Privacy Policy

Privacy Policy of MERCURI S.R.L. for the website mercurifashion.com

This privacy policy (the “Privacy Policy”) provides crucial details about the personal information we gather when you visit our website, mercurifashion.com, other brand-related websites, and official social media pages (collectively referred to as “Websites”), regardless of whether you are a registered user. It also explains how we utilize this information. Additionally, this Privacy Policy outlines how we handle the information you may provide or that we collect about you when you visit our boutiques operated directly by us or our affiliates (“Boutiques”), or points of sale managed by our business partners (“Points of Sales”), or during any other interactions with us. This policy serves as a supplement to any other information you might have received in those specific situations.

This document offers you essential information about the following:

  1. PROCESSING OF PERSONAL DATA
  2. PERSONAL DATA WE COLLECT
  3. HOW WE USE PERSONAL DATA
  4. HOW WE SHARE PERSONAL DATA
  5. CHILDREN’S PRIVACY
  6. STORAGE, ACCESSIBILITY, AND TRANSFER OF PERSONAL DATA
  7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
  8. RIGHTS IN RELATION TO PERSONAL DATA – MANAGING YOUR CHOICES
  9. CALIFORNIA PRIVACY RIGHTS
  10. DATA RETENTION
  11. OUR POLICY ON COOKIES AND SIMILAR TECHNOLOGIES
  12. LINKS, ADVERTISERS, SPONSORS & ADS
  13. DATA CONTROLLER – DATA PROTECTION OFFICER – AND HOW TO CONTACT US
  14. UPDATING THIS POLICY – NOTICES

ACCEPTANCE

By accessing the Website, using its services, or engaging with us through our Points of Sales, Boutiques, and/or Websites, you confirm that you have read and understood this Privacy Policy and agree that we may collect, use, store, transmit, and disclose the personal data we collect through the Websites, Boutiques, and/or Points of Sales in accordance with this Privacy Policy. If you have not yet registered with us, we may ask you to opt-in (e.g., by checking a box) if we consider it necessary to protect your rights or as required by applicable laws. If you do not accept the terms of this Privacy Policy, please refrain from visiting this Website, creating an account, using or submitting personal data to this Website, or opting in when this option is presented to you in accordance with applicable laws.

1. PROCESSING OF PERSONAL DATA

In this Privacy Policy, “Personal Data” refers to any information that allows us to identify you (or a third party whose personal data you provide us) directly or indirectly, including any details associated with the purchase of goods or services, or any information you choose to communicate to us or share with us or third parties while using the Websites or at Points of Sales. We will process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 “Reg. (EU) 2016/679” and the laws of the country where the data is collected, if applicable. We reserve the right to carry out additional processing as required by law or as part of a criminal or other investigation or proceedings.

2. PERSONAL DATA WE COLLECT

2.1 Source of Data
We collect personal data from you only when you voluntarily provide us with this information, such as:

  • Branded Websites distributing our products: When placing an order through the Website(s) as a “guest”; creating or modifying your account; setting up a wish list; entering a contest, sweepstakes, or promotion; searching on the Website; contacting us with a comment or question; signing up for email newsletters and updates regarding our latest products and services, boutique openings, events, or promotions; or requesting to receive an order confirmation, shipping confirmation, or other alerts.
  • Our Boutiques and Points of Sales: When filling in our customer card, during informal chats when you visit our Boutiques or Points of Sales, interact with us, or purchase merchandise.
  • Events: When participating in our events, surveys, market research, challenges, and other promotions, also online, e.g., mini-sites that we run on third-party social networks such as Facebook.
  • Our customer services: When requesting assistance, special services, or aftersales support.
  • Email, text, and other electronic messages: During communications between you and us.

If you provide us with personal information of third parties (e.g., your family members, other customers, or prospects), you must ensure that these third parties are informed and have authorized the use of their data as described in this Privacy Policy.

