Welcome to our website Ferrari Store (“the Website”).
In compliance with applicable privacy laws, including the EU Regulation no. 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), , this Privacy Notice explains how Ferrari S.p.A and YOOX NET-A-PORTER GROUP S.p.A. (“we”, “us”, “our”) collect your personal information as you use the Website, how we use this personal information, with whom we share your personal information, and your choices in connection with this.
(1) CONTROLLER AND DATA PROTECTION OFFICER
- YOOX NET-A-PORTER GROUP S.p.A. ("YOOX NET-A-PORTER GROUP"), company with sole shareholder subject to direction and coordination of Compagnie Financière Richemont S.A., with registered office at via Morimondo, 17 – Milano 20143, Italy, as independent Data Controller.
The personal data that YOOX NET-A-PORTER GROUP processes is the data that you provide when you place an order and purchase items, and the data we collect as you navigate or when you use the services offered on the Website.
For any clarification, request, or requirement linked to your privacy and the processing of your personal data, you may contact us at any time by sending a request to our Customer Care by selecting ‘privacy’, or by writing to the address of the registered office of YOOX NET-A-PORTER GROUP S.p.A.. If you wish, you may also contact our Data Protection Officer (“DPO”), by writing to the aforementioned address, or by sending an email to DPO@ynap.com.
- Ferrari S.p.A. (“Ferrari”), with registered office at via Emilia Est, 1163 - Modena 41122, Italy, as independent Data Controller. Ferrari processes your personal data for creating your account on the Website, for marketing and profiling activities upon your express consent and for supporting you through the Live Chat service. For any clarification, request, or requirement linked to your privacy and the processing of your personal data, you may contact us by writing to Ferrari S.p.A., via Abetone Inferiore 4, 41053 Maranello (MO), Italy. If you so wish, you may also contact our Data Protection Officer (DPO) by writing to the aforementioned address, or through the interactive webform.
(2) COLLECTION OF YOUR PERSONAL INFORMATION
We collect personal information, which is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.
- Information You Provide To Us
If you choose to engage in the services offered on the Website, we will collect personal information from you. We collect personal information from you when you:
- Create a Ferrari account. You have the option to create a Ferrari account on the Website to shop faster, check your orders and returns, and save your favorite items. To do so, we will collect your personal identifiers (name, email address, date of birth, and telephone number) and protected classifications (gender). We use this personal information to create and maintain your account with us and to communicate with you about your account, purchases, and the Website. The legal basis for this is performance of our contract with you (Art. 6, par. 1, let. b of the GDPR). Once your account is created, we will store your username and password.
- Contact us. When you send us a question or inquiry, or ask for other support, you will need to provide us with personal identifiers (name and email address), protected classifications (gender), and any other information you choose to provide in your correspondence. We use this personal information to respond to your questions or inquiries, troubleshoot where necessary, and address any issues you have with the Website or the services offered thereon. The legal basis for this is performance of our contract with you (Article 6, par. 1, let. b of the GDPR).
- Make a purchase. To facilitate your purchase and to manage the services offered by Ferrari Store, YOOX NET-A-PORTER GROUP will collect personal identifiers (name, email address, shipping address and telephone number) and customer records information (cardholder’s name, payment card number, expiration date, CVV or paypal account and billing address). YOOX NET-A-PORTER GROUP uses this personal information to manage the services offered by the website, to fulfill orders placed, and complete the activities related thereto, including the operations pertaining to administrative and fiscal requirements, to respond to requests via the contact form, as well as manage any product returns. The legal basis for this is performance of our contract with you (Article 6, par. 1, let. b of the GDPR).
