Privacy Policy

This Privacy Policy is rendered, in compliance with Articles 13 and 14 of the EU Regulation 679/2016 (hereinafter: "Regulation"), to the users (hereinafter: "Users" or "User") of the website https://www.ilmannarino.it/ (hereinafter: "Site") owned by "Il Mannarino S.r.l." with registered office in Viale Giacomo Matteotti, 14/D, Cusano Milanino (MI), 20095, VAT No. 10747300969 (which is the Data Controller, hereinafter: "Data Controller") or to those who subsequently purchase the products offered on the Site itself or register for the newsletter service (hereinafter: "Newsletter"), giving us their consent for a specific purpose (hereinafter: "Customers" or "Client"), and is aimed at describing the Site's management procedures with reference to the processing of personal data, as well as to allow Site Users to know the purposes and methods of the processing of personal data by the Data Controller in the event of their being provided. Where, on the other hand, while browsing the Site, the User and/or Customer access through links to pages or sites managed by third parties, for the processing of personal data, reference must be made to the Privacy Policy published therein. In particular, this Privacy Policy describes how the Data Controller collects, uses, processes and communicates the User's personal data in the event of access to the Site and use of the same and of the services provided therein, specifically:

  1. Who is the data controller?
  2. Principles applicable to the Processing of Personal Data
  3. What categories of data does the Data Controller collect and use?
  4. Why are personal data collected?
  5. Who sees, receives and uses the data and where can this be done?
  6. Processing and storage of personal data
  7. What are data protection rights and how can they be exercised?
  8. Contact details of the data controller
  9. Cookie Information
  10. Update and previous versions of this Privacy Policy

This document also informs Users on how to exercise their rights (including the right to object to part of the data management performed by the Data Controller). Further information on the rights and how to exercise them is provided in the following paragraphs of this Privacy Policy.

As specified in the General Terms and Conditions of Service, the services offered by the Controller are intended for persons over the age of 18. Should the Controller become aware of the processing of data of minors under the age of 18 without valid parental or legal guardian consent, the Controller reserves the right to unilaterally discontinue the use of the service offered as well as to delete the data acquired.

Terms that are not defined in this Privacy Policy (such as "Service" or "Service Owner") have the same meaning as described in the General Terms and Conditions of Service.

1. Who is the Data Controller?

Wherever the terms "Company", "its/their" or "Data Controller" appear in this Privacy Policy, they are intended to refer to: "Il Mannarino S.r.l.", a company under Italian law, registered in the Company Register of the Milan Chamber of Commerce with REA number MB - 2554487, Fiscal Code / VAT No. 10747300969 and having its registered office in Via Castelfidardo, 1, Monza (MB), which is the data controller of Users' and/or Customers' personal data pursuant to this Privacy Policy.

2. Principles applicable to the Processing of Personal Data

The Data Controller, pursuant to and for the purposes of the Regulation, hereby announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.

3. What categories of data does the Data Controller collect and use?

If you visit the Site and use the search service or register with the Site, the Data Controller collects the following categories of personal data:

3.1. Personal data provided by the User: Personal data shared with the Data Controller, including personal data shared when registering for the Newsletter to receive marketing communications, as well as personal data provided to us when using the services, including information entered into the platform and contained in comments, reviews or messages sent by e-mail or through social media channels.

More precisely: When contact occurs between the Data Controller and the User and/or Customer via email or through social media, the Data Controller may collect: personal details provided to it by the User and/or Customer when the latter connects with the Data Controller, including first and last name, user name (if available), telephone number (where applicable) and email address. When the User and/or Customer subscribes to personalised marketing services ("Newsletters") the following data may be provided to the Data Controller: personal details (including first name, last name and email address), how the website is accessed, including IP address, online identifiers and browser details. We may also be provided with browsing behaviour or personal interests. Please note that some of this information may be collected automatically in accordance with Section 3.2.

With reference to the particular categories of personal data, it should be noted that the Data Controller, where strictly necessary and within the limits and in compliance with the law, will use such data exclusively to fulfil or request the fulfilment of specific obligations or to perform specific tasks provided for by European Union legislation. The aforementioned personal data, when requested, are necessary for the proper performance of the contract between the Data Controller and the User and/or the Customer and to enable the Data Controller to fulfil its legal obligations, unless the latter depends on the consent of the data subject as a legal basis for the processing and for the legitimate interest of the Data Controller. Without them, the latter may not be able to provide all the services requested. It is important that all personal data provided by the User and/or Customer are correct and accurate. This means, purely by way of example, the assurance by the User and/or Client that the contact details held by the Data Controller (including the e-mail address) are always correct.

