Furla Privacy Policy

FURLA PRIVACY POLICY

1. Data Controller

This privacy policy explains how Furla S.p.A., a company governed by Italian law with registered offices at Via Bellaria 3/5, 40068 San Lazzaro di Savena (Bologna), Italy (“Furla” or the “Controller”), processes the personal data of its data subjects – that is, natural persons to which the personal data refers – in compliance with European Regulation 2016/679 (“GDPR”) and applicable laws on data protection in its country, area or place of operation (together with GDPR, “Privacy Laws”).

Furla attaches the utmost importance to keeping the personal data of its data subjects confidential, safe and protected, and undertakes to offer personalised services based on the preferences of each individual.

The personal data of its data subjects – that is, all persons who interact with Furla via the means set out in Section 3 of this policy – may also be processed by subsidiaries or affiliates of Furla, who are integrated into our CRM (i.e. customer database) as independent data controllers for the specific purposes provided for by local legislation, for sales and invoicing activities, and for analyses and/or commercial initiatives reserved for them by worldwide corporate decisions taken by Furla (“Affiliates” – business information in the table below).

2. Processed Data

Depending on its purpose, the Controller may collect and process different categories of personal data (together, “Data” or “Personal Data”). In particular:

a) personal information such as name, surname, date of birth, home address, country of residence, nationality, gender (“Personal Information”);

b) contact details such as email address, phone number (“Contact Details”);

c) purchase-related information such as products bought, place, date, time and store of purchase, purchase timeline, delivery dates, payment and billing methods, as well as any personal data present in the communications shared between the data subject and the Controller, and regarding the products bought or of interest to the customer (“Purchase Data”);

d) browsing data such as IP address, information about the browser used by the data subject, pages visited, date, time and duration of each visit, other parameters related to the operating system and computing environment of the data subject, as well as any other information regarding the activity carried out by the data subject on the Online Channels (defined as follows) – for example, products viewed, viewing frequency, shopping habits, ways they interact with our website, etc. – which is collected via cookies and/or scripts, as well as social buttons or widgets¹ (“Browsing Data”)²;

e) profiling data such as the information obtained (i) following the analysis of data subjects’ personal data regarding, for example, their interests and preferences provided by them directly; and/or (ii) from analysing other personal data pertaining to them – for example, Personal Information, Browsing and Purchase Data – whether in an aggregated or individual form (“Profiling Data”).

3. Methods of Personal Data Collection

The Controller may collect Personal Data from data subjects – physically or electronically, e.g. using a tablet – via the following channels:

a) the furla.com website (the “Website”) following (i) the data subject’s registration to e-commerce services; (ii) subscription to the newsletter; (iii) the completion of a purchase made in “guest” mode; and/or (iv) browsing activities carried out thereon;

b) the distance sales channels adopted by the Controller, which allow the data subject to purchase Furla products at any time – for example, instant messaging applications etc. – (“Distance Channels”); and

c) our stores and/or franchisees (“Stores”) and/or Affiliates, also through specific apps supplied to sales assistants.

It should be noted that the Personal Data of “guest” data subjects who make a purchase without registering, but who are already registered in the Furla system and respective CRM (for example, on account of previous purchases made), may be matched to the data subject’s registered account – if one exists – as the Furla system automatically recognises the entered information. Similarly, should a data subject register after making purchases as a guest, these purchases may be connected to the new account created, where the information provided is the same. This operation is in place to ensure that customer information is consistent and current, to avoid duplicate profiles, and to optimise the management of after-sales services and the shopping experience. Processing is based on the Controller’s legitimate interests in the proper functioning and optimisation of customer and service management (art. 6(1)(f) GDPR).

¹Social buttons/widgets are elements that can be clicked to access and interact directly with social media (e.g. Instagram, Facebook, TikTok, YouTube, LinkedIn). When a user clicks on social buttons/widgets, the corresponding social network acquires data regarding their Website visit. Excluding such cases, the Controller does not share any of the user’s browsing information or data with any social networks.

¹Additional information regarding the collection of Browsing Data is provided in the Cookie Policy, as detailed below.

4. Purposes for Processing

Furla intends to process Personal Data for several purposes. These involve the processing of different categories of personal data and are founded on a range of lawful bases.

