EN - English

Privacy Policy

This information is provided pursuant to and for the purposes of the EU General Data Protection Regulation 679/2016 (hereinafter: "Regulation" or "GDPR"). Its purpose is to illustrate how the personal data of its visitors and customers (hereinafter the "users") are collected and used.

This information applies exclusively to Biffi Boutique S.p.A. and does not extend to any website other than www.biffi.com (hereinafter: "biffi.com") or to any application/platform connected to biffi.com.


The data controller of your personal data is Biffi Boutique S.p.A. (hereinafter "biffi"), an Italian company with registered office in Milan, corso Genova, 6, 20123 Milan, VAT number: 05935720150.The contact details of the data controller are as follows: Corso Genova 6 – 20123, Milan tel. 02 8311 6052 and privacy@biffi.com


The personal data being processed are collected directly by biffi.com or by expressly authorised third parties.

The collection is done through various channels (automatic collection by the site, i.e. collection through forms, chats, emails, apps, devices, social media and other means).


Biffi.com does not process personal data relating to minors. By accessing biffi.com and using the services offered, the user declares to have reached the age of majority.

Users' personal data are processed as part of the activities and for the purposes specified below:

  1. Completion and execution of purchase contracts.

In order to complete purchase orders and execute them, we ask users to provide us with some personal data such as, for example, name, surname, e-mail, delivery address, etc..

The data provided are processed by the data controller for the purpose of managing orders, in the context of activities such as, for example, payment, anti-fraud prevention, shipping, management of any returns, customer assistance, for the execution of administrative and accounting activities related to the management of the order and for the fulfillment of obligations under current legislation.

  1. Subscription to the newsletter and commercial/promotional communications.

Following subscription to the newsletter, the e-mail address (mandatory data for registration) and any additional optional data (eg gender, geographical area) that users agree to provide us for a personalization of the offers, are processed for sending commercial or promotional communications, relating to offers and promotions, updates, events. To unsubscribe from the newsletter, simply click on the unsubscribe link at the bottom of the e-mails or by contacting our Customer Service or sending an email to support@biffi.com.

  1. Registration on biffi.com

To register on the site, we ask the user to provide a series of data (name, surname, e-mail, password, gender), plus any other optional data (for example date of birth, telephone number), which are processed for the creation and management of a personal profile useful to speed up the purchase process, to view the status of orders placed and any returns.

The user is solely responsible for the truthfulness and correctness of the information and data provided to biffi.com and undertakes to promptly communicate any changes to the data previously communicated.

To unsubscribe from the site and request the cancellation of the data provided, the user can contact our Customer Service or send an email to support@biffi.com.

  1. Navigation.

The site biffi.com automatically collects (also from third-party systems integrated into biffi.com) some non-sensitive information, including: IP addresses or domain names of the devices used by the user who connects to the site, URI addresses (Uniform Resource Identifier), the time of the request, the method used to forward the request to the server, the size of the file in response,  the code indicating the status of the response from the server, the state of origin, the connotations of the browser and the operating system used by the user, the time references of the visit (for example the time spent on each page) and the details of the path followed within the site.

The collection of this data, which can also be processed – anonymously – for statistical purposes, is functional to make it possible to access the site and its services, as well as to allow us to monitor its functionality to optimize the browsing experience and to improve our services and our offer.

  1. Cookie

The site biffi.com does use cookies. For more information on this point, please refer to the appropriate section dedicated to the Cookie Policy.


For biffi.com the privacy and security of its users' personal data are very important, which is why we collect and manage personal data with the utmost care and take specific measures to keep them safe.

We will process personal data mainly through IT and electronic tools; The tools we use guarantee high safety standards, in compliance with current legislation.

Personal data is accessible to persons and companies belonging to the following categories:

- employees, collaborators and other authorized parties (based on Article 29 of the Regulation);

- subjects who need access to data to fulfill their contractual obligations: consultants; companies that provide banking, financial and insurance services; subjects that carry out printing, transmission, enveloping, transport and sorting communications to customers; couriers and postal operators; advertising, digital, marketing and social media agencies; subjects that provide IT services appointed as data processors (based on Article 28 of the Regulation) or independent data controllers.

Some of these subjects may also be based in countries outside the EU and, in these cases, the transfer of your personal data to these countries is carried out in compliance with the guarantees provided by law.

In particular, the transfer of personal data to countries that do not belong to the European Union and that do not ensure adequate levels of protection (as established in specific decisions of the European Commission) will be performed only after conclusion between the data controller and said subjects of specific agreements, containing safeguard clauses also approved by the European Commission,  or if the transfer is necessary for the conclusion and execution of a contract between you and the data controller (for the purchase of goods offered on our Site, for registration on the Site or the use of services on the Site) or for the management of your requests.

Personal data may be communicated to the competent authorities according to the applicable legislation. Personal data will not be disclosed.

The updated list of data processors can be requested by e-mail at privacy@biffi.com.


The data processed for the execution of the contractual service are kept for the period provided for by tax and civil legislation, also to manage any disputes.

The data required to comply with legal obligations are kept for the period of time required by applicable law.

The data collected as part of the subscription to the newsletter or registration to the site are kept until the revocation of consent or opposition that may take place at any time.


You have numerous rights, listed below:

  • the right to obtain access to personal data and their correction (articles 15-16 of the Regulation);

  • where required by law, the right to obtain the cancellation of the same (right to be forgotten, art. 17 of the Regulation),

  • the right to obtain the limitation of the processing that concerns you (Article 18 of the Regulation),

  • the right to data portability (Article 20 of the Regulation),

  • the right to object to their processing (Article 21 of the Regulation);

  • in case of processing based on consent, the right to withdraw consent at any time, without prejudice to the legitimacy of the processing based on consent subsequently revoked (Article 7 of the Regulation).

The user can request to exercise his rights by contacting the data controller at the following addresses:
Biffi Boutique S.p.A. Corso Genova 6 – 20123, Milan and privacy@biffi.com.

In the event of processing that the user considers in violation of the law, the user has the right to lodge a complaint with the supervisory authority which, for Italy, is the Guarantor for the protection of personal data. Alternatively, the user can file a complaint with the competent authority of the State of the European Union where he usually resides, or where he carries out his work, or where the alleged violation has occurred.