Privacy Information

This Global Privacy Policy (the "Policy") describes how Bikinilista, a company with its registered office in Milano, Italy, and/or its affiliates ("bkn"), each in its capacity as a controller, process personal information about its customers and potential customers in order to provide you with the best possible service.

Bikinilista and/or your respective local bkn company (hereinafter "we", "our" or "us") collects, stores, processes, uses and discloses personal information about you as described in this Policy, in connection with your use of bkn's websites and apps, your use of our "Connected Products" (if any) or social media pages in your country or region.

1. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?

For the purposes described in this Policy, bkn may collect the following categories of personal information:

(a) identification data and contact information (such as name, address, telephone number or email address) if you provide it, for example, when creating an online account or participating in an event or making a purchase, or identity data necessary for a sales tax refund request.

b) Payment information: for example, credit card information, account numbers, PayPal account information, or other payment information that you must provide in order to receive products or services ordered from us.

c) Demographic information such as your gender and birthday.

d) Your voice when you call bkn customer service, as the call may be recorded.

e) Preferences and interests that you share with us as part of your privileged contacts or encounters with our customer service representatives (this may include your preferences regarding our collections or other luxury brands, your clothing size, your lifestyle, or basic information about your family environment).

f) Information relating to possible adverse effects of our cosmetic products, which may be health data.

g) Information that you post or submit publicly, on our social networks or on our websites, for example for product reviews.

h) Informationen über Ihre Online-Einkäufe und Einkäufe in Geschäften. Diese können die von Ihnen gekauften Produkte und deren Preise umfassen.

i) When you use our websites, we may collect information about the browser you use and your browsing behavior.

j) If you use our mobile app, we may collect your GPS location where necessary subject to your consent. We may also track how often you use the app and where you downloaded it. We may collect information about the browser you use and your browsing behavior.

k) When you use our Connected Products, we may collect information about your use of those products (for example, about which features of our products you use most or battery level information), as well as geographic data, to the extent necessary to provide you with the service you request.

l) To the extent necessary for the purposes defined herein, we may also collect information posted on third-party websites or social networks about bkn products and services.

Your personal information is either provided directly by you (e.g., when you create an account on one of our websites / through one of our apps, make a purchase, or otherwise contact our bkn customer service) or passively provided by you (e.g., through use of tracking tools such as browser cookies) or collected from third parties (e.g., through social networks).

If you choose not to provide us with personal information when requested to do so for the performance of a contract or as required by law, you will not be able to receive the products or services you ordered or register on our websites, for our apps or in other media.

2. HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the information described above for the purposes set forth in this Policy at the time of collection or as follows:

a) To improve our understanding of your interests and concerns and your use of our products: We may use your information to optimize our websites, apps and products/services. We may use your information to better tailor your experience with us and tailor our marketing to your needs and interests, as we believe it is also in our legitimate interest to better serve you and respond to your needs (Article 6, 1, f, GDPR).

b) To provide our Connected Services, process an order from you, handle your inquiries or answer your questions, and for complaint management: for example, we use your information to process your order and deliver your products. We may also use your information to send you requested information or to communicate with you about your account or our business relationships. We may contact you regarding changes to the website or service updates. We may also contact you regarding feedback, this policy or terms of use for websites. In this case, your information will be processed for the performance of the contract that exists between you and us (Article 6, 1, b GDPR). If you call bkn customer service and we record the phone call, this will only be done with your consent.

c) For security purposes: We may use information to protect our company, our customers, our partners, and our websites or apps against fraud, theft, or any misconduct that could affect our business, as it is our legitimate interest to ensure the security of our online and offline business operations (Article 6, 1, f, GDPR).

d) To manage potential adverse effects of our cosmetic products in accordance with our legal obligations as a cosmetics manufacturer (Article 6, 1, c, GDPR).

e) For anti-counterfeiting and combating illegal distribution channels for bkn products that violate bkn's General Terms and Conditions of Sale and bkn's selective distribution network (in particular by monitoring the quantity of products purchased and the frequency of product purchases), as it is our legitimate interest to protect ourselves against online counterfeiting and to secure our distribution network (Article 6, 1, f, GDPR).

f) For marketing purposes: We may use your information to contact you, as necessary subject to your consent, about new products and special offers that we think may be of interest to you (Article 6, 1, a, GDPR).

g) For analysis purposes: We may use your information to analyze the online reputation of bkn or our products and to evaluate the effectiveness of our online or offline campaigns or events, as it is our legitimate interest to maintain the image of bkn and to optimize our marketing campaigns (Article 6, 1, f, GDPR).

h) Other purposes: we use information to maintain transaction records and other business records for legal, administrative and audit purposes. We also use information to comply with legal, insurance and processing requirements (Article 6, 1, c, GDPR).

3. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

We do not disclose or otherwise share the personal information we collect about you except

a) With our parent company and affiliates within the Bikinilista group of companies: only authorized employees, and only to the extent necessary for their duties, have access to the information for the purposes of internal audits, billing or administration, and to provide you with the same level of service worldwide.

b) Service providers and agents who perform services on our behalf: For example, we share information with vendors who send email on our behalf. We may also share personal information with service providers who assist us in operating our website.

c) With banks and other online payment service providers.

d) Our business partners - subject to your consent: For example, we share information with third parties who co-sponsor an event or promotion with us.

e) Third parties - in the context of business restructuring or reorganization (including dissolution or liquidation): This includes a merger of all or part of our business and the transfer, assignment or sale of assets.

f) If we are required to do so to comply with applicable law, to comply with a court order, or generally to respond to a request from a competent authority.

4. TRACKING TOOLS AND USE OF COOKIES

We may collect certain information using cookies, web beacons and other automated methods. A cookie is a text file that is stored in a separate designated area on your device's hard drive, for example, when you visit online services, read emails, or install or use a mobile app. A cookie allows its sender to identify the device on which it is stored during the validity period of a given consent, not exceeding the period of 13 months.

What types of cookies do we use?

a) Some cookies may be functional cookies used to collect information that allows us to facilitate your browsing experience, for example, by setting your language preferences, storing logins, or storing the contents of your shopping cart or wish list.

b) Other cookies collect information about your behavior by collecting so-called referrer URLs (where our visitors come from, which banners they clicked on and which led them to our website), pages viewed, times of visits to websites. This information allows us to improve our websites and apps, get a better understanding of the products and services you prefer, and offer you personalized messages and/or personalized content on our website or in our apps.

c) We may also use cookies for web analytics to measure website activity and identify the areas of the websites that are most visited. In this way, we improve the visibility of our content.

d) We use cookies to ensure the security of online transactions/purchases via device fingerprinting, which allows us to identify certain characteristics of the device used to place an order.

e) Our websites or apps may contain third party cookies (delivered by advertisers, analytics service providers, etc.) that allow them to collect information about browsing on your devices, including measuring the effectiveness of our advertising campaigns on third party websites. Third-party cookies are subject to the privacy policies of said third parties. We hereby inform you about the purpose of these cookies and how you can manage them, to the extent we have knowledge of them.

f) We may offer the possibility on our website or in our apps to share content with third parties or to inform other people that you have visited our website. This is the case, for example, with "Like" and "Share" functions of social networks (Facebook, Twitter, etc.).

Social networks that offer these functions can identify you even if you do not use these functions on our website. In fact, these features allow social networks to track information about your browsing behavior on our website whenever your social network account is activated while browsing our website.

We cannot control how these platforms collect your personal information while you are browsing our website. We encourage you to read the privacy policies of these social networks to learn how they use information collected through the buttons (including for advertising purposes). The privacy policy should provide you with information on how to manage your settings in your account of a social network.

Except in the case of functional and security cookies, the use of cookies on a device depends on the user's choice, which can be freely made and changed at any time.

You can manage cookies either here or by setting your browser to accept or reject cookies on your device, either for all cookies equally or cookie by cookie. The settings you make may change your browsing performance and sometimes your ability to access certain services that require the use of cookies.

This is the case when we or one of our business partners can no longer tell what type of browser your device is using, for example, regarding language, display settings or connection country or region. We are not liable for reduced access to our services resulting from your prior deletion or refusal of cookies.

How do you manage cookie settings in your browser?

Each browser has its own cookie management system, which is described in the "Help" menu item of your browser, where you can find all the necessary information on how to make settings.

Microsoft Internet Explorer 8.0 and younger:
1. go to "Internet Options" in the "Tools" menu.
2. click on "Privacy
3. select your desired privacy level

Mozilla Firefox:
1. go to the menu button and then "Settings".
2. click on "Privacy & Security".
3. select your desired cookie option under "Chronicle" and "create according to custom settings"

Opera:
1. go to the menu button and then "Settings".
2. click on "Privacy & Security".
3. select your desired option

Android-Browser:
1. click on the button on the top right
2. go to "Settings" and then to "Privacy & Security"
3. select your desired option

Android-Dolphin-Browser:
1. go to "More" in the menu and then "Settings".
2. select "Privacy & Security Settings".
3. from the "Cookies" menu, select your desired option

Safari (iOS):
1. go to the "Safari" menu and then "Preferences".
2. under "Privacy" go to "Allow cookies"
3. select your desired option

Google Chrome:
1. click the Chrome menu in the browser toolbar.
2. select "Settings" and then click "Show advanced settings". 3. click "Privacy" button.
3. under "Privacy", click the "Content Settings" button
4. In the "Cookies" section, you can change the settings for cookies.

If you share your device with other people and different browsers are used on the device, we cannot guarantee that personalized services and advertisements designed for your personal use of the device (if personalized services and advertisements are present) will match your own use and not that of another person.

5. TRANSFER OF YOUR PERSONAL INFORMATION

Information we collect about you may be transferred to, and stored and processed in, countries/regions where a bkn company is located to ensure that you benefit from better service at all of our locations and for the purposes defined in this Policy.

We may also transfer your personal information to service providers involved in maintaining our websites, apps or social networks or other tools for processing information about our customers or potential customers.

Some recipients are located in third countries or regions that do not have the same level of data protection as the EU country where you provided your information.