- Profiling activities. If you opt-in, Ferrari may use this personal data described in this section to analyze your behaviors, habits and propensity to consume to enhance products and services provided by Ferrari, to satisfy your expectations as well as to send you marketing communications we feel may be of interest to you to you if you also have opted-in for receiving direct and indirect marketing communications. In doing so, Ferrari will analyze your preferences and interests using automated analysis techniques that provide Ferrari with inferences concerning you, including profiling. The legal basis for this is your consent (Article 6, par. 1, let. a of the GDPR). You may revoke your consent at any time by clicking the unsubscribe link provided within each email. This link will redirect you to our consent management page where you can opt-out of our newsletters and marketing communications.
- Subscribe to direct and indirect marketing communications. If you opt-in, Ferrari may also use your personal data (e.g. e-mail address) to send you marketing communications as well as sending advertising on Ferrari products, services, events, new collections or performing market researches (direct marketing) as well as on Ferrari’s commercial partners’ products belonging to different product categories (e.g. companies operating in the oil, automotive, IT sectors, etc.) (indirect marketing). This data may be processed by automated or electronic means including via e-mail, web sites and mobile apps. In doing so, Ferrari will analyze your preferences and interests using automated analysis techniques that provide Ferrari with inferences concerning you, including profiling. The legal basis for this is your consent (Article 6, par. 1, let. a of the GDPR). You may revoke your consent at any time by clicking the unsubscribe link provided within each email. This link will redirect you to our consent and newsletters management page where you can opt-out of our marketing communications.
- Web Push Notifications. Upon your explicit consent, Ferrari will collect certain categories of your personal data, such as the language you use when browsing the Website and the version of the Website you use (country/region), information about the device and browser you use, the time and date you consented to receive web push notifications, the date of your last visit to the Website. Ferrari will use this information to send you notifications about products and other commercial news regarding the Ferrari Store. In order to send you these notifications, we use a technology similar to cookies (in particular, "HTML5 Local Storage") which stores the information in the local memory of your browser/device. The legal basis for this is your consent (Article 6(1)(a) GDPR).
We may also use the personal information we collect as described in this section to improve our products and services, to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in HOW WE SHARE YOUR PERSONAL INFORMATION. This is part of our legitimate interest in the performance of our contractual obligations, protection of legal rights, and compliance with legal obligations. We may also deidentify or aggregate the personal information for benchmarking purposes.
Your personal information may be processed for each of the above purposes using automated or electronic methods and, in particular, by email or any other IT channel (e.g. automated calls, SMS, MMS), fax, or any other IT channel (e.g. websites, mobile app).
Providing your personal information is optional. However, if you opt not to provide data that has been marked as mandatory, it will be impossible for us to provide our services. Should you not provide the remaining optional data, the services will be provided in any case.
- Information Collected Automatically.
Cookies and Tracking Technologies
In addition to the personal information you provide directly, we may also collect information from you automatically as you use the Website. This information includes the following internet or other electronic network activity information and location information:
- Usage information. This includes information regarding your interaction with the Website, such as which pages you visit, the frequency of access, how much time you spend on each page, what you click on while on the Website, and referring the Website addresses.
- Device information. This includes certain information about your device that you use to access the Website, such as browser type, browser language, hardware model, operating system, and your preferences.
- Location information. This includes information about your location, which may be determined through your IP address.
We collect this information as part of our legitimate interest to improve the functionality and efficiency of the Website and to provide the Website to you.
- Technical. We use essential cookies to authenticate users, prevent fraudulent use of the Website, and to allow the Website and its features to function properly.
- Functional. We use functional cookies to provide enhanced functionality and personalization, to remember your login information, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
- Analytics. Analytics cookies allow us and our analytics provides to recognize and count the number of users to the Website, see how users interact with the Website and different functions, and when users are using the Website. We use this information to improve the Website.
- Profiling. Performance cookies collect information about how you use the Website and help Ferrari, for example, to identify especially popular areas of the Website. In this way, we can adapt the content of our websites more specifically to your needs and thereby improve what we offer you.
