Privacy and Cookie Policy
PRIVACY and COOKIE POLICY
Information document pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR) and Article 19 of the LPD
Your privacy and the security of your personal data are very important to Roberto Cavalli. That is why we adopt specific measures to protect your security when we collect and manage your personal data.
Below, you will find the main information on how your personal data is processed when you visit the Roberto Cavalli website (the “Site”) and use the services offered. Furthermore, we invite you to read the terms and conditions of use of the Site.
Some services may be subject to specific legal terms, in which case we will provide you with all the appropriate information from time to time.
In accordance with applicable privacy laws, including EU Regulation no. 2016/679 (hereinafter also “GDPR”), the Federal Swiss Law on Data Protection (hereinafter also “LPD”) and other applicable regulations in your jurisdiction (“National Data Protection Laws”), this Privacy Policy explains how Roberto Cavalli SpA, Auriel Investment SA, The Level Srl process personal information while you use the website, how they use this personal information, with whom they share your personal information and your choices.
Why this information?
We invite you to read the following information that will allow you to acquire all the information required by art. 13 of the GDPR and art. 19 of the LPD relating to the types and methods of processing indicated below and connected with the purchase of a product.
Browsing data
This category of data includes IP addresses or domain names of computers, URI/URL addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. For more information on the data that is acquired through cookie systems, visit our Cookie Policy.
Processable personal data
Personal data : any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Browsing data : the computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Data communicated voluntarily : the optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the completion of data collection forms entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered.
Information about the processing of personal data carried out through Social Media platforms
Regarding the processing of personal data carried out through Social Media platforms used by the Data Controller, please refer to the information provided by each Social Media Platform and their respective privacy policies. The Data Controller processes the personal data provided by users through the pages of the dedicated Social Media platforms, to manage interactions with users (comments, public posts, etc.) and in compliance with current legislation.
JOINT DATA CONTROLLERS and DATA PROTECTION OFFICER
The joint data controllers pursuant to art.26 EU Reg. 2016/679 and art.5 LPD are:
Roberto Cavalli SpA , with registered office in Via Giuseppe Mengoni 4 in the person of its Legal Representative pro-tempore, who you can contact for any information by e-mail at the address: privacy@robertocavalli.com.
Roberto Cavalli SpA has appointed its Data Protection Officer (hereinafter also “DPO”) pursuant to articles 37, 38 and 39 of the GDPR. The DPO can be contacted at the Data Controller’s office indicated above and by email at the address: dpo@robertocavalli.com.
Auriel Investment SA with registered office in Viale Giuseppe Cattori 11, 6900 Paradiso, Switzerland, in the person of its Legal Representative pro- tempore.
Auriel Investment SA has appointed its own Data Protection Consultant/ Data Protection Officer (hereinafter also “DPO”) pursuant to art. 10 of the LPD and 23 of the OPDa (Ordinance relating to the LPD). The DPO can be contacted at the headquarters of the Data Controller indicated above and by e-mail at the address: cpd@aurielinvestment.ch.
The Level Srl with registered office in Piazza Arcole 4, Milan (MI) in the person of its Legal Representative pro-tempore, who you can contact for any information by e-mail at the address: privacy@thelevelgroup.com.
The Level Srl has appointed its Data Protection Officer (hereinafter also “DPO”) pursuant to articles 37, 38 and 39 of the GDPR. The DPO can be contacted at the Data Controller’s headquarters indicated above and by email at the address: dpo@thelevelgroup.com .
The following purposes are pursued by Roberto Cavalli SpA in joint ownership with Auriel Investment SA :
A) Browsing the robertocavalli.com website
PURPOSE OF THE PROCESSING:
The data necessary for the use of web services are also processed for the purpose of: obtaining statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.); checking the correct functioning of the services offered. The data will be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
LEGAL BASIS:
Legitimate interest of the data controller (technical cookies)
Art. 6 par. 1 lett. f) GDPR
Justifying reason
art. 31 para. 2 lett. a) LPD
Consent (non-technical cookies)
art. 6 par. 1 lett. a) GDPR & art. 6 para.
6, 7 LPD art. 31 para. 1 LPD
RETENTION PERIOD:
See cookie policy
NATURE OF THE PROVISION:
For technical cookies, the provision of information is necessary. For non-technical cookies, the provision is optional and failure to provide consent will not affect navigation on the site.
B) Creating an account and managing the reserved area
PURPOSE OF THE PROCESSING:
Creating an account will allow you to save your contact information, payment methods, keep your purchase history, book returns collection, track shipments, and modify consents previously provided to profiled commercial communications.
LEGAL BASIS:
Contract art. 6 par. 1 lett. b) GDPR & art. 31 para. letter a) LPD
RETENTION PERIOD:
For the entire duration of the account validity.
NATURE OF THE PROVISION:
Some of the information is required to create your account; some is optional.
C) Management of orders and returns of products purchased on the robertocavalli.com website
LEGAL BASIS:
Contract art. 6 par. 1 lett. b) GDPR & art. 31 para. a) LPD
RETENTION PERIOD:
The information is retained for the time necessary to process it.
