Privacy Policy - Iginio Massari
Last update: 07/10/2024 - V.3.0
| What is this document? Pursuant to art. 13 European Reg. n. 679/2016 (“General Data Protection Regulation” or “GDPR”) and in compliance with the principles contained therein, Iginio Massari S.r.l. intends to inform each user (the “User”) about the processing of personal data happening on its website www.iginiomassari.it (“Website”) |
1. Controller and Contact details
Iginio Massari S.r.l. (here in after “Iginio Massari”, the “Company” or “Controller”, pursuant to art. 4(7) GDPR)
with registered offices in via Orzinuovi 117, 25125 Brescia
Contact details: privacy@iginiomassari.it
2. Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (“DPO”) who can be contacted by sending an email to dpo@iginiomassari.it or by writing to: Data Protection Officer c/o Iginio Massari S.r.l., Via Orzinuovi 117, 25125 Brescia.
3. Purposes of processing, Legal Basis, Personal Data and Retention period
The Controller processes Personal Data for the following purposes, as specified here in below. The table also shows the legal basis which justifies the processing and the period of data retention.
Purposes | Personal Data | Legal Basis | Data Retention | |
a. | Account creation and management Data will be processed for registration or authentication to the Website in order to allow you access to services offered by the Controller. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) | Performance of pre contractual provisions [Art. 6, 1, lett. b) GDPR] | Until the User deletes the account, unless data is retained to fulfill legal purposes. |
b. | Manage the purchase and shipment of products The data will be processed in order to send the products you purchased. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email, phone number) ✓ Shipment address | Performance of a contract [Art. 6, 1, lett. b) GDPR] | Until the User deletes the account, unless data is retained to fulfill legal purposes. |
c. | Handling and processing of requests for information and support The data provided will be processed to manage and respond to requests for information and technical support, as well as for the purpose of assisting you before, during and after the provision of our services. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email, phone number) ✓ Purchase history | Performance of pre contractual provisions [Art. 6, 1, lett. b) GDPR] | For the period of time necessary to answer the customer. |
d. | Newsletter Personal data will be processed for sending the newsletter | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent and in any case not later than 24 months from the date of last contact. |
e. | Send materials for marketing purposes Personal data will be processed for direct marketing activities, i.e. for sending (by text message, e-mail, paper mail, social media, operator call, push notification etc.) communications having promotional and/or advertising content of the products or services offered by the Controller. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email, phone number) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent and in any case not later than 24 months from the date of last contact. |
f. | Soft Spam The data will be processed for the purpose of sending, via e-mail and/or paper mail, communications having promotional, informative and/or advertising content, in relation to products or services similar to those being sold pursuant to Art. 130 co. 4 D. Lgs. 196/2003 (“Privacy Code”). | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) | Legitimate interest [art. 6.1 f) GDPR] referring to the Data Controller's desire to maintain the business relationship with the customer by forwarding communications consistent with the customer's past business experiences. | Personal data will be kept for as long as is strictly necessary to achieve the legitimate interest and until the data subject objects to the processing. |
g. | Profiling Subject to your consent, we may process the data you voluntarily provide and those acquired in the course of using services through the Website to conduct analyses, automated and/or manual, aimed at proactively and/or reactively detecting your preferences/choices to meet your needs and directing proposals consistent with your profile and interests. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent and in any case not later than 12 months from the date of last contact. |
h. | Applying for a job position We will process your information should you apply for an open position. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) ✓ Professional information | Performance of pre contractual provisions [Art. 6, 1, lett. b) GDPR] | 2 years. |
i. | Fulfillment of legal obligations Your data will be processed by the Controller in order to fulfill obligations arising from applicable laws, regulations or EU legislation (e.g. tax and accounting obligations) or management and response to requests from competent administrative and tax authorities as well as judicial authorities. | ✓ Anagraphic information (Name and surname) ✓ Contact details (email) | Legal obligation [Art. 6, 1, lett. c) GDPR] | Until the expiry of the data retention period, as provided by the applicable law. |
l. | Website Enhancement The Controller will process Users' data to enable navigation, consultation of the Website, as well as to improve your browsing experience. | ✓ Website usage and interaction data | Legitimate interest [art. 6.1 f) GDPR] attributable to the Controller's need to enable the enjoyment and improvement of the Website. | Not applicable (aggregate or anonymous data). |
m. | Complaint handling, protection of interests and exercise of the right of defense The Controller may process Users' data to exercise and protect their rights in extrajudicial and judicial proceedings. | ✓ Anagraphic information ✓ Contact details | Legitimate interest [Art. 6.1 (f) GDPR] attributable to the need to ascertain, exercise or defend a right and/or interest. | Personal data will be kept for the period necessary to defend or exercise the right. |
The provision of your Data for the purposes sub a), b), c), and h) is necessary and obligatory so that, in case of refusal, we will not be able to follow up the contractual relationship with you and the related provision of the requested services.
