Last updated: 10/11/2025

1. Purpose of this Privacy Policy

CORSIA (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you interact with us, whether online (including through our website, applications, social media, or email) or offline (for example, in our boutiques or at events).

2. Data Controller

The data controller responsible for processing your personal data is:

CORSIA

Registered address: via Ludovico Settala 19, Milan (Italy)

Email: corsia@corsiamilano.com

If CORSIA entities or affiliates jointly determine the purposes and means of processing, they shall act as joint controllers in accordance with Article 26 GDPR.

3. Categories of Personal Data Collected

Depending on your interactions with CORSIA, we may collect or receive the following categories of personal data:

• Identification and contact details: name, surname, email address, postal address, telephone number.
• Account information: login credentials, account preferences.
• Transactional data: purchase history, payment and billing information (excluding full card numbers stored by payment providers).
• Marketing and communication preferences.
• Usage data: browsing activity, IP address, cookies, device identifiers.
• Event and customer service data: correspondence, enquiries, or feedback you submit.
• Special categories of data: only where strictly necessary and based on your explicit consent (e.g. health-related data for event accommodations).

4. Methods of Collection

We collect personal data through:

• Online forms on our website or apps (account creation, newsletter subscription, purchase checkout, contact forms).
• In-store interactions or participation in CORSIA events.
• Communications with our customer service team.
• Your participation in promotional campaigns or surveys.
• Cookies and similar technologies used on our digital platforms.
• Data shared by authorized partners, where you have consented to such sharing.

5. Purposes and Legal Bases for Processing

Your personal data are processed for the following purposes and corresponding legal bases:

PurposeLegal basis under GDPR

Managing your orders, payments, deliveries, and returns

Performance of a contract (Art. 6 (1)(b))

Creating and managing your customer account

Performance of a contract

Responding to your requests and providing customer support

Legitimate interest or contract performance

Sending newsletters, promotional offers, and invitations

Your consent (Art. 6 (1)(a))

Personalizing your experience and analyzing preferences

Legitimate interest or consent

Ensuring website security, fraud prevention, and compliance with law

Legitimate interest and legal obligations (Art. 6 (1)(c),(f))

Legal, accounting, and tax compliance

Legal obligation

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which they were collected, subject to applicable legal, accounting, and regulatory requirements.

For example, customer account and purchase data may be kept for up to 10 years after the last transaction; marketing data for up to 3 years after your last interaction or until you withdraw consent.

7. Recipients of Personal Data

We may share your data with:

• Authorized personnel of CORSIA and its affiliates.
• Service providers acting as data processors (e.g. logistics, IT hosting, payment processing, customer service, marketing agencies) under written contracts ensuring GDPR compliance.
• Advertising and analytics partners (subject to your consent where required).
• Legal authorities, regulators, or courts when required by law.

When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards, such as EU Standard Contractual Clauses, adequacy decisions, or equivalent protections.

8. Data Security

CORSIA implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

However, please note that no electronic transmission or storage system is completely secure, and we encourage you to take reasonable precautions when sharing personal information online.

9. International Transfers

If your data are transferred outside the EEA, CORSIA ensures that the recipient country provides an adequate level of protection, or that contractual safeguards consistent with the GDPR are in place.

You may obtain a copy of these safeguards by contacting us at the address provided below.

10. Your Rights Under the GDPR

Subject to applicable law, you have the following rights:

• Right of access – to obtain confirmation and a copy of personal data held about you.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure – to request deletion of your personal data (“right to be forgotten”).
• Right to restriction of processing – to limit how your data are used in certain cases.
• Right to data portability – to receive your data in a structured, commonly used, machine-readable format.
• Right to object – to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent – to withdraw your consent at any time, without affecting the lawfulness of prior processing.
• Right to lodge a complaint – with the competent supervisory authority (for Italy: the Garante per la protezione dei dati personali).

To exercise any of these rights, please contact us as described in Section 12 below.

11. Children’s Data

CORSIA does not knowingly collect personal data from individuals under the age of 16 (or the minimum age required by local law) without parental consent.

If we become aware that we have inadvertently collected such data, we will delete them promptly.

12. Contact Information

For any questions, requests, or to exercise your rights under the GDPR, please contact:

CORSIA Data Protection Officer (DPO)

Email: corsia@corsiamilano.com

Postal address: via Ludovico Settala 19, Milan (Italy)

13. Updates to This Policy

CORSIA may update this Privacy Policy from time to time. The latest version will always be available on our website, and the “Last updated” date will be revised accordingly.

We encourage you to review this Policy periodically to stay informed about how we protect your data.