Privacy
STATEMENT ON CUSTOMERS’ PERSONAL DATA PROCESSING in accordance with art. 13 and 14 of Reg. (EU) 2016/679
The present privacy policy document describes purposes and methods of processing of customers’ (hereinafter “Person concerned”) personal data collected by MAUGAN S.R.L. (hereinafter only “MAUGAN”)
1. OWNER AND PERSONAL DATA PROCESSOR
The personal data processor is MAUGAN S.R.L. Registered Office: Via Edolo, 40 – 20125 Milan, Tel: 0289456322, Fax: 0289456391, P.I./C.F.: 05520650960, e-mail: info@ilbussetto.it, Website: www.ilbussetto.it, certified e-mail: maugansas@registerpec.it
2. DATA PROTECTION OFFICER
MAUGAN in accordance with art. 37 of Reg. (UE) 2016/679, has decided not to nominate a data protection officer (DPO) since it is not a public organism and it does not regularly and systematically monitor large-scale data, data on art. 9 and 10 included, as primary activity.
3. PURPOSES, METHODS AND PLACE OF PROCESSING
Customers’ personal data handled by MAUGAN, properly collected, will be processed:
- a. For purposes related to the agreement established between the parties;
- b. For purposes of a civil, fiscal and accounting nature;
- c. To fulfill obligations provided for by law, by a regulations, by Community legislation or by an Authorities disposition (such as on the subject of anti-money-laundering);
Only upon your clear and distinct consent, your data will be processed:
- d. For commercial and marketing purposes and to send newsletters concerning services offered, invitations to trade shows, events, etc.
Specific safety measures are observed in order to avoid data loss, illicit or improper use and non-authorized access.
Processing related to services take place at aforementioned headquarters of MAUGAN and at the offices of suppliers of electronical processing services on behalf of the Company, processing is handled only by technical staff specifically nominated as responsible and/or appointed in charge of personal data processing, or by possible appointed in charge of casual maintenance operations.
4. LEGAL BASIS
The legal basis of your personal data processing is established by the law for purpose described at point b) and c) and by the agreement for purposes described at point a).Also the communications of data to Public Authorities, it will have law as legal basis.
Your personal data processing, for the purpose described at point d) will be based on your consent, which will be revocable at any time without prejudice for processing activities conducted until the suspension.
Also the communications of data to Public Authorities, it will have law as legal basis.
Your personal data processing, for the purpose described at point d) will be based on your consent, which will be revocable at any time without prejudice for processing activities conducted until the suspension.
5. PERSONAL DATA CATEGORIES AND RECIPIENTS, COMMUNICATON AND DIFFUSION FIELD
MAUGAN collects personal data to supply services as described on the agreement in effect, such as, for illustrative, yet incomplete purposes: business name, telephone, e-mail address and tax code, P.I/VAT number, bank data, etc.
Data may be communicated to:
- Public Administration, for the execution of institutional functions
- Debt collection agencies
- Lawyers for legal assistance in case of controversies on the agreement
- Consultancy agencies, experts and corporations that work in several branches for the Company
- Accountant agencies
- Bank Institutes and financial societies for the usage of financial, banking and other related services
- Suppliers in order to properly fulfill the stipulated agreement
- Inspection and supervision corporations
- Internal staff for the execution of business functions
- Trading agents to support commercial negotiation
The aforementioned individuals will process data as independent data processing controller.
The aforementioned data will not be disclosed.
6. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF A CONTINGENT REFUSAL TO ANSWER
The provision of data for the purposes described at art 3 a) b) c) is mandatory. Without it, we will not be able to guarantee services provided for in the contract. The provision of data for marketing purposes described at point 3 d) is optional and does not compromise the conclusion of the contract and the supply of the service. Therefore, you can decide not to provide any data or choose to deny, at a later stage, the possibility to process data previously provided.
7. INTERNATIONAL TRANSFER
Personal data aforementioned is transferred abroad for the following purposes:
SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
8. DATA RETENTION PERIOD
Personal data processed for the purposes described at points a) b) c) will be stored throughout the duration of the contract relationship with our company, and also after the suspension of it for the period necessary to protect Company’s rights and allow the Company to prove the fulfillment of its obligations. Data processed for purposes different from those described at point d) will be processed for a 24-month period or, in any case, until you will not revoke your consent and/or you will not oppose to the related processing, or, at a later stage, to allow the Company to prove that the related processing activities took place in accordance with the law.9. RIGHTS OF PERSONS CONCERNED
As person concerned, you have rights described at art. 15 GDPR and precisely the right to:
I. Obtain the confirmation of the existence or not of personal data that concerns you, even if not yet registered, and the communication of it in an intelligible form;
II. Obtain indications on:
- a) The origin of personal data;
- b) purposes and methods of processing;
- c) the logic applied in case of processing fulfilled with the aid of electronical tools;
d) The identity details of the owner and data controller, of the data processor and of the designated representative in accordance with art. 3, clause 1, GDPR;
-
- a)The update, the amendment or, when interested, the integration of data;
- b) the cancellation, the transformation in anonymous form or the ban of data processed in violation of law, including those for which storage, related to the purposes for which data has been collected and later processed, is not necessary;
- c) the attestation that operations described at points a) and b) have been brought to the attention, also as regards the content, of those to whom data has been communicated or disclosed, excluding the case this fulfillment turns out to be impossible or involves a use of means manifestly disproportionate compared to the customer’s right;
IV. Oppose, in whole or in part:
- a)For legitimate reasons concerning your personal data processing, even though pertinent to the purpose of data collection;
- b) to the processing of your personal data for the purpose of sending advertising material or of direct sale or of carrying out marketing research or business communication, by using automated call systems, without the intervention of an operator, via mail and/or through traditional marketing procedures via telephone and/or ordinary post.
V. We notify that the right to object of the person concerned, previously explained at point b), for marketing purposes managed via automated methods extends to traditional methods and, in any case, it does not affect the opportunity for the person concerned of exercising the right to object, even in part. Therefore, the person concerned can decide to receive communications only via traditional methods or only via automated communications or neither. When applicable, the person concerned has also rights described at art. 16-21 GDPR (Right of amendment, Right of oblivion, Right of limitation of processing, Right of data portability, Right of opposition), as well as the Right of complaint to Data Protection Authority.
10. PROCEDURES FOR THE EXERCISE OF RIGHTS
All the requests must be addressed to the Owner and Personal data Processor, without specific formalities, by sending a communication to the following e-mail address: e-shop@ilbussetto.it certified e-mail: maugansas@registerpec.it
11. RIGHT OF COMPLAINT
The person concerned can file a complaint to Data Protection Authority in order to report a possible violation of the regulation of Personal Data Protection and require a verification to the Data Protection Authority located in Piazza di Montecitorio n. 121 – 00186 Roma Fax: (+39) 06.69677.3785 Telephone: (+39) 06.696771 E-mail: garante@gpdp.it certified e-mail: protocollo@pec.gpdp.it
12. SOURCE OF DATA
Data in question has been mainly collected from the data subject.