2.2 Types of Data
We may collect and use different types of personal data depending on the specific purpose, as outlined below:

  • Personal details: Such as name, surname, gender, age/date of birth, country of origin, and other personal details as allowed by applicable laws.
  • Contact details: Such as address, email address, phone number, mobile number, fax number (if any), and other contact details as allowed by applicable laws.
  • Payment details: Such as payment instrument (credit card, debit card) if applicable, passport number when required for tax or anti-money laundering reasons.
  • Sales-related information: Such as date, products or services provided, place of purchase, product codes, amount, total of sales, VAT number, complaints, returns, refunds, and other sales-related information as allowed by applicable laws.
  • Habits and profiles: Such as data regarding your purchases (purchase history including the boutique where the sale takes place, type, quantity, and price of the products purchased by you), information related to customer relationship management activities and initiatives (date and categories of actions performed or to be performed and results of actions), shopping habits and preferences (wish list, preferred categories of products, color, style, other brands purchased, most visited countries, how you know our brands, sizes, notes regarding purchase habits or special needs stated by you – i.e., preferred materials), other information (job-related information, education, hobbies, and lifestyle activities) as allowed by applicable laws.
  • Family-related information: Such as marital status, anniversary date, number of children, children-related information, and other family-related information as allowed by applicable laws.

3. HOW WE USE PERSONAL DATA
Personal data may be utilized for the following purposes, depending on the specific circumstances in which you interact with us.

3.1 For online and in-store sales
Personal data provided by you or collected when you make any purchase, whether as a guest or registered user, such as basic personal details, contact details, data regarding your purchases, fiscal data, payment details, sales-related information, and any other data strictly necessary for the delivery of products, will be used:

  • To manage, administer, and process your purchase of our products, sales, and post-sale services, such as administrative activities, accounting, returns, warranties, tax-free refunds if applicable, fraud prevention, and communicating with you, including by email, for any issues related to order processing or subsequent requests concerning the order.
  • To comply with obligations imposed by laws, regulations, or EU legislation (including anti-money laundering laws) and to establish or defend a legal claim.

Providing your personal data for the purposes above is necessary; failure to provide it would make it impossible to complete your purchase. Unless otherwise required to comply with local applicable laws, data may be processed for these purposes without seeking your consent because it is necessary to fulfill contractual and legal obligations.

3.2 For specific purposes for which it was provided
Your personal data provided by you or collected when you request a specific service (e.g., registering your account on our Websites, handling complaints, asking for information) will be used:

  • To provide the services you requested (e.g., operating the processes of registering your account, managing authentication on the Website, operating your accounts, assisting you, handling complaints, managing wish lists, following up on any question or contact request you may submit to us, also through our customer care service).
  • To manage newsletter subscriptions if you are not also registered with us.

Providing your personal data for the purposes above is necessary; failure to provide it would make it impossible to fulfill your request. Unless otherwise required to comply with local applicable laws, data may be processed for these purposes without seeking your consent because this is necessary to follow up on your request.

3.3 For CRM purposes if you register with us
Your personal data provided by you when filling in our forms or collected when you visit our Boutiques, Points of Sales, or Websites and interact with us will be entered into our centralized CRM to:

  • Provide you with promotions, discounts, and other tailored services, and send you newsletters, other marketing, and commercial communications about products, services, and invitations to events related to our brands (organized by us or our distribution chain), surveys and research, market analysis, invitations to contests, sweepstakes, or promotions, and other initiatives for registered customers or contacts of our brands (“marketing”). We may use traditional (postal mail, phone) and/or digital and automated (email, SMS, MMS, telephone, and other digital channels, e.g., social media) contact methods and may send you these communications based on your profile, if you have agreed to our profiling.
  • Analyze your contacts with us, interests, preferences, and purchase habits, and create individual or aggregated profiles based on that information to provide you with a better service, including a customized sales experience in any and every Boutique and Point of Sale in Repubblica di San Marino and abroad (“profiling”). We may also use personal data to create clusters and conduct market and statistical analyses aimed at identifying products and/or services of interest to customers of our brands and to improve our services (including the Websites). We will combine your data collected on the Websites with information that we may have obtained through your interaction with the salespersons at the Boutiques and/or the Points of Sales. The processing of personal data for profiling is carried out in compliance with the guarantees and measures set by applicable law.