3.2. Personal data automatically collected by the Site: communications sent by the Data Controller and/or third parties The Data Controller collects information relating to visits to the Site and use of the Site, such as the device and browser used, the IP address or domain names of the computers connected to the Site, the URI (Uniform Resource Identifier) notation addresses of the requests made the time of the request, the date and time of the visit, the duration of the visit, the referral site and the navigation path on the Site relating to the visit and interactions on the Site itself, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the User and/or the Customer.

For more information on the purposes for which the Data Controller collects and uses this information, please see the section on Cookies in this Privacy Policy (10. Cookie Information). Please note that personal information may also be linked to Cookies, e.g. to collect information on how you use the Site and the services offered therein. The Data Controller may also automatically collect certain personal data of the User and/or the Customer in order to understand how the User and/or the Customer interacts with the communication material sent to him/her by the Data Controller itself, e.g. e-mails, including the actions he/she takes in relation to such communications, e.g. clicks on links in the text of the e-mail, the duration and frequency of interactions with the e-mail itself.

To the extent permitted by applicable law, the automatic collection of personal data of the User and/or the Customer may also take place in the event that the Controller receives additional information regarding the User and/or the Customer such as fraud detection information and warnings from third party service providers and/or partners for its fraud prevention activities.

4. Why are personal data collected?

In general terms, the Data Controller uses personal data to provide the services requested by the User and/or the Customer, to send service communications, to notify important changes to the Site and possibly to propose content and advertisements that the Data Controller deems may be of interest to the User and/or the Customer.

More specifically, the personal data provided by Users through the use of the Site will be processed with their consent, for the purposes described below: Provision of services accessible through the Site: In order to provide certain services such as, for example: creating and maintaining the contractual relationship established for the supply of the product and/or service requested at every stage and through any possible integration and/or modification requested by the User and/or the Customer; furthering the activities, events and other initiatives, institutional and educational, organised or carried out by the Data Controller; management and processing, in relation to what is indicated in the previous point, of requests and requests for interaction with the Data Controller and the subjects traceable to the latter's organisation.

On what legal basis?

  1. To fulfil a contract or for the performance of a service or measures connected with a contract and/or a service (i.e. to provide the services requested, and/or to provide the User with assistance)
  2. Meeting legal, regulatory and compliance requirements To meet legal, regulatory and compliance requirements and to respond to requests from government or law enforcement authorities that are conducting an investigation. On what legal basis? To comply with the law (i.e. to share personal data with regulatory authorities)
  3. Integrative and behavioural statistical analyses To carry out aggregate statistical analyses on anonymous groups or to analyse the behaviour of identifiable individuals, in order to be able to see how the Site and the services provided therein are used and to verify the performance of the relevant activity. On what legal basis? To pursue the legitimate interests of the Data Controller (i.e. to improve the Site, its functionalities and the services offered therein)
  4. Sending personalised and profiled marketing communications To send personalised and profiled marketing communications only with the consent of the User and/or Customer, as well as to share via e-mail and on the Site or on third party sites (e.g. through advertisements) the best offers and promotions on products and services that the Data Controller deems may be of interest as they respond to the interests of the User and/or Customer. Personalised services or offers may be marketed by the Data Controller or by its partners or commercial collaborators operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, consumer goods, food & beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, publications and publishing, information and communication technology, retail, sport, telecommunications and services in general. To this end, the Data Controller may: - analyse the personal data collected to create a profile of the User's and/or Customer's interests and preferences, in order to create personalised and targeted communications that are relevant and consistent with the User's and/or Customer's profile; - combine the information collected through cookies with information relating to purchases made on the Site and with information that the Data Controller may receive from third parties, who collect the User's and/or Customer's data in a manner agreed with the same - analyse information on the interaction with the communication material sent by the Data Controller, for example data on when e-mails are opened or to determine whether advertisements have been viewed and whether there has been interaction with them, to record the number of times each advertisement has been viewed, to prevent a single advertisement from being shown too frequently, etc. - temporarily share an encrypted version of the User's and/or Customer's email address with partners carefully selected by the Data Controller, who may combine this information with other forms of online identifiers or other personal data in order to show the same User and/or Customer the Data Controller's offers on multiple devices or channels, e.g. on social networks (Facebook, Pinterest, Instagram, Twitter) - use automated decision-making processes to segment and target product offers according to the requests and needs of the User and/or Customer, reducing the risk of proposing inappropriate or irrelevant information and/or offers to the same User and/or Customer. The User and/or Customer is entitled to request manual decision-making, to express his/her opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, you may contact our Data Protection Officer, whose contact details are provided in Article 9 of this Privacy Policy. On what legal basis? Where the User and/or Customer gives their consent
  5. Security of the Site and the systems used by the Data Controller To maintain the security of the Site and the systems used by the Data Controller to provide the Services and to prevent and detect fraud, security incidents and/or other crimes. On what legal basis? To pursue the legitimate interest of the Data Controller (i.e. to ensure the security of the Site and systems)
  6. Verification of compliance and legal action To verify compliance with the General Terms and Conditions of Service and to establish, exercise or defend a right in court. On what legal grounds? To pursue the legitimate interests of the Data Controller (i.e. in accordance with the General Conditions and Terms of Service, to protect the rights of the Data Controller in the event of disputes or complaints)
  7. Customisation of advertisements and online marketing notifications To tailor and customise advertisements and online marketing notifications based on information collected through cookies and relating to your and/or your customer's use of the Site, the products and services provided therein and other sites (please refer to the section on cookies in this Privacy Policy for further information). On what legal basis? Where the User and/or Customer gives their consent (i.e. through the Cookie banner or via the browser settings)
  8. Personnel recruitment and selection activities In order to assess the applications sent by Users as part of the personnel recruitment and selection process and, where appropriate for the open position, for the purposes of establishing the employment relationship and fulfilling the legal obligations relating to the relationship. On what legal basis? Where the User gives his or her consent, as well as the need to enter into a contract with him or her for the purposes of establishing the employment relationship. Where the processing of personal information is based on legitimate interest, the Data Controller carries out an assessment to ensure that its interest in the use of the data is legitimate and that the User's fundamental privacy rights are not overridden by its legitimate interests ('balancing test'). Further information on the comparative assessment can be found by contacting the Data Controller at [email protected].