Processing activities under f), l), and m) do not require your specific consent as they are based on the legitimate interest of the Data Controller provided for in Article 6, c. 1, lett. f) of the GDPR. In any case, in accordance with the GDPR, we have carried out a thorough balancing of interests aimed at protecting and ensuring the privacy and fundamental rights of data subjects.
The provision of your Data for the purposes under d), e), and g) is not mandatory. Your prior consent is therefore required, which the Company will request from time to time in the most appropriate form for each of the activities described above. In any case, your expressed consent is revocable by you at all times without any consequences with respect to your contractual relationship with the Company.
The use of some services of the Website may require the processing of personal data of third parties sent by you to the Controller. Compared to these assumptions, you act as an independent controller, assuming all the obligations and responsibilities of the law. In this sense, you grant the most extensive indemnity with respect to any dispute, claim, request for compensation for damage caused by treatment, etc. that may be received by the Controller from third parties whose personal data have been processed in violation of the law on the protection of personal data applicable. In any case, if you provide or otherwise process personal data of third parties in the use of the Website, you warrant as of now - assuming all related responsibility - that this particular case of treatment is based on a suitable legal basis under Art. 6 of the GDPR that legitimizes the processing of information in question.
4. Processing modalities
The processing of Personal Data will take place through automated and/or manual tools in order to ensure proper security measures to prevent access, disclosure, loss, incorrect, illegal or unauthorized use of data.
5. Data sharing
Your Personal Data may be shared with the following external subjects: (i) Internet service providers and platforms used by the Controller as organisation tools, channels of communication and/or promotion (e.g. Shopify Inc. for the payment management whose privacy policy is available at the following link; Zendesk Inc. for the helpdesk and customer care service whose privacy policy is available at the following link); ii) consultants and other third-party service providers who perform services for us or on our behalf and require access to such information to do that job; Klaviyo Inc. for the CRM service; iii) couriers.
These subjects act as autonomous data controllers or data processors. In the latter case, the Controller has signed a contract pursuant to Art. 28 GDPR (Data Protection Agreement or “DPA”).
The list of Data Processors can be obtained by contacting the Controller and/or the DPO at the contact details given in paragraph 2 above.
Personal data will also be processed by the Controller's internal staff specifically authorised pursuant to Article 29 of the GDPR.
6. Data Processing Locations
Personal data are processed at the headquarters of the Controller, as well as in the servers that host the Websitewww.iginiomassari.it. Data Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.
7. Data subject’s rights
The User may exercise all the rights provided for by Articles 15-21 of GDPR, at any time and without unjustified limitations, by contacting the Data Controller atprivacy@iginiomassari.it. Requests shall be filed free of charge and processed by the Controller within 30 days.
Specifically, the User can:
Obtain from the controller confirmation as to whether or not personal data are being processed (Art.15);
Obtain from the controller the rectification of inaccurate personal data (Art. 16);
Obtain from the controller the erasure of personal data (Art. 17);
Obtain from the controller restriction of processing (Art. 18);
Have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20);
Have the right to object (Art. 21);
With regard to the purposes of processing based on consent, withdraw it at any time.
8. Complaints
In any case, Users are always entitled to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), under Art. 77 of the Regulation, if they believe that the Data Controller’s processing of their Personal Data is in violation of the applicable law.
9. Amendments
The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and EU laws and regulations on personal data protection.
Consegna a casa
Faucibus vitae molestie nec amet ultrices rhoncus vitae. Gravida nisl, semper netus orci imperdiet risus hendrerit fusce accumsan.
Nulla sem risus eu purus velit. Vel elementum orci pellentesque volutpat nulla. Ultrices praesent tortor, etiam et in aliquam porttitor.