Particular third-party cookies on the Website to note include:
- Bing Ads. Bing Ads is a remarketing service provided by Microsoft. Ferrari uses Bing Ads to service you advertisements based on your past visits to the Website. You can learn more about the privacy practices of Microsoft here. Such sharing may be deemed a sale under the CCPA. To opt-out of this sharing of Bing Ads you can follow the instructions here.
- Criteo. Ferrari, through its own providers, places tags on its properties for Criteo to collect browsing information and create customized ads to serve to users. Criteo creates the ads, decides which ad to serve and where. Such sharing may be deemed a sale under the CCPA. You can learn more about the privacy practices of Criteo and opt-out of this sharing here.
- Hotjar. We use Hotjar in order to better understand user experience and to optimize the Website. Hotjar allows us to better understand users’ experience and this enables us to build and maintain the Website. For further details, please see the ‘about Hotjar’ section of Hotjar’s support services. You can opt-out of HotJar here.
- Information Collected through other sources.
Social media listening (“SML”). From time to time, Ferrari may use SML tools to extract information (e.g. users’ comments concerning Ferrari, username etc.) from web sources (e.g. blogs, forums etc.) and social media channels. This activity is based on Ferrari’s legitimate interest to find insights into Ferrari brand's visibility on social media channels as well as to assess the impact of our web campaigns (Article 6, par. 1, let. f of the GDPR). For this purpose, Ferrari may process only publicly available information and derive statistical analysis from it.
Social networks. If you interact with Ferrari through social network platforms including Facebook, LinkedIn, YouTube and any other similar platforms (“Social Networks”) when you complete specific forms (e.g. request of information etc.) and/or when you interact with Ferrari’s official Social Network pages / profiles, we may receive from Social Networks your personal data (e.g. e-mail, name, surname, country of origin, address, street number, town, postcode, city, telephone number), data relating to your vehicle (e.g. current model brand, next vehicle purchase), your interactions on the Social Networks (e.g. post that you like, private messages you may send to Ferrari etc.). According to the settings you have chosen on your Social Networks profile, Ferrari may be able to receive additional data such as your age, groups you have joined, etc. that may lead Ferrari in certain cases to identify you. Ferrari may process your data to reply to your posts, requests and queries, to perform statistical analyses and market research on the users who interact with Ferrari pages and/or Ferrari websites as well as for marketing activities as described in section (A) if you opt-in.
Furthermore, in the event that you choose to register on Ferrari websites through your Social Network account, we will receive some personal data from the Social Network of your choice (e.g. email, password, name, surname, date of birth, gender, job role, country, citizenship, address, telephone). The legal basis for this processing is the execution of our contract with you (Article 6, par. 1, let. b of the GDPR).
Please note that this section (C) only refers to Ferrari’s data processing. Ferrari is not liable in case of any unauthorized disclosure of your information by third-party social media channels, in breach of the options you have selected thereto and/or any consents you have provided. You may refer to such third-party social media channels websites and Social Networks to know more about their privacy policies relating to the data and consents you may have provided to them.
Ferrari Partners. In the event that you take part in initiatives or events organized by Ferrari’s commercial partners and / or request the latter to provide a service to you, Ferrari may receive your personal data to follow up on the requested service and / or the activities envisaged in the scope of the initiative or event (e.g. Ferrari could reward the winners of a competition organized by our commercial partners, etc.). The legal basis for this processing is the execution of our contract with you (Article 6, par. 1, let. b of the GDPR).
(3) HOW WE SHARE YOUR PERSONAL INFORMATION
Ferrari may need to make the personal information identified in this Privacy Notice available within Ferrari, with service providers, or with other third parties. These instances include:
Within Ferrari. Ferrari may share your personal information with Ferrari subsidiaries for legitimate business purposes and general business management. The legal basis for this is Ferrari’s legitimate interest in carrying out our business efficiently.
