-
My Account
My Boggi Account
Login / Registration - Wish List
- Cart
-
- Language:
-
- Language
BBB S.p.A. (hereinafter “BBB”) recognises the importance of preserving the confidentiality, integrity and security of your non-public Personal Data (hereinafter “Personal Data”) and informs you that the Personal Data you provide through the Site www.boggi.com, (hereafter the “Site”), as well as any Personal Data provided to the points of sale of the companies controlled by the Sub-Holding or by the franchisees (hereafter, the “RSA Group”) which manage the points of sale with the use of the Brands: Boggi Milano, Boggi Factory Store, Boggi Milano BM39 (hereafter the “Brands”) will be processed in compliance with the applicable European privacy regulations, Regulation (EU) 2016/679 (hereafter, the “Regulation”) and the specific local regulations applicable from time to time for processing outside the European Union, as well as the general principles and rules of conduct contained in the Code of Ethics adopted by BBB.
The Personal Data Controllers are:
BBB S.p.A. based in Via Lancetti 28, 20100 Milan (Italy),
B939 SUB HOLDING S.P.A. based in Via Lancetti 28, 20100 Milan (Italy),
The responsibilities of Data Controllers for the fulfilment of the obligations established by the Regulation, as defined in Art. 26, were determined by an internal arrangement, available at your request.
I. Browsing Data
The computer systems and software procedures use to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified physical persons but, by its very nature could, through processing and association with data held by third parties, allow for users to be identified.
This category includes IP addresses (Internet Protocol, a numerical label that uniquely identifies a device called host, which may be a computer or a palmtop or a smartphone, etc., connected to a computer network that uses the Internet Protocol as its network protocol), or the domain names of the computers used by users connecting to the Site, the addresses in URI notation (Uniform Resource Identifier, as a sequence of characters that uniquely identifies a generic resource.) of the resources requested, the date and time of the request, the method used in forwarding the request to the server (high-performance computer that in a network provides a service to other connected computers, known as clients), the size of the file (container of digital information) obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc), the user's geographical location and other parameters relating to the user's operating system and computer environment. Localisation takes place in non-continuous mode when the user enables automatic location detection.
This data is used for the sole purpose of obtaining anonymous statistical information on use of the Site (frequency of access, length of stay, information on the articles displayed, moved to the shopping cart, or added to the wish list) and to check its correct functioning. For more information on the data that is acquired through cookie systems, please visit our Cookie Policy.
• Personal Data provided voluntarily (name, surname, email, telephone number, any other personal data included in the message or comments)
The collected Personal Data, depending on the purposes of the processing, may be: first name, last name, social security number, postal and country address, email address, password chosen by you to access your account, phone number, username instagram, date of birth, gender, signature, bluetooth mac address (unique address assigned to the network cards) of your electronic device (PDA, phone, etc.), a billing address and one or more mailing addresses, and the identification details of one or more of your credit cards.
