Sign into your account to see your favourite items

Shopping Bag0 item/s

Website visitors

Last Udpated In: July 2021

Your Privacy and the security of your personal data are very important for the whole of Tod's Group, and that is why we use the utmost care in collecting and processing the personal data  you will provide us or that we automatically collect when you visiting our Website, adopting specific provisions in order to ensure the security, confidentiality and integrity thereof, in compliance with Regulation (EU) 2016/679 (from here on, the Regulation) and with the applicable privacy regulations in your country, according to the implementation and within the limits of their territorial scope.

Whenever, during the visit of our Website, we will ask you disclose us your personal data, we shall provide you with additional information on such processing., in order to be able to decide if proceed with the communication of your personal data.

  1. Data Controller

The Data Controller of your personal data, which will be processed for the purposes described in the following section, is Tod’s S.p.A. (hereinafter referred to as “Tod’s”, “we”, “us” or “our”), having its registered office in Via Filippo Della Valle, 1, Sant’Elpidio a Mare, (FM) - Italy (EU).

Whenever, concerning specific data processing purposes:

i. we shall act as Joint-Controller with a third party;

ii. third parties shall act as Data Controller;

iii. we shall subject to complementary law requirements or exceeding the Regulation

we shall provide you with all the due information.

  1. Personal data

When you navigate the Site, your personal data will be collected either automatically or when you are asked to provide them to access certain areas of the Site.

• Data Collected Automatically from the Site

Web Surfing Data – Data acquired by computer systems and software procedures involved in the normal operation of the Site and transmitted as part of the communication protocols of the Internet.

This refers to information that, although not collected to identify you, by its very nature could lead to your identification if it were to be processed and combined with the data held by third parties. This type of data includes IP addresses or domain names of computers used for browsing and that connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and IT environment.

This data will not be disseminated but used for the sole purpose of obtaining anonymous and aggregate data on the usage of the Site and to check its correct functioning and will be retained for the time defined by the relevant legal regulation. The data could, however, be used to ascertain liability in case of possible computer crimes against the Site. Except in the latter case, the data will not be kept for more than fifteen days.

For more information and to manage your cookies preference, see our Cookie Policy – Cookie Settings, available through the link in the foot of each page of our Website.

Geolocation Data -Data relating to your physical location that is acquired by the built-in search system of the Site to obtain appropriate search results, such as the location of the nearest boutique. This data is collected only if it is used and if you provide your consent (for example when you are looking for the boutique nearest to you through our dedicated feature).

• Data You Voluntarily Provide

So you can avail of the various services offered by the Site, we will ask you, depending on the service in question, to provide us your personal data, such as your personal data, contact information (telephone numbers, email accounts, home or residence address, etc.), data relating to the payment method, information on purchases and transactions, and others. Providing us your data is entirely voluntary but in some cases failure to do so will prevent us from providing the relevant service.

We shall not handle, in any way,  your payment information (i.e. your credit card number).

We would like to point out that the protection of children's safety and privacy is very important to the Tod's Group. Therefore, we do not intend to collect and voluntarily use the personal data of individuals below the age of sixteen (16), or below any other minimum legal age limits in force in your country of residence. Consequently, we ask that you refrain from providing us with any personal data if you are below 16 years of age or if you are not of legal age in your country of residence.

  1. Lawfulness and Purposes of Processing

We will collect and process your personal data, always in compliance with the principles of lawfulness established by the law in force, to enable us to:

  1. Pursuant art. 6.1 (b) Regulation, to
    1. allow you to successfully purchase products on our E-Store and allow us to fulfil our contractual obligations;
    2. allow you the creation of a Personal account and the allow us to provide the services for account holders-only;
    3. provide you with assistance, when you contact our customer care service;
    4. allow us to provide the services dedicated to our Website visitors.
  2. Pursuant art. 6.1 (a) Regulation, to
    1. perform marketing activities, if you provide your explicit consent, both via automatic means (text messages, MMSs, messaging platforms, e-mails, push notifications) and not automatic means (mail, phone with operator);

Marketing activities can be done by sending newsletters, or through promotions, discounts, incentives, commercial information and other related means, by mail, phone call, direct sales, messaging platforms, email, automatic voice calls, text messages and/or MMSs.

In this context, we might also process your personal data to invite you to shows and events, ask you to participate in market research or to report on special initiatives dedicated to TOD'S Group customers, in the manner and period we believe to be most effective for any of the various initiatives mentioned.

  1. perform customer profiling activities, such as analysing your interests and preferences concerning our products and services, and your shopping habits, in order provide you with services befitting to your needs and expectations;

Customer profiling can be conducted by analysing your interests and preferences regarding our products and services, as well as your shopping habits. For example, by understanding the type and frequency of your purchases on our online store when you shop using your personal account or as a "guest,” as well as in our boutiques, we are be able to guarantee a personalized service in your future visits to the TOD'S Group boutiques.

If you also have consented to processing your personal data for marketing purposes, we will be able to send you promotional information and/or invitations to initiatives that fit best your profile, preferences and expectations as a shopper.

