Privacy Policy

PURPOSES OF THE NOTICE

 

This privacy notice (the “Privacy Notice”) contains important information about the personal data that is collected when you visit this Website and other websites of the Company’s brands (collectively, the “Websites”), whether as a registered or unregistered user, and describes how we use such data. Where applicable, it also explains the processing of the data provided by the user or collected during visits to boutiques directly managed by the Company or by associated companies (the “Boutiques”), or to points of sale managed by its commercial partners (the “Points of Sale”), or during other forms of contact with the Company. This notice is to be regarded as additional to any other information you may receive in other such circumstances.

This document contains important information on the following:

 

  1. THE PROCESSING OF PERSONAL DATA
  2. PERSONAL DATA PROCESSED
  3. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
  4. COMMUNICATION OF PERSONAL DATA
  5. DATA TRANSFER TO NON-EUROPEAN COUNTRIES
  6. PROTECTION OF THE PRIVACY OF MINORS
  7. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA 
  8. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
  9. RIGHTS OF DATA SUBJECTS
  10. PRIVACY RIGHTS OF CITIZENS OF CALIFORNIA
  11. DATA RETENTION
  12. POLICY ON COOKIES AND SIMILAR PROCESSES
  13. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING
  14. DATA CONTROLLER, DATA PROTECTION OFFICER: COMPANY CONTACTS 
  15. UPDATES TO THIS NOTICE - COMMUNICATIONS

 

ACKNOWLEDGEMENT OF THIS PRIVACY POLICY

 

By visiting the Website, using its services or interacting with the Company, its Points of Sale, Boutiques and/or Websites, users confirm that they have read and understood this Privacy Notice. In particular, they confirm that they understand the Company may collect, use, store, share and disclose personal data collected through the Websites, the Boutiques, and/or the Points of Sale in accordance with this Privacy Notice.

If they do not agree to the terms of this Privacy Notice, users are requested not to visit this Website, create an account, or otherwise use this Website or submit any personal data to it, or provide their consent when offered this option under applicable law.

 

1. THE PROCESSING OF PERSONAL DATA

 

In this Privacy Notice, the term “Personal Data” refers to any information that allows the Company to identify the user (or a third party whose data the user provides), directly or indirectly, including any information related to the purchase of goods or services, or that the user chooses to communicate to the Company or share with it, or with third parties, while using the Websites or at the Points of Sale. The processing of personal data will be carried out in accordance with the General Data Protection Regulation (EU) 2016/679 “Reg. (EU) 2016/679” and, where applicable, the legislation of the country in which the data is to be collected. The Company reserves the right to carry out further data processing where required by law or in the context of investigations, criminal proceedings, or other such actions.

 

2. PERSONAL DATA PROCESSED

 

2.1 Origin of data

The Company collects personal data from the user only when the user voluntarily provides information, for example:

 

in the case of Brand Websites that carry the Company’s products: placing an order through the Website(s) as a “guest”; creating or modifying an account; creating a wish list; entering a contest, prize draw, or promotion; searching the Website; contacting the Company by submitting a comment or question; subscribing by email for newsletters and updates regarding the latest products and services, store openings, events, or promotions; or requesting order or delivery confirmations or other notifications;

in the event of registration and access to the account via social login: if the user chooses to register or access their reserved area using their social network credentials (Facebook or Google), the user’s data will be communicated to the Company by the selected social network, subject to the data subject’s explicit consent, which must be expressed through the social network interface before accessing.

For more information on the processing of personal data by the social networks involved, please read their respective privacy policies available at the following links:

 

in the case of the Company’s Boutiques and Points of Sale: by filling out the Company’s customer card, conversing informally during visits to the Company’s Boutiques or Points of Sale, interacting with the Company or purchasing products;

 

in the case of events: by participating in events, surveys and market research, contests and other promotions, including online, for example, on mini-sites managed by the Company on third-party social networks such as Facebook;

 

in the case of the Company’s customer service: requesting assistance, special services or after-sales support;

 

in the case of emails, SMS and other electronic messages: exchanging communications between the Company and the user.

 

If the user provides the Company with the personal data of third parties (for example, family members, other customers or potential customers), they must ensure that these third parties are informed and have authorised the use of their data as described in this Privacy Notice.

