PRIVACY & COOKIES: ALL THE INFORMATION YOU ARE ENTITLED TO, IN ONE PLACE!
Your data will always be protected. We explain why we need it, the purposes and how we use it, consistently with the following key principles
1. Fairness
We use your data to improve your experience on our website and to provide our services in the best possible way.
2. Security
Your data is protected.
3. Clarity
All information will be provided in the clearest and most accessible way: no surprises.
4. Your consent is essential
You decide whether you want to receive updates from us, and how.
5. Necessity
No unnecessary information: if we don’t need it, we won’t collect it.
Privacy notice on the processing of personal data pursuant to Articles 13-14 of EU Regulation 2016/679
Data subjects: E-commerce customers
MAGGINI GROUP S.R.L., as data controller of your personal data (the “Controller”), pursuant to and for the purposes of EU Regulation 2016/679 (the “GDPR”), hereby informs you, as the data subject (the “Data Subject”), that the above legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
ONLINE PURCHASES
Why do we use personal data (purposes of processing)?
MAGGINI GROUP S.R.L., as Controller, uses your personal data to provide you with the information, products and services you request or purchase online and in our stores. In particular, we use your personal data to process your purchase and payment orders, issue electronic receipts or invoices, manage shipments, returns, complaints and activities connected with product warranties.
Whenever you make a purchase and/or a payment, or return a product, we use your personal data to verify your identity and your ability to enter into a contract, check that the financial information you provided is correct, carry out fraud checks or prevent other illegal activities.
Users’ personal data is also used to confirm the user’s address with our external partners.
A further purpose of processing is the pursuit of the Controller’s legitimate interest in ensuring the full operability and proper functionality of the website.
In addition, following a purchase, we may share certain transaction data (such as name, email address and order details) with external partners, such as Google, in order to send review requests about our products and services. These partners use automated tools such as cookies or tracking technologies to manage such requests, in accordance with their own privacy policies.
What types of personal data do we process?
We will process the following categories of personal data:
- contact details such as name, address, e-mail address, phone number
- payment data and payment history;
- credit information;
- order information;
- tax code, ID card number, VAT number (if any) or similar identification numbers (if you choose to provide them).
If you have a User Profile, we will also process personal data relating to the account:
- User Profile ID or membership ID and related password
- purchase history
Who has access to personal data?
Sometimes your personal data is shared with third parties that help us carry out certain tasks or provide certain services. In particular, we may ask third parties to validate your address, communication agencies to send you order confirmations, involve warehouses and distributors to deliver your order, payment service providers to process your credit/debit card payments, banks and other financial service providers, and online platforms through which our products and services are available for purchase.
Please note that many of these recipients have an independent right or obligation to process users’ personal data.
What is the legal basis for processing personal data?
MAGGINI GROUP S.R.L. processes the personal data necessary to enter into a contract with you and fulfil all obligations arising from that contract, whether related to a purchase order, a payment or the use of the services we provide.
In relation to the provision of our products and services, we may sometimes be legally required to collect, process and store your personal data, for example in order to comply with tax and financial laws.
How is personal data processed?
Personal data may be processed by automated means, using computers or other IT tools. Any processing is carried out in compliance with Articles 6 and 32 of the GDPR and by adopting the appropriate security measures provided therein.
Data will be processed only by processors expressly and formally appointed (the “Processors”) and by persons authorised to process data under the direct authority of the Controller or the Processor, duly trained and instructed for such purposes.
In particular, for purposes related to ensuring full operability and proper functionality of the website, data may be processed by external collaