0

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

issued pursuant to articles 13 and 14 of Regulation (EU) 2016/679
General Data Protection Regulation
WEBSITE and E-COMMERCE

Below we provide to the individuals who come into contact with our Company (the “Data Subjects”), a brief description of the essential characteristics of the processing of their personal data carried out by MALTEMPI S.R.L., with registered office in Via Malignani 1/a, Fontanafredda (PN), acting as the Data Controller (hereinafter referred to as the “Controller”). The processing will be carried out in compliance with Regulation (EU) 2016/679 – General Data Protection Regulation (the “Regulation”) and the Legislative Decree of 30 June 2003, n. 196 as amended by Legislative Decree 101/2018 (hereinafter referred to as the “Code”). 

By “data” we mean “any information relating to an identified or identifiable natural person” and by “processing” we mean “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. 

For further details, please refer to the detailed notice that follows.

The privacy policy regarding the processing of personal data concerning browsing on the Company’s website and access to services provided through e-Commerce is made available succinctly in the following summary table on data processing. This allows for easy access to essential information regarding the processing of personal data.. However, a detailed notice is also available, which provides a complete overview of the information we are required to provide pursuant to articles 13 and 14 of the GDPR.

MALTEMPI S.R.L., with registered office in Via Malignani 1/a Fontanafredda (PN); contact details are privacy@maltempisrl.com

The appointed DPO can be contacted at the email dpo@maltempisrl.com

Among the personal data of the data subject that may be processed by the Controller are:

 

For the functioning and navigation of the website, we process:

  • Browsing data (including, for example, IP addresses, URI/URL addresses of requested resources);
  • Data possibly collected through cookies, for which reference is made to the specific cookie policy.

 

For accessing the services provided by E-Commerce, we process:

  • Common personal data (such as name, surname, residential address, shipping address if different);
  • Contact personal data (phone number and email address);
  • Identifying personal data for billing purposes (Tax Code or VAT number);

Billing and payment data.

  1. To allow the Data Subject to browse the website of the Data Controller.
  2. To conduct research and/or statistical analysis on aggregated or anonymized data, without the possibility of identifying the user.
  3. For registration on the E-commerce portal of Maltempi S.r.l.
  4. To execute purchase orders received through E-Commerce.
  5. For managing relationships with Customers of Maltempi S.r.l. (e.g., purchase assistance, response to inquiries, refund operations).
  6. For managing requests received by the Data Controller through a special form on the website.
  7. To allow user subscription to the newsletter.
  8. In case of newsletter subscription by the data subject, for user profiling activities aimed at promoting products and services offered by the Owner.
  9. To comply with all regulatory obligations related to the management of the purchase contract, such as billing obligations.
  10. For the necessity of asserting, exercising, or defending a right in court or whenever Authorities exercise their functions.
  1. The processing under 1), 2), and 9) is connected to the legitimate interest of the Data Controller.
  2. The processing under 3), 4), and 5) is based on the performance of a contract to which the Data Subject is a party or on the performance of pre-contractual measures taken at the Data Subject’s request.
  3. The processing under 6) and 7) is connected to obtaining freely given, specific, and informed consent.
  4. The processing under 8) is related to compliance with legal obligations, regulations, and EU legislation to which the Data Controller is subject.

In computer mode, with the observance of every precautionary measure applied by the Data Controller to ensure security, confidentiality, and control, data may also be stored and processed on servers located outside the European Economic Area in compliance with applicable regulations.

  1. Employees, collaborators, individuals entrusted, and authorized by the Data Controller;
  2. Service providers acting as Data Processors under Article 28 of the GDPR, such as the entity managing the website;
  3. Legally authorized entities entitled to access the data;
  4. Entities to which communication is necessary for the fulfillment of contractual obligations;
  5. Public authorities;
  6. Third parties.

 

The personal data processed by the Data Controller are not subject to any form of dissemination.

Personal data will be kept for the time necessary to achieve the purposes stated above. In any case, the Data Controller will process the data:

  1. For a period not exceeding 7 days for browsing data from the moment of their acquisition;
  2. For a period not exceeding 12 months after the data subject has given consent for profiling activities, unless consent is withdrawn;
  3. For a period not exceeding 24 months from the Data Subject’s consent to subscribe to the newsletter, unless the consent is revoked;
  4. For a period not exceeding 10 years from the acquisition of the data when the Data Subject has provided them to benefit from services provided by the Data Controller.

 

However, the need to retain data for the purpose of fulfilling legal obligations incumbent upon the Data Controller or for the assertion, exercise, or defense of the Data Controller’s rights in judicial proceedings shall be preserved.

 

The following criteria are used to determine the additional data retention period:

  1. Pursuit of the purposes related to processing.
  2. Duration required by law.
  3. Revocation of consent by the Data Subject (in case of processing based on consent).
  4. Maximum period allowed by current regulations to protect the rights and/or interests of the Data Controller.

For browsing the website, it is necessary to provide browsing data and data contained in certain cookies (technical cookies). Failure to provide these may result in an optimal browsing experience not being guaranteed on the website, with consequent inability to fulfill the Data Subject’s requests.

The provision of data for access to e-Commerce services is mandatory for the conclusion of the contract and for assistance activities related to customer care service.

The provision of data related to the subscription of the newsletter service and profiling activities, is optional: failure to provide or withdrawal of consent determines the impossibility of receiving the newsletter and also targeted communication subject to profiling, without any impact on other legal relationships that may be in place.

The Data Subject has the right to:

  1. Access the data we hold and request communication in an intelligible form;
  2. Request updating, rectification, and/or integration; Request erasure (“right to be forgotten”);
  3. Request restriction of processing;
  4. Request notification of updates, rectifications, erasures, or restrictions;
  5. Request data portability;
  6. Object to processing;
  7. Withdraw previously given consent;
  8. Lodge a complaint with a supervisory authority.

-10% welcome

Join our newsletter and be the first to hear about our latest products, special deals, and insider news. Sign up today to unlock a world of exclusive benefits tailored just for you.

We’ll send you a special 10% off coupon to spend on your first order.