Data Protection and Cookies Policy
The disclosure herein is provided in accordance with Regulation (EU) 2016/679 (GDPR) and with Legislative Decree 196/2003 with a view to informing the parties concerned of the manners of management of the website in regard to the processing of the personal data provided by site users.
The disclosure herein regards only the website, www.myin.it. The disclosure herein does not regard any website that may be accessed by the user/visitor via links/section available on this page.
The Data Controller is MYIN S.r.l., with registered office in via Carlo Cattaneo 11, 20063 Cernusco sul Naviglio Milano, Tax identification and VAT number: 11281640968, registered with the Milan Chamber of Commerce under no. 2591659, represented by its legal representative pro tempore.
NATURE OF DATA PROCESSED
During the course of their normal operations, the the IT systems and software procedures for operating this website certain personal data, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified users. However, intrinsically, this may mean that users can be identified as a result of processing and of being associated with data held by third parties.
IP addresses or the domain names of computers used by users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other data relating to the operating system and the User’s IT environment fall within this category.
See the pertaining disclosure below.
-Data provided voluntarily by the user
The sending of emails on an optional, explicit and voluntary basis to the addresses present on this website, also when filling in the online contact forms, means that the e-mail of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message/module.
-Data concerning registration and access to the restricted-access area of the internet site
In order to enable user registration and subsequent access to the restricted-access area of the internet site, the Data Controller processes the following personal data: username, password, e-mail address, name, surname, province, municipality/city.
-Data for online purchases
In order to enable users to purchase online and receive products available for purchase at home, the Data Controller processes the following personal data: name, surname, e-mail address, shipping address, telephone number, Taxpayer’s Code and invoicing data.
PURPOSE OF DATA PROCESSING
Browsing data are used only in order to gather statistical information on an anonymous basis regarding the use of the website and in order to check that it is working correctly. Said data could be used to verify liabilities in the event of potential IT offences against the Website.
The data pertaining to electronic mail correspondence and the data provided voluntarily by users on filling in the contact forms are used to reply to the users themselves and/or to manage specific requests.
The data pertaining to registration and access to the restricted-access area of the internet site shall be processed for the purposes of management of users’ accounts, in order to enable access to the pertaining services, and for the purposes of statistical analysis and/or market research.
The data required for purchasing online shall be processed for the purposes of managing orders and of related activities (e.g. disclosures to customers concerning the status of orders; replies to customers’ requests or information transmitted via the Contact us section, managing payments etc.).
The data pertaining to online purchases made by parties registered on the internet site, shall also be processed for the purposes of profiling and marketing in order to promote products according to the preferences displayed by users
LEGAL BASIS OF PROCESSING
The browsing data, technical and analytical cookies and the technical information strictly necessary for provision of the service shall be processed because necessary for furtherance of the legitimate interests of the Data Controller for publication and for management of the said party’s internet site.
The data on correspondence via contact forms or electronic mail shall be processed as arising out of the legitimate interest of the Data Controller to reply to the correspondence received or to take pre-contractual measures as expressly requested by the party concerned (e.g. notices of offers or commercial information).
The legal basis of processing that is conducted for promotional and marketing activities and profiling, consists in the consent of the data subject (which is optional and may be revoked at any time) which consent is requested at the foot of the form by means of which the data themselves are provided by the user
The data required to make online purchases shall be processed for the purposes of performance of contractual obligations and/or of compliance with the legal obligations of the concern (e.g. accounting and pertaining legal/fiscal procedures).
The personal data are processed by automated and electronic tools, for the time strictly necessary for attainment of the aims for which the said data were collected. The same are transmitted to third parties only when required in order to provide the service requested. Specific security measures are complied with in order to prevent the loss of the data, unlawful or incorrect use of the data or unauthorised access to the data.
The data collected for the aforementioned purposes may be transmitted:
- to any third parties with whom the undersigned stipulates commercial agreements for marketing purposes;
- to third parties providing services, or suppliers playing a part in operational management of the program, who may access the data;
- to the personnel and/or collaborators of the undersigned and/or to third parties that have a service relationship with the undersigned party and are therefore authorised to access the data in the capacity of officer/permit-holder.
The Data Controller may therefore process the data personally or through the agency of the said controller’s duly authorised employees, or by outsourcing to collaborators who thus become Data Controllers.
An updated list of Data Processors may be requested to the Data Controller.
WHERE DATA ARE PROCESSED
The personal data collected by means of the web site, www.myin.it are stored at the registered office located in via Carlo Cattaneo n. 11, 20063 Cernusco sul Naviglio Milan.
The Users’ personal data are stored for the time necessary for attainment of the aims for which the said data were collected.
The data storage periods depend on the aims for which the data are to be processed; the periods may therefore vary.
In any case, storage of personal data shall take place over the period of time required: (i) to manage orders and undertake pertaining activities; (ii) to manage the accounts of users registered on the site; (iii) to engage in hosting and maintenance of the site; (iv) to assert legal rights; and (v) as set forth in applicable legal provisions.
The data collected for the purposes of profiling and direct marketing are stored, at the latest, for 12 and 24 months, respectively, following receipt of consent from the data subject.
The personal and contact data shall be stored until the data subjects expressly apply to discontinue the service, via the link provided for this purpose at the foot of all promotional messages.
OBLIGATION OR FACULTY TO SUBMIT DATA
With the exception of the necessary browsing data, users are free to choose whether to provide their personal data.
A refusal on the part of a data subject to submit data may impede (in part or wholly) compliance with legal obligations, stipulation or due execution of the contract, or due responses to requests.
RIGHTS OF THE DATA SUBJECT
The rules governing protection of personal data (articles 12-22 of Regulation (EU) 2016/679) guarantees the data subject’s right to information on the processing of his/her data and at any time to access the said data to request updates, inclusion of additional data and correction. When the conditions obtain as per the said rules, the data subject is entitled to demand that the data be deleted, and that the processing of the same be limited, as well as data portability. He/she may oppose processing and subjection to decisions based solely on automated processes.
Whensoever personal data processing requires the consent of the data subject the said party is entitled to revoke such consent.
In order to exercise their rights and receive further information regarding data processing, the data subject may contact MYIN S.r.l. by e-mailing firstname.lastname@example.org
If the data subjects believes that his/her rights have been violated, the said party may seek redress by addressing a complaint to the Italian data protection authority.
AMENDMENTS TO THE DISCLOSURE
The Data Controller may, at will, modify and/or update the disclosure herein, which disclosure shall be understood as accepted by the user when he/she continues to use the site after the specified date of the amendments.