 

2.2 Types of data

The Company may collect and use different types of personal data depending on the specific purposes pursued and described below:

  • common personal data such as name, surname, gender, age/date of birth, country of origin, images and other personal data permitted by applicable law to collect; contact details, such as address, email address, telephone number, mobile number, fax number (if applicable), and other contact information permitted by applicable law to collect; payment information, such as payment method (credit or debit card), where appropriate, and passport or other identity document number, where required for tax or anti-money laundering purposes; sales-related information such as products or services provided, place of purchase, product codes, amount, sale total, VAT number, complaints, returns, refunds, or other sales-related information permitted by applicable law to collect;
  • habits and profiles, such as purchase data (purchase history, including the stores where the purchase was made, type, quantity, and price of products purchased), information on customer relationship management activities and initiatives (date and category of such actions completed or to be completed, and their results), purchasing habits and preferences (wish list, favourite categories of product, colour, style, other brands purchased, most visited countries, awareness of the Company’s brands, sizes, notes on purchasing habits or particular needs (i.e., preferred materials), other information (such as employment history, education, hobbies and lifestyle) permitted by applicable law to collect; and family information, such as marital status, anniversary date, number of children, information about children, and other family-related information permitted by applicable law to collect.

 

3.  PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

 

Depending on the specific circumstances in which the interaction between the user and the Company occurred, personal data may be used for the following purposes.

3.1 For online and in-store sales (by the Boutique or Point of Sale where the user makes the purchase or by the supplier of the local website, as identified in the Conditions of Sale of the online purchase)

The personal data provided by the user or collected at the time of purchase, whether or not conducted as a registered user, namely personal details, contact information, data relating to purchases, tax data, payment details, information relating to sales and any other data strictly necessary for the delivery of the products, will be used to:

  1. manage, administer and process product purchases, and sales and after-sales services, such as administrative tasks, accounting, returns, warranties, tax-free refunds where applicable, fraud prevention, and communications with the user, including via email, for any issues related to order management or subsequent inquiries related to the order;
  2. comply with obligations imposed by laws, regulations or EU legislation (including anti-money laundering legislation) and establish or defend legal claims.

It is necessary to provide personal data for the aforementioned purposes and refusal would make it impossible to complete the purchase.

The processing of data for:

  • the purposes referred to in letter a) occur to fulfil pre-contractual and contractual obligations;
  • the purposes referred to in letter b) to fulfil legal obligations.

3.2 For the specific purposes for which the data was voluntarily provided

The personal data provided by the user or collected when the user requests a specific service (for example, by registering his/her account on the Websites, dealing with complaints or requesting information), namely personal contact information and any data strictly necessary to follow up on the request, will be used to:

  1. provide the requested services (for example, carrying out the account registration process, managing authentication on the Website and the user’s accounts, assisting the user and managing any complaints and wish lists and responding to any contact request or question submitted by the user, also via customer service);
  2. complete the account registration and authentication process via social login;
  3. manage the newsletter subscription if the user is not registered.

It is necessary to provide personal data for the aforementioned purposes and refusal would make it impossible to complete the request.

Except where otherwise required to comply with applicable local regulations, the processing of data for:

  • the purposes referred to in letter a) occur as necessary to follow up on the request;
  • the purposes referred to in letter b) occur with prior consent;
  • the purposes referred to in letter c) occur with prior consent.

3.3 For customer relationship management (CRM) purposes if the user registers

The personal data provided by the user by filling in the Company’s forms, or collected during visits to the Boutiques, Points of Sale or Websites, or interactions with the Company, namely personal and contact details, data regarding the user’s habits and profile and details about his/her family, will be entered into the centralised CRM system to:

  1. offer promotions, discounts, and other personalised services, send newsletters and other marketing and commercial communications on products and services, invitations to events of the Company’s brands (organised by the Company or its distribution chain), surveys and research, market analyses, invitations to contests, prize games or promotions and other initiatives for registered users or customers of the Company’s brands (“marketing”). The Company may use traditional contact methods (postal mail and telephone) and/or digital and automated means (e-mail, SMS, MMS, telephone and other digital channels, such as social media) and may send users such communications based on their profile, if users have provided their consent to profiling (see the following point 3.3 b));
  2. analyse the contacts made by users with the Company, their interests, preferences and shopping habits, and create individual or aggregate profiles based on them, to understand how we can provide users with a better service, as well as providing a better shopping experience in all the Boutiques and Points of Sale in Italy and abroad (“profiling”). The Company may also use personal data to create groups and perform statistical and market analyses aimed at identifying the products and/or services of its brands that may be of interest to customers, and improving its services (including the Websites).

The Company may use personal data for profiling purposes only with the data subject’s prior consent.

The data collected on the Websites will be combined with any information obtained by the Company through interactions with the sales staff of the Boutiques and/or Points of Sale. The processing of personal data for profiling is carried out in compliance with the guarantees and parameters established by current law.