5. Who sees, receives and uses the data and where can this be done?

5.1. Categories of data recipients: The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients its employees and/or authorised collaborators who provide support and consultancy services in the areas of administration, product, legal advice, IT systems, as well as the staff in charge of maintaining the Data Controller's network and hardware and software equipment; the competent authorities, where there is a requirement to do so under applicable regulations; the competent authorities and third-party law enforcement authorities, where this is necessary in order to enforce the General Conditions and Terms of Service as well as to protect and defend the rights or property of the Data Controller or the rights and property of third parties; third parties who receive the data (e.g., business consultants, professionals in the provision of tax due diligence services, "due diligence" or estimating the value and capabilities of the business), where necessary in connection with sales of the Data Controller's business or assets (in which event the data will be disclosed to the Data Controller's advisors and advisors of any potential buyer and will be transferred to the new owners). the personal data collected may also be processed by subjects or categories of subjects who act as data processors pursuant to Article 28 of the Regulation or who are authorised to process the data pursuant to Article 29 of the Regulation; in addition, for some services, the data may be communicated to companies that collaborate with or use the services of the Data Controller with the sole purpose of providing the services requested by the User. In these cases the companies are autonomous data controllers, therefore the Data Controller is not responsible for the processing of the data by these companies. The Data Controller is also not responsible for the contents and compliance with the legislation on the protection of personal data by sites not managed by the same. The full list of the subjects to whom personal data may be communicated is available at the Data Controller's registered office and may be requested by writing to [email protected].

5.2. Transfer of data: The processing of the User's personal data will take place at the registered office of the Data Controller (see point 1), on the Data Controller's servers and at the offices of any other parties to which the data may be transmitted for the purpose of providing the services requested by the User to the Data Controller. Moreover, personal data collected through the Site may be transferred outside the national territory, solely and exclusively for the purpose of providing the services requested through the Site and in compliance with the specific provisions of the Regulation.

Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will take place in compliance with the Regulation. However, should you require further details regarding the safeguards put in place, you may contact the Data Controller by writing to [email protected].

6. Method of processing and storage of personal data

The Data Controller ensures that personal data will be processed in full compliance with the Regulations, by means of manual, computerised or telematic systems and, where necessary, in paper format, and will be stored in the Data Controller's database, protecting the privacy and rights of the User and/or Customer through the adoption of appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The processing may also be carried out by means of automated tools designed to store, manage and transmit the data.