NATURE OF THE PROVISION:
Your email address and order ID are required to process your request.
D) Request for information and customer assistance through the contact form
LEGAL BASIS:
Contract art. 6 par. 1 lett. b) GDPR & art. 31 para. a) LPD
RETENTION PERIOD:
Up to 12 months
NATURE OF THE PROVISION:
Providing information is necessary to process the request.
E) Personal shopper
PURPOSE OF THE PROCESSING:
To be contacted by a personal shopper and have the possibility of receiving help or style advice.
LEGAL BASIS:
Contract art. 6 par. 1 lett. b) GDPR & art. 31 para. a) LPD
RETENTION PERIOD:
The data and information contained will be retained for the time strictly necessary to process the request.
NATURE OF THE PROVISION:
Providing information is necessary to process the request.
F) Direct marketing within the limits of soft spam
PURPOSE OF THE PROCESSING:
Through the email coordinates provided by the interested party and in context of the sale of a product or services similar to those in the previous sale.
LEGAL BASIS:
Legitimate interest of the data controller Art. 6 par. 1 lett. f) GDPR
RETENTION PERIOD:
Until opt-out
NATURE OF THE PROVISION:
The provision is necessary. You may object to the processing initially or in subsequent communications.
G) Receiving profiled commercial communications through E-mail, telephone, instant messaging, paper mail
PURPOSE OF THE PROCESSING:
We inform you that profiling is carried out taking into account the purchases you have made and the products included in the wishlist.
LEGAL BASIS:
Consent art. 6 par. 1 lett. a) GDPR & art. 6 chap. 6, 7 LPD
RETENTION PERIOD:
Up to 5 years from the last purchase or from the date of registration if no purchase has ever been made or until opposition (opt-out), whichever is earlier.
NATURE OF THE PROVISION:
Providing this information is optional. Failure to provide it will not affect other activities that you may carry out via this website.
H) Direct marketing via email, telephone and instant messaging (e.g. SMS, phone calls and WhatsApp)
LEGAL BASIS:
Consent art. 6 par. 1 lett. a) GDPR & art. 6 chap. 6, 7 LPD
RETENTION PERIOD:
Until you opt out
NATURE OF THE PROVISION:
Providing this information is optional. Failure to provide it will not affect other activities that you may carry out through this website.
I) Management of requests from interested parties pursuant to articles 15 et seq. of the GDPR
LEGAL BASIS:
Legal obligation art. 6 par. 1 lett. c) GDPR & art. 25 et seq.
(chapter 4) LPD
RETENTION PERIOD:
5 years from the closure of the request, barring disputes.
NATURE OF THE PROVISION:
The provision of personal data is mandatory, as it is essential to be able to fulfill legal obligations.
The following purposes are pursued by Roberto Cavalli SpA in joint ownership with The Level Srl.
A) Management of sales and after-sales services for items purchased on the website
LEGAL BASIS:
Contract art. 6 par. 1 lett. b) GDPR & art. 31 para. 2 letter a) LPD
RETENTION PERIOD:
Purchase data is retained for 10 years
NATURE OF THE PROVISION:
Providing information is necessary to proceed with finalising the purchase
DATA RECIPIENTS
Personal data will be communicated, also based on the specific purposes listed above, to subjects who will process them as independent Data Controllers or Data Processors or as natural persons who act under the authority of the Data Controller or the Processors on the basis of specific instructions provided in relation to the purposes and methods of processing. The list of Data Processors is available by writing to each Joint Data Controller at the contact details indicated above. The data will be communicated to recipients belonging to the following categories:
- subjects who provide services and assistance to the database in which all the information acquired is stored and to the system used for sending commercial communications;
- subjects who provide services for the management of telecommunication networks and the IT system used, including email, host and website management; - firms or companies in the context of assistance or consultancy relationships;
- companies of the group to which Roberto Cavalli and Auriel Investment belong;
- Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
AUTOMATED PROCESSES
Personal data will be subjected to traditional manual, electronic and automated processing. It is specified that no fully automated decision-making processes are carried out.
WILL THE DATA BE TRANSFERRED TO NON-EEA COUNTRIES?
The data processed is subject to transfer outside the EEA.
Specifically, the data will be transferred to Switzerland, a country considered adequate by the European Commission (art. 45 GDPR) and to the United Arab Emirates via Standard Contractual Clauses.
RECOGNIZED RIGHTS
You may exercise your rights as expressed in articles 15 et seq. of the GDPR and articles 25 et seq. (chapter 4) of the LPD by contacting the Joint Controllers at the addresses indicated above. Specifically, you have the right, at any time, to request access to your personal data, rectification, erasure of the same, and limitation of processing. The data controller shall communicate to each of the recipients to whom the personal data have been transmitted any rectifications or erasures or limitations of processing carried out. The data controller shall communicate to the data subject such recipients if the data subject requests it. In cases where processing is based on the contract, you have the right to data portability/transmission and in this case they will be provided to you in a structured, commonly used and machine-readable format. You have the right to object, at any time, to data processing based on legitimate interest. In the event that you believe that the processing of personal data carried out by the Joint Controllers is in violation of the provisions of the GDPR or the LPD, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State / Country in which you habitually reside or work or in the place where the alleged violation of the regulation occurred (https://www.garanteprivacy.it/ , https://www.edoeb.admin.ch/edoeb/it/home.html ) or to take appropriate legal action.
