Privacy Policy

Introduction and legal basis

This Privacy Policy, which can be downloaded by the User for storage purposes, is governed by EU Regulation 679/2016 on the Processing of Personal Data, in order to promote public awareness and understanding of the risks, rules, guarantees and rights in relation to data processing and to promote the awareness of data controllers and data processors of the obligations imposed on them by the Regulation.

Users are invited to visit this section periodically, in order to be updated on any regulatory changes.

Any change to this Privacy Policy will be reported with a banner on the Home Page.

Data Controller and Data Processor

The Data Controller is Chiara Ferragni Corporation, with registered office in via Melone, 2 - 20121 - Milan, in the person of its legal representative and pro tempore director.

The External Data Processor is: E- Collection S.r.l. VAT 07509310723 - with registered office in Via Giuseppe De Nittis, 15 - 76121 - Barletta (Bat), in the person of its Legal Representative and pro tempore Director, Bartolomeo Savino - e-mail:

Information on general risks

The Data Controller and the External Data Processor, in the persons specified above, shall inform the Users that, due to the particular nature of the means used, there is a general risk to breach the network safety, a risk that may lie outside the scope of the safety measures adopted pursuant to the regulations in force.

Therefore, the User is recommended to ensure that his/her navigation device has all the necessary requirements to ensure the safety of data transmission on the net.

Subject of the data collection and processing

  1. personal data provided by the User: data provided voluntarily and consciously as name, surname and e-mail address provided through registration;
  2. data obtained from the user's device: device manufacturer, device model, operating system, browser type, IP address;
  3. data obtained from social media: the User ID and/or username associated with a given social media service and the link to the User's profile when accessing or registering for the Site through a social media service (e.g. Facebook). Access to the service through social media services requires the communication of the data mentioned above. If the User does not wish to communicate the above information, he/she must use other means to access the application;
  4. geolocation: the position of the User's device, subject to the User's consent, which may be revoked at any time by the User.

With respect to the data collected through cookies, you are advised to review this cookie policy, which users should read carefully.

Purposes and methods of data collection and processing

Personal data is collected to allow users to register, activate the product authentication service, send users communications aimed at providing the Product Authentication Service and/or manage requests for information sent by users, comply with applicable laws or judicial proceedings, reply to requests from public and administrative authorities, carry out the activities necessary for the sale of businesses or branches of businesses, acquisitions, mergers, for the execution of the above mentioned operations, as well as to transmit data in order to allow the performance of investigations on products that are counterfeited or exchanged in violation of applicable laws, following the provision of the Product Authentication Service, to allow a limited profiling of preferences, characteristics, habits or consumer choices of Users for the performance of marketing activities focused on specific interests and needs of Users, with their prior consent.

In addition, the data is collected to allow Chiara Ferragni Collection to send newsletters and marketing communications by any means (including e-mail, SMS, telephone calls or directly by mail) related to its services (e.g. invitations to special events, launch of new features of the Product Authentication Service, promotion of new services); to communicate the User's personal data to send marketing communications, including customized communications based on the interests and needs of the User, with reference to products and services of third-party business partners, for investigative purposes following authentication.

Chiara Ferragni Collection also processes aggregate data for statistical purposes regarding the use of the Product Authentication Service.

Legal basis

The processing of personal data is based on contractual purposes. In this case, the data processing is mandatory, as it is necessary for the provision of the services requested, so if users do not agree on the use of their personal data for such purposes, hthey should not use the services and the application.

The processing also takes place in accordance with the legitimate interest of Chiara Ferragni Collection, its counterparts and partners for the realization of economic activities, within the scope and to the extent strictly necessary for the performance of these activities, in line with the interest of users.

The legitimate interest is also necessary to allow investigations into the authenticity of the products or to guarantee their compliance with the applicable laws, with reference to which the Service has been provided.

Finally, the legitimate interest in the processing of data is also found in carrying out a limited profiling activity, in order to send communications based on the interests and needs of users.

In all these cases, the data processing activities are not mandatory and users may object at any time, in the manner described below.

Marketing purposes are optional.

However, failure to provide consent for their implementation would make it impossible for Chiara Ferragni Collection and its Partners to send users general and/or personalized marketing and services/products communications of the Partners.

Users may revoke their consent to the processing of their personal data for Marketing Purposes, at any time, by sending the appropriate form, available for downloading on Chiara Ferragni Collection, to the e-mail address specified in this privacy policy.

Methods of giving consent. Active Consent.

Chiara Ferragni Collection does not use automatic or predefined boxes for the acquisition of consent to the processing of personal data by the data subject.

As required by EU legislation, users must express their consent in a clear, determined and informed manner by clicking on the "accept" button, only after having carefully read the text of the policy.

In this way, consent will be obtained for the processing and storage of personal data by the system.

In this way, consent will be obtained for the processing and storage of personal data by the system.

