MammaItalia S.r.l. (VAT no. 03644051207), with registered office at Via Bramante 12, 20154, Milan, as data controller, pursuant to art. 13 of the European Union Regulation (EU) no. 2016/679, General Data Protection Regulation (hereinafter also ‘GDPR’), in accordance with the commitment and care that it dedicates to the protection of your personal data, informs you that your personal data will be processed in the following ways and for the following purposes:
Subject Matter of the Processing
The Controller will process personal identification data (e.g., name, surname, company name, address, telephone, email, bank and payment references), hereinafter ‘PERSONAL DATA’ or ‘DATA’, which you provide when placing the order.
Purpose of Processing
Your personal data is processed for the following purposes:
- completing the requested order: we use your personal data to receive and process orders, provide products and services, process payments, and communicate with you regarding your orders, products, services, and promotional offers;
- fulfilling obligations arising from site management: in some cases, we have a legal obligation to collect and process your personal data. For example, we process data for identification purposes and for other purposes related to security and prevention and detection of cybercrimes (e.g., Law 48/08);
- complying with obligations provided for by law, regulation, EU legislation, or by order of public authorities (including, but not limited to, using your payment data for anti-fraud purposes under Directive 2015/2366, as subsequently amended, on payment services in the European single market);
- exercising the rights of the Controller, including not only the right to prevent and investigate fraud and abuse in order to protect the safety of our customers, but also, for example, the right to defence in court.
Methods of Processing
Your data is processed by means of the operations indicated in Art. 4 Para. 2 of the GDPR, namely: the collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure, and destruction of data. Your personal data may be subject to both paper and electronic and/or automated processing. The Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 10 years from the date of the conclusion of the order.
Your data may be made accessible for the above purposes to:
- the Controller’s employees and partners;
- third-party companies or other parties (e.g., credit institutions, professional and legal firms, administrative and payroll service companies, consultants, etc.) who carry out outsourcing activities on behalf of the Controller, in their capacity as external data processors.
Personal data is stored on servers located within the European Union. Regardless, it is understood that the Controller will, if necessary, have the right to move the servers outside the EU. In this eventuality, the Controller ensures that non-EU data will be transferred in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
Data Subject Rights
As the data subject, you may exercise your rights under Art. 10 (right of access to data) of GDPR.
Where applicable, you also have the rights set out in Articles 16–22 GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to object, right not to be subject to automated decision-making).
If you wish to exercise your rights, we invite you to contact us at firstname.lastname@example.org and we will be happy to offer you the support you need.
You have the right to lodge a complaint with the supervisory authority of your country of residence; if you are a resident of Italy, you can contact the Data Protection Supervisor (www.garanteprivacy.it).