  1. pursuant art. 6.1 (c) of Regulation, to comply with any legal obligations that we may have;
  2. pursuant art. 6.1 (f) of Regulation, to pursue any our legitimate interests (i.e. improve our business processes, fraud prevention, exercise and defence of our right, etcetera), in compliance with the conditions and limits set by the legislation currently in force.
  3. Personal data Processing and Security

We will process your personal data by means of telematic, paper and computer tools, and such processing will be based on the principles of fairness, lawfulness, and transparency to protect your rights and privacy.

In particular, the processing of your data, also for purposes of customer profiling, may be automated, for example through a comparative analysis of your purchases (types, quantities, frequency, timing etc.), and through the analysis of the type and number of your requests for product information within a given timeframe.

We will process your personal data in a manner that will minimize the risk of destruction, loss, and unauthorized access to your data or any unauthorized or non-compliant processing.

  1. Personal data Disclosure and Transfer

We will not disseminate your personal data.

To the extent permitted by law, your personal data may be disclosed, for the purposes described, from time to time, in the Privacy Policy:

  1. with our service providers, including other companies of Tod’s Group, performing technical and organizational tasks on our behalf;
  2. to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other shift in all or in any given part of our business, assets or stock (also in connection with bankruptcy or similar outcomes);
  3. in connection with the essential purposes described above (that is to say in order to comply with legal obligations or to execute a lawful request of public authorities).

Whenever we need to transfer your personal data outside the European Economic Area (EEA), we shall take place in accordance with data protection laws in force.

At any rate, we shall transfer your personal information, only if the protection level, guarantee by the privacy laws in force in our countries, is not compromised.

In the event that we have to transfer your personal data to entities outside the European Economic Area (EEA), such as to companies of the Tod's Group and/or to third parties that perform technical and organizational tasks on our behalf, again consistent with the purposes for which your data has been collected and processed, we will do so only if it is possible to guarantee the same level of data protection as that in the European Union (EU).

We shall transfer your personal data towards a country outside the European Economic Area (EEA), that does not possess an European Commission's adequacy decision, by means of at least one of the follow cross-border transfer mechanisms, that the Regulation recognizes be able to ensure an adequate protection of the personal data:

  1. he personal data recipient is bound to compliance to the “Standard Contractual Clauses”, issued by the European Commission, in order to ensure that the protection level of the personal data processed by our partners outside the EU shall match the Community's data protection level;
  2. the data transfer within a group of undertakings or enterprises is done through binding corporate rules, approved by the competent data protection authority in the UE, pursuant to the consistency mechanism referred to in art. 63 and under the conditions of the art. 47 of Regulation.

We also undertake to carry out, in accordance with laws in force, any possible prior risk assessment concerning the data transfer; adopting, if necessary, any additional security measures, complementary to the safeguards guaranteed by the aforementioned transfer mechanisms.

In the absence of an adequacy decision pursuant to art. 45(3), or of appropriate safeguards pursuant to art. 46 of Regulation, including binding corporate rules, we may transfer your personal data if:

  1. you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards;the transfer is necessary for the performance of a contract in which you are involved, or the implementation of pre-contractual measures taken at your request;
  2. the transfer is necessary for the performance of a contract in which you are involved, or the implementation of pre-contractual measures taken at your request;
  3. the transfer is necessary for the conclusion or performance of a contract, concluded in your interest, between we and another natural or legal person.

Any additional information concerning the possible transfer of your personal data from your country at our headquarter in Italy, will be communicated through specific Privacy Policy. We would like to stress the fact that we will also comply the oversea transfer requirements laid down by the privacy law framework of your country.

You may contact our Data Protection Officer (DPO) at the email addresses below detailed, to receive additional information on the protection of your personal data in the event it is transferred to countries outside the EEA.

In any case, your personal data shall only be processed by parties being duly instructed and able to provide adequate technical and organizational safeguards, as well as bound to the strictest confidentiality by us.

  1. Retention of personal data

We will process your personal data at different times depending on the purpose. At any event, we will retain your personal data only for the period strictly necessary to achieve the purpose for which it was collected and processed, except when specific provisions of the law require longer retention periods.

The processing and storing of your personal data will be:

  1. for the Tod’s Group products purchase, through our E-Store: until the completely fulfilment of all our obligations arising from the sale contract;
  2. for the providing of the services dedicated to the Personal Account holders: until the closing of the Personal Account, it being understood that your personal data shall be automatically deleted  once 7 years have passed since your last interaction with your Personal Account;
  3. for the providing of assistance services: until the complete fulfilment of our commitments concerning and in relation to your assistance request;
  4. for the providing of the services dedicated to visitors of our Website: until the complete fulfilment of our commitments concerning and in relation to the providing of the service requested by you;
  5. for marketing purpose: until your consent withdrawal;
  6. for profiling purpose: no more than 7 years since the date of consent, automatically renewed each time you make a purchase at any boutique/point of sale belonging to the Tod’s Group, or at our E-Store;
  7. to comply with legal provisions: within the time frame set by the applicable law;
  8. to pursue our legitimate interest: for the time strictly necessary to the pursuing of the legitimate interest (i.e. if the legitimate interest consists in the exercising or defending of a right in a judicial procedure, the storage of your personal data could be extended until last stage of proceedings - the final judgment.)
  1. Your Rights

You have the right to know which of your personal data we have stored and which ones are being processed, to request to update or correct it, as well as in cases provided for by the law, to delete it, and to restrict or object to the processing even after you have provided your explicit consent. You may also request your personal data to be delivered in electronic format to a third party of your choosing.

