Personal data provided to Mamibu s.n.c. di Claudia Giammetta e Olivia Tinker (hereinafter, “Mamibu”) within the web platform accessible through the domain names www.mamibu.com, www.mamibu.it, and future mobile applications, if any (hereinafter, jointly or severally, the “Site”), upon registration and thereafter for exploitation of services therein from time to time supplied by Mamibu, shall be processed in compliance with the provisions of European Regulation UE/679/2016 (hereinafter “GDPR”) and Legislative Decree no. 196/2003, as amended and supplemented, concerning protection of personal data (hereinafter, the “Privacy Code”).
Mamibu informs the user (hereinafter, the “User”) as follows.
1. DATA CONTROLLER
1.1 The data controller shall be the company Mamibu s.n.c. di Claudia Giammetta e Olivia Tinker, with registered office at Via Pietro Piffetti n16, 10143 Turin, Italy, Tax Code and VAT number 10967970012, filed at the Turin Chamber of Commerce at number TO-1177108 (hereinafter, the “Data Controller”).
2. NATURE OF PERSONAL DATA COLLECTED AND PURPOSE OF PROCESSING
2.1 Personal data of the User shall be collected and used, subject to prior consent of the User, for purposes directly connected to activation and operation of the services provided by the Data Controller, for fulfilments required under applicable law and for exercise by the User of its rights before the competent authorities.
2.2 By registering with the Site, by means of the procedure therein described, the User accepts to provide its personal data (including photographs and videos) for purposes such as: (a) purchase of products and services on the Site, which may also imply the provision of information for the supply of services requested by the User to those persons with which Mamibu has entered into or will enter into contractual arrangements; (b) receipt, after giving your consent, of newsletters containing invitations to participate to the sales and commercial proposals published on the Site; you can avoid receiving any of the above stated in point (b). There is a cancellation link in every newsletter or you can contact the Data Controller; (c) receipt, if any, of advertising material through letters, telephone, e-mail or livechat service relating to such products and services; (d) market research or marketing and commercial announcements; (e) discharging obligations deriving from provisions of law and orders of public authorities (in such event, granting of authorisation and processing is mandatory and no consent is needed).
OTHER DATA COLLECTED 2.3 Your Internet Protocol (“IP”) address is a number that is automatically assigned to the computer that you are using by your Internet service provider. An IP address may be identified and logged automatically in our server log files whenever you access our websites, along with the time of the visit and the pages that were visited. Your IP address may also indicate your approximate physical location. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other technologies. We use IP addresses for purposes such as calculating usage levels and diagnosing server problems. We may also derive your approximate location from your IP address.
2.5 Social Networks Plugins The Site uses Facebook, Google+, Twitter, Fancy, Pinterest, Linkedin, Spotify, Instagram and You Tube plugins. More information on such plugins and their respective features can be retrieved on the relevant website, within the sections dedicated to developers. In order to avoid transmission and recording of data concerning internet navigation through the above social networks, the User shall have to disconnect therefrom before vising the Site.
2.6 Cookies The Site uses a technology named cookies. A cookie is a small amount of data which gets saved in the User’s computer upon accessing a site or part thereof. Cookies help the Data Controller understand the commercial preferences of the users. In case the User should not wish to allow cookies, these can be disabled by following the browser’s manufacturer’s instructions.
3. TRANSMISSION OF DATA
3.1 Personal data of the User may be disclosed to specific persons, entrusted by the Data Controller with the provision of services which are instrumental or necessary to the discharging of obligations connected to the registration with the Site and on line purchase, within the limits and in compliance with the instructions received.
3.2 More specifically, personal data may be communicated to: (a) individuals, companies or professional firms who provide assistance, consultancy and cooperation to the Data Controller such as, without limitation, in respect of accounting, administrative, legal, tax and financial matters; (b) suppliers of services and/or products, persons entrusted by the Data Controller with carrying out, in whole or in part, activities connected to the sale, such as customer care, even if handled on an outsourcing basis; the logistics centre entrusted with packaging of products purchased by the User; couriers entrusted with delivery of purchased products; persons who carry out on behalf of the Data Controller after-sale services and any other external partner to whom communication of personal data may be necessary for the proper fulfilment of the obligations undertaken by the Data Controller in respect of the supply of services and/or products; (c) public authorities for carrying out their duties in compliance with applicable laws; (d) financial institutions and providers of electronic means of payment, who supply the Data Controller with – by way of example – bank services, financial services, management of collection and payments or other financial activities strictly ancillary to the supply of services and/or products or judiciary bodies or public authorities upon their request or where required by law.
3.3 Personal data of the User shall not be communicated otherwise.
4. PROCESSING METHOD
4.1 Personal data shall be recorded electronically and, where necessary, manually. Personal data shall be processed by registration, consultation, communication, conservation, erasure, made by way of priority by automatic means, ensuring adequate measures to safeguard their contents and confidentiality. In any event, for higher security, only providers of means of payment shall have access to payment data, while the data Controller has no possibility to know or record such data.
4.2 In compliance with applicable laws in terms of privacy protection, the Data Controller has adopted adequate measures to guarantee the safety and confidentiality of personal data provided by the Users and, furthermore, has installed all available means and devices to avoid dissemination, manipulation, alteration, unauthorised access and theft thereof.
4.3 Your personal data is processed or stored on a server hosted in Switzerland. By providing us with any personal information, you understand that your information is processed, or stored outside of your country of residence.
Data Controller can decide at any time to transfer the data to another hosting service In this case Data Controller will put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal information.
5. RIGHTS OF THE DATA SUBJECT (USER)
5.1 The User shall have the right to obtain at any time confirmation as to whether personal data concerning him/her exist, and the purposes of processing.
5.2 In order to exercise the above rights and to obtain information concerning the persons with which personal data have been stored or to whom are communicated or which, in their capacity as designated representatives, may get to know such data, the User may resort to the Data Controller.
5.3 With respect to access rights to personal data and other rights, Article 7 of the Privacy Code states that:
1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of their being already recorded, and communication of such data in intelligible form;
2. The data subject shall have the right to be informed of: (a) the source of personal data; (b) the purposes and methods of processing;(c) the logic applied to the processing, if the latter is carried out with the help of electronic means; (d) the identification data concerning the Data Controller, data processors and the representative designated as per Article 5, Paragraph 2; (e) the persons or categories of persons to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
3. The data subject shall have the right to obtain: (a) updating, rectification or, where interested therein, integration of data; (b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; (c) certification to the effect that the operations as per letters (a) and (b) have been notified, also as far as their contents are concerned, to the persons to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. The data subject shall have the right to object, in whole or in part:(a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;(b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
5.4 In order to exercise the above rights and to obtain information concerning the persons with which personal data have been stored or to whom are communicated or which, in their capacity as designated representatives, may get to know such data, the User may resort to the Data Controller by sending an e-mail communication at the address email@example.com or a registered letter with return receipt addressed as follows: Via Pietro Piffetti 16, 10143 Turin, Italy, attention of the Data Controller.
6. DURATION OF PROCESSING
6.1 Processing of personal data shall have a duration which shall not exceed the purpose for which such data has been collected in compliance with legal and tax fulfilments from time to time in force.
The criteria used to determine the duration period include:
The length of time we have provide our services to you or have another business need (for example, for as long as you have an account with us);
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
For any fither information or to exercise your rights stated above youmay contact Data Controller by mail Via Pietro Piffetti 16, 10143 Torino or by email firstname.lastname@example.org