PRIVACY NOTICE - Art. 13 Regulation EU 679/2016

Gianni Versace S.r.l. (hereafter, also, “Company”), as Data Controller, informs your company and its personnel (hereafter, “Data Subjects”), pursuant to the Art. 13 of the European Regulation 679/2016 concerning the protection of personal data (hereafter, "Regulation"), and, where applicable, to the national legislation including the individual provisions of the Supervisory Authority (Authority for the protection of personal data), that the personal data you provide to the Company entering into the contractual relationship and in the context of the negotiations with Gianni Versace S.r.l., will be processed in compliance with the applicable legislative and contractual provisions, for the purposes and methods of the processing, indicated below.


“Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Personal data” means any information relating to an identified or identifiable natural person or sole proprietorship ('data subjects', in this case, refers to the supplier/consultant and its personnel); an identifiable natural person or sole proprietorship is one who can be identified, directly or indirectly, in particular by reference to other information such as a personal identification number, an online identifier. etc..

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (in this case, the Company).


The Data Controller is Gianni Versace S.r.l., with registered office in Piazza Einaudi 4, Milan, in the person of its Legal Representative in charge.


Pursuant to Article 37 GDPR, the Data Controller has designated the Data Protection Officer, (hereinafter only "DPO"), who can be reached at the following address:


The Company processes Data Subjects’ personal data provided in the context of pre-contractual and contractual relationships, for the following purposes:

  • to perform negotiations and pre-contractual relationships between the supplier/ consultant and the Company;
  • to define and perform contractual terms and conditions, execute the agreement obligations, manage the services requested, bill the performance and manage administrative and accounting activities;
  • for compliance with a legal obligation, according to the national and European legislation and to safeguard Company’s rights in Court.

Providing data in order to follow the above purposes is strictly necessary and any refusal will prevent the Company from fulfilling the undertaken contractual commitments as well as performing the legal obligations.


Personal data shall be processed, by the Company and its Authorized Persons, using both electronic and non-electronic systems. Personal data will be processed fairly, lawfully and transparently, in accordance with the Regulation, also ensuring the confidentiality of the Data Subjects’ information and their rights through the adoption of suitable technical and organizational security measures information to guarantee an appropriate level of security. Specific security measures are adopted to prevent data loss, illicit or incorrect use and unauthorized access.


Personal data shall be processed and stored, during the contractual relationship, for as long as required to fulfil the purposes for which it was collected. Personal data may be retained for longer periods for compliance with legal obligations, including civil, tax and accounting requirements. The data, in compliance with the aforementioned regulations, will be kept for 10 years plus 1 from the execution date of the document.


The legal basis of personal data processing is the performance of a contract between the supplier/consultant and the Company as well as the compliance with legal obligations.


The processing of Data Subjects’ personal data is carried out by internal subjects of the Company appointed for this purpose as Data Managers or Authorized Persons to process the personal data.

Personal data will be disclosed to third parties for the execution of the contractual relationship with the Company, appointed as external Data Processors, as well as independent Data Controllers and for the fulfilment of regulatory obligations.

In particular, Data Subjects’ personal data will be disclosed to:

  1. subjects, companies or professional firms, which provide assistance, consultancy or collaboration to the Company in accounting, administrative, legal, tax and financial activities;
  2. subjects delegated and/or authorized to process personal data by the Company, for the performance of the activities or part of the activities related to the fulfilment of the contractual services;
  3. Public entities to whom the data must be provided to comply with legal obligations, any Authority that would legitimately request it, Public Administrations for the performance of the institutional functions within the limits established by law or regulations.

Some of the subjects to whom the data are disclosed, could be established in countries outside the European Union ("EU"). In some cases, the third countries are deemed appropriate based on a decision by the European Commission; in other cases, the Company ensures the existence of adequate guarantees for the transfer on the basis of contractual clauses between the Company and the recipient of personal data in the third country. A copy of these documents is available at the registered office of the Company. In any case, the Company undertakes to guarantee adequate levels of protection according to the applicable rules, including the provision of technical and organizational security measures.


About processing of personal data, the Data Subject can exercise the rights of the Regulation (Art. 15-21), including:

  • to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (right of access)
  • to update, amend and/or rectify inaccurate personal data concerning him or her (right to rectification);
  • to obtain from the Data Controller the deletion or restriction of processing of personal data concerning him or her when it violates the law, including when the personal data are no longer necessary, in relation to the purposes for which they were collected or otherwise processed (right to be forgotten and right to restriction of processing);
  • to object to processing of personal data (right to object)
  • to receive an electronic copy of data regarding and ask that said data be transmitted to another data controller (right of data portability).
  • to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • to lodge a complaint with the Supervisory Authority in case of violation of Data protection law.

Data subjects can ask to exercise their rights by email to or by postal mail to the Company Gianni Versace S.r.l., Piazza Einaudi 4, 20124 Milan, Italy


The eventual entry into force of new sector regulations, as well as the potential update of the services, could entail the need to modify the methods of processing the Data Subjects’ personal data. It is therefore possible that this privacy notice may be subject to changes over time. Such changes will be communicated to the Data Subjects using the supplier/consultant’s contact details.

Update on March 17th, 2023