Entering data into the CRM system is optional and free of charge (based on the consent the user can choose to provide) and can only occur when personal data is provided for both the marketing and profiling purposes referred to in points 3.3 a) and b) or for only one of the two. Users may unsubscribe or withdraw their consent at any time (see point 9 below). In any case, refusal to provide personal data for one or both of these CRM purposes does not prevent the user from using the Company’s services or from making purchases, but the Company will not be able to inform the user of the marketing initiatives and events described above and will not be able to understand the user’s interests and offer a more personalised shopping experience.

 

4. COMMUNICATION OF PERSONAL DATA

 

The company shares the user’s personal data with its related companies, distributors and affiliates, including those located in other countries, and with other companies that provide services on its behalf (as described in more detail below), under its direction or that of third parties. These companies and organisations will exclusively receive the personal data required to carry out the services and will not be authorised to use them for any other purpose.

 

4.1 Communication of personal data to the Data Processors pursuant to Art. 28 GDPR

When the user buys products or uses the company’s online sales services, their personal data could be shared by the e-commerce supplier of this website with selected third parties that provide services to the supplier, including those which process the orders, ship the products, process credit or debit card payments and carry out fraud-prevention checks.

 

The user’s personal data may be shared with third parties, including digital platforms (including Meta, Google and other providers indicated in point 12 below) to monitor and analyse the Website activities and/or allow the measurement of marketing campaigns, on behalf of the Company as data supervisors pursuant to Art. 28 GDPR or (as independent data controllers or joint data controllers) to provide services under the scope of marketing campaigns based on user tracking activities (e.g. retargeting). To understand how these companies process the user’s personal data and, if you wish, to change the protection settings, see the privacy section of each digital platform listed in the Cookie Policy section.

 

The user’s personal data may also be shared with third parties to host website content, provide technical and organisational services functional to the above purposes, keep customer’s bank details, provide assistance in sending or managing marketing activities (in addition to the above) and manage emails, market analyses, surveys, competitions, reward schemes or promotions. These third parties may have access to the user’s personal data or store them or process them in order to provide these services, as data processors pursuant to Art. 28 GDPR, on behalf of the Company in Italy, in the country in which the user is located or abroad. The providers of company services are not authorised to use the personal data for purposes other than the provision of the contracted services.

 

The processing of the user’s personal data for CRM purposes will be carried out, in accordance with the instructions supplied by the company, by the associated enterprises that manage the company brands locally in Italy and in other countries or online, and by the Company’s commercial partners (affiliates and distributors) that manage the Points of Sale and online sales on their Websites, as data processors pursuant to Art. 28 GDPR.

 

4.2 Communication to other Data Controllers

The user’s personal data may be shared with companies that are involved in the management of payments and fraud-prevention checks, that operate independently as data controllers, in order to provide the user with online sales services.

In the case of capital or corporate transactions (for example, mergers or acquisitions, company restructuring or liquidation), customer data may be surrendered and shared with the company participating in these transactions, to the extent allowed by law based on the legitimate interest of the Company.

 

The company may also communicate the user’s personal data to third parties (i) where required by an EU or member state regulation; (ii) in the case of legal proceedings; (iii) in response to a request from the forces of law and order based on legitimate grounds; or (iv) to protect the rights, privacy, security or the property of the Company or the public.

 

In addition, to the extent allowed by law, the company may disclose the personal data to third parties in the case of disclosures relating to the user of the website, where deemed necessary to investigate, prevent or adopt measures regarding unlawful activities, suspected fraud or if the company, at its sole discretion, believes that the use of the website by the user is incompatible with the actual conditions of the website.

 

The complete list of designated data processors and third parties to whom the data is disclosed can be obtained through our contacts listed below (point 14).

 

5. DATA TRANSFER TO NON-EUROPEAN COUNTRIES

 

Personal data will be transferred abroad only if adequate levels of protection and safeguards are ensured for data protection, in accordance with applicable legislation.

In this regard, please note that in the event of transfers to countries not covered by adequacy decisions pursuant to applicable legislation, the Company signs Standard Contractual Clauses with the companies concerned.

 

6. PROTECTION OF THE PRIVACY OF MINORS

 

This Website is intended for a general audience, however, its services are intended for persons aged 18 and over. The Company does not knowingly request, collect, use or disclose personal data provided by persons under the age of 18, whether online or at the Boutiques and Points of Sale. If the Company becomes aware that it has personally collected data from a minor, it will delete it.

If the user is not the required age, they are asked not to register or make any online purchases, and should instead ask an adult (i.e., their parent or guardian) to perform the necessary procedures.

