Pursuant to Art. 37 of the GDPR, the Data Controller has appointed a Data Protection Officer (hereinafter the "DPO"), who can be contacted at the following email address: collarpainter@gmail.com.

Browsing data

such as IP addresses or domain names of computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. These data are used only to obtain anonymous statistical information on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website: to this effect, the data on web contacts could be kept in accordance with and limited to this purpose. Starting from the IP address and the domain name of the computers used, it will be possible, limited to the purpose of ascertaining responsibility, to trace back further identification data of the user (in particular, name, surname, e-mail address, telephone number, etc.);

Data freely provided by the user

such as identification data, like name, surname, e-mail, telephone number, tax code, etc.; any other data supplied, for example, when registering on the Website in the special section, or when filling in any data collection forms on the Website, or when requesting the supply/activation of a Versace service, such as the Newsletter Service;

Cookies

for information on the cookies present on the Collar Website, please refer to the Cookie Policy.

The protection of the safety and privacy of minors is very important to us. By registering on the Website in the appropriate section, as well as when filling out any data collection forms on the Website or when requesting the supply/registration to the Newsletter service, the Data Subject confirms that he/she is 16 years of age or, in any case, that he/she is not younger than the age indicated by the legislation of the country of residence that provides for other age limits.

Personal data provided by Data Subjects through the Versace Website are collected and processed for the following purposes and legal bases:

A. without prior consent for the purposes of the service and, in particular, to:

1. the execution of the contract and/or pre-contractual commitments, namely:

- the use of the Website and any technical assistance;

- the management of a contact request by the Data Subject;

- Registration and access to the "My Collar" reserved area by the Data Subject;

- management of payments and/or finalisation of product purchase orders;

2. the fulfillment by the Data Controller of legal obligations, such as:

- compliance with the obligations provided for by laws, regulations or national and European legislation or imposed by the competent authorities;

3. the fulfillment by the Data Controller of legal obligations, such as:

- the management and maintenance of the Website: the interest of the Data Controller relates to the general interest of a company in guaranteeing business operations, also through the operation of the Website, and possible improvements in the service offered;

- to carry out statistics - carried out by means of the analytical cookies described in the Cookie Policy of the Website, to which reference should be made - aimed at optimising and improving website navigation without identifying the user: the Data Controller's interest lies in the general interest of a company to get acquainted with any critical points or suggestions for improving company operations;

- preventing or detecting fraudulent activities or abuses harmful to the Website, as well as exercising the rights of the Data Controller in court and manage the litigation: the interest of the Data Controller refers to the general, real and current interest not to suffer damages as a result of illegal conduct of others, as well as the right of action (art. 24 Italian Constitutional Chart) and, as such, is socially recognized as prevailing over the interests of the data subjects;

- the sending to the data subject, when already our customer, of commercial communications relating to services and products of the Data Controller similar to those you have already used; the interest of the Data Controller refers to the general interest of a company to promote its services and is considered legitimate because it is in line with the reasonable expectations of the data subjects, taking into account the relationship between them and the Data Controller itself. Each e-mail sent will allow the data subjects, by clicking on the appropriate link, to refuse further sending.

B. Only by prior consent to:

1. Marketing purposes, in particular to:

- send promotional messages following the activation of the newsletter service, and commercial proposals (by mail, e-mail, operator telephone, fax, sms, mms, social media, social chat) relating to Collar products and services, for the sending of advertising material on Versace products and services, as well as catalogs and brochures or invitations to events, and in general commercial communications on Collar and its initiatives, as well as for carrying out market research and surveying the degree of customer satisfaction;

2. Profiling purposes, namely:

- To analyse the Data collected, including by automated means, and use it to process, communicate and allow Data Subject to take advantage of services, initiatives and personalised offers designed according to Data Subject's interests, habits and propensity to consume. The Data Controller may also use the data of the Data Subject to create "clusters" (homogeneous groups made up of profiles that present a degree of correlation) depending on the habits and propensities of consumption in order to develop targeted digital campaigns in line with the preferences of individual users. To this end, we can also use dedicated automated software (e.g. CRM);