With Service Providers. Ferrari may share your personal information with our service providers that assist us in providing the Website. The legal basis is our legitimate interest in providing the Website efficiently. These service providers include communication providers, web-hosting providers, IT support, our customer management platform, shipping providers, payment processors, call center providers, marketing providers, and e-commerce providers. This also includes sharing of personal information with our service provider YOOX NET-A-PORTER GROUP that manages the Website on our behalf. We may also share your personal data with Social Networks for marketing purposes.
With Third Parties. We may need to disclose your personal information to third parties, such as legal advisors, law enforcement agencies, or governmental/regulatory bodies in order to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm, for risk management purposes, and to comply with our legal obligations. The legal basis for this is compliance with the law, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
In the Event of a Corporate Reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, Ferrari would share personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. Ferrari would also share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out business operations.
With Your Consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the Personal Information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.
Sharing in the Last Twelve (12) Months
For a Business Purpose. In the preceding twelve (12) months, Ferrari has disclosed the following categories of personal information for a business purpose to the following categories of third parties:
- We have disclosed your personal identifiers, internet and other network activity information, and customer records information to service providers that perform services on our behalf. These service providers include YOOX NET-A-PORTER GROUP, our e-commerce provider, communication providers, web-hosting providers, IT support, our customer management platform, shipping providers, payment processors, call center providers, and marketing providers.
- We have disclosed your internet or other electronic network information and location information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair Website errors that impair functionality.
- We have disclosed your internet or other electronic network information and location information to our IT support to maintain, improve, and upgrade the Website.
(4) YOUR PERSONAL INFORMATION CHOICES AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE YOUR DATA
Correct or View Your Information. You may access your Ferrari account to correct or view certain personal information you have provided to us and which is associated with your account.
Online Advertising. To opt-out of interest based advertising generally or to learn more about the use of this information by our service providers you can visit the Network Advertising Initiative or the Digital Advertising Alliance.
Marketing Emails. You may opt-out of receiving marketing emails from Ferrari by clicking the “unsubscribe” link provided with each email. Please note that we will continue to send you notifications necessary to the Website, your account, or requested products or services.
It is optional to provide your personal data. However, if you do not provide your personal data that has been marked as mandatory, it will be impossible to provide our services.
Should you not provide the remaining and optional personal data, our services will nevertheless be able to be provided.
Please note that if you will not provide your personal data, when requested, this may prevent you from benefiting from the Live Chat service.
Providing Data for the purposes of marketing and profiling activities is always optional.
(5) RIGHTS OF INDIVIDUALS UNDER GDPR
If our processing of your personal information is subject to the GDPR”), you have the following rights with respect to your personal information processed:
- Right to Access. You have the right to ask us for copies of your personal data. This right has some exceptions, which means you may not always receive all personal data we process.
- Right to Rectification. You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to Erasure. You have the right to ask us to erase your personal data in certain circumstances.
- Right to Restrict Processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances. See YOUR PERSONAL INFORMATION CHOICES AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE YOUR DATA for additional ways you can restrict processing of your personal data.
- Right to Object to Processing. You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal data, which is carried out on the basis of our legitimate interests. See YOUR PERSONAL INFORMATION CHOICES AND THE POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE YOUR DATA for additional ways you can object to processing of your personal data.
- Right to Data Portability. You have the right to ask that we transfer the personal data you gave us from one organization to another, or give it to you in a structured, ordinarily used, and readable format.
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.
To exercise these rights, please contact Ferrari through the interactive webform or by writing to Ferrari S.p.A, via Abetone Inf. 4; I-41053, Maranello, (MO), Italy. You may contact YOOX NET A PORTER GROUP’s Customer Care.
a. Personal Data Transfer Outside of the European Economic Area
Within our contractual relations, we may transfer personal data to countries outside of the European Economic Area (“EEA”). In the event personal data is transferred outside of the EEA, we will use appropriate contractual measures to guarantee an adequate protection of personal data, including implementation of agreements based on the standard contractual clauses adopted by the EU Commission.
