CONFIDENTIALITY AND DATA PROCESSING POLICY
GENERAL PERSONAL DATA PROCESSING POLICY
“PRIVACY POLICY”
PIQUADRO GROUP
Piquadro S.p.A (hereinafter referred to as "PQ"), Parent Company of the "Piquadro Group", together with The Bridge S.p.A. (hereinafter referred to as "TB") and Lancel Sogedi S.A. (hereinafter referred to as "LC"), as Joint Data Controllers, consider the privacy and protection of personal data fundamental and invite their users and customers to carefully read this Policy which contains important information on Data Processing (in short , "Information").
This Policy:
Summary
Identity and contact details of the Joint Controllers
What data we collect and how we collect them
2.1) Data voluntarily provided by the data subject
2.2) Data collected automatically
2.3) Data collected through the "Connequ" tracking device
2.4) Data collected through the "Chatbot" virtual assistant
Purpose of the processing of personal data and related legal basis
Intra-group data sharing
Categories of recipients of personal data
Storage and transfer of personal data abroad
Personal data retention period
Security measures
Exercisable rights
1) Identity and contact information of the joint Controllers
Parent company
Piquadro S.p.A
Località Sassuriano, 246
Silla di Gaggio Montano (40041 - Bologna, Italy)
Tax Code and VAT No. 02554531208
The Bridge S.p.A.
registered office in Scandicci (50018 - Florence, Italy),
Via E. Codignola 14/16,
Tax Code and VAT No. 04253320487
Lancel Sogedi S.A.
registered office in 75017, France
48-50 rue Ampere Paris
Ape Code 4772 b - TVA code Fr 20,612,036,376
2) What data we collect and how we collect them
2.1 Data voluntarily provided by the data subject
While using the Website and in general the services offered by the Group companies, we may ask you to provide us with certain personal data or personal information that might be used to identify you, for example by e-mail or online form, through the form to subscribe to the Memberships and our Services or through another type of request.
This information may include personal details and contact details, such as your name, surname, address, e-mail address and telephone number, and some information such as gender and profession.
Brief explanatory notes will be provided or appear on the web pages or through appropriate forms for specific optional services.
The detailed General Information on Data Processing (in short, "Privacy Policy") is always available to the data subject who is kindly requested to read it carefully.
2.2 Automatically collected data
In the course of normal operation, the websites may acquire some personal data of the user whose transmission is implicit in the use of internet and mobile phones communication protocols.
These data are collected through the use of systems capable of storing text or information files, such as Cookies or SDK (Software Development Kit).
This information may include navigation and functional indications, statistical and technical information, and, if clicked, some information about the user's preferences to improve their browsing or geolocation experience for the identification of the nearest store.
The website may also request some permissions to share data via social networks (e.g. Facebook, Google) that allow you to perform actions with the relevant User accounts and to collect information, including personal data, from it. In this case, reference must also be made to the terms of use, permissions, settings and privacy policy of the single social network.
The Information on Processing of Data collected automatically (in short, “Cookie Policy") is always available to the user who is kindly requested to read it carefully.
Moreover, you can manage the preferences through the appropriate online section.
Some information is necessary in order to provide the services connected to the Site and to the Group activities, and failure to collect them would make it impossible to provide the aforementioned services or involve the partial operation of the Site. The optional information does not affect the operation of the services and can be freely managed by the user.
The forms expressly indicate the mandatory items (with the symbol * or ü).
Explicit consent will always be required, by specific request, where necessary.
2.3 Data collected through the tracking device "Connequ"
If in use and connected according to the device's instructions, the App may automatically collect certain personal data related to the User during its normal operation, for the purpose of the requested tracking service.
Specifically, this includes data regarding the geographical location of the Users when they wear the Products and the Products themselves in case of loss, the MAC address of the Tracker, and the history of detections.