Once the user has consciously given his/her consent, carrying out the procedure guided by the system, assumes the responsibility of having read the policy, releasing the Data Controller from any responsibility.

Subjects to whom data is disclosed

Chiara Ferragni Collection shares the User's personal data, for the already mentioned purposes, with third-party service providers in charge of the processing activities and duly appointed as external data processors, e.g. providers of services instrumental to the Product Authentication Service or supporting services of other activities carried out through the application; subject to the express consent of the User, Chiara Ferragni Collection shares the User's personal data: - with any Partners, as independent Data Controllers, to allow them to send general or personalized marketing communications; - with the relevant authorities to support the investigations to ascertain the authenticity of the products or to ensure protection against unlawful or unauthorized use of the application, as well as to ensure compliance with Applicable Laws.

Chiara Ferragni Corporation has appointed, among others, E-Collection S.r.l. - VAT 07509310723 - with registered office in Via Giuseppe De Nittis, 15 - 76121 - Barletta (Bat), in the person of its director and pro tempore legal representative Savino Bartolomeo, as External Data Processor.

The data may also be communicated to persons appointed to carry out the activities necessary for the execution of the purposes pursued by the application and disseminated exclusively within that purpose.

This concerns personnel within the company, responsible for the execution of the service offered by the website.

Users' data may also be communicated to the following categories of third parties:

  • public authorities for the fulfilment of specific legal obligations;
  • administrative, judicial and tax authorities in the cases and within the limits provided for by law;
  • other entities controlled by and/or associated with the company, in the cases and within the limits provided for by law;
  • service providers or consultants for needs related to the management of the service.

In such cases, the data subject's consent to the disclosure of personal data is not required.

Methods of data processing

The User's personal data is processed by electronic means and other means, for the time strictly necessary to achieve the purposes for which it was collected.

In managing the data collected through Chiara Ferragni Collection, we take the most appropriate measures to prevent the loss, unlawful or incorrect use of data and unauthorized access.

In addition, we take actions to maintain the safety of personal information collected, including limiting the number of individuals who have physical access to our databases and installing electronic safety systems that protect against unauthorized access.

Methods of data transfer

In the course of the business, the user's personal data may be transferred to companies within or outside the European Union.

In this case, all appropriate measures will be taken to ensure that such transfer takes place in accordance with the provisions of Articles 45 and 46 of the Privacy Regulation.

In the event that the User wishes to receive further information about the existing guarantees and request a copy of them, he/she may contact us at the following e-mail address

Storage location

The data released by the User will be stored on OVH's servers (info on at the ROUBAIX Data Center (RBX2) - France (info on

Storage time of collected data

The data collected will be kept for the time necessary to carry out the activities and obligations for which they were collected. Subsequently they will be filed in the database mentioned above and will constitute the internal registry of the operator, or they will be deleted.

The internal registry can combine and classify the users' data associating them with the identification codes used for authentication.

User's rights

The data subject has the rights pursuant to Regulation 678/2016, including:

  • asking for confirmation of the existence of his/her personal data among the data collected by the company;
  • knowing the origin, the logic and the purposes of data processing;
  • obtaining data updating, rectification and integration;
  • requesting data cancellation, the right to be forgotten, data transformation into anonymous form or its blocking in the event of unlawful processing;
  • objecting to its processing for legitimate reasons or in case of use of data for sending advertising material, commercial information, market research, direct marketing and interactive commercial communication;
  • requesting the transfer of his/her data to third parties, where possible and necessary.

The exercise of these rights by the User takes place through direct contact with the External Data Processor, to whom the User may request to proceed to each of the above tasks, using the references mentioned in this information. Alternatively, the user can download the special form for the exercise of his/her rights from Chiara Ferragni Collection, which can be filled in and sent to the following e-mail address ____________.

Notification procedure

In case of violation of the rules on the protection of personal data or an event that causes the loss of such data by the Data Controller, Regulation 679/2016 requires the following procedure:

Data subject notification obligation

If the data subject is aware of the violation of his/her personal data, he/she must make an urgent communication to the Data Controller, using one or more of the contacts specified in point 2) of this policy. Within 72 hours, the Data Controller must notify the Data Protection Authority of the violation and the measures adopted to deal with the violation.

Notification by the Data Controller

The Data Controller who becomes aware of the violation from other control sources (DPO - Data Processor - Persons in charge of the processing), must notify the Data Protection Authority within 72 hours, specifying measures to deal with the violation, as well as the data subject.


The data subject may also lodge a complaint with the supervisory authority. For further information on the procedures, the User is urged to visit the website


A data subject who suffered damage caused by the loss, unauthorized dissemination or unlawful disclosure of his/her data may proceed to obtain damages before the appropriate authorities.

Relevant authorities

For notifications relating to the violation of personal data or damage suffered due to the violation, the Data Protection Authority is entitled to deal with them.


In the event of disputes concerning the interpretation of this document, the Court of the Consumers shall have jurisdiction pursuant to Legislative Decree 206/2005.