Welcome to the website www.goldengoose.com (the “Website”) that is owned by Golden Goose S.p.A. and is operated with the technical and operational support of Golden Goose USA Inc., a corporation having an address at 11 Broadway 368, New York, State of New York 10004, New York, USA, duly appointed as data processor for this purpose by Golden Goose S.p.A.

Please carefully read this Privacy Policy, which applies to the personal data we collect about users of the Website, purchasers of our products, subscribers to our marketing communications and others who interact or communicate with us. In this Privacy Policy, “personal data” includes “personal data” and “personally identifiable” information as defined under applicable privacy laws.

If you are a California resident, please see below, section 15. Additional information for California residents, for information about the categories of personal data we collect and disclose about you and your rights regarding this personal data under California privacy laws.

1. Data Controller

Pursuant to the European Regulation no. 2016/679 (the “GDPR”) Golden Goose S.p.A., with registered office at Via Privata Ercole Marelli 10, Milan, Italy (“GGDB”) is the data controller with respect to the personal data we collect about Website users, including browsing data, marketing and profiling data and data connected and correlated with sales made through the Website and the relative pre-sale and after sale activities.

2. Personal data collected and legal bases for processing

In general, we collect personal data directly from users, automatically related to users interactions with us or our Websites, and from third parties (such as social networks and advertising partners). The Website collects and processes different types of personal data for different purposes and with different methods. The information we collect includes:

(a) personal data concerning browsing or use of our Website, processed to allow for the proper functioning of the Website, as well as for marketing purposes. In this regard, please see the Cookie Policy present on the Website;

(b) personal data provided voluntarily by the user (email address, telephone number, personal details, password provided by completing the registration form) or otherwise provided while using the Website and/or through interaction with the customer care service made available by GGDB and processed to respond to user requests and offer the services, support and information requested concerning the products and the world of GGDB;

(c) the personal data provided by the user during product purchasing processes on the Website to complete transactions and for activities functional and instrumental to sales, as well as for all necessary pre-sale and after sale assistance;

(d) personal data, details and contact data, processed by GGDB - with your express consent - for marketing purposes, that is to send the user (through traditional instruments and through electronic instruments such as newsletters, emails, SMSs, MMSs and smart messages) information and updates on products, sales, promotional campaigns, events and other initiatives promoted by GGDB or by its commercial partners;

(e) personal data regarding purchases and any preferences expressed, processed by GGDB - with your express consent - in order to study consumption habits and choices, so as to bring the products, initiatives and individual commercial offers more into line with the tastes and needs of its customers;

(f) personal details and contact data communicated by GGDB - with your express consent - to third parties belonging to the Lifestyle and Fashion categories for their own marketing activities.

Pursuant to the GDPR, with the exception of browsing data, governed by the Cookie Policy, the processing of personal data is based on:

1. Our legitimate interests: the legitimate interest of GGDB in providing the Website services and responding to any customer requests, with reference to points (a) and (b).
2. Performance of our contract with you: fulfilment of the sale contract and the obligation to meet pre and post contractual obligations, for all activities pursuant to point (c).;
3. Your consent: any consent provided by the user for the purposes pursuant to points (d), (e) and (f).

3. Use of personal data

The purposes for which we may process personal data will vary depending upon the circumstances. In general, we use personal data for the purposes set forth below, and where GDPR or other relevant laws apply, we have set forth the legal bases for such processing in parenthesis (see above for further explanation of our legal bases):

