PRIVACY POLICY

1. WHO IS THE DATA CONTROLLER

Depending on the purposes pursued, as detailed in the table at point 3 below, your personal data will be processed by different independent controllers, as indicated below.

[UPDATED ON 23/04/2026] For website registration, online sales and after-sales support activities, the data controller for your personal data is Benetton E-Commerce S.r.l., a subsidiary of Benetton Group S.r.l., with registered office at via della Cartiera, 1 - 31020 Villorba (TV), Italy, benettonecommerce@legalmail.it, (hereinafter "E-Commerce"), contactable at infoprivacy@benetton.it. 

In all other cases the data controller for your personal data is Benetton Group S.r.l., with registered office at Villa Minelli, 1 - 31050 Ponzano (TV), Italy, benettongroup@legalmail.it, (hereinafter "Benetton Group") contactable at infoprivacy@benetton.it. 
You may also contact the Data Protection Officer of Benetton Group S.r.l. directly at the e-mail address rpd@benetton.it..

2. TYPES OF DATA

With regard to the activation of accounts for already registered users, the data used were initially collected by Benetton Group S.r.l. and subsequently confirmed and where applicable supplemented by the user upon first account activation.

Depending on the products, services or features you intend to use from time to time, certain data rather than others may be required.

In general, the data subject to processing may include:

  • user identification data (for example, first name, last name, date of birth, language and country from which you interact with us, etc.);
  • contact data (for example, e-mail address, phone number, postal address, etc.)
  • transactional data (for example, payment data, information relating to purchases made, orders, returns, etc.);
  • connection, geolocation and browsing data (such as, for example, IP address, mobile App, cookies or similar technologies);
  • commercial data (for example, loyalty programme enrolment, newsletter subscription),
  • data relating to tastes and preferences.

Depending on the services and/or features requested, some data may be required in mandatory form as they are necessary for the provision of the requested service or product, or to allow access to the requested feature.

Such data are therefore necessary for us to fulfil our obligations arising from the contract, or to comply with obligations arising from applicable legal or regulatory provisions.

Failure to provide such data may result in the impossibility of completing your registration as a user, or of receiving such services or products, or of benefiting from the requested feature.

3. PURPOSES OF PROCESSING, LEGAL BASIS AND RETENTION PERIOD

 

The following sets out, depending on the controller and the types of services and/or features requested, the purposes of processing, the legal basis on which the data is processed and how long it is retained.

CONTROLLER

PURPOSE

DESCRIPTION OF PURPOSES

LEGAL BASIS

RETENTION PERIOD

E-Commerce

Management of website registration as a user.

If you decide to register on the Benetton/Sisley website, some of your personal data will be processed in order to identify you as a user and authorise you to access the various features and services of the site.

Compliance with the terms governing the use of the website (Art. 6.1.b GDPR)

Until the user requests account deletion, or 10 years if no access to the site has been made in the last 24 months.

E-Commerce

Performance and execution of the contract for the purchase of goods and/or services

Personal data are processed in the following cases relating to sales and after-sales support:

  • Payment management
  • Management of returns, complaints, warranties and purchase support requests
  • Management of requests for information on item availability and product reservations
  • Provision of services such as, for example, product personalisation
  • Use of vouchers, coupons, discount codes and/or gift cards
  • Provision of sales documents and/or invoices relating to completed transactions
  • Updates or informational communications related to the features, products and services purchased
  • Activation of mechanisms to control and prevent potential fraud during the purchase transaction.

Performance of the sales contract (Art. 6.1.b GDPR)

Legitimate interest in carrying out anti-fraud checks (Art. 6.1.f GDPR)

 

 

Data are retained for up to 10 years from the last transaction. Data relating to orders are retained for up to 24 months from the date of purchase.

E-Commerce

Handling of requests received through customer service channels

Your personal data will be processed to manage requests and provide any other type of technical support not directly related to a purchase, via e-mail, telephone calls and social media.

Legitimate interest (Art. 6.1.f GDPR)

For the time strictly necessary to handle the requests (and in any case no longer than two years from the date of receipt of the request).

Benetton Group

Obligations related to enrolment in the loyalty programme

Your personal data will be processed to award loyalty points and rewards and to enable you to benefit from the various advantages connected to the loyalty programme.

Compliance with the terms and conditions of the loyalty programme (Art. 6.1.b GDPR)

Data are normally retained for the entire duration of the loyalty programme and any renewals or extensions thereof. They are in any case deleted after 10 years from enrolment, if no purchase transactions have been made in the last 24 months. Data relating to transactions are retained for up to 24 months from the date of purchase.

