Privacy Policy

1. General Information

Who are the Data Controllers?

Upon consulting this Website, and throughout the user's use of the services offered by the Website, data related to identified or identifiable persons may be collected and processed. The data controllers are:

• S.p.A. SPORTSWEAR COMPANY, with registered office at Galleria Cavour 4, 40124 Bologna, Italy (BO), Italy, and operational headquarters in Via Confine n. 2161, 41017 - Ravarino (MO), Italy (“SPORTSWEAR COMPANY”);

and

• YOOX NET-A-PORTER GROUP S.p.A., a sole-shareholder company subject to the management and co-ordination of Financière Richemont S.A., with registered office at via Morimondo, 17 – Milano 20143, Italy ("YOOX NET-A-PORTER GROUP").

In particular, SPORTSWEAR COMPANY is the owner of the website www.stoneisland.com and of the 'Stone Island' trademark, and is the independent controller of the data processed for corporate purposes (for example, but not limited to CRM, marketing activities, customer profiling, market analysis, managerial and strategic evaluations, CV management) that directly refer to the brand or to the company.

SPORTSWEAR COMPANY and YOOX NET-A-PORTER GROUP are, on the other hand, joint controllers for processing activity connected to online sales and related post-sales assistance, as well as the “pick up in store”, “return in store” and “click from store” services (hereinafter, also “Omni-Channel Services”) offered through the Website.

SPORTSWEAR COMPANY and YOOX NET-A-PORTER GROUP have signed a joint controller agreement to govern their respective responsibilities and roles in the processing of personal data, the fundamental parts of which are summarised in the following table.

Processing Activity	Joint Controlling - Respective Responsibilities
	SPORTSWEAR COMPANY	YOOX NET-A-PORTER GROUP	Each Party
Online sales	Online sales (purpose of processing) Choice of markets (Territories)	Online Sales Billing Logistics Payments Shipping E-commerce platform and technological tools for the online Store (means of processing)	Fraud prevention Statistical analysis
Post-sales assistance	Management of User requests regarding: Information on the Products In-store purchases Anti-counterfeiting	Management of User requests regarding: Shipping Payments Returns and refunds Shopping My Account Size guide Information on the Products Christmas Privacy In-store purchases Technical assistance Online purchases	Fraud prevention Statistical analysis
Omni-Channel Services	Decision to activate services (purpose of processing) Choice of markets (Territories) Decisions regarding relationships with physical stores/Points of Sale Privacy agreements with physical stores/Points of Sale Privacy instructions and training provided to staff at physical stores/Points of Sale Anti-counterfeiting	E-commerce platform and technological tools for the online Store (means of processing) “Store in Touch” web tool Training provided to staff at physical stores/Points of Sale on “Store in Touch” tool	Fraud prevention Statistical analysis

For any questions regarding privacy, please contact our Customer Service‎ team, selecting “Privacy” as the subject (so-called “Point of Contact”).

How can I contact the Data Protection Officers?

SPORTSWEAR COMPANY and YOOX NET-A-PORTER GROUP have each appointed their own Data Protection Officer (DPO).
Should you so wish, for any request regarding the protection of your personal data and the exercise of your rights, you may contact the SPORTSWEAR COMPANY Personal Data Protection Officer (DPO) by writing to the SPORTSWEAR COMPANY address indicated above or by sending an email to: dpo@spwco.it; or you may contact the YOOX NET-A-PORTER GROUP Personal Data Protection Officer (DPO) by writing to the YOOX NET-A-PORTER GROUP address indicated above or by sending an email to: DPO@ynap.com.