When we transfer your information, we will protect it by entering into data transfer agreements with the recipients based on the European Commission's standard data protection clauses (as amended from time to time or, where necessary, supplemented by additional measures) or other transfer mechanisms that may apply in the future, thereby ensuring adequate protection when transferring your personal information to recipients in those countries/regions (Article 46, GDPR).

Upon request, we will provide you with a list of the relevant third countries or regions and a copy of these safeguards.

6. RETENTION PERIOD

Your personal information will be kept in a form that permits your identification for no longer than is reasonably considered necessary by bkn to achieve the purposes for which it is collected or processed or as specified by retention periods in applicable laws (Article, 13, 2, a, GDPR). The retention period for your personal data collected by us is determined by the purpose of the data processing based on the following criteria:

Data collected for the specific purposes defined in Article 2 will be retained only as follows:

• For three (3) years from the last contact if you are a potential customer (i.e. you have not made a purchase from us but are interested in bkn).

• For the period of your business relationship with bkn and 10 years beyond if you are a customer (i.e. you have purchased our products or used our services).

Your personal data will then be archived for use: In the event of a dispute or litigation, for the period of the statute of limitations applicable to the relevant purpose; if legal proceedings are initiated, the personal information may be retained until the end of those proceedings, including any appeal periods, after which it will be deleted or archived to the extent permitted by applicable law.

Your personal information will then be anonymized or deleted.

7. YOUR RIGHTS

You may request information about the personal information we process about you. If you request such information, we will provide you with all information required by law regarding the purposes of processing, categories of personal data processed, categories of recipients, data retention periods, etc. (Article 15 GDPR).

You may also obtain a copy of the personal information we hold about you in our records, in a compatible and structured format that allows you to exercise your right to data portability if the processing is based on your consent or on the performance of a contract between you and us (Article 15, 3°, GDPR).

Furthermore, you may request that we correct, amend or delete information that is incomplete, out of date or inaccurate (Articles 16 and 17, GDPR).

You may request the deletion of your personal information if (i) your personal information is no longer necessary for the purpose of the data processing, (ii) you have withdrawn your consent to the data processing based solely on that consent, (iii) you have objected to the data processing, (iv) the processing of the personal information is unlawful, (v) the deletion of the personal information is necessary for compliance with a legal obligation applicable to bkn. bkn will take reasonable measures to inform the other companies in the bkn group of companies of this erasure (Article 17 GDPR).

You may request the restriction of processing (i) if you dispute the accuracy of your personal information to allow bkn to verify the accuracy first, (ii) if you wish to restrict the use of your personal information instead of erasing it even though the processing is unlawful, (iii) if you want bkn to retain your personal information because you need it to defend legal claims, (iv) if you have objected to the processing but bkn is considering whether there are legitimate grounds for processing that override your rights (Article 18 GDPR).

You also have the right to lodge a complaint with the competent supervisory authority (Articles 77 and 78 GDPR).

Our data protection officer can be reached at personaldata@bikinilista.com. If the processing of your information is based on your consent (e.g., if you consent to receive marketing materials), you may withdraw consents you have given us at any time without affecting the lawfulness of the processing carried out on the basis of your consent until withdrawal (Article 17, 1, b, GDPR).

If your information is processed to protect our legitimate interests, you may object to such processing if your interests and freedom override our legitimate interest (Article 21, GDPR).

To exercise these rights, please contact us at personaldata@bikinilista.com and we will get back to you as soon as possible.

8. PROTECTION OF YOUR PERSONAL INFORMATION

We will provide an adequate level of protection for personal information and ensure that appropriate technical and organizational security measures (including training and education of relevant employees) are in place to protect personal information against destruction, loss or alteration, whether accidental or unlawful, unauthorized disclosure or access, and against all other unlawful forms of processing.

Nevertheless, because the Internet is not completely secure, we cannot guarantee that your personal information stored or sent to us will be completely safe. We ask you to be careful when using the Internet to access our websites, apps or social networks.

9. CHILDREN

Our websites and apps are not directed at children. We do not knowingly collect personal information from children without the consent of their parents or guardians, except as permitted by law.

You must be at least sixteen years old to provide us with your personal information and eighteen years old to participate in transactions on our websites or apps. By transacting with us, you certify that you are at least eighteen years of age, have full legal capacity, and are legally bound by such transactions.

If we are notified (via a contact in the "Contact Us" section) or become aware that a minor has submitted personal information to us through our media or otherwise, we will delete such personal information.

10. THIRD PARTY WEBSITES

We may link to third-party websites or services that we do not control and that are subject to their own privacy policies. This Policy does not apply to those third party websites. We strongly encourage you to review the privacy policies of any third-party websites you visit to learn how they treat your personal information.

11. CHANGES TO THIS POLICY

Our policy may change from time to time to reflect changes in our processing of your personal information. As required by law, we will notify you of any material changes. We will post an updated version on the website.

12.CONTACT US

If you would like us to update the information we have about you or your preferences, or if you have any questions about how we protect your personal information, please contact us by email at: personaldata@bikinilista.com.