3. Purpose of using Facebook tools for measuring and analyzing interactions with web pages visited by Data Subjects and providing targeted advertising on Facebook's social network, specifically:

- the Company and Facebook Ireland Limited will process, as Joint Data Controllers as described in paragraph 1. the data relating to the interactions with the websites visited by the Interested Parties through the use of Facebook Business Tools (by way of example only, Cookies, plug-ins and Facebook Pixel). In particular, the Collar Website uses social plug-ins. Social Plug-ins are special tools that make it possible to incorporate Social Network functions directly into the Website (e.g. the Facebook "like" function). When you visit a page on our Website and interact with the plug-in (e.g. by clicking the "Like" button) or leave a comment, the corresponding information is transmitted from your browser directly to the social networking platform (in this case Facebook) and stored there. Further information on how Facebook Ireland processes the Data, including the legal basis to which Facebook Ireland refers and on how to exercise your rights towards Facebook Ireland, can be found in Facebook Ireland's Data Policy at Facebook Data Policy.

4. Purpose of using Facebook services for measuring the interests and habits of the Website's audience and providing targeted advertising on the Facebook social network:

- the Company will process Data relating to the interests, preferences and behavior of the Data Subjects on the Website by means of the Facebook Custom Audience product, in order to provide targeted advertising within the Facebook social network. This processing involves, if consent is given by the Data Subjects, the communication of data to Facebook in order to proceed with the creation of custom audience lists and the subsequent delivery of targeted advertising. For this processing, Facebook acts as the Company's data processor. For more information on the product, please consult Facebook's Terms and Conditions at the following link Facebook T&C.

The provision of Data with respect to the purposes referred to in paragraph A) is mandatory and any refusal will make it impossible for the Company to carry out the contractual obligations undertaken and the execution of legal obligations, or to respond to your requests. As regards the purposes referred to in letter B) the provision of personal data is optional and their use is conditional on the release of an explicit consent by the Data Subject. Any refusal to grant consent has no effect other than that of not being able to inform the interested parties about initiatives of the Company that might interest them and of not being able to proceed with the analysis of their purchasing habits and preferences, as well as the use of measurement tools and interaction with Facebook.

The processing of Data of Data Subjects is carried out - with electronic modalities - by means of the operations of collection, registration, updating, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of the Data. Data will be processed by the Company and its employees using computer systems (aa well as manual means) in accordance with the principles of fairness, loyalty and transparency provided for by the applicable legislation on personal data protection and protecting the confidentiality of the Data Subject and his/her rights through the adoption of appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.

With reference to the purposes set forth in points A) of par. 5 (Purposes of the processing), Data will be processed for the entire duration of the relationship in order to achieve the aforementioned purposes. Data functional to the fulfilment of eventual legal obligations will be stored also afterwards, in compliance with such obligations and in accordance with the retention periods provided for by the applicable regulations from time to time.

For Data provided for the purposes of B, nos. 1. (marketing) and 2. (profiling) referred to in par. 5 (Purposes of the processing), due to the fact that the personal data stored relate purchases of 'high-end' products and that the average annual frequency of purchase, for each customer, is spaced out over time, Data provided by you will be retained for a maximum period of 7 years, considering that this time span is appropriate and proportionate to both the purposes that are intended to be achieved and the type of personal data being processed. Upon expiry of this period, the data will be deleted or made anonymous and in any case the Data Subjects may always provide new consent to the processing to the Company for the same purposes.

For the Data provided for the purposes under point B, no. 3. (use of Facebook Business Tools) of par. 5 (Purposes of the processing), the Data will be processed in accordance with the provisions of Facebook's Data Policy, available at Facebook Data Policy.

For the Data provided for the purposes set forth in point B, no. 4 (use of Facebook custom audience services) of par. 5 (Purposes of the processing), the Data will be processed by Collar for the duration of its contractual relationship with Facebook and until the Data Subject's consent is modified or the Data Subject requests cancellation.