2. What personal data do we collect?

Below are the categories of personal data collected and processed when you browse or shop on www.stoneisland.com:

1. the personal data necessary to conclude and execute your purchase on www.stoneisland.com or for you to benefit from the Omni-Channel Services (“pick up in store”, “return in store” and “click from store”) through the Website, such as your first name and surname, email address, shipping address and billing address, telephone number and payment details;
2. your email address when you subscribe to our newsletter service;
3. the personal data that you provide us with when you contact our Customer Service team in order to provide you with the assistance required, or when you send your Curriculum Vitae (CV) to SPORTSWEAR COMPANY;
4. if you have given us your consent, your personal data for the purpose of marketing communication;
5. your first name and surname, email address, password and date of birth, in order to register your My Account. If you are a registered user, we collect information about your access to the restricted area of the Website. Subject to your express consent, by analysing your personal data, we may draw up information regarding your interests and preferences with respect to our products and services, in order to provide you with suggestions and offers in line with your tastes.
6. information about your browsing of www.stoneisland.com, such as the pages you visit and how you interact with the individual page, which we store on our servers.

We want to assure you that we do not process any personal data relating to minors. If you access www.stoneisland.com and use the services offered, you agree that you are over the age of majority.

3. How do we use the personal data we collect?

Your personal data is collected and processed for the following purposes:

1. to conclude and perform the contract for the purchase of the products offered on www.stoneisland.com. When you make your purchase, we ask you for the personal data necessary to carry out the activities involved in the performance of the contract, such as payment, anti-fraud checks if you choose to pay by credit or debit card, billing, shipping of the product and any return management.
2. to allow registration on the Website and grant use of the services offered to registered users. In order to register on the Website, you must enter certain personal information, which is necessary to carry out the services offered to registered users.
3. to provide the services offered on www.stoneisland.com (e.g. “pick up in store”, “return in store” and “click from store”). For this purpose, we are required to collect, in relation to each service and its individual characteristics, the personal data necessary for the performance of the specific service requested by you.
4. to manage requests sent to our Customer Service department, which requires use of the personal data that you provide in order to meet your requests for information and assistance.
5. to process your Curriculum Vitae (CV). If you submit your CV to apply for an open position, SPORTSWEAR COMPANY will use the information contained in your CV solely for this purpose. The data relating to your application may be transferred to third party suppliers of candidate application management. Your CV will be stored for two years from the date on which it is collected, unless a working relationship and/or collaboration is established. After this point, it will be erased: you can of course send us a new updated version. For more information, please consult our CV Submission Policy;
6. statistical analyses and research. We use some information about your use of the Website, how you browse the Website and how you use its services to carry out statistical analysis and research in order to improve our product range and services.
7. to send marketing communication following the purchase of one of our products, i.e. “soft spam”. Following the purchase of one of our products on the Website, we will send you communications containing our marketing offers for similar products and services to the email address you provided when you placed your order.
8. subject to your express consent, SPORTSWEAR COMPANY may use the contact details you have provided to us for marketing communications relating to our products and services, in order to keep you updated on news, new arrivals, exclusive products, offers and promotions. Furthermore, still subject to your consent, SPORTSWEAR COMPANY may use your contact details in order to carry out market research and satisfaction surveys in order to improve our services and our relationships with our users.
9. still with your consent, SPORTSWEAR COMPANY may personalise your experience as a registered user on www.stoneisland.com, suggesting previews and offers in line with your tastes, and sending you personalised marketing communication in line with your interests. This personalisation will be achieved by analysing your previous purchases and the other information described in the previous section 'What personal data do we collect?’. For further information on this data and the activities that justify the processing thereof, please consult the ‘My Account’ section.

If you wish to authorise the activities referred to in points h) and i) and subsequently do not wish to receive further communications from SPORTSWEAR COMPANY or wish to limit the ways in which you can be contacted, you may at any time discontinue these communications simply by clicking on the 'unsubscribe' link at the bottom of each communication, or by accessing your My Account. Alternatively, you can also contact SPORTSWEAR COMPANY through our Customer Service‎ department, selecting “Privacy” as the subject, or by writing to the above-mentioned address. Please note that you may receive further communications from us even after you have submitted your request to unsubscribe, as some mailings may already have been scheduled, and our systems may take some time to process your request.

In relation to all the above activities, we will mainly process your personal data through IT and electronic means. The tools we use ensure high standards of security, in full compliance with current data protection legislation.

