INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

(Art. 13 EU Reg. 2016/679 and Art. 13 D.Lgs. 196/2003)
– Website –

 

According to art. 13 of Legislative Decree no. 196/2003 and art. 13 of EU Regulation no. 2016/679, laying down provisions for the protection of persons and other subjects regarding the processing of personal data, we wish to inform you that the personal data you provide will be processed in compliance with the above mentioned law and the obligations of confidentiality to which the Individual Company Marco Balvetti with registered office in Via Valerio Giacomini, 108 – 00134 Rome, owner of the site www.martisdo.com VAT no.: 15259361002

A) Data controller
The data controller is the Individual Company Marco Balvetti ( the Company) with registered office in Via Valerio Giacomini, 108 – 00134 Rome, owner of the website www.martisdo.com VAT number: 15259361002 , in the person of the legal representative p.t.. You can contact the owner using the following e-mail address: info@martisdo.com.

B) Purpose and legal basis of the processing
the Company will process your personal data for the following purposes:

1. registration to the Martis Do website by entering your personal data;
2. order processing and activities related to order delivery;
3. management of payments;
4. management of its requests of a commercial nature or on the progress of the order;
5. management and taking orders by telephone;
6. sending, with your consent and for marketing purposes, commercial communications by e-mail;
7. sending, with your consent, for profiling purposes in order to improve your browsing experience on the site, commercial proposals in line with your interests. In this regard, we invite you to read our Cookie Policy in the Cookie section.

The legal basis for the processing of personal data provided by the interested party is the fulfilment and management of the contract (art. 6 par. 1 letter B EU Reg. 2016/679).
The provision of the data referred to in letter B) is not mandatory. This conferment and subsequent processing is necessary to allow the provision and management of the service, any refusal to provide the data in question will make it impossible to obtain the use of the service proposed by the Owner.

C) Storage of personal data collected
The personal information that the Company collects when you browse or shop on our site is as follows:
1) personal data: name, surname, billing address, shipping address, e-mail address and telephone number;
2) we also register your e-mail address when you subscribe to our newsletter, autonomously and independently from your registration on our site. This is always optional and can be changed at any time;
3) we process your personal data when you contact our Customer Service to request assistance on an order placed. We record and process your data when you contact our Customer Service to place an order by telephone.
4) Through cookies we collect some information about your navigation on Martis Do, such as the pages you visit.
5) we may be able to collect data from third parties, such as if the order you place is sent to a third party you have indicated. On these occasions, the Company will make sure to deliver the privacy policy to the third party at the time of the first communication and to keep the data of third parties only for the processing and delivery of the order. It is your responsibility to obtain the consent of the person to whom the data refers before communicating them to the Company and to inform him/her about this Privacy Policy.

D) Special categories of personal data
In accordance with Articles 9 and 10 of EU Regulation no. 2016/679, the Company, by reason of the nature of its business and the purposes of the processing of personal data, does not require the provision of special categories of personal data pursuant to Articles 9 and 10 of EU Regulation no. 2016/679 2016/679

E) Data processing methods and security measures
The data will be processed mainly with the aid of electronic or automated tools, in accordance with the methods and tools suitable to ensure the security and confidentiality of the data, in accordance with the provisions of art. 32 EU Reg. 2016/679 and in compliance with the principle of accountability of the owner. In particular, all technical, IT, organizational, logistical and procedural security measures will be adopted in order to guarantee the appropriate level of data protection provided for by current legislation, allowing access only to the persons authorized to process the data by the Data Controller or Managers designated by the same and in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Article 5 of EU Reg. 2016/679.

F) Data retention period
a) 10 years for billing data, starting from the billing date;
b) until the request for cancellation for the data you provided at the time of registration;
c) until the request for cancellation or unsubscription, e.g. for newsletters, for data used for commercial communication activities.

G) Scope of data communication
The personal data you have provided, for the purposes described, may be brought to the attention of employees and/or collaborators of the Company, appointed as authorized data processors (art. 2-quaterdecies of Legislative Decree 196/2003), and communicated to the following subjects:

a) third party companies appointed by the Company to carry out specific executive phases of the Services provided and, in particular:
1) GLS Corriere Espresso: for the processing of data necessary to carry out shipping activities in Italy and in EU countries, for the delivery and return (through our Returns service) of products purchased by you on our website.
2) GLS for the processing of data necessary for the management, preparation and shipment of your order.
3) PayPal: for the payment of orders through PayPal platform, with any credit card or personal account.
b) third party companies or consultants in charge of installation, maintenance, updating and, in general, management of the hardware and software used by the Company;
c) all public and/or private subjects, natural and/or legal persons (administrative, fiscal and legal consultancy firms), if the communication is necessary or functional to the correct fulfillment of the contractual obligations undertaken in relation to the services provided, as well as the obligations deriving from the law;
d) all subjects (including Public Authorities) who have access to the data by virtue of regulatory or administrative measures. The personal data you provide and subsequently processed in relation to the management of the service are not subject to disclosure.

H) Rights of the data subject
In relation to the data subject to the processing referred to in this information notice, you are entitled at any time to the right to:
– Access (art. 15 EU Reg. 2016/679);
– Rectification (art. 16 EU Reg. 2016/679);
– Deletion (art. 17 EU Reg. 2016/679);
– Restriction (Art. 18 EU Reg. 2016/679);
– Portability (art. 20 EU Reg. 2016/679);
– Opposition (Art. 21 EU Reg. 2016/679)
The rights can be exercised by means of a written communication to be sent by registered letter to the address of the data controller.

I) Claims
According to art. 77 EU Reg. 2016/679, a claim may be lodged with the Guarantor Authority in the event of violation of the regulations in force regarding the protection of personal data.

L) Transfer of personal data
The processing and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third party companies appointed and duly appointed as Data Processors pursuant to art. 28 GDPR. The servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller ensures from now on that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an appropriate level of protection and/or by adopting the standard contractual clauses provided by the European Commission (Corporate binding Rules).

M) Existence of an automated decision-making process, including profiling
The data controller does NOT adopt any fully automated decision-making process, including profiling, as referred to in Article 22, paragraphs 1 and 4, of EU Regulation 679/2016.