Furthermore, if the User has the Application open in the background on their device with the location function active, the Application will collect data regarding the location of the device used by the User even when the User is not directly interacting with the Application.
The presence of the application in the background is notified to the User based on their device settings. Such information is necessary in order to provide the services connected to the Application, and the failure to collect them would make it impossible to provide said services.
2.4) Data Collected Through the “Chatbot” Virtual Assistant
When used through user interaction with the AI chatbot system integrated into the customer service platform, the Websites may collect certain personal data related to the User during normal operation.
For example:
• identifying data (e.g., name, email, customer number);
• data related to the request (conversation content);
• any additional data voluntarily provided by the user during the interaction.
The personal data provided is processed solely for customer service purposes, including:
• managing information or technical/commercial support requests;
• automated forwarding to a human operator, if necessary;
• improving the customer care service, including through analysis of conversations (in pseudonymized or aggregated form).
Interactions are managed via an AI chatbot provided by the Zendesk platform, configured to deliver automated responses and, when necessary, transfer the conversation to a human operator.
Processing is carried out using IT and electronic tools, in accordance with the principles of lawfulness, fairness, and transparency.
3) Purpose of the processing of personal data and related legal basis
Your personal data will be processed:
• without the need for consent for the following purposes:
(i) to ensure the full and proper functioning of the Website and the App, manage various services related to the Website and the App (such as registration, language preferences, login or access to restricted features, selected products), use of Website and App features, creation of an online account, membership in the PQClub/TBClub Group clubs, Connequ App registration, order management, purchases, sales, and product delivery and tracking, customer service management including help desk, live chat, and AI chatbot, payment processing, returns and repairs handling, customer communication management (email/SMS/WhatsApp), and management of vouchers and discounts;
(ii) for administrative and accounting purposes and related obligations (e.g., issuance of receipts, invoices, and payment arrangements), potential protection of credit positions, and legal defense;
(iii) to collect and analyze Website and App traffic and usage data anonymously, perform internal statistics, business analysis and management, software usage analysis, evaluation of product and service satisfaction, customer service interactions and support requests, as well as to provide generalized promotional offers and—regarding contact data provided during the contract—send advertising for similar products, with the option for immediate opt-out upon request;
(iv) to synchronize the Tracker with a Product purchased at a Retail Point in order to facilitate tracking and retrieval in case of loss.
The above-mentioned processing activities are based respectively on the following legal grounds:
(i) Performance of a contract or pre-contractual measures, and to fulfill a request from the data subject – lawful basis pursuant to Article 6, letter b) of the GDPR;
(ii) Compliance with a legal obligation to which the Controller is subject – lawful basis pursuant to Article 6, letter c) of the GDPR – or for the establishment, exercise, or defense of legal claims;
(iii) Pursuit of the Controller’s legitimate interest – lawful basis pursuant to Article 6, letter f) of the GDPR – related to the improvement of business operations and market research, enhancement of services provided to customers, and pursuit of the Controller’s legitimate interest – lawful basis pursuant to Article 6, letter f) of the GDPR and Article 130 of Legislative Decree no. 196 of June 30, 2003 (“Privacy Code”) – so-called “soft spam” direct marketing and customer loyalty initiatives;
(iv) Performance of a contract or pre-contractual measures, and to fulfill a request from the data subject – lawful basis pursuant to Article 6, letter b) of the GDPR.
The granting of data marked on the form with (*) for the purposes described in foregoing section (i) is mandatory and the absence of the data and/or express refusal to processing them shall make it impossible for the Data Controller to execute the contract or execute the pre-contractual measures, fulfil the obligation with possible non-fulfilment and responsibility of the data subject also for sanctions contemplated by the law (e.g. impossible issue of the relevant invoice).
(ii) with your consent (Art. 7, GDPR) for the following purposes:
The granting of data for the purposes explained in foregoing section (ii) is optional, meaning that you may decide to not give your consent, or to revoke it at any time. Automated processes using software that in any case require human decision-making intervention to prevent undesirable consequences for the data subject are used for this processing; they are always and, in any case, limited to receiving communications from the Data Controller.