4. My Account

When you create your My Account, we offer you access to the following services:

1. My profile: manage your personal data and consent
2. My orders: track your orders and check our order history
3. My card: save your credit card details to complete your orders faster
4. Address Book: save your addresses to complete your orders faster
5. Wish List: save up to 50 items, be notified when they become available and add them to your Shopping Bag at any time.

Subject to your express consent, SPORTSWEAR COMPANY may use your contact details for marketing communications on products and services, in order to keep you updated on news, new arrivals, and exclusive products, and to conduct opinion polls and market research, in order to gauge your level of satisfaction and improve the services offered.

Only with your prior consent, SPORTSWEAR COMPANY may personalise your experience and the content of the marketing communications and offers you see when you browse www.stoneisland.com as a registered user, based on your interests. This activity makes it easier for you to find products and services that you prefer and that are in line with your interests, while at the same time improving our service to you. This personalisation is made possible by analysing the personal data we hold about you, which is described in the previous section 'What personal data do we collect?’. In particular, information about your past purchases and the sections of the Website you visit most often or the services you use most frequently helps us to understand which products and services are most relevant to you. To ensure that the information we hold is correct and allows us to properly perform the activity described above, we encourage you to access the 'My Profile' section of your My Account and update it as necessary.

5. Legal basis for processing

We will only process your personal data if one of the legal requirements provided for by current legislation is met, and specifically:

1. for the conclusion and performance of a contract to which you are party or for the performance of pre-contractual measures adopted on your request. This basis legitimises the processing of personal data in the course of the following activities:
   • concluding and performing a contract for the purchase of the products offered on the Website. When we process your data for the conclusion of the purchase contract to which you are a party, we ensure that we use only the minimum information necessary for the performance thereof;
   • registration on the Website and use of the services reserved to registered users;
   • provision of the services offered on www.stoneisland.com (e.g. “pick up in store”, “return in store” and “click from store”);
   • processing of your Curriculum Vitae (CV), if you send your CV to be considered for an open position at SPORTSWEAR COMPANY. For more information, please consult our CV Submission Policy;
   • management of your requests by our Customer Service department.
2. The provision of your personal data for these activities is a contractual obligation. You are free to disclose your data to us or not, but in the absence of the requested data, we will not be able to conclude or perform the contract or your requests. This means that you will not be able to purchase products from or use the services offered on www.stoneisland.com and that we will not be able to process your requests.
3. to comply with a legal obligation.
   In the event of the conclusion of a contract for the purchase of goods on www.stoneisland.com, the user's data will be processed in order to fulfil the legal obligations to which we are subject. You are free to decide whether or not to enter into a contract and whether or not to disclose your data to us, but if you do, your data will be necessary and will be processed to comply with the aforementioned legal obligations.
4. for our legitimate interest.
   When purchasing products on www.stoneisland.com by credit or debit card, some of your personal data may be used for anti-fraud purposes: we have a legitimate interest in performing this activity in order to prevent and prosecute any fraudulent activities or abusive behaviour. For internal administrative purposes, the data may be processed by companies belonging to the corporate group to which YOOX NET-A-PORTER GROUP belongs.
5. with your consent. SPORTSWEAR COMPANY will only carry out the following processing if you have given us your express consent:
   • marketing activities, opinion polls and market research;
   • analysing your browsing and shopping habits when using your My Account profile, in order to personalise your experience on the Website.

Providing your consent for such activities is optional. You are free to consent or not to consent, but in the absence of consent it will not be possible for SPORTSWEAR COMPANY to carry out marketing activities, opinion polls and market research, or to analyse your habits.

6. Who will be processing your data?

Your personal data will be processed by internal employees at SPORTSWEAR COMPANY and YOOX NET-A-PORTER GROUP, who have been specially trained and authorised to process such data. When processing the data, it may also be transferred to companies that are part of the corporate group to which YOOX NET-A-PORTER GROUP belongs. Your personal data will also be transferred to third parties that we use to provide our services on www.stoneisland.com. These parties have been carefully selected and offer an adequate guarantee of compliance with the regulations regarding personal data processing. These parties have been designated as data processors and carry out their activities according to the instructions given by us and under our supervision.

