PRIVACY POLICY

PRIVACY POLICY

BBB S.p.A. based in Via Lancetti 28, 20100 Milan (Italy), belongs to the Luxembourg holding company Royal ST Andrews (hereinafter the “RSA Group”) and manages the sites www.brianebarry.it and www.thebrianebarrybuilding.it (hereinafter the “Sites”).

BBB, for its commercial activity, is a user of the following brands: Brian & Barry, Double B (hereinafter the “Brands”).

BBB recognise the importance of maintaining the confidentiality, integrity and security of your non-public Personal Data (hereafter, the “Personal Data”) and inform you that the Personal Data provided by you via the websites, as well as any data provided to the stores will be processed in respect of existing European privacy rules, Regulation (EU) 2016/679 (hereafter, the “Regulation”) as well as the standards and general rules of conduct contained in the Code of Ethics adopted by BBB.

1. Personal Data Controller

Personal Data Controller is BBB S.p.A. based in Via Lancetti 28, 20100 Milan (Italy),

in the person of its acting legal representative which, as part of his prerogatives, may use specifically identified processors or officers. The Data Controller or the Data Protection Officer (DPO), appointed by the Data Controller, can be contacted at the e-mail address privacy@brianebarry.it or by writing to BBB S.p.A. based in Via Lancetti 28, 20100 Milan (Italy).

2. Type and Source of Data

I. Browsing Data

The IT systems and software procedures that run the Website acquire, during their normal exercise, some Personal Data whose transmission is implicit in the use of Internet communication protocols.

That information is not collected to be associated with identified natural persons but, by its very nature, could, through processing and association with data held by third parties, allow for users to be identified.

This category includes IP addresses (Internet Protocol, numerical label that uniquely identifies a device known as host, which may be a computer, handheld device or smartphone, etc., connected to an IT network that uses the Internet Protocol as a network protocol), or the domain names of the computers used by users who connect to the Website, addresses in URI notation (Uniform Resource Identifier, a sequence of characters that uniquely identifies a generic resource) of the resources requested, the date and time of the request, the method used in sending the request to the server (a high-performance computer that, in a network, provides a service to the other connected computers, known as clients), the size of the file (digital information container) obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc), the geographical position of the user and other parameters relating to the user’s operating system and IT environment. Localisation takes place in non-continuous mode when the user allows automatic position detection.

These data are used for the sole purpose of obtaining anonymous statistical information on use of the Website (access frequency, duration of stay, information on items viewed, moved to the cart, or entered in the wish list) and to check its correct functioning.

To improve the service offered and to monitor your behaviour, when you visit the Website, you will be sent Cookies.

Cookies are small text files sent by the Website visited by you to your computer (usually to the browser, a programme that allows you to browse and to view the web pages and material contained therein: images, videos, texts, and other multimedia elements), where they are stored only then to be sent back to the Website at your next visit. Cookies are the means by which your browsing data are stored.

For further information and to find out which cookies are used by the Website and how to disable them and/or to deny consent, see the Cookie Policy.

II. Personal Data provided voluntarily

BBB collects and processes the Personal Data provided by you, directly and knowingly, through the website when you subscribe to the newsletters as well as those eventually provided at a point of sale during your enrollment in the Next To You Loyalty Program.

The Personal Data may be: name, surname, postal address and country, email address, telephone number, date of birth, gender, signature, bluetooth address (unique address assigned to the network cards) of your electronic device (handheld device, telephone, etc.).

Furthermore, the optional, explicit and voluntary sending of e-mails via the Website to one of the e-mail addresses, info@thebrianebarrybuilding.it and / or customercare@brianebarry.it,

In addition, the optional, explicit and voluntary transmission of email via the Website to one of the e-mail addresses, info@thebrianebarrybuilding.it and / or customercare@brianebarry.it, involves the acquisition of the email address, required to respond to requests, as well as any other personal data included in the message sent.

3. Personal Data processing purposes

The Personal Data will be used for the following purposes:

I. Registration to the Next To You loyalty programme

BBB collects Personal Data from you directly and knowingly provided when registering to the Next To You loyalty programme.

By registering to Next To You, you can, based upon the purchases made, accumulate points to enjoy the benefits provided by the Programme.