You may at any time email the Data Protection Officer (DPO) at dataprivacyofficer@todsgroup.com to exercise the following rights provided for by the Regulation regarding the specific processing activities we conduct. Specifically, you have the right to:

a) request access to your personal data, as well as receive information about the purposes of the processing, types of data processed, parties or types of parties your data will be disclosed to, the expected retention period, and application, if any, of customer profiling techniques and automated decision-making processes;

b) request to correct your personal data, as well as update any information relating to you, though in some cases you will be asked to verify first the new data that you provided us.

c) request to delete or remove your personal data when its processing is no longer necessary, when you wish to exercise your right to object to its processing and there are no other legal basis to retain said data, if we have violated any laws related to said processing, or if we are required to delete your personal data to comply with a specific regulatory provision. Please note that due to some legal constraints beyond our control, we may be prevented from satisfying your request at all or to its full extent. In those cases, you will be informed promptly of the reasons behind our complete or partial inability to comply with your request.

d) request to object to the processing of your personal data or terminate in any way the processing according to your wishes. We would like to point out that should we accommodate such request, there may or may not be a lawful basis for doing so.

If you had given your explicit consent to the processing, we will comply with your request to terminate the processing within the time frame set by the Regulation.

Further, you may also withdraw your consent to processing for marketing and/or customer profiling purposes by emailing the DPO as indicated above, or even do so directly from your personal account (if activated) on the Site. Withdrawing your consent does not negate the legitimacy of the processing you had previously consented to.

We also would like to highlight that withdrawing your consent could prevent us from providing certain services or products in the Site and in the boutiques of the Tod’s Group. In those cases, we will alert you so you can fully evaluate the effects of withdrawing your consent.

Finally, if the processing is performed based on our legitimate interests or that of third parties, we reserve the right to evaluate the reasons for your request. If the purposes of processing legitimately override your interests, rights, and freedoms, or if it is necessary for us to process such data to file a claim, execute legal actions, or defend ourselves in court, we will have to reject your request and let you know of the reasons for such a decision.

e) request to restrict or suppress the processing of your personal data in the following cases:

i. if you request us to verify the accuracy of your data;

ii. if the data has been unlawfully processed and you prefer to restrict the processing rather than delete your data;

iii. if you want us to retain your data even if we no longer have to so you may establish, exercise, or defend a legal claim;

iv. if you object to the processing but we have to retain your data to ascertain if our legitimate interests override yours.

f) request to receive your personal data or provide them to a third party of your choosing in a structured, commonly used, machine-readable format. This will be carried out only if it is technically possible to do so, if your personal data was processed by automated means, and if the processing was based on your consent or the performance of a contract.

When processing your request, we reserve the right to ask you in ways we deem appropriate for specific information to help us confirm your identity and be reasonably certain that only you can access your personal data and no unauthorized third party can obtain them.

We are committed to accommodating and following up on your request to exercise one or more rights, where possible, within a month of receiving it. Occasionally, but always in compliance with the terms set by the law, we might take longer to process the request if it is particularly complex or if you have submitted several other requests. In those cases, we will let you know and keep you posted.

The processing of your request is free of charge.

However, if your requests are manifestly unfounded, excessive, or repetitive in nature, we reserve the right to:

a) ask you to pay a reasonable fee based on the administrative costs incurred to action your request;

b) refuse to comply with your request.

Finally, you may decide at any time to file a complaint with the Supervisory Authority if you believe that one or more of your rights or any rules of the Regulation have been violated.

You may exercise these rights at any time, by writing to our Data Protection Officer (DPO) to the following addresses:

  • by e-mail: dataprivacyofficer@todsgroup.com.
  • by post: Data Protection Officer - Tod's S.p.A., Via Filippo Della Valle n. 1, 63811 Sant’Elpidio a Mare (FM) – Italy (EU).

We shall not discriminate against you, neither in service nor in price, if you exercise your privacy rights; any existing relationships with the Tod’s Group shall not be affected.

You can also contact the DPO to request further information or clarification, or to obtain specific information about who is authorized to access your personal data.

  1. Updates to the Privacy Policy herein

From time to time, we may make some changes to this Privacy Policy, for example, to fulfil new requirements set by the applicable legislation, meet technical requirements, or as a result of new services provided on the website or by the Tod’s Group.

We therefore ask that you to visit this page periodically.

Please reference the “LAST UPDATED IN” legend at the top of this page to see when the Privacy Policy herein was last revised.

We may also need to contact you, if legally required, to obtain your consent and allow you to continue to use the services of the Site.

In the event of inconsistencies between the information on the Privacy Policy herein and the other Privacy Policies, provided for you, where we request you to communicate us your personal data, these latter prevail.