Benetton Group

Marketing purposes

We will process your personal data to manage your newsletter subscription and to send you personalised information about our products or services using various electronic communication channels (for example, e-mail or SMS). We may also send you such newsletters and communications via push notifications, where this service has been enabled on your mobile device. You may unsubscribe from the Newsletter at any time through:

  • The dedicated link at the bottom of each Newsletter;
  • The dedicated link in the My Area section.
  • Request to Customer Care.


To stop receiving push notifications, you may disable this function on your mobile device. For the implementation of promotional activities (for example, for the running of competitions or the sending of your saved items list to the e-mail address you have provided). Distribution on the Platform or on social networks through our channels of publicly shared photos or images, with your explicit authorisation.

Consent (Art. 6.1.a GDPR)

24 months from the date of the marketing consent being given or from the date of the last interaction with the Controller. Commercial e-mails incorporate a tracking functionality that, upon each e-mail opening, updates the marketing consent date provided at the time of registration for our services. Marketing consents will not be updated where the user is unsubscribed with a date prior to the e-mail opening.

Benetton Group

Profiling purposes

We will use data relating to your web browsing behaviour, social media interactions and transactional data to define consumer clusters, in order to improve communications and the offering of products and services dedicated to you.

Consent (Art. 6.1.a GDPR)

24 months

Benetton Group

Analysis of platform and service usage in order to improve user experience and the offering

When you access our digital properties, we inform you that your browsing data and interactions with social media channels will be processed for analytical and statistical purposes, i.e. to understand how users interact with our Platform and enable us to improve it.

Consent (Art. 6.1.a GDPR)

Until browsing data are anonymised as stated in the cookie policy present in the cookie bar.

Benetton Group

Analysis of certain aggregated data and performance data in order to improve the commercial offering to the general public

Exclusively for registered users or those enrolled in the loyalty programme, a series of attributes are used in aggregate form in order to understand trends and the main patterns of interaction with the company.

Legitimate interest (Art. 6.1.f GDPR)

24 months




4. SHARING INFORMATION WITH OTHER PARTIES

For the purposes indicated in this privacy policy, your personal data may be communicated to other companies within the corporate group to which the Data Controller belongs, or to third parties operating in collaboration with the Controller in the provision of services, duly appointed as data processors or authorised persons. These include:

  • a) Franchise partners.
  • b) Financial institutions and companies specialised in online payments and fraud detection and prevention.
  • c) Technology service providers.
  • d) Logistics, transport and delivery service providers and partners.
  • e) Customer service providers.
  • f) Marketing and advertising service providers, partners and collaborators.

Furthermore, for all the purposes indicated in the privacy policy, your data may also be transferred abroad, within or outside the European Union, in compliance with the rights and guarantees provided for by applicable legislation and subject to verification of the adequacy of the level of protection guaranteed by the third country.

Your data will finally be processed by internal staff of the Controller's offices, duly trained, who act in the capacity of persons authorised to process personal data.

5. YOUR RIGHTS OVER THE DATA YOU PROVIDE TO US

We inform you that you have the right to request the competent Controller to access your personal data and to have them rectified if inaccurate, to have them erased or to restrict their processing where the conditions are met, or to object to their processing based on legitimate interests pursued by the Controller, as well as to obtain the portability of the data provided, only if they are subject to automated processing based on your consent or on a contract.
You also have the right to withdraw the consent given for the processing purposes that require it, without prejudice to the lawfulness of the processing carried out up to the time of withdrawal.
You may exercise these rights by contacting the Controller at the contact details indicated in point 1, specifying the right you wish to exercise.
In particular, you may exercise the right to erasure of data pursuant to Art. 17 of the GDPR by contacting us through the form at the following link https://it.benetton.com/contactus and selecting the reason "erasure of personal data".
Please note that if you have registered for the services as a user, you may also access the dedicated personal data section of your account to modify or update it. In any case, please bear in mind that by actively providing your personal data to us through any means, you guarantee their truthfulness and accuracy and undertake to notify us of any changes. Any loss or damage caused to the Controller or to a third party as a result of incorrect, inaccurate or incomplete information provided in the registration forms shall be the sole responsibility of the user. In general, you are required to provide only your own personal data, not third-party data, except as provided for in the privacy and cookie policy.
We also inform you that you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

6. CHANGES TO THE PRIVACY POLICY

When deemed appropriate, we may modify the information contained in this privacy policy. In such case, we will give notice in various ways (for example, publication on websites, newsletters, via a banner, a pop-up or a push notification) or by sending a specific e-mail if the change affects the purposes for which the data were collected, so that you can review the changes, make your own assessment and, where applicable, object or unsubscribe from certain services or features.