II. Customer profiling

Only following your consent, and provided that you are registered to the Next To You loyalty programme, Personal Data provided by you as well as, the data regarding your past purchases may be processed for profiling activities, which consist of the automated and anonymous processing of data relating to customers, in order to break it down into groups depending on the respective behaviour, with the aim of creating personalised contents and offers. The offering of goods and services is not directed to minors; BBB undertake to verify and, if necessary, cancel the profiling consent granted by customers who are under the age of 16.

III. Direct Marketing

Only following your consent, the Personal Data provided by you may be used to send you commercial and promotional communications, Newsletter “Brian & Barry Milano” and/or newsletter “The Brian &Barry Building” , messages, advertising material, as well as catalogues and invitations to events through traditional and automated communication tools both in digital and paper format (mail, email, calls, chat, SMS and MMS).

To withdraw that consent, click on the specific unsubscribe link indicated at the bottom of the e-mails received or write to the addresses customercare@brianebarry.it and/or info@thebrianebarrybuilding.it .

The offering of goods and services is not directed to minors; BBB undertake to verify and, if necessary, cancel the consent granted by customers who are under the age of 16.

IV. Management of relationship

The transmission by you of a request for support to info@thebrianebarrybuilding.it , customercare@brianebarry.it , allows BBB to acquire your email address, as well as any other Personal Data and other information entered therein.

V. Fulfilment of legal obligations :

The Personal Data provided by you may be processed:

a) to satisfy legal, administrative, financial and accounting duties imposed by law and by existing regulations (for example, in terms of tax documentation);

b) to perform activity of organisational nature and/or functional to the fulfilment of contractual obligations;

4. Legal basis for Personal Data processing

Your Personal Data are collected by BBB only if and to the extent that one of the following conditions is in place:

a) You have expressed consent to the optional processing of your Personal Data for profiling and marketing activities.

Any lack of consent involves the impossibility for BBB to send you direct commercial and promotional communications, advertising material, as well as catalogues and invitations to events

b) The processing of your Personal Data is mandatory for the execution of a contract of which you are a party, as in the case of: registration to the Next To You loyalty programme and management of the relationship.

c) The processing of your Personal Data is mandatory to fulfil a legal obligation to which BBB is subject in the capacity of Data Controller, as in the case of fulfilments in relation to tax documentation.

Any failure to provide your data involves the impossibility for BBB to perform a duty carried out in the public interest or for the exercise of public powers.

d) The processing is necessary to pursue the legitimate interest of BBB, as in the cases of check that your Personal Data are not associated with the unlawful use of a credit card or excessive charge on a credit card.

The aforementioned legal bases could, as appropriate, and in whole or in part, be joint between them.

You have the right to withdraw your consents at any time. The withdrawal of consent does not, however, prejudice the lawfulness of the processing based upon consent before the withdrawal.

5. Processing methods

The Personal Data will be processed using paper, IT and electronic tools, according to logics strictly related to the purposes indicated above, for the time strictly necessary to pursue the purposes for which they were collected, in respect of the principle of necessity and proportionality, avoiding processing Personal Data if the operations could be performed using anonymous data or by other methods.

All measures deemed necessary and/or opportune to ensure that the same are processed lawfully, correctly and transparently in relation to you, and to prevent the loss, even accidental, as well as unauthorised access, will be implemented.

In particular, Personal Data processed for profiling and marketing purposes will be entered and stored in the CRM (Customer Relationship Management) system at servers located at RSA Group companies.

6. Duration of processing and Personal Data storage period

Your Personal Data will be processed and stored for the time necessary to carry out the purposes for which they were collected.

Therefore:

· Personal Data collected on the basis of your consent for direct marketing or profiling activities or for the legitimate interest of BBB will be processed and stored for the period in which you actively interact with BBB, thereby meaning having purchased in the last three years one or more products at stores or until you withdraw that consent before the expiration of the above 3 years;

· Personal Data collected to execute a contract of which you are a party will be processed and stored until the execution of that contract has been completed;

· Personal Data collected to fulfil a legal obligation will be processed and stored for the period provided by the law in force.