The data collected and processed will be protected with physical and logical methods such as to minimise the risks of unauthorised access, dissemination, loss and destruction of data, pursuant to Articles 25 and 32 of the Regulation. Pursuant to Art. 7 para. 3 of the Regulation, the data subject has the right to obtain withdrawal of consent to processing at any time. If a request for cancellation is not received by the Data Controller, the personal data will be retained by the latter for as long as necessary to achieve the purposes and carry out the activities described in this Privacy Policy, or as otherwise communicated to the User and/or the Customer, or for as long as permitted by applicable law.

Further information on the retention period of personal data by the data controller can be found below:

  • Data relating to purchases made on the Site (name and surname, address, contact information, etc.) - Storage period: 10 years from the date of purchase;
  • Contractual documents - Retention period: 10 years from the date of purchase;
  • Unencrypted credit card data - Retention period: not retained;
  • Financial/transaction-related information - Retention period: 10 years from the completion of the financial transaction;
  • Data relating to checks for the detection of fraudulent transactions (anti-fraud) - Retention period: 5 years from the rejection of the transaction cause;
  • Data used for marketing purposes (data subject to the consent of the User and/or Customer and used for marketing activities towards them) - Storage period: 5 years from the granting or renewal of consent by the User and/or Customer through interaction with marketing communications.
  • Data collected during personnel recruitment and selection activities - Term of retention: Such personal data shall be retained for a period of time no longer than is strictly necessary for the evaluation of the candidature for possible inclusion in the Company's personnel and, in any case, no longer than 12 months, after which such data shall be removed by the Data Controller both from the computer systems and from any paper files in its possession, without prejudice to any further retention obligations provided for by the applicable law and unless otherwise requested by the User and/or Candidate (in this case the legal basis for such further processing shall be the consent of the User and/or Candidate themselves).

With regard to personal data collected through tags, the following retention periods apply:

  • Technical cookies - Storage period: maximum 3 years, starting from the date of browsing the Site;
  • Non-technical cookies - Storage period: maximum 1 year, starting from the date of the data subject's consent.

7. What are the data protection rights and how can they be exercised?

You can exercise the rights guaranteed by the Regulation (Articles 15-22), including the rights to

Right of access: receive confirmation of the existence of personal data, access their content and obtain a copy.

Right of rectification: update, rectify and/or correct personal data.

Right to erasure/right to be forgotten and right to limitation: to request the deletion of data or the restriction of data that have been processed in breach of the law, including data whose storage is not necessary for the purposes for which the data were collected or processed; where we have made personal data public, you also have the right to request the deletion of personal data and the taking of reasonable steps, including technical steps, to inform other data controllers who are processing personal data of your request to delete any links, copies or reproductions of such personal data.

Right to data portability: receive in a structured, commonly used and machine-readable format a copy of the personal data provided to the Data Controller for the purposes of a contract or with the User's consent, and to request the transfer of such personal data to another data controller.

Right to withdraw consent: in the event that the Data Controller depends on the User's consent, the User shall always have the possibility of revoking such consent, although the Data Controller may have other legal bases for processing such data for other purposes.

Right to object at any time: The right to object at any time to the processing of personal data in certain circumstances (in particular in cases where it is not necessary to process the data in order to fulfil contractual or legal requirements, or where the Company uses such data for direct marketing activities. Right not to be subject to a decision based solely on automated processing, including profiling: you can always request that a manual decision-making process be carried out instead, express your opinion or contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects.

You may exercise these rights at any time in the following ways: by contacting the Data Controller by e-mail at [email protected]. Your rights concerning your personal data may be limited in certain situations. For example, if fulfilling this request would reveal the personal data of another person or if there are legal requirements or compelling legitimate grounds, the Controller may continue to process the personal data for which deletion has been requested.

You also have the right to lodge a complaint if you believe that your personal information has been mishandled. You are invited to address the Data Controller in the first instance, but you may, insofar as this right applies to your case, lodge a complaint directly with the competent data protection supervisory authority.

8. Contact details of the data controller

The contact details of the Data Controller are: "Il Mannarino S.r.l.", a company incorporated under the laws of Italy, registered in the Company Register of the Chamber of Commerce of Milan with REA number MB - 2554487, Tax code/VAT number 10747300969 and having its registered office in Viale Giacomo Matteotti, 14/D, Cusano Milanino (MI), 20095. Information about Cookies For any information about Cookies please visit the following page. 11.

Update and previous versions of this Privacy Policy

This Privacy Policy may be subject to change over time - also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. Therefore, the Data Controller reserves the right to amend this Privacy Policy at any time in accordance with this paragraph. If the Data Controller makes any changes to this Privacy Policy, it will post the revised Privacy Policy on the Site and insert the "last updated" date at the beginning of this Privacy Policy.