 

7. STORAGE, ACCESSIBILITY AND TRANSFER OF PERSONAL DATA

 

The processing of personal data collected through the Websites occurs primarily using electronic or web-based means, including web analytics services hosted on servers of selected Company providers operating both within the European Union (for example, in Germany and Ireland, for online sales transactions on the Websites managed directly by the Company) and outside it (for example, in the United States, for the Company’s newsletter subscription services). In Boutiques and Points of Sale, the processing of personal data may also be carried out on paper. In both cases, personal data for CRM purposes is entered into the Company’s centralised and secured database located in Italy and managed by CRM Managers and the marketing team in Italy and abroad.

Access to personal data will be permitted only to authorised personnel of the Boutiques, Points of Sale, and the local e-commerce provider (for example, management personnel from the digital marketing and IT, retail, administration, and security departments), based on a real need to know such information and using multi-level access control tools. This staff has undertaken to respect confidentiality obligations and has been expressly designated as data controllers, as required by applicable law. In particular, where users have provided their consent to the processing of their personal data for CRM purposes, the relevant data may be read, modified, and updated by the Company’s staff and by those employed at Boutiques, Points of Sale, and/or local e-commerce suppliers (especially by sales and marketing personnel). The staff, present in Italy or abroad, has received specific training and is required to respect confidentiality obligations. The Company may use it to collect, use and communicate data according to its instructions.

 

 

8. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

 

The Company has implemented appropriate measures to protect the user’s personal data from accidental loss and from unauthorised access, use, modification, and disclosure. When the user provides order information, for example, the Company uses Secure Socket Layer (SSL) technology, an encryption tool that ensures the security of information transmitted over the Internet. In managing this Website, we also use password controls, firewall technology, and other technological and procedural security measures. Although the Company has implemented the above security measures for the Website, the user should be aware that 100% security cannot be guaranteed. Therefore, users provide their personal data at their own risk and, to the maximum extent permitted by applicable law, the Company shall not be liable in any way for any disclosure of such data due to errors, omissions or unauthorised actions of third parties during or after their transmission to the Company. The Company advises users to (i) periodically update software to protect data transmission over networks (for example, antivirus software) and ensure their electronic communications service provider has adopted appropriate means to secure data transmission over networks (for example, firewalls and spam filters); (ii) keep their username and password to access their account confidential and not disclose them to anyone; and (iii) periodically change their password.

In the unlikely event that the Company believes the security of a user’s personal data in its possession or control has been or may have been compromised, it will notify the user of the incident in accordance with applicable law, using the methods prescribed therein (by providing the Company with their email address, the user consents to receive such communications electronically via that email address).

 

9. RIGHTS OF DATA SUBJECTS (PURSUANT TO ARTICLES 15-22 GDPR)

 

9.1 User rights

At any time and free of charge, users may access their data; receive their electronic personal data in a structured, commonly used, machine-readable format and transmit it to another data controller (data portability), as well as have it corrected, updated, modified, or deleted (subject to any applicable exceptions); restrict data processing; object to the processing of data concerning them, including profiling; and withdraw any consent previously given.

Users may exercise their rights by contacting the Company at the address provided below. Requests for data deletion are subject to applicable legal obligations and the Company’s document retention obligations.

If users believe there is a problem with the way we are handling his/her personal data, they have the right to lodge a complaint with their national data protection authority or with that of any other country in the EU or European Economic Area.

To exercise these rights, users may submit a request by sending an email to the address infoprivacy@maxmara.com, or a letter by regular mail to the address below (point 14). When contacting the Company, users must include their name, email address, mailing address and/or telephone number(s) to ensure that the Company can properly handle the request.

 

9.2 Accuracy - Updating personal data

To allow the Company to better serve them, users are urged to check and update their personal data regularly.  If registered, users may access and modify their personal data using the user account settings on the Website; alternatively, users may contact the Company (see point 14) for assistance in updating their personal data.

 

9.3 Management of choices relating to direct marketing and profiling

If users wish to opt out of their data being used for CRM, marketing, and/or profiling purposes, or manage advertising preferences, they may send a simple request to the Company (see point 14) as indicated below or manage their account choices accordingly. The same procedure applies if users wish to revoke their consent to profiling. 

 

10. CALIFORNIAN PRIVACY RIGHTS

 

Under California Civil Code Section 1798.83, individuals who are users and California residents have the right to request from businesses with which they have a business relationship certain information regarding the types of personal information those businesses share with third parties conducting direct marketing activities, as well as the identities of the third parties with whom the Company has shared such information during the immediately preceding calendar year.