In particular:

a) legal obligations: fulfilling obligations regarding product or warranty liability, as well as obligations of a financial, contributory and consumer-related nature;

b) product purchases and related services³: fulfilling obligations strictly related to the purchasing of a product and any corresponding services, such as – by way of example – creating an account on the Website, managing and monitoring wishlists and orders, delivering goods to home or store addresses, the “book an appointment” service, virtual shopping (executed through different channels, such as instant communication applications), making warranty claims and providing help should receipt of payment be lost, managing returns and refunds, customer assistance (including support while online orders and payments are being completed), reminders for products left in online carts and after-sales support;

c) profiling: analysing how data subjects behave on Distance Channels, the Website, and at Stores and Affiliates, processing information and comparing it with KPIs regarding data subjects’ shopping preferences and habits, viewing by sales assistants of purchase history, preferences and, in general, results from the processing carried out by our IT systems on the information collected from the data subject for the purposes of: (i) presenting the data subject with personalised offers and products which are always suited to their needs and interests, (ii) ensuring a unique, personalised shopping and customer-care experience, as well as (iii) offering them the opportunity to participate in events which Furla considers to be of interest; the data subject can update their contact preferences at any time by sending an email to privacy@furla.com;

d) marketing: carrying out commercial, advertising, promotional and general marketing initiatives such as, for example, sending the newsletter about Furla’s products, offers and discounts; (also) sending related communications sent via instant messaging applications, social media, text and phone calls, including well wishes on the data subject’s recurring occasions (e.g. their birthday and anniversary with Furla) and invitations to special events organised by Furla; the data subject can update their contact preferences at any time by sending an email to privacy@furla.com or via the “unsubscribe” option found in the newsletter;

e) profile-based marketing: sending specific marketing communications, in line with the interests and preferences of each data subject which surface after profiling – for example, sending communications aimed at raising awareness of the Furla world and growing interest for the brand; clienteling activities (such as sending personalised offers on products suited to the needs of individual data subjects) for a unique, personalised shopping and customer-care experience, as well as sending invitations to events oriented exclusively towards them or their interests; the data subject can update their contact preferences at any time by sending an email to privacy@furla.com or via the “unsubscribe” option found in the newsletter;

f) legal defence: safeguarding our legal-defence requirements in relation to any disputes that may arise with the data subject following the fulfilment of the contract or the use of Online Channels, as well as Furla’s general imperative to protect online payments and prevent fraud.

g) statistical analyses: carrying out internal analyses on data subjects’ anonymised or aggregated data in order to improve internal processes, evaluate performance and optimise the efficiency of offered services, and conduct statistical studies.

¹ The terms of individual purchase-related services will be announced by Furla as and when required via its Online Channels or Stores.

5. Lawful Bases for Processing and Data Retention Periods

The following table shows the Data processed, the lawful basis for its processing and the retention period for each purpose listed above.

6. Methods of Processing

Personal Data may be processed electronically or physically. Furla has adopted adequate organisational, legal and technical measures to ensure Personal Data is secure, confidential and used only for the purposes set out in this policy; as well as to allow the data subject to fully exercise their rights granted by GDPR or other applicable Privacy Laws.

In accordance with the retention terms indicated above for each processing purpose, Personal Data will be stored for a period no longer than that which is strictly necessary for such purposes and, in any case, no longer than the terms of applicable laws provided for on the matter of prescription or terms established by specific administrative provisions; after which it will be destroyed or anonymised.

Since the security of online data transfers and the data archiving system cannot be 100% guaranteed, we suggest sending only the information requested by Furla for the purposes above; any additional information will be erased.

The data subject is responsible for protecting the access credentials for their account on our Website, as per the related terms and conditions. Furla will never ask the data subject to disclose such information.

All other information regarding the processing of Browsing Data can be found in the Cookie Policy at https://www.furla.com/it/it/eshop/cookie-policy

Obligatory or Optional Provision of Data

The provision of some Data is required to purchase products and/or make use of related services. Failure to provide such Data means contracts cannot be fulfilled and related services cannot be used.

However, providing Data for the purposes set out by letters c), d) and e) of the above Section 4 (marketing, profiling and profile-based marketing) is optional. In such cases, failure to provide Data will have no negative effect and will in no way prevent the purchasing of Furla products or the use of related services.

Previously granted consent can be withdrawn at any time by contacting Furla at privacy@furla.com or using the “unsubscribe” option found in every communication received. Any processing done prior to the withdrawal of consent will remain valid.

Automatic Processing

Personal Data may be processed automatically for the purposes set out in letters c), d) and e) of the above Section 4 (marketing, profiling and profile-based marketing).

Using profiling tools, the Controller can cross-check and rework Personal Data to create groups of pooled customers based on: (i) shopping habits and behaviour (for example, spending and purchase frequency); and (ii) interests and the types of products and services bought and/or viewed.

Including the data subject in a given group allows Furla to promote – where consent has been given, as required by applicable Privacy Laws – the types of products and services in line with their shopping preferences (for example, products they usually view or buy) and with the characteristics of the group to which they belong.