CHANGES TO THE INFORMATION NOTICE
The Data Controller reserves the right to modify, update, add or remove parts of this information. This version was updated on April 24, 2025.
COOKIE POLICY
What are cookies?
Cookies are small text files that are sent from the website visited by the user to the user's device (usually to the browser), where they are stored so that the device can be recognized on the next visit. In fact, at each subsequent visit, the cookies are sent back from the user's device to the site.
Each cookie generally contains: the name of the server from which the cookie was sent, the expiration date and a value, usually a unique number generated randomly by the computer. The server of the website that transfers the cookie uses this number to recognize the user when you return to visit a site or navigate from one page to another.
Cookies can be installed not only by the same manager of the site visited by the user (first-party cookies), but also by a different site that installs cookies through the first site (third-party cookies) and is able to recognize them. This happens because the visited site may contain elements (images, maps, sounds, links to web pages of other domains, etc.) that reside on servers other than that of the visited site. Based on their purpose, cookies are divided into technical cookies and profiling cookies.
Technical cookies are those used for the sole purpose of carrying out the transmission of a communication on an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service. In particular, such cookies are usually used to allow efficient navigation between pages, store user preferences (language, country, etc.), perform computer authentication, manage the shopping cart or allow online purchases, etc. Some of these cookies (called essential or strictly necessary) enable functions without which it would not be possible to carry out certain operations. The use of technical cookies does not require user consent.
Technical cookies are assimilated to so-called analytics cookies if used directly by the site manager to collect aggregate information on the number of users and how they visit the site. These cookies allow the owners and/or managers of websites to understand how users interact with the contents of the site for the purpose of optimizing it.
Profiling cookies are used to track the user's navigation, analyze their behavior for marketing purposes and create profiles on their tastes, habits, choices, etc. in order to transmit targeted advertising messages in relation to the interests of the user and in line with the preferences they have expressed during online navigation. These cookies can be installed on the user's terminal only if the user has given his or her consent.
Based on their duration, cookies are distinguished into persistent, which remain stored until their expiration on the user's device, unless removed by the latter, and session, which are not stored persistently on the user's device and disappear when the browser is closed.
Cookies used by this site
Below is a table containing all the information on the cookies installed through this site, and the necessary instructions on how to manage your preferences regarding them.
Google DoubleClick
TYPE: advertising profiling cookies
PURPOSE: internet browsing (OBA)
PART: Third part
DURATION: 13 months
Salesforce
TYPE: advertising profiling cookies
PURPOSE: internet browsing (OBA)
PART: Third part
DURATION: 180 days
Bing
TYPE: advertising profiling cookies
PURPOSE: internet browsing (OBA)
PART: Third Part
DURATION: 13 months
Sizmek
TYPE: Retargeting
PURPOSE: They are used to send advertising to subjects who have previously visited this site
PART: Third Part
DURATION: 13 months
Facebook BM
TYPE: Retargeting
PURPOSE: They are used to send advertising to subjects who have previously visited this site
PART: Third Part
DURATION: 180 days
Fanplayer
TYPE: Analytical Cookie
PURPOSE: Monitoring user browsing experience and interaction with page content (images, texts and CTAs)
PART: Third Part
DURATION: 12 months
Google Analytics
TYPE: Analytical Cookie
PURPOSE: Cookie that helps website and app owners understand how visitors interact with their properties. This service may use a set of cookies to collect information and generate
PART: Third Part
DURATION: 24 months
Hotjar
TYPE: Analytical Cookie
PURPOSE: Monitoring user browsing experience and interaction with page content (images, texts and CTAs)
PART: Third Part
DURATION: 24 months
TYPE: Social
PURPOSE: Used for sharing content on social networks
PART: Third Part
TYPE: Social
PURPOSE: Used for sharing content on social networks
PART: Third Part
Youtube
TYPE: Social
PURPOSE: Used for sharing content on social networks
PART: Third Part
TYPE: Social
PURPOSE: Used for sharing content on social networks
PART: Third Part
We remind you that you can also manage your cookie preferences through the browser used (you will find the main ones below):
For more information, visit www.youronlinechoices.eu
If you do not know the type and version of browser you are using, please click on the “Help” button in the browser window at the top, from which you can access all the necessary information.
When accessing any page of the Site, there is a Banner containing a brief information notice. By closing the Banner or continuing to browse the Site, by accessing another area of the site or selecting an element of the same (for example, an image or a link), you provide consent to the use of profiling cookies. This consent is recorded through the use of a "technical cookie". You can find out the information and methods for disabling third-party cookies by clicking on the links in the table containing the list of cookies in the table on this page.
Updated: July 2025