Data processing is carried out by Collar's internal staff appointed for this purpose as Data Processor or person in charge of processing. The Data collected for the execution of the above-mentioned purposes will also be processed by third parties appointed for this purpose as external Data Processors, or, as the case may be, communicated to the same as independent Data Controllers, and namely to:

RECIPIENT/SCOPE OF DATA COMMUNICATION

Companies that are part of our corporate group for the purposes specified above.

WHAT WE MAY SHARE

Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, Website usage information.

RECIPIENT/SCOPE OF DATA COMMUNICATION

Persons, companies, associations or professional firms providing assistance and consultancy to Collar, as well as accounting, administrative, legal, tax and financial matters.

WHAT WE MAY SHARE

Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, Website usage information.

RECIPIENT/SCOPE OF DATA COMMUNICATION

Companies, bodies, associations that perform services related and instrumental to allow the navigation on the Website by the Data Subject, as well as couriers for the delivery of catalogs and / or products purchased, our stores, customer service, analysis and market research, management of payments by credit card, maintenance of computer systems.

WHAT WE MAY SHARE

Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, Website usage information.

RECIPIENT/SCOPE OF DATA COMMUNICATION

Public administrations for the performance of institutional functions within the limits established by law and regulations.

WHAT WE MAY SHARE

Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, Website usage information.

Furthermore, the Data may be made accessible, communicated and transferred to Public Bodies, Judicial Authorities, Police Bodies, who will process Data as independent controllers in order to follow up on requests for verification or where expressly provided for by law.

The complete and updated list of the subjects that process Data as Data Processors and Indepedent Data Controller is available on request at Collar.

The Company may transfer Data outside the European Union. To this end, in accordance with privacy regulations, the Company assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (for example, adequacy decisions or Standard Contractual Clauses). For information on the transfer of personal data collected by means of cookies, including those of third parties, please refer to Collar's Cookie Policy and the privacy policies of each third party, available on their websites and linked in the tables included in Collar's Cookie Policy.

Data Subjects may exercise, in relation to the data processing described therein, the rights provided for by the European Regulation (Articles 15-21), including the right:

- To receive confirmation of the existence of their personal data and access to their content (rights of access);

- To update, modify and/or correct your personal data (right of rectification);

- To request the deletion or limitation of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or otherwise processed (right to be forgotten and right to limitation);

- To object the processing of personal data (right to object);

- To withdraw consent, where given, without prejudice to the lawfulness of the processing based on the consent given before withdrawal;

- To lodge a complaint with the Supervisory Authority in the event of breach of personal data protection regulations;

- To receive a copy of the personal data provided to the Company in a structured, commonly used and machine-readable format, and request that such data be transmitted to another data controller (right to data portability).

Requests should be addressed to the Company by sending an e-mail message to collarpainter@gmail.com or by regular mail to the following address:

- Residents of the State of California may exercise their rights under the California Consumer Privacy Act (CCPA) by email at collarpainter@gmail.com:

- Access to Personal Information: California residents have the right to request a copy of personal information, the source of the personal information, and to whom it was disclosed, which we will provide to them in electronic form. For its own privacy and security, the Company may require proof of identity before providing requested information.

- Erasure of Personal Information: California residents also have the right to request that the Company erase personal information, unless the Company needs to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

- Finally, it should be noted that Collar does not sell personal information to third parties.

- The user may ask to exercise his/her rights by e-mail at collarpainter@gmail.com or by telephone at +1 418 612 1393. Users are invited to include in their requests all necessary information (such as name, e-mail and postal address, specific request and any other information) that the Company may need in order to respond to or otherwise manage the requests.

- The Company will not discriminate against customers in the exercise of their rights.

This Privacy Policy may be modified over time and we therefore invite users to periodically consult this page. To this end, the policy highlights the date of update.

Last Update: November 2021