If the user is resident in California and would like a copy of the information provided to us under this law, they may submit a written request to the Company. The response will be provided within 30 days of the request.

 

11. DATA RETENTION

 

Personal data will be retained for the duration of the business relationship and for as long as necessary to pursue the purposes described in this Privacy Notice. After this period, the user’s personal data will be retained only to comply with legal and regulatory obligations or to allow the Company to maintain proof of its respective rights and obligations.

The user’s personal data processed for CRM purposes (point 3.3) will be retained until the account is closed or until consent to their processing for these purposes is withdrawn. Personal data relating to purchase information processed for profiling and marketing purposes will be retained for a limited period, in accordance with the terms permitted by applicable law, and will be deleted on expiry of that period.

 

12. COOKIES AND ONLINE TRACKING TOOLS

 

The company uses tracking tools that utilise unique identifiers on the website to collect and save information (for example through the use of cookies, namely small text files stored on the device browser used by the user to visit the website) or use resources (for example by running a script) on the user’s device when the latter interacts with this website. 

If the user has given their consent to the use of tracking tools on the Website, setting their preferences as willing via banners or in the area , the Company can also use personal data, such as the email, postal address or telephone number provided by the user to improve, for example, the measurement of effective conversions of its potential customers on the Websites, through the monitoring of its marketing campaigns, as well as to show the user marketing ads and content consistent with their interests, on the basis of the consumer preferences and behaviour identified through cookies and/or other tracking tools of media platform operators, including Meta Platforms Ireland Ltd., Google Ireland Limited and other operators, following the analyses they conduct on their users based on their interactions. For more information about cookies and tracking tools that the Company uses, as well as to find out how to enable or disable them, please read the Cookie Policy section.

 

13. LINKS, ADVERTISERS, SPONSORS AND ADVERTISING

 

This Website may contain links to various websites, including those owned or controlled by the Company, as well as third-party websites.

If users choose to provide personal data on one of these linked third-party websites, that data will be treated in accordance with the privacy notice and security policies of the destination site.

This privacy notice, however, applies in cases where the linked site is managed by a third party appointed as Data Controller pursuant to Article 28.

The Company is not responsible for the collection, use, disclosure, or any other form of processing of data by third-party websites. Users are therefore advised to read the privacy policies of these sites.

 

14. DATA CONTROLLER, DATA PROTECTION OFFICER: COMPANY CONTACTS

 

For the purposes of this Privacy Notice and the data processing described herein, it is specified that the term “Company” refers to Max Mara Fashion Group Srl, with registered office in Via Pietro Giannone, 10 - 10122 Turin, Italy. As the parent company, through its affiliates, the Company is the data controller (as defined in Regulation (EU) 2016/679) of the data collected at Boutiques, Points of Sale and/or Websites in Italy and abroad for the CRM purposes referred to in points 3.2 and 3.3. The Company has designated its Data Protection Officer, responsible for handling any questions or claims relating to the processing of personal data for CRM purposes, who can be contacted at the following addresses: Via Pietro Giannone 10, 10122 Turin (Italy), email: dpo@mmfg.it.

The data controller of the information collected at the local Boutique, Point of Sale and/or Website for the purposes related to the sales referred to in point 3.1 is the Max Mara Boutique, Point of Sale or online store where the purchase is made and/or which collected the data.

The local seller may be required to process data in accordance with the data protection regulations in force in the country in which it is based. However, unless conflicting mandatory rules apply in that jurisdiction, the local seller undertakes to process the user’s personal data in accordance with the principles set out in this Privacy Notice.

 

15. UPDATES TO THIS NOTICE - COMMUNICATIONS

 

The Company, at its sole discretion, reserves the right to change, modify, add, or remove portions of this Privacy Notice at any time by posting the revised version on this page of the Website and updating the “Last Modified” date indicated below. It is the responsibility of the user to review the Privacy Notice from time to time to take notice of any changes. In some cases, the Company may provide additional communications regarding material changes to this Privacy Notice by posting a notice on the home page of this Website or, for registered users, by sending a notification email or placing a notice on the user’s account page. Therefore, any browsing of the website or completing a purchase on the Website or in any store, following communication of the revision to the Privacy Notice in the manner described above, implies that the user has read the revised Privacy Notice. If the processing of personal data is based on consent, new explicit consent will be requested where necessary.

To view previous versions of the Privacy Notice, please visit the following page: maxmara.com/database-privacy

 

LAST MODIFIED

This notice comes into force from 21 November 2025