(6) CALIFORNIA RESIDENTS
To the extent the CCPA applies to the processing of your personal information you would be entitled to the rights listed below.
- Right to Access. You have the right to request what personal information we have collected, used, disclosed, and sold about you within the preceding twelve (12) months.
- Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions.
- Right to Opt-Out. You have the right to opt-out of the sale of your personal information to third parties. Ferrari does not have actual knowledge that it sells personal information of minors under the age of sixteen (16) years.
- Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA.
To exercise your rights, described above, you can:
For Ferrari you may submit a verifiable consumer request (i) by email at firstname.lastname@example.org; (ii) by telephone at 1-877-933-7727 or (iii) through the CCPA interactive webform.
For YOOX NET A PORTER GROUP:
- call the toll-free number 18338732288 from Monday to Friday from 9 a.m. to 11 p.m., excluding public holidays; or
- write to Customer Care by selecting the "privacy" topic in the relevant webform in the "Contact us" section of the Website; or
- contact us directly at the address indicated above. If you exercise your rights, we may require you to provide certain information to verify your identity (such as your name, email address, phone number and/or address).
You may make a verifiable consumer request for access twice within a twelve (12) month period.
For requests submitted via telephone or email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal data and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. The interactive webform contains the information that Ferrari needs to verify your identity and review your request.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal data. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.
(7) NEVADA RESIDENTS
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of certain of your personal data. We do not currently sell any of your personal data under Nevada law, nor do we plan to do so in the future. If you have any questions regarding our data privacy practices, or would like to opt-out of the future sale of your personal data, please contact Ferrari at email@example.com and/or YOOX NET A PORTER GROUP’s Customer Care.
We keep your personal information for a limited period of time depending on the purpose for which it was collected. After such period, your personal information will be deleted or otherwise rendered anonymous in an irreversible way. The retention period is different depending on the purpose of the processing. For example, the personal information collected when items are purchased on the Website is processed until all administrative and accounting formalities have been completed. Therefore, it is kept on file in conformity with the local tax legislation, while the personal information used to send you our newsletter is kept until you request that we stop sending it. Ferrari retains the personal information for ten years from the time it was provided for marketing and profiling purposes unless consent is revoked. If consent is revoked, your personal information may not be processed for the aforementioned purposes, but may still be kept to manage any objections and/or disputes. The data used to manage Web Push Notifications will be retained up to the point in which consent is revoked by the data subject or up to 365 days from the last visit made to the Site by the data subject. Hashed data used for Custom and Lookalike Audiences is deleted once Social Networks have completed the matching process.
At any moment you can revoke your consent to receive these personalized commercial notifications (depending on your browser). As part of the Live Chat service, text messages sent by the user, including attachments, will be stored for 6 months on the server of our external service provider which we use, while the images taken during the video call are not stored. The Data processed for the purposes of registering to Live Chat will be kept for the time necessary to provide the service, except in the case in which the cancellation of the registration is requested.
(9) DO NOT TRACK
We do not respond to Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform The Websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. For further details, click here.
(10) INFORMATION SECURITY
The processing of your personal data takes place using IT and manual tools, with logic strictly related to the purposes of the processing indicated above and, in any case, in order to guarantee the protection, confidentiality and security of the data. We implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.
(11) CHILDREN’S PRIVACY
The Website and the services offered thereon are not intended for individuals under the age of eighteen (18) years.
(12) LINK TO THIRD PARTY WEBSITES
Third party websites accessible from this website are under the third party responsibility.
We decline all responsibility concerning requests and/or provision of personal data to third party websites.
(13) AMENDMENT OF THIS PRIVACY NOTICE
This Privacy Notice is subject to change. Changes to the Privacy Notice will be posted on this page and will indicate the date the changes go into effect. Please check back frequently and review the Privacy Notice for any changes. If we make any changes that materially affect your privacy rights, we will notify you via email or by prominent posting on the Website.