• Operating Website and services and providing related support: to provide and operate the Website and services, communicate with you about your use of the Website and our services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes. (Legal bases: performance of our contract with you; and/or our legitimate interests)
• Responding to your requests: to respond to your inquiries and requests. (Legal basis: performance of our contract with you)
• Analyzing and improving the Website, our products and services, and our business: to better understand how users access and use the Website and our services, as well as other products and offerings, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes. (Legal basis: our legitimate interests)
• Personalizing your experiences: to tailor content we may send or display on the Website, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences. (Legal basis: our legitimate interests)
• Advertising and marketing: to promote COMPANY’s products and services on third-party websites, as well as for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. (Legal bases: our legitimate interests; and/or with your consent)
• Protecting our legal rights and preventing misuse: to protect the Website and our business operations; to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable terms of service and agreements.((Legal bases: our legitimate interests; and/or compliance with laws)
• Complying with legal obligations: : to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.(Legal bases: our legitimate interests; and/or compliance with laws)
• Related to our general business operations: to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions. (Legal bases: our legitimate interests; and/or compliance with laws)

Aggregate or Anonymous Data. We also create and use aggregate or anonymous data to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

4. Profiling

GGDB may collect, use and process the personal data of users in order understand preferences, interests and behavior, in order to improve our Website, products and services, as well as our offers and marketing. As a part of this, GGDB may process data relating to the value, frequency and type of purchases, (made through our Website and in brick-and-mortar GGDB stores), as well as user interactions and communications with GGDB and out Website and any other information that the user may voluntarily provide. For more information about our profiling activities, please contact us as set forth below.

GGDB may also process the personal data of the user, using automated means such as cookies, in order to collect and process browsing and usage information related to the use of our Website and to offer more relevant products and services and personalized ads.

5. Mandatory or optional nature of the provision of data

When we collect data directly from you, we will generally identify which data is mandatory and which is optional. With the exception of browsing data (the provision and collection of which is governed by the “Cookie Policy”), the provision to GGDB of personal data collected through the Website to respond to user requests and queries as well as for marketing purposes, to study consumer habits and preferences and for communication to third parties is optional.
You are not required to submit your personal data to us to merely use the Website, however it may make it impossible for GGDB to respond to requests for information and queries, or send informational materials, updates, newsletters and invitations to GGDB events. The provision of personal data, in particular personal details, email addresses, mailing addresses, telephone numbers and bank details (in the case of payments with credit cards) is necessary to conclude the product purchase contract through the Website. Therefore, if the data is not provided, you will not be able to register for an account with us, subscribe to receive our marketing communications, or make purchases through the Website.

6. Disclosure of personal data

We may disclose or permit the processing of personal data by:

• employees and advisors of GGDB, who will operate as authorised data processors for the internal organisation of company activities;
• our affiliate and subsidiary companies (members of our corporate “Group”), who carry out services on our behalf, including specific marketing activities (such as inviting the user to events, sending discounts, promotions, etc.); and
• vendors and service providers that perform services on our behalf in connection with the Website (logistics services, IT services, customer care service and marketing services).
• third parties who provide services related to fulfilment and payment processing (such as the credit institution for the execution of remote electronic payment services using a credit/debit card);

In addition, we may disclose personal data to under the following circumstances:

• in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.
• where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, to enforce our Terms and Conditions of Sale, to respond to claims asserted against us or, or as evidence in litigation in which we are involved.
• as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.

Aggregate, De-identified or Anonymous data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

7. Cookies and similar technologies

We and our third party service providers use “cookies,” pixels, java script, log files, and other mechanisms on the Website. For more detailed information about the use of cookies on the Website and how you can manage your cookie preferences, you can review our Cookie Policy found here.

Cookies. A “cookie” is a small text file that may be used, for example, to collect information about website activity. Some cookies allow us to make it easier for you to navigate the Website, while others are used to enable a faster log-in process or to allow us to track your activities while using the Website. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. See our Cookie Policy for more information.

Cl ear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our services to, among other things, track the activities users of our services, help us manage content, and compile statistics about usage of our services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-party analytics. We also use automated devices and applications, such as Google Analytics (more info here) to evaluate use of our Services. We use these tools to gather non-personal data about users to help us improve our Website and services, as well as user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on the Website with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Do-Not-Track signals. The Website does not respond to do-not-track signals. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy and as explained below.

