- La Maison
- High Jewellery
We may collect different types of information from or about you depending on the purpose and manner with which you interact with us. This personal data may be collected by us through (i) their transmission by yourself, (ii) your use of our website or other applications, or (iii) through social media.
a. Personal data communicated by you
When you reach out to us, whatever the mean, you may be asked to supply us with the following information and/or decide yourself to communicate us such information:
• Personal details: e.g. name, address, email address, geographic location, telephone number
• Demographic information: e.g. date of birth, ring size (should this information be pertinent, especially upon ordering a ring), gender and nationality
• Personal preferences: e.g. language preference, favorite collection and leisure interests
• Purchase and after sales history: e.g. documents required by anti-money laundering laws, documents required for our accounting and billing
• Credit card information, in particular credit card number and cardholder name
• Correspondence with us and our advisors: e.g. customer feedback or testimonials
• Responses to surveys that we might ask you to complete on a free-choice basis
This information is essentially used to set up and manage your client account with us, the following of your purchases and/or any order that you may have placed or otherwise done with us, as well as to contact you. It is also used to better identify your preferences and wishes in relation to products we offer.
We may also collect data from publicly available sources, which shall be considered as data having been communicated by you.
b. Personal data collected through our website, e-mails or other applications
When you access, visit or browse our website, or receive and/or answer to E-mails from us, the Web server automatically registers details of your access and actions. This includes information about your activity on and interaction with our websites and/or E-mail, such as your IP address, your device or browser type, the webpage you visited before coming to the websites and identifiers associated with your devices, as well as any log information. Depending on its settings, your device may also transfer us location information, which may be used by us to customize, improve and protect our websites, e.g. to determine local language preferences or to geotag a post.
c. Personal data collected from social networks
When you authorize a third party social network (Facebook, Instagram, etc.) to share information and data with us, we may receive any data that you publicly share on the social network as well as any information that is part of your profile or that you allow the social network to share (name, electronic address, gender, profile picture, user code, list of friends or contacts, etc.).
• Any written or oral conversations or interaction between you and us (e.g. through E-mail or personal messaging, telephone, call centers, person-to-person in a boutique, person-to-person during events or fairs, postal mail, etc.)
• Website and social media platforms visit, traffic and postings
• Printed forms or tablet apps (basically when you collect data on ipad)
• Data shared publicly on social networks (for example, when you like one of our posts)
• Third parties (e.g. social media platforms, credit risk assessment firms)
• Other possible sources when applicable, including through publicly available information as well as the use of CCTV cameras
We collect and use the above mentioned information for the purposes listed below. Please note that not all purposes apply to everyone, but depend on the type of relationship/interactions you have with us:
• Processing orders/ purchases (including VAT refund requests)
• Providing after sales service
• Registering and tracking lost, stolen or counterfeit products, especially to proceed to anti-fraud and blacklist management for any case in which a person has been implicated in fraud regarding our products, services or trademarks;
• Interacting with you and answering your requests, questions or concerns, including by informing you of any changes in relation to our products and/or services
• Managing VIP and loyalty programs, as well as manage your membership and/or client account
• Complying with our billing and accounting obligations, as well as legal and regulatory obligations (namely anti-money laundering regulations)
• Dealing with potential claims or litigation
• Producing reports and statistics, namely to improve our services and platforms
• Guaranteeing the security of our operations
• Tailoring our services and offers to your needs, location or preferences
• Sending regular information on us, namely upcoming events or new boutique (with your consent and in accordance with your communication preferences)
• Promoting/ advertising through our social network platforms
• Evaluating job applications
• Offering you all functions of our websites and applications, as well as ensuring its correct execution and enhance your use of it
Payment details in particular: When you initially provide or update your payment information, we may transmit it via an encrypted connection to a third-party payment processor. Such a delegation is in particular justified in order to ensure compliance with security and legal standards.
Should you opt-out from receiving newsletters and/or other marketing communications from us, you may nevertheless still receive administrative communications from us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important announcements.