4. HOW WE SHARE PERSONAL DATA

4.1 Communication of personal data to the data processors
When you purchase products or use our online sales services, your personal data may be shared by the e-commerce provider of this website with selected third parties that provide services to the provider, including those who process orders, ship products, process credit or debit card payments, and carry out fraud-prevention checks.

Your personal data may also be shared with third parties, including digital platforms (such as Meta, Google, and other providers mentioned in point 11 below) to monitor and analyze website activities and/or allow the measurement of marketing campaigns, on behalf of the company as data processors or (as independent data controllers or joint data controllers) to provide services related to marketing campaigns based on user tracking activities (e.g., retargeting). To understand how these companies process your personal data and, if applicable, change the protection settings, you can consult the privacy section on each digital platform listed in the Cookie Policy.

Your personal data may also be shared with third parties to host website content, provide technical and organizational services functional to the above purposes, keep customer bank details, assist in sending or managing marketing activities (in addition to the above), and manage emails, market analyses, surveys, competitions, reward schemes, or promotions. These third parties may have access to your personal data, store it, or process it to provide these services as data processors on behalf of the company in Repubblica di San Marino, in the country where you are located, or abroad. Service providers are not authorized to use personal data for purposes other than providing the contracted services.

The processing of your personal data for CRM purposes will be carried out, in accordance with the instructions provided by the company, by the associated enterprises that manage the company brands locally in Repubblica di San Marino and other countries or online and by the company’s commercial partners (affiliates and distributors) that manage sales outlets and online sales on their websites, as data processors.

4.2 Disclosure of personal data
Your personal data may be shared with companies involved in payment management and fraud prevention checks, that operate independently as data controllers, to provide you with online sales services.

In the case of capital or corporate transactions (for example, mergers or acquisitions, company restructuring, or liquidation), customer data will likely be one of the assets transferred and may be shared with legal successors to the extent allowed by law based on the legitimate interest of the company. The personal data will remain subject to the existing privacy policy unless you decide otherwise.

The company may also disclose your personal data to third parties (i) where provided for by an EU or member state regulation; (ii) in the case of legal proceedings; (iii) in response to a request from law enforcement based on legitimate grounds; or (iv) to protect the rights, privacy, security, or property of the company or the public.

Furthermore, to the extent allowed by law, the company may disclose personal data to third parties in the case of disclosures relating to the use of the website, where deemed necessary to investigate, prevent or take action regarding unlawful activities, suspected fraud, or if the company, at its sole discretion, believes that the use of the website by the user is incompatible with the actual conditions of the website.

The complete list of designated data processors and third parties to whom the data is disclosed can be obtained through our contacts listed below (point 13).

5. CHILDREN’S PRIVACY
This Website is a general audience site; however, our services are intended for people aged 18 years or older. We do not knowingly request, collect, use, or disclose personal data provided by anyone under the age of 18, both online and at the Boutiques/Points of Sales. If we learn we have collected personal data from a child, we will delete that information. If you are under this age, please do not register or proceed with the online purchase and ask an adult (i.e., your parents or your legal guardian) to proceed with the required procedures.

6. STORAGE, ACCESSIBILITY, AND TRANSFER OF PERSONAL DATA
The personal data collected through the Websites is mainly processed using electronic or web means, including web analytics services hosted by servers of our selected providers both in the European Union (e.g., Germany and Ireland, for online sales transactions on our directly managed Websites) and outside the European Union (e.g., USA, for our newsletter subscription services). In Boutiques and Points of Sales, personal data may also be processed in hard copy. In both cases, the personal data will be entered into our centralized and secured database stored in Repubblica di San Marino and managed by our Customer Relationship Managers and marketing team in Repubblica di San Marino and abroad.