For more information please see our Cookie Policy

8. Interest-based advertising

We work with third party ad networks, analytics companies, measurement services and others (“third party ad companies”) to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.

See our Cookie Policy for information on the third parties that we work with, and how you can opt out of ads from them. You many also use our cookie manager to opt-out of third party advertising cookies or manage your cookie preferences on our Website. For more information about third party ad networks and to opt out of interest-based ads from many ad networks go to:

EU: www.youronlinechoices.eu

U.S.: www.aboutads.info

9. International transfers of personal data

To the extent we transfer your personal data abroad, we will take steps to ensure that it receives adequate levels of protection and safeguards for the protection, in compliance with applicable laws and regulations. To allow for the processing of data for contractual and marketing purposes by the companies of the same Group, the data will be transferred to the relative countries (including countries outside the EU). To the extent required by the GDPR, GGDB has entered into Standard Contractual Clauses with the subsidiaries with registered offices in countries outside the EU, in compliance with national and supranational regulations on the protection of personal data. The personal data may be transferred to IT service providers with registered offices and data centres located in countries outside the EU. Please note that, also in this regard, GGDB has entered into the necessary Standard Contractual Clauses with its providers to protect the personal data transferred (after first verifying the security of the measures used by the providers as duly appointed data processors).

10. PRIVACY POLICY YOUR CO-CREATION EXPERIENCE ONLINE

Golden Goose S.p.A. will process your personal data (personal information and email address) to make it possible for you to make use of the footwear and bag customization service and to receive the customization video (the “online sneakers maker service”). The Legal basis of the processing lies in the performance of a service you have requested; The provision of your data for the online sneakers maker service is compulsory for the provision of the service. The data gathered shall be stored for the period of time strictly necessary for the purpose set forth above. The Data may be revealed to employees, consultants and suppliers of Golden Goose. The data may be transferred to third countries, in full compliance with applicable regulations, while guaranteeing adequate levels of protection and safeguards for the protection of such data. At any moment, you may exercise the rights recognized by privacy regulations, including the right to:

1) obtain information regarding the Data processed and the processing purposes and methods;
2) have the data rectified and updated; 3) object for legitimate reasons to data processing, as well as request the right to be forgotten and Data portability;
4) access your Personal data; have them erased or rectified or have their processing restricted, as well as object to their processing; have the data transmitted to another Data Controller;
5) submit a complaint to the competent Supervisory Authority.

Please recall that you may always contact our DPO at the address privacy@goldengoose.com to exercise the rights set forth above.

11. Period of retention of data

The personal data collected for sale purposes are stored for a period not exceeding 10 years from the purchase, in compliance with tax and civil regulations and without prejudice to particular requirements of defence in court that may require storage for a longer period of time. The data provided by the user to request support, information and responses are stored for the period of time required to provide the response requested and for any subsequent activity of additional communication with the customer necessary to fully manage the request and/or issue.

The personal data provided for marketing and profiling purposes are stored for the necessary period based on the specific processing and for up to a maximum of 7 years, also on the basis of the particular business sector (luxury products) and considering the interest displayed by the customer in receiving updates on products and events organised by GGDB.

For information about the period of storage and persistence of the cookies, please review the Cookie Policy.

We may retain personal data for longer than set forth above where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.

12. Your rights and choices

Pursuant to the GDPR, users have the right to make the following requests regarding their personal data processed and held by GGDB:

(i) confirmation as to whether or not personal data concerning them is being processed even if not yet recorded, and its communication in an intelligible form;

(ii) information concerning the origin of their personal data, the purposes and methods of processing the logic applied in the case of processing performed with the support of electronic instruments, the details of the data controller and data processors, an indication of the subjects and categories of subjects to whom the personal data may be reported or who may be informed thereof in their capacity as data processors or in any event parties authorised to process the data;

(iii) the updating, rectification or, where interested, the integration of the personal data;

(iv) the erasure, the transformation into anonymous form or the blocking of personal data processed against the law, including those for which storage is not necessary in relation to the aims for which the data were collected or subsequently processed, as well as certification of the fact that the operations mentioned above were brought to the awareness of those to whom the data were communicated, except for the case in which such action is impossible or implies use of means that are clearly disproportionate with respect to the protected right;

(v) the portability of their own data;

(vi) the restriction of the processing of their personal data.