The third parties in question belong to the following categories: banks, internet providers, companies specialising in computer and telecommunications services, couriers, marketing agencies, companies specialising in market research and data processing.

Your data may be disclosed to the police and to the judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention of and protection from threats to public security, to enable us to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

7. App version of the website

In addition to the information referred to in the 'What personal data do we collect?’ section, when you use the app version of www.stoneisland.com, your personal data may, with your express consent, be collected as follows:

1. as part of marketing activities in order to send push notifications to your device. You may disable push notifications at any time by modifying the settings on your mobile device.
2. data relating to your location so that we can locate the store nearest to you, in order to improve your shopping experience;
3. through access to your device’s camera in order to allow you to enter your credit card details more easily to complete your purchase;
4. automated collection of some data, such as site traffic data and how long you spend on the www.stoneisland.com app, or your IP address, in order to improve our range of products and services.

8. Web push notifications

Depending on the device you’re using, you may receive push notifications from SPORTSWEAR COMPANY on our offers, news, your wish list and your shopping bag, following your consent.

To disable notifications, follow the steps listed below in line with the platform and/or browser you are using:

• Desktop: Right-click on notifications > disable notifications from www.stoneisland.com
• Mobile: Go to notifications centre > Website settings > Notifications > Block notifications from www.stoneisland.com
• Common browsers:
  • Chrome: Settings > Show Advanced Settings > Privacy - Content Settings > Notifications - Manage exceptions > Enter www.stoneisland.com and select “Block”
  • Firefox: Options > Content > Notifications - Choose > www.stoneisland.com - “Block”
  • Safari: Preferences > Notifications > Select “Refuse”

9. Data transfer outside of the EU/EEA

Some of the third parties listed in the previous section no. 6 'Who will process your data?’ could be based in countries outside the European Union or the European Economic Area (EEA), which, however, offer an adequate level of data protection, as set out in specific decisions of the European Commission ( http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi#1).

The transfer of your personal data to countries that are not members of the European Union (EU) or the European Economic Area (EEA) and that do not ensure adequate levels of protection will only be carried out after specific agreements have been entered into with said parties, containing safeguarding clauses and appropriate guarantees for the protection of your personal data, known as 'standard contractual clauses', also approved by the European Commission, or if the transfer is necessary for the conclusion and performance of a contract between you and us (for the purchase of goods offered on our Website, for registration on the Website or for the use of services on the Website) or for the processing of your requests.

10. How long do we keep your data for?

We store your personal data for a limited period of time, which varies depending on the type of activity requiring the processing thereof. After this period, your data will be permanently erased or irreversibly anonymised.

Your personal data is stored in compliance with the following terms and criteria:

1. data collected to conclude and perform contracts for the purchase of goods on www.stoneisland.com: until the administrative and accounting formalities have been completed. Data related to billing will be stored for ten years from the billing date;
2. data belonging to registered users: data will be stored until you request for your My Account to be deleted;
3. data related to payments: until the payment has been certified and the related administrative and accounting formalities have been completed following the expiration of the consumer’s right of cancellation and the applicable deadlines for payment disputes;
4. data collected during use of the services offered on www.stoneisland.com: this data is stored until the termination of the service or upon the user’s request to cancel their subscription to the service;
5. data related to requests made to our Customer Service department: data that helps us to assist you will be stored until your request has been fulfilled;
6. CV: your CV will be stored for two years from the date on which it is collected, unless a working relationship and/or collaboration is established. After this point, it will be erased. You may of course send us a new updated version.
7. data used for marketing communications sent to users who purchase products on www.stoneisland.com (soft spam): this data is stored until the termination of the service or if the user exercises their right to object by un-subscribing from the service;
8. data provided for commercial communication activities, opinion polls and market research: until you unsubscribe from the service or following a request by you to discontinue the activity and, in any case, after 7 (seven) years from the date of collection of consent by the user. After this period, the data will be irreversibly deleted or anonymised by Sportswear Company.
9. data used to personalise the Website and to show personalised commercial offers: until the user withdraws the consent given for this activity or requests its cessation and, in any case, after 7 (seven) years from the date of collection of consent by the user. After this period, the data will be irreversibly deleted or anonymised by Sportswear Company.

