United Colors of Benetton - Official Website

PERSONAL DATA PROCESSING POLICY

for the participation in the "Benetton Island - Participation
in the Nintendo Animal Crossing game" project pursuant to art. 13 of EU 679/2016 ("GDPR") Regulation
- October 2021

DATA CONTROLLER

BENETTON GROUP SRL (hereafter referred to as Controller, Company or "BENETTON")
with headquarters in via Villa Minelli 1, 31050 Ponzano Veneto (TV), Italy tel: +39 0422 519111 / fax: +39 0422 969501

DATA PROTECTION OFFICER (DPO)

Data Protection Officer c/o Dir. Legal Affairs
Via Villa Minelli 1 - 31050 Ponzano Veneto (TV)
rpd@benetton.it

DATA PROCESSED AND DATA SOURCE

The following personal data will be processed:
- Name and Surname
- age
- email address
The source of the data is the party itself.

PURPOSE OF PROCESSING

Purpose 1 - Game participation:
The processing of personal data has the exclusive purpose of participating in the Benetton Island initiative with the registration for the Animal Crossing game.

Purpose 2 - Marketing purposes:
We will process your personal data in order to create promotional activity (for example sending newsletters or promotional material to the email address you have indicated)

DATA CONFIRMATION

For purpose 1, providing data is mandatory.
In the event of refusal, you will not be able to participate in the Benetton Island initiative nor can you register for the Animal Crossing game.

For purpose 2, providing data is optional. In the event of refusal, the Data Controller will not be able to send you promotional material.

LEGAL BASIS FOR PROCESSING

For both processing purposes, the legal basis is your explicit consent to personal data processing. (Art. 6.1.a GDPR)

CONSERVATION PERIOD OF PERSONAL DATA

For purpose 1, the Data Controller will conserve the personal data obtained for the duration of the Benetton Island initiative (until 31/12/21).

For purpose 2, the Data Controller will conserve the personal data obtained for 24 months from the date that marketing consent is given or from the date of the last interaction with the Data Controller (for example, the last opening of the email).

SUBJECTS AUTHORIZED FOR PROCESSING. EXISTENCE OF AUTOMATED DECISION PROCESSES

Data will be processed by internal resources in the Data Controller's offices, who will be adequately trained and who will work as authorized personal data processing staff by means of electronic and/or hard copy means. No automated decision processes are foreseen in said processing.

DATA RECIPIENTS AND SENDING TO THIRD COUNTRIES

For the purpose indicated in this policy, your personal data may be communicated to third parties which work in collaboration with the Data Controller in carrying out services, duly entrusted as officer or head of processing (for example, technological service providers). For all purposes indicated in the policy, your data may also be communicated abroad, within or outside the European Union, in compliance with the rights and guarantees provided for by current legislation and after verifying the adequacy of the level of protection guaranteed by the third country. The personal data processed will not be disclosed.

YOUR RIGHTS AS INTERESTED PARTY IN THE PROCESSING. COMPLAINT TO THE SUPERVISORY AUTHORITY

The rights of the interested party and methods for exercising them.

With regards to the aforementioned processing of personal data, you will be able to employ the following rights to conditions within the limits of art. 12 and 13 GDPR, using the template available at the link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 forwarding it to the email address info@benetton.com,

or,

if you deem it opportune, you may write to the Data Protection Officer at the email address above.

The enforceable rights are the following:

- Right of access (art. 15 GDPR; - Right of rectification of inaccurate data and integration of incomplete data (art. 16 GDPR);

- Right of deletion of personal data (art. 17 GDPR);

- Right to limited processing (art. 18 GDPR);

- Right to opposition of processing pursuant to art. 6, paragraph 1, letter e) or f) GDPR, including profiling (art. 21 GDPR);

- Right to complain to supervisory authority (art. 77 GDPR)

The interested party also has the right to complain to a specific supervisory authority, known as the guarantor for the protection of personal data (https://www.garanteprivacy.it).