In compliance with GDPR, an impact evaluation was carried out specifically on the automatic processing described herein, to ensure the absence of high risks to the rights and freedoms of the data subject, as well as to ensure its impartiality, efficacy and absence of damaging consequences for the data subject. A copy of the impact evaluation summary can be requested at any time by contacting Furla at privacy@furla.com.

In any case, Furla may carry out internal market analysis aimed at obtaining information about its performance, that of its Affiliates and Stores, and for generally managing and planning its business. To this end, Furla will adopt technical and organisational measures to guarantee a level of security appropriate for the risk (for example, the pseudonymisation and/or anonymisation of Personal Data deriving from profiling activities). Therefore, since the subject of these particular analyses is information that can no longer be attributed to a specific individual, it will not be considered as processing of personal data.

7. Location of Processing and Sharing

Data will be processed by persons to whom the Controller has provided appropriate operative instructions with particular reference to the security measures adopted. Furla will not disseminate, send and/or communicate Personal Data to third parties who are not appointed data processors – with the exception of external suppliers providing consulting services, who require a large degree of operational independence, and Public Authorities who may request access to Personal Data and may process Personal Data as independent controllers.

Furla may share Data with specialist companies, in their capacity as data processors, to whom Furla entrusts technical and organisational tasks required for managing customer relations. These include companies who provide support, payment, delivery or storage services for the purchase of products or documentation regarding customer relations and companies who evaluate service quality and customer satisfaction, or conduct – on Furla’s behalf – marketing and profiling activities, also on a local basis, including profile-based marketing activities.

Purchase Data required for finalising payments, such as credit card details, will be processed by external providers who act as independent controllers or data processors duly appointed by Furla, depending on the service offered.

Data related to communication exchanges with stores may be processed by the communication service provider, as an independent controller, to improve the service, conduct legally required checks (e.g. fraud prevention, anti-spam, etc.) and prevent illegal activity. The provider’s privacy policy can be consulted via the following link: https://messagebird.com/en/legal/privacy.

Personal Data of the subject – that is, all persons who interact with Furla via the means specified in Section 3 of this policy – will be entered into Furla’s CRM database, processed according to the purposes described above and stored for the period necessary to achieve these. The servers on which this CRM data is filed are located in Ireland in a Microsoft Azure environment. The CRM system allows Furla to share Personal Data with its Affiliates and/or Stores on the CRM system, who are appointed data processors or process the data as controllers depending on their relationship with Furla. Affiliates and/or Stores may be located inside or outside a data subject’s country of residence and inside or outside the EEA, since Furla provides customers with the opportunity to receive offers in line with their interests and needs in all countries in which it operates. In particular, Personal Data is accessible to staff in Affiliates and/or sales assistants in Stores, in accordance with the access policy of the Controller (for example, if someone visits a Furla store in a different country to where they live, this store can also access their Data).

In the event that Personal Data is transferred to countries outside the data subject’s country of residence, or outside the EEA, their Personal Data will be protected by appropriate security systems that are constantly updated and maintained in compliance with applicable Privacy Laws (for example, there are specific agreements in place on data processing and non-EEA data processors have signed the European Commission’s Standard Contractual Clauses).

The list of parties with whom Personal Data is shared can be found in the table below. At any time, you can request a copy of the European Commission’s Standard Contractual Clauses or other relevant data-transfer guarantees by sending an email to: privacy@furla.com or checking the European Commission’s website.

8. Rights of the Data Subject

According to Articles 15, 16, 17, 18, 20, 21 and 22 of GDPR, the data subject has the right to access their data and, in particular, to obtain confirmation at any time as to whether their Personal Data exists or is otherwise being processed, and to be made aware of its content, origin and ongoing processing. They also have the right to verify whether their Personal Data is correct, and to request additions, updates and amendments. They also have the right to request limited processing and the erasure of their Data, and to not be subject to a decision based solely on automated processing.

Furthermore, the data subject has the right to data portability, the right to lodge a complaint with a supervisory authority and the right to object at any time to the use of their Personal Data for the purposes set out by letters c), d) and e) in Section 4 of this policy (marketing, profiling and profile-based marketing) as well as the right to withdraw at any time the relevant consent, where given.

The data subject can exercise these rights at any time and change their contact preferences by writing to privacy@furla.com or using the “unsubscribe” option found in every communication they receive and/or they can contact Furla by sending a request to the following email address: privacy@furla.com. Furla will inform the data subject of the action undertaken without undue delay and, in any case, within one month of receiving the request at the very latest.

For any questions regarding the processing of Personal Data and/or the exercising of their rights, data subjects can contact the Furla S.p.A. Data Protection Officer at the following address: Via San Raffaele, 5 - 20121 Milano; email address: dpo@furla.com.

Policy updated on 10.12.2025

Affiliates on Furla’s CRM System

Franchised Locations on Furla’s CRM System