Please note that our platforms, applications and social media publications are not intended for children under the age of 16. However, due to their nature, DE GRISOGONO may collect information about children under the age of 16 for the purpose of providing services. If we learn that we have collected or received personal information from a child under age 16 without parental or guardian consent, we will delete that information. If a child under 16 years old has provided us with personal information without parental or guardian consent, the parent or guardian may contact us at firstname.lastname@example.org to ensure its prompt deletion.
Considering how important your data privacy is to us, we do not rent or sell your personal information to other people or non-affiliated companies.
We may share personal information about you with other people and/or companies in the following circumstances:
• Affiliated entities that make up our group (e.g. DE GRISOGONO subsidiaries): Especially for purposes of management and optimization of the customer relationship, as well as to send you information about the offers, news and events in the limits of your consent or applicable lawful grounds, as well as in any case of reorganization of the DE GRISOGONO group
• Third party providers and subcontractors that support our operations: e.g. processing payments (especially for security reasons), managing customer relationships, database and online platforms management, website management – this also includes all IT service suppliers, consultants, providers of hosting and maintenance services for the website and applications,
• Third-party subcontractors (especially network advertisers and ad exchanges) for limited interest-based advertising on a selected number of social media –
• Law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party, should we determine that such disclosure is reasonably necessary in this context (including to prevent fraud or abuse)
• Third parties connected to a potential merger or any other type of acquisition, or to which we transfer all or some of our assets or business
Information we collect may be transferred to, shared with, stored and processed in any country or territory where one or more of our subsidiaries or affiliated companies or third-party service providers are located or maintain facilities.
In any case where cross-border transfer is done, we ensure that an adequate protection is guaranteed for personal data to be transferred outside of Switzerland and the EEA. In some specific cases when this level of protection is not guaranteed, we will obtain your prior consent or establish with the recipient of personal data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting us.
We will retain your information for as long as necessary to fulfill the purposes for which we collect it and/or to comply with legal requirements, unless otherwise agreed by you (the “Storage”). The Storage period shall not exceed ten years of time, being underlined that such Storage period will reset with each new communication we receive from you or made on your behalf. When relevant, the Storage period of your personal information will be extended to meet the requirements of law and for accounting, auditing and other internal administrative and support functions.
At the end of the Storage period, we shall delete your data without it being required that any further information be provided to you.
Within the timeframe detailed above, the exact retention periods shall in particular be identified based on the following criteria:
• For client, supplier and distributor data: The duration of the contractual relationship, after-sale services, requirements under anti-fraud laws, answering any claim within a reasonable period following the end of the contractual relationship.
• For employees: The duration of the employment agreement, legal obligations pertaining to minimal retention periods, answering any claim within a reasonable period following the end of the contractual relationship.
We are committed to protecting all personal information we collect. We limit access to personal information about you to employees who reasonably need access to it, to provide products or services to you or in order to do their jobs. Our employees are obliged by us to respect confidentiality. We also have appropriate technical and organizational physical and electronic safeguards to protect the personal information that you provide to us against unauthorized or unlawful processing and against accidental loss, damage or destruction.
The storage of information and its transmission over the Internet cannot unfortunately be completely secure and, though we do our best to protect your personal information, we cannot guarantee the absolute security of your personal information. In the occurrence of any breach likely to result in a high risk to your rights we will inform you without undue delay.
You have the right at any time to ask for access or transfer to and deletion of any personal information that we hold about you in our records, to correct any inaccuracies and to update any out-of-date information. You may also request from us that we stop processing your personal data, for the case in which we rely on your consent and do not have another legal basis to continue processing your data.
Any such request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable data protection legislation.
You have the right to make a complaint if you feel your personal data has been mishandled or if we have failed to meet your expectations. You are encouraged to contact us about any complaints or concerns but you are entitled to complain directly to the relevant supervisory authority.
Last updated: May 2018