraud, illegal conduct and/or conduct contrary to current legislation, applicable contractual provisions and the principles of fairness and good faith, and also in order to defend a right in court. Such measures may also be implemented by third parties, such as companies specialised in the identification of online fraud contracted to this end by Zegna (the companies Riskified Inc./Ltd. and Adyen N.V., whose respective policy statements can be found at the following links [https://www.riskified.com/terms/#privacy; https://www.adyen.com/privacy-policy]), public authorities, investigative bodies, police officers, judicial authorities and legal advisors. Note that in some cases, in order to identify and combat fraud, the said entities will act as autonomous controllers on the basis of their legitimate interest and the role they play, including of a public law nature.
3) Source of personal data and legal basis for processing
The personal data collected and processed by the Joint Controllers are provided directly by the user (through registration on the Website or as part of the sales process). The legal basis for processing for the purposes set out in point (2) above lies in the fulfilment of the contract and the obligation to fulfil pre and post-contractual obligations.
4) Method of processing personal data and data retention period
Personal data collected through the Website in connection with activities related and instrumental to the sale of products and all aspects related thereto are processed using mainly computerised and electronic methods and tools, adopting security measures in order to minimise the risks of destruction or loss, including accidental loss, of the data, unauthorised access, processing without consent or that is not consistent with the purposes of collection as indicated in this Privacy Policy.
However, due to the nature of online transmission, such measures cannot totally restrict or rule out any risk of unauthorised access or data loss. To this end, it is advisable to periodically check that the computer is equipped with suitable software tools to protect data transmission over the network, both incoming and outgoing (such as updated antivirus systems) and that the Internet service provider has adopted appropriate measures to ensure the security of data transmission over the network (such as firewalls and anti-spam filters).
Personal data provided for sales purposes and any related services are retained for a period not exceeding 10 years, in accordance with tax and civil legislation.
5) Mandatory or optional nature of data provision
The provision of personal data, in particular personal details, email address, postal address and telephone number, as well as bank details in case of payment by credit card, is necessary for the conclusion of the contract for the purchase of products through the Website.
Some of this data may, on the other hand, be essential for the provision of other services provided through the Website that are related to the sale, or the fulfilment of obligations arising from laws or regulations.
Any refusal to provide certain data necessary for these purposes could make it impossible to execute the contract for the purchase of products through the Website or to provide other related services, such as, for example, support services (Customer Service), the use of the Wish List - or to properly comply with legal and regulatory obligations. Failure to provide data may therefore constitute, depending on the case, a legitimate and justified reason for not executing the contract for the purchase of products on the Website and the provision of related services.
The provision of additional data, other than that which is mandatory, for the purpose of fulfilling one's legal or contractual obligations or for the provision of certain services upon request is, on the other hand, optional and does not entail any consequences for the purchase of products or services closely related thereto.
In specific cases and where necessary, the mandatory or optional nature of the communication of data will be indicated by adding a special character (*) to information of a compulsory nature or data necessary for the provision of services and the purchase of products through the Website. Failure to provide optional personal data will not result in any obligation or disadvantage.
6) Scope of communication of personal data
Personal data may be made available to third companies that perform, on behalf of the Joint Controllers, specific services in their capacity as Data Processors (such as, for example, logistics services, anti-fraud services and IT services), to companies belonging to the same group and communicated to other recipients of data collected by the Joint Controllers - whose names will be specified from time to time - that process the data autonomously only for the purpose of executing the contract for the purchase of products on the Website (such as, for example, the credit institution, for the execution of remote electronic payment services by credit/debit card, companies that perform anti-fraud services, and the relevant Authorities) and only when this purpose is not incompatible with the purposes for which the data were collected and subsequently processed, and in all cases in accordance with the law.
The data will not be communicated, ceded or otherwise transferred to other third parties without the users being informed in advance and, with their consent, when required by law. The data will not be disclosed in any way and will only be transferred abroad, including to non-EU countries (including countries such as Israel, the United States and Nepal for the performance of specific anti-fraud activities) if adequate levels of protection and safeguards are ensured in accordance with law.
7) Rights recognised under user privacy legislation.
Users are always entitled to obtain from the Joint Data Controllers access to personal data concerning them, even if not yet registered, and to communication of the data in an intelligible form. Users also have the right to obtain from the Joint Data Controllers information on the origin of their personal data; the purpose and method of processing; the logic applied in the case of processing carried out by electronic means; the identification details of the Joint Data Controllers and data processors; the names of persons or categories of persons to whom the personal data may be communicated or who may become aware of the data such as, for example, data processors or persons in charge of processing.
Users also have the right to request the updating, rectification or, should there be an interest, completion of their personal data, the restriction of processing of personal data concerning them, the deletion, transformation into anonymous form or blocking of personal data processed in breach of the law, including data the retention of which is not necessary in relation to the purposes for which the data was collected or subsequently processed; certification to the effect that the operations described in letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the data has been communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. The user also has the right to data portability, to make a complaint to the supervisory authority, and to revoke previously given consent.
In all cases, users have the right to object in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection, for the purpose of sending advertising or direct marketing material, or for the conduct of market or commercial research. The right to object may also be exercised specifically with regard to one or more methods of sending marketing communications.
The rights listed above may be exercised at any time, within the limits of the law, by a request addressed to the Joint Data Controllers, for the attention of the Data Protection Officer, sent to privacy@zegna.com.