| Purpose of the processing |
Legal basis | Data storage period | Nature of the provision |
|---|---|---|---|
| A) Browsing this website | Art. 6, paragraph 1, lett. f) GDPR and considering Art. 47 GDPR Legitimate interest in technical cookies Art. 6, paragraph 1, lett. a) GDPR Consent to non-technical cookies | See the Cookie policy | For technical cookies: activities strictly necessary to permit the functioning of the website and the provision of the browsing service. For non-technical cookies: optional and failure to give consent will not impact browsing on the website |
| B) Fulfilment of your request for information/contact | Art. 6, lett. f and Art. 47 of GDPR Legitimate interest | 1 year | Necessary to be able to respond to your request |
| C) Sending of unsolicited application | Art. 6, lett. b) GDPR Contract/pre-contract | 6 months | Necessary to be able to consider your application |
| D) Purchase of a gift card | Art. 6, lett. b) GDPR Contract | For the time strictly necessary to finalise the purchase. For administrative-accounting purposes, the Data Controller will keep track of the data for the further time required by lawadditional period envisaged by the law | Necessary to be able to process your order |
| E) Creation of a personal account and simultaneous subscription to the Boggi Privilege programme. By creating your account, you can also create and share your wish list. Subsequently, you can also proceed through your personal Facebook, Google+ and Linkedin accounts. By giving authorisation to proceed, the basic information of your profile as well as your email address will be collected through your social media accounts | Art. 6, lett. b) GDPR Contract | For the time strictly necessary to finalise the purchase. For administrative-accounting purposes, the Data Controller will keep track of the data for the further time required by law | Necessary to create your account |
| F) Product purchase for a non-registered user/Checkout as a guest | Art. 6, lett. b) GDPR Contract | The data will be stored for the time envisaged by the law for administrative-accounting purposes | Necessary to be able to process your purchase request |
| G) Returns | Art. 6, lett. b) GDPR Contract | For the time necessary to process your request. For administrative-accounting purposes, the Data Controller will keep track of the data for the further time required by law | Necessary to be able to proceed with your request |
| H) Check order | Art. 6, lett. b) GDPR Contract | For the time needed to process your request | Necessary to enable us to check your order |
| I) Made to Measure | Art. 6, lett. b) GDPR Contract | For the time needed to book an appointment at the store. | Necessary to be able to proceed with your request. |
| J) Live chat | Art. 6, lett. f and Art. 47 of GDPR Legitimate interest | For the time required to process your request and for the subsequent time required for the evaluation of the same chat. | Necessary to respond to your request. |
| K) Direct marketing (commercial and promotional correspondence, newsletters, messages, advertising material as well as catalogues and invitations to events through traditional and automated digital communication tools (e-mail, calls, chats, whatsapp and SMS,Instagram) | Art. 6, lett. a) GDPR Consent of the interested party | The data will be stored for the period for which you actively interact, meaning that you have purchased one or more products in the last three years from the sales outlets of the RSA group or you have accessed, over the same time period, your Boggi Privilege account (or until the consent is revoked, if earlier) | Optional |
| L) Profiling to create personalised content and offers, based on information relating to purchases you have made. | Art. 6, lett. a) GDPR Consent of the interested party | The data will be stored for the period for which you actively interact, meaning that you have purchased one or more products in the last three years from the sales outlets of the RSA group or you have accessed, over the same time period, your Boggi Privilege account (or until the consent is revoked, if earlier) | Optional, on condition that you have subscribed to the Boggi Privilege loyalty programme |
| M) Tell your friend | Art. 6, lett. b) GDPR, Pre-contract | The data of the parties to which BBB will send correspondence, will be cancelled within 6 months of the correspondence being sent if the Interested Party has not subscribed to the Boggi Privilege programme. | The data becomes mandatory only at the time of subscription to the Boggi Privilege programme. |
| N) Abandoned cart reminder | Art. 6, lett.b) and lett. f) and recital 47 GDPR Legitimate interest | For the time necessary to send you reminder e-mails regarding your abandoned cart. | The data becomes mandatory only at the moment of subscription to Boggi Privilege. |
| O) Detection of fraud related to payments | Art. 6, lett. b) and lett. f) GDPR Contract / Legitimate interest | For administrative-accounting purposes, the data will be kept for the time required as by law.The documents requested during the audit will not be retained. | Necessary to enable you to fulfil your request. |
| P) Management of requests regarding the protection of personal data and requests from other interested parties, pursuant to Articles 15 et seq. of the GDPR (rights of the data subject) | Legal obligations, pursuant to Article 6, paragraph 1, point c) of the GDPR | 5 years from the closure of the request, barring disputes | Mandatory as it is essential for compliance with legal obligations |