Users also have the right to object all or in part, on legitimate grounds, to the processing of personal data concerning them, even if it is relevant to the purpose of the collection, and to revoke consent provided previously. The right to objection and the revocation of consent may also be exercised specifically, with respect to one or more methods of sending marketing communications.

The rights listed above may be exercised by contacting GGDB, by writing to privacy@goldengoose.com

Lastly, please recall that users always have the right to make a complaint to the Supervisory Authority (Autorità Garante per la protezione dei dati personali – Italian Regulatory Authority for the Protection of Personal Data).

If you are a California resident, please see section 15. Additional information for California residents below, for information about the categories of personal information we collect and disclose about you and your rights regarding this personal information under California privacy laws

13. Updates to this privacy policy

When changes are made to this Policy, GGDB will post a new version of this Policy here. If the changes will materially affect the way we use or disclose your personal data, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account or by posting a notice on the Website. We encourage you to periodically review this Policy for the latest information on our privacy practices.

14. Contact us

You may contact us regarding this Privacy Policy or your personal data held by us via:

Email: privacy@goldengoose.com

Phone:+1 3322444207

15. Additional information for California residents

In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under the CCPA.

Categories of personal data collected and disclosed. Below we set out generally the categories of personal information (as defined by the CCPA) about California residents that we collect, sell, and disclose to others for a business purpose. We collect these categories of personal information from the sources described above in section 2.Personal data collected and legal bases for processing, and for the purposes described above in section 3. Use of personal data. While the personal information we collect varies depending upon the circumstances and our interactions with you, we may collect and disclose for a business purpose the following categories of personal information (as set forth by the CCPA), subject to applicable legal requirements and restrictions:

• Identifiers: such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
• Customer records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, tax ID, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.
• Protected classifications: characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
• Commercial Information: including records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
• Internet or other electronic network activity Information: including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
• Geolocation data: precise geographic location information about a particular individual or device.
• Biometric information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, faceprint, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. (to the extent permitted and subject to applicable laws).
• Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings.
• Employment history: professional or employment-related information.
• Education information: education information and records.
• Inferences: drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

“Sales” of personal data. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information to third parties, in order to receive certain services or benefits from them, such as when we allow third party tags to collect information such as browsing history on our Websites, in order to improve and measure our ad campaigns. The CCPA defines a “sale” as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. The categories of personal information that we may “sell” as defined under the CCPA includes:

• Identifiers
• Internet or other electronic network activity Information
• Inferences

California Residents’ Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

• Do-not-sell: California residents have the right to opt-out of our sale of their personal information. If you are a California resident, you may submit an opt-out request here. We do not sell personal information about residents who we know are younger than 16 years old. To opt out of sales, go to [URL].
• Notice before collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
• Request to delete: California residents have the right to request, at no charge, deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law.
• Request to know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including:

o categories of personal information collected;

o categories of sources of personal information;

o business and/or commercial purposes for collecting and selling their personal information;

o categories of third parties/with whom we have disclosed or shared their personal information;

o categories of personal information that we have disclosed or shared with a third party for a business purpose; and

o categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents may make a Request to Know up to twice every 12 months, at no charge. We will respond to verifiable requests received from California residents as required by law.

• Discrimination and financial incentives: The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent. We do not offer any such incentives at this time.

Submitting Verifiable Requests. You may submit a request to know and a request to delete:

• Online at privacy@goldengoose.com
• By phone at +1 3322444207

We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth above in section 14. Contact us.