The Mabal snc company with registered office in Baldichieri (AT), Via Garibaldi 15, CF and VAT number 00093590057 (hereinafter, “Owner”), as the data controller, informs pursuant to art. 13 Legislative Decree 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that the data provided by users (the “Users”) on the website www.annamilano.it of the Data Controller (hereinafter, “Site”), will be processed in the manner and for the following purposes:
1. Object of the treatment
The Data Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, company name, address, telephone, e-mail – hereinafter, “Personal Data” or even “Data”) communicated by Users when registering on the Site, ordering online, requesting clarifications or support requests and sending newsletters.
2. Purpose of the treatment
Personal data are processed:
A) without the express consent of the User (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following “Service Purposes”:
- manage and maintain the Site;
- allow the User to use any Services requested;
- participate through the Site in initiatives organized by the Data Controller (for example, promotional campaigns);
- process a contact request;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
- fulfill obligations related to the management of registration and relationships with Users;
- prevent or discover fraudulent activities or abuses harmful to the Site;
- exercise the rights of the owner, for example the right to exercise a right in court.
B) Only with the specific and distinct consent of the User (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following “Other Purposes”:
- send Users by e-mail opinion and satisfaction surveys, newsletters and / or invitations to promotional campaigns of which the Owner is part or organizes.
- send information about promotions to Users via e-mail or SMS.
3. Processing methods
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and paper processing. electronic and / or automated, through the use of a website hosted in a cloud environment managed by Microsoft Corporation in European datacenters. The Data Controller will process the Personal Data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of the Data for the Other Purposes.
The Owner has adopted a variety of security measures to protect the Data against the risk of loss, misuse or alteration. In particular: it has adopted the measures referred to in Articles 32-34 of the Privacy Code and art. 32 GDPR; uses data encryption technology and protected data transmission protocols.
5. Access to Data
The Data may be made accessible for the purposes referred to in the previous articles. 2.A) and 2.B):
- to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
- to third-party companies or other subjects (by way of example, website provider, cloud provider, e-payment service provider, suppliers, hardware and software assistance technicians, shippers and carriers, credit institutions, professional firms, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as data processors.
6. Data communication
Without the express consent of the User (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the Data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. Your data will not be disclosed.
7. Data transfer
The management and storage of personal data will take place in Europe on the servers of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors.
8. Nature of providing data and consequences of refusing to answer
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, neither the registration on the Site nor the Services of art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. The User can therefore decide not to provide any Data or to subsequently deny the possibility of processing Data already provided: in this case, you will not be able to receive via e-mail and / or SMS invitations to events, newsletters and opinion and satisfaction surveys. and information on promotions. In any case, the User will continue to be entitled to the Services referred to in art. 2.A).
9. Rights of the interested party
As interested parties, Users have the rights referred to in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights of:
- obtain confirmation of the existence or not of Personal Data concerning the User, even if not yet registered, and their communication in an intelligible form;
- obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic tools; d) the identification details of the owner, managers and designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
- obtain: a) updating, rectification or, when the User has an interest, integration of the Data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the Data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right;
- object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning Users, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning Users for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of a operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, Users are also recognized the rights referred to in Articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
10. Procedures for exercising rights
The User may at any time exercise the rights by sending:
- a registered letter a.r. in Mabal with registered office in Baldichieri (AT) via Garibaldi 15.
- an e-mail to firstname.lastname@example.org.
This Site and the Controller’s Services are not intended for minors under the age of 18 and the Controller does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the Users.
12. Owner, manager and agents
The Data Controller and data processor is: Mabal based in Baldichieri (AT). The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.
This site uses three types of cookies:
Navigation cookies – Firsty party cookies
These are cookies that guarantee normal navigation and use of the website and that allow the connection between the server and the user’s browser. These cookies allow the site to function properly and allow you to view the contents on the device used. Without these cookies some required features such as log-in to the site may not be provided.
Navigation cookies are technical cookies and are necessary for the site to function.
Functional cookies – Firsty party cookies
They are cookies stored on the computer or other device which, based on the user’s request, record the choices of the same, to allow him to remind him in order to optimize and provide an improved and personalized navigation within the service or access to this site (e.g. registering the password in restricted areas, registering the products in the cart to have the possibility of finding them in the next session, saving the selected language, viewing a video or the ability to comment on the blog, etc.). Functional cookies are not essential for the operation of the site, but they improve the quality and experience of navigation
Analytical Cookies – Thirdy party cookies
These are cookies that collect information on how the user uses the website, such as which web pages are visited most often.
This site uses third-party cookies from:
- Google Analytics – Read the privacy info
A statistical analysis service provided and managed by Google. The Google Analytics system present on the Sites (see list in the initial part of the document) has been set up in order to reduce the identifying power of cookies and the functions that allow third party information to be crossed have also been disabled. With these settings this type of cookie is equivalent to a technical cookie.
- Facebook – Read the privacy info
The service, called Facebook Pixel, collects statistical data on the use of the site, preferences, likes and pages visited. The Facebook cookie is activated only if the user clicks on the accept button
Analytical cookies are not essential for the functioning of the site.
It is possible to disable cookies using the incognito navigation methods provided by the various browsers or by following the instructions on the websites of the various manufacturers. Below is a list of the main browsers with related informationRevoke consent