| Q) Fulfilment of legal obligations or provisions issued by competent Authorities (e.g., the Italian Competition Authority – AGCM, the Judicial Authority, the Italian Data Protection Authority, etc.). This includes, for example, sending communications or vouchers necessary to comply with decisions or commitments imposed by said Authorities. | Processing is necessary to comply with legal obligations or to execute provisions issued by the competent Authorities. Article 6, paragraph 1, point c) of the GDPR. | The data will be retained for the time necessary to comply with the provisions issued by the competent Authority or to fulfil any imposed obligations, and in any case, for the period established by the applicable legislation regarding limitation periods or legal disputes. | Provision is mandatory, as it is essential to comply with the provisions issued by the Authorities or any legal obligations. |
| R) Sending service communications strictly related to the execution of a contract, which are therefore necessary for managing the relationship with the data subject. | Processing is necessary for the performance of a contract to which the data subject is party. Article 6, paragraph 1, point b) of the GDPR. | The data will be processed for the duration of the contractual relationship and for the time necessary to fulfil the obligations related to the execution of the contract. | Provision is mandatory, as it is essential for the execution of the contract and to comply with the provisions issued by the Authorities or any legal obligations. |
The Personal Data will be processed using paper, IT and electronic tools, according to logics strictly related to the purposes indicated above, for the time strictly necessary to pursue the purposes for which they were collected, in respect of the principle of necessity and proportionality, avoiding processing Personal Data if the operations could be performed using anonymous data or by other methods. All measures deemed necessary and/or opportune to ensure that the same are processed lawfully, correctly and transparently in relation to you, and to prevent the loss, even accidental, as well as unauthorised access, will be implemented.
In particular, Personal Data processed for profiling and marketing purposes will be entered and stored in the CRM (Customer Relationship Management) system at servers located at RSA Group companies.
If you use functions and services that envisage the processing of the personal date of third parties that you have voluntarily provided, as in the case of the activation and sending of e-Gift Cards or the management of the request for the same, you are obliged to inform them of the purposes and the procedures used to process their personal data by us.
In order to fulfil the processing purposes indicated above, your data will be processed by BBB's internal personnel authorised to process for this purpose, as part of the conduct of the assigned working duties, designated as processing officers, and by companies contractually related to the Joint Controllers. More specifically, they can be communicated to subjects belonging to the following categories: - subjects that provide services for the management of the website, the communication networks and the information system used by the Joint Controllers; - professional firms or Companies with an assistance or advisory role; - companies that manage marketing and communication activities (e.g. service providers, digital agencies); - of the Holding and of RSA Group companies; - competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, on request. Note that to prevent fraud, the supplier of the e-commerce platform and the company tasked with anti-fraud control, check that your Personal data is not associated with the illegal use of a credit card or excessive credit card debt. The Joint Controllers do not, however, collect information relating to the payment methods that you intend to use. In this regard, note that, in the event of problems relating to the means of payment, the Interest Party will be contacted by authorised BBB personnel with a view to proceeding with a different payment instrument. Only if this is not possible, you will be requested to send an identity document and a selfie for the sole purpose of a security control - also in your own interests - documents which will then be eliminated. The subjects belonging to the above-mentioned categories perform the function of Data Processor, or who operate in full autonomy as separate Data Controllers. A list of the appointed processors is available by contacting the Joint Data Controllers and the Data Protection Officer at the following e-mail address: privacy@boggi.com
Your Personal Data shall not be used for promotional purposes of third parties or for products, services or initiatives not originating from the RSA Group and shall in no case be disclosed to unspecified persons.
The data will be transferred outside of the European Union. More specifically, for the website and for the CRM Salesforce used. Note that in both cases, the transfer is guaranteed by the provisions of Art. 46 of EU Regulation 2016/679 - transfer to subject with adequate guarantees.
You are entitled, at any time, to exercise the following rights towards the Data Controller:
Any request relating to your Personal Data referred to in this notice and for the exercise of your rights may contact, free of charge, the Data Controller or the Data Protection Officer (DPO), at the addresses indicated in paragraph 1.
The controllers reserves the right to amend this Privacy Policy at any time by publishing it on the Site. The version published on the Site is the one currently in force
Latest update: 15.11.2025