In any case, for technical reasons, termination of the processing and the consequent definitive erasure or irreversible anonymisation of the related personal data shall be finalised within thirty days of the deadlines indicated above.

11. Your rights

You may exercise the rights provided for by personal data processing legislation at any point. Below you will find a general description of such rights and information on how to exercise them.

1. Accessing and modifying your data: you have the right to access your personal data and to request that it be corrected, modified or supplemented with other information. If you wish, we can provide you with a copy of your data in our possession.
2. Withdrawing your consent: you may at any time withdraw your consent to the processing of your personal data in connection with any marketing activity. To this end, please note that marketing activities include sending marketing communications, conducting opinion polls and market research, in order to gauge your level of satisfaction and improve the services offered. Upon receiving your request, we will promptly terminate the processing of your personal data subject to such consent, whilst other processing or processing based on other grounds will continue to be carried out in full compliance with the requirements in force.
3. Objecting to the processing of your personal data: you have the right to object to the processing of your personal data, carried out on the grounds of a legitimate interest of ours, at any moment, explaining the reasons that justify your request. Before fulfilling it, we must analyse the reasons for your request.
4. Erasure of your data: in the cases outlined by the legislation in force, you may request for your personal data to be erased. Upon receiving and evaluating your request, if it is deemed legitimate, we will promptly terminate the processing of and erase your personal data.
5. Requesting that the processing of your personal data be temporarily restricted: in this case, we will continue to store your personal data but will not process it, unless otherwise requested by you and subject to the exceptions provided for by law. You can obtain restriction of the processing if you contest the accuracy of your personal data, if the processing is unlawful but you object to the erasure of your data, if your data is no longer needed but you need it to exercise your rights in court and if you object to the processing of your personal data, during the period in which we are assessing the reasons for your request.
6. Requesting your data or transferring them to a party other than us (right to data portability). You can ask to be provided with your data that we process based on your consent or pursuant to a contract with you, in a standard format. If you wish, where technically possible, we may on your request transfer your data directly to a third party specified by you.

You may exercise any of your rights indicated above directly by accessing your My Account. Alternatively, or to exercise any other rights, please contact our Customer Service‎ team, selecting “Privacy” as the subject, or write to the SPORTSWEAR COMPANY and YOOX NET-A-PORTER GROUP addresses indicated above.
To ensure that our users' data is not compromised or misused by third parties, we may ask you to provide certain information to verify your identity before we respond to a request from you to exercise any of these rights.

12. Security measures

We protect your personal data with specific technical and organisational security measures, aimed at preventing your personal data from being used in an illegitimate or fraudulent manner. In particular, we use security measures that ensure: the pseudonymisation or encryption of your data; the confidentiality, integrity and availability of your data, as well as the strength of the systems and services that process it; the ability to restore data in the event of a data breach. In addition, we undertake to regularly test, check and assess the adequacy of our technical and organisational measures in order to ensure continued improvement in processing security.

13. Complaints

If you believe that your personal data has been processed unlawfully, you may file a complaint with the supervisory authority in the European Union member state in which you are habitually resident or in which you work, or the place where the alleged infringement has occurred. In Italy, complaints can be submitted to the Italian Data Protection Authority. For more information, please visit http://www.garanteprivacy.it/.

14. Modifications to the present policy

The continual development of our services may lead to modifications to the nature of the processing of your personal data as described above. As a result, this Privacy Notice may be subject to amendments and additions over time, which may also be necessary with regard to new regulations on the protection of personal data. We therefore ask you to periodically review its content: where possible, we will try to inform you in a timely manner of any amendments made and their consequences. The updated version of the Privacy Notice will in any event be published on this page, indicating the date it was last updated.

15. Legal references and useful links

The processing of your personal data is carried out by us in full compliance with the relevant provisions of Regulation (EU) 2016/679, the General Data Protection Regulation, the Italian regulations governing the processing of personal data and the provisions of the Italian supervisory authority (http://www.garanteprivacy.it/)and, where applicable, the relevant foreign supervisory authorities.