Personal data will be accessed, on a need-to-know basis and under multi-level access control tools, only by authorized staff of our Boutiques, Points of Sales, and local e-commerce vendors (e.g., staff in the digital & IT, marketing, retail, administration, and security departments). This staff is engaged to be bound by confidentiality obligations and expressly appointed as persons in charge of the processing, as required by applicable law. In particular, if you agreed to the processing of your personal data for CRM purposes, the related data may be read, amended, and updated by our staff and the staff at the Boutiques, Points of Sales, and/or local e-commerce vendors (especially the sales and marketing personnel). The staff is based in Repubblica di San Marino or abroad and is trained and bound by confidentiality obligations. We may use them to collect, use, and disclose the data as instructed by us.

If we need to transfer personal data abroad to achieve the purposes of this Privacy Policy, including where the data protection legislation differs from the one applicable in your country, we take steps to ensure that these communications happen in compliance with European data protection standards or other local standards in the country where we collect the data, so that your data remains secure and confidential.

7. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
We have implemented appropriate measures designed to protect your personal data from accidental loss and unauthorized access, use, alteration, and disclosure. For example, when you provide any order information, we use Secure Socket Layer (SSL) technology, an encryption tool that provides security while transmitting this information over the Internet. We also use firewall technology, password controls, and other technological and procedural safeguards to maintain this Website. Although we have implemented the above security measures for this Website, you should be aware that 100% security is not possible. Therefore, providing your personal data is done at your own risk, and, to the greatest extent permitted under applicable law, we shall have no liability as a result of the disclosure of your personal information due to errors, omissions, or unauthorized acts of third parties during or after the transmission thereof to us. We recommend you (i) periodically update your software for protecting data transmission over networks (for example, antivirus software) and check that your provider of electronic communication services has adopted suitable means for the security of data transmission over networks (for example, firewalls and anti-spamming filters); (ii) keep confidential, and not disclose to anyone else, your username and password to access your account; and (iii) change your password from time to time.

In the unlikely event we believe that the security of your personal information in our possession or control was or may have been compromised, we will notify you of that development as required by applicable law using any of the methods prescribed thereunder (by providing us with your email address, you hereby consent to receiving any such notification in electronic form through such email address).

8. RIGHTS IN RELATION TO PERSONAL DATA – MANAGING YOUR CHOICES

8.1 Your rights
At any time and free of charge, you may access your data, receive your electronic personal data in a structured, commonly used machine-readable format and transmit it to another data controller (data portability), have your data corrected, updated, changed, or removed (subject to exemptions that may apply). You may update any information you have given to us by contacting us at the addresses given below. Requests to delete your data are subject to any applicable legal and document retention obligations imposed on us.

If you believe there is an issue with how we are handling personal data, you have the right to file a complaint with your national and/or any other data protection authority in the EU or the EEA.

To exercise these rights, you may send your request by emailing support@mercurifashion.com or by regular mail to the address listed below (point 13). When contacting us, please ensure to provide us with your name, email address, mailing address, and/or telephone number(s) to ensure we handle your request correctly.

8.2 Accuracy – Keep Personal Data Updated
To help us serve you better, we encourage you to regularly review and update your personal data. If you are a registered user, you may access and edit your personal data through your user account settings on the Website; otherwise, you may contact us (see point 13) to assist you in updating your personal data.

8.3 Managing your choices in relation to direct marketing and profiling
If you wish to opt out from any of the CRM purposes, marketing and/or profiling, or manage your advertising preferences, you can simply send your request to us (see point 13) or manage your choices accordingly. The same procedure applies if you wish to withdraw your consent to profiling.

9. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you may request information about our disclosure of personal information to third parties or affiliated companies for their direct marketing purposes. To make such a request, please submit a written request to us. You must put the statement “Your California Privacy Rights” in the subject field. We are not responsible for notices that are not labeled or sent properly, or do not have complete information. Please allow 30 days for a response. Non-affiliated third parties are independent of us, and if you wish to receive information about your disclosure choices or stop communications from such third parties, you will need to contact those non-affiliated third parties directly.