BBB may be obliged to store your Personal Data for a longer period than that respectively indicated above by order of an authority.

At the end of the storage period, your Personal Data will be erased or made anonymous permanently. Therefore, at the expiry of that period, you may no longer exercise the right to access, right to rectification, right to erasure, right to restriction of processing and right to portability of the Personal Data.

7. Communication and transfer of personal data abroad

The Personal Data will be processed by BBB’s internal personnel authorised to process for that purpose, as part of the conduct of the assigned working duties, designated as processing officers and, possibly, insofar as is necessary and/or instrumental for executing the purposes indicated above, by the Holding Company and by the RSA Group companies and by external entities that perform for BBB specific technical and organisational services connected to the Website and to the management of marketing and communication activities, which will act on behalf of BBB in the capacity of Processors (e.g. service providers, digital agencies, shipping agents, technicians who perform IT services maintenance, companies used by BBB for the implementation and/or management of promotional campaigns of its products or services, consultants, etc.).

The processing by each Processor will be regulated by a contract or other legal deed which binds it to BBB and which defines, inter alia, the duration, nature and purposes of processing, the type of Personal Data and categories of data subjects, the obligations and rights of BBB.

Your Personal Data will not be used for purposes of promotional nature of third parties or relating to products, services or initiatives not originating from BBB and will not in any case be disseminated to indeterminate entities.

If specifically required by the applicable law, your Personal Data may be provided to the regulatory authorities, judicial authorities, forces of order, tax authorities and other authorities to which investigative powers are assigned.

The updated list of Processors may be requested to the Controllers at the addresses indicated in paragraph 1.

You have the right to obtain a copy of the Data held abroad outside the European Economic Area and to obtain information on the location in which those Data are stored by making an express request to the address indicated in paragraph 1 of this policy.

8. Your rights

You are entitled, at any time, to exercise the following rights towards the Data Controller:

a) To obtain, in accordance with Article 15 of the Regulation, confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and the following information: a) the purposes of the processing; b) the categories of Personal Data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.

b) Where personal data are transferred to a third country or to an international organisation, the right to be informed of the appropriate safeguards pursuant to Article 46 of the Regulation.

c) Obtain a copy of the Personal Data undergoing processing.

d) Obtain, in accordance with Article 16, the rectification of inaccurate personal data concerning you without undue delay; taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

e) Obtain, in accordance with Article 17, the erasure of Personal Data concerning you without undue delay. The controller has the obligation to erase personal data without undue delay where one of the grounds indicated by paragraph 1 of Article 17 applies.

f) Obtain, in accordance with Article 18, the restriction of processing where one of the circumstances regulated by paragraph 1 of Article 18 applies.

g) Withdraw consent at any time without prejudice to the lawfulness of processing based upon consent provided before the withdrawal.

h) Obtain, in accordance with Article 20, the data portability, or receive the Personal Data concerning you, provided to BBB, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another Controller without hindrance from BBB to which the personal data have been provided if the conditions indicated in Article 20 paragraph 1 are in place. Finally, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

i) Object at any time, in accordance with Article 21, to processing of Personal Data concerning you.

j) Object at any time, in accordance with Article 21, to processing of Personal Data for direct marketing purposes and profiling when certain conditions illustrated in Article 21 of the Regulation are in place.

k) Object in accordance with Article 22, to being subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, in accordance with the conditions indicated in article 22 of the Regulation.

l) To lodge a complaint with the Data Protection Supervisor when you believe that the processing concerning you violates the Regulation, the lead supervisory authority appointed by the Data Controller is “Garante per la Protezione dei Dati”, Piazza di Montecitorio n. 121, 00186, Roma (Italy).

m) To take legal action.

The complete descriptions of your rights are indicated in Articles 6/15/16/17/18/20/21/22/57 of the Regulation.

9. Contact Details

For any request relating to your Personal Data referring to this privacy policy and to exercise your rights, you may contact, free of charge, the Personal Data Controller or the Data Protection Officer (DPO), at the addresses indicated in paragraph 1.

10. Changes to this Privacy Policy

BBB reserves the right to change this Privacy Policy at any time, publicising this on the Website. The version published on the Website is that currently in force.

Latest update: 19 February 2019.