4) Intragroup data sharing
This policy briefly indicates how the Piquadro Group companies share the information internally, regulated in detail by mutual co-ownership agreements.
Piquadro, as Parent Company, in order to better rule the Group's strategies and implement the company business efficiently and effectively, has decided to aggregate and unify the administrative management and the commercial and marketing management, both with regard to offline and online activities performed through websites and e-commerce platforms.
Therefore, Piquadro receives information from the companies of the Group and shares it with them.
The information collected by each company of the Group is shared and used reciprocally by the other companies, in order to make the services and offers available as well as to provide, improve, understand, personalize, support and market them, including the products and the respective Piquadro/The Bridge/Lancel brands and therefore within the predefined Group purposes referred to in item C.
Further information on the Group and its additional legal entities is available on the website https://www.piquadro.com/blogs/investor-relations/group-structure.
In the event that the Group is involved in a merger, acquisition, reorganization, or sale of all or some of the assets, the information will be shared with the following entities or new owners as part of the transaction in accordance with applicable laws on data protection.
5) Categories of recipients of personal data
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible:
You can receive the complete and updated list of the Data Processors by sending a written request to the address privacy@piquadro.com.
6) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to third parties duly appointed Data Processors.
The data transfer abroad to countries not belonging to the European Economic Area (EEA) takes place exclusively in the context of intra-group communications for the purposes indicated above or to contractual partners, in any case in accordance with the provisions contained in Chapter V, articles 45 and 46 GDPR.
Your personal data will not be disclosed.
7) Personal data retention period
The personal data automatically collected by the Website for the purposes stated in the previous paragraph 3 will be processed and stored for the time strictly necessary to achieve the purposes for which they were collected and will be automatically deleted after such period. They are in any case linked to the duration of the session or the installation.
The data will be retained for the time necessary to fulfill these purposes and, in any case, correspond to the respective periods indicated below.
Data provided by the data subject (2.1): 12 months
Data related to the User who is the Account holder: 36 months
Data related to the Customer: 60 months
Data automatically collected by the Website or App (2.2): 12 months
Data collected through the “Chatbot” virtual assistant (2.4): for the time necessary to fulfill the request and, subsequently, for a maximum period of 12 months.
Data related to communication and marketing purposes: 36 months
Data related to profiling purposes: 60 months
Accounting and billing data: 10 years
Data related to any legal disputes: for the time strictly necessary or in accordance with statutory prescription periods.
After the aforementioned retention period, the data will be destroyed or anonymized.
8) Security Measures
Piquadro has implemented appropriate technical and organizational measures to ensure the logical and physical security of data and to prevent unauthorized processing.
In particular, the following technical and organizational measures, among others, are adopted to ensure the security (confidentiality, integrity, and availability) of personal data:
• All communications between the data subject’s device browser and the Websites’ servers take place through secure communication protocols (HTTPS and TLS) using encryption techniques;
• An access control policy for personnel is in place, including secure authentication procedures (MFA);
• Specific procedures are adopted for managing incidents and data breaches, and in the event of a confirmed breach, timely notification will be given to the data subject and/or the Data Protection Authority, in accordance with applicable regulations;
• Systems and processes are developed and managed in compliance with the principles applicable to data processing and the security requirements set out by the GDPR.
9) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified therein and in particular:
The request can be addressed indifferently to each of the Joint Controllers by simply sending an e-mail to one of the following addresses: privacy@piquadro.com / privacy@thebridge.it / privacy@lancel.fr.
In particular, reference is made to the following measures:
You can easily exercise these rights by simply sending a request via email to the privacy@piquadro.com, the Data Controller's address.
The Account can be deleted through the dedicated section on the Web and App.
Last updated: April 10th, 2025