10. DATA RETENTION
Personal data will be retained for the duration of the business relationship and for as long as necessary for the purposes described in this Privacy Policy (e.g., if you subscribe to a newsletter, for the duration of your subscription; if you have a user account, until you close the account). Beyond this period, your personal data will only be retained to comply with our legal and regulatory obligations (e.g., for 10 years for accounting purposes; for the duration of the mandatory retention requirements for tax purposes, etc.), or to allow us to maintain evidence of our respective rights and duties.

Your personal data processed for CRM purposes (points 3.3) will be retained until you close your account or withdraw your consent to the processing of your personal data for these purposes. Personal data relating to the details of your purchases processed for profiling and marketing purposes will be retained for a limited period in line with the timing permitted by applicable law; upon expiration of this time limit, the personal data will be deleted or permanently anonymized.

11. COOKIES AND ONLINE TRACKING TOOLS
We use tracking tools that utilize unique identifiers on the Website to collect and save information (for example, through the use of cookies, small text files stored on the device browser used by you to visit the Website) or use resources (for example, by running a script) on your device when you interact with this Website.

If you have given your consent to use the tracking tools on the Website, setting your preferences via banners or in the Cookies preferences area, we can also use personal data, such as the email or postal address or telephone number provided by you, to improve, for example, the measurement of the effective conversions of our potential customers on websites, through the monitoring of our marketing campaigns, as well as to show you marketing ads and content consistent with your interests, based on consumer preferences and behavior identified through cookies and/or other tracking tools of media platform operators, including Meta Platforms Ireland Ltd., Google Ireland Limited, and other operators, following the analyses they conduct on their users based on their interactions. For more information about cookies and tracking tools that we use, as well as to find out how to enable or disable them, please consult the Cookie Policy.

12. LINKS, ADVERTISERS, SPONSORS & ADS
This Website may contain links to our various owned or controlled websites, as well as links to third-party websites. If you elect to provide your personal data on any such linked website(s), that information will be subject to such linked website’s privacy policy and security practices – including the Websites run and managed by our approved distributors, except for the data collected therein by our distributors for CRM purposes where our privacy policy is posted – and is not governed by this Privacy Policy. You should familiarize yourself with these other privacy policies, as we are not responsible for, and have no control over, the information submitted to, or collected, used, disclosed, or otherwise processed by third-party websites.

13. DATA CONTROLLER – HOW TO CONTACT US
For the purpose of this Privacy Policy and the data processing described therein, please note that “We,” “our,” “us,” and “Company” refer to MERCURI S.R.L., with a registered place of business in Via Tre Settembre, 174, 47891 Dogana, Repubblica di San Marino. As the holding company and ultimate owner of several brands through its affiliates, including “MERCURI,” the Company is the data controller (as defined under the Reg.(EU) 2016/679) of the data collected at the Boutiques, Points of Sales, and/or on the Websites in Repubblica di San Marino and abroad for CRM purposes under points 3.2 and 3.3.

14. UPDATING THIS POLICY – NOTICES
We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Policy at any time by posting such revised Privacy Policy on this page of the Website and updating the “Last Modified” date below. It is your responsibility to review this Privacy Policy from time to time to take notice of any changes we made. In some cases, we may provide additional notification of material changes to this Privacy Policy by adding a statement on the homepage of this Website or, for registered users, by sending a notification email or by adding a statement on their account page. By accepting such revised Privacy Policy through a “click accept” in such notification email or account page statement (made available when required to comply with applicable laws), or by completing a purchase on the Website or in any stores after this Privacy Policy has been revised, or, otherwise, by using or submitting information to the Website following the posting of the revised Privacy Policy, you agree to such revised Privacy Policy. As a consequence of the changes, no processing of your data will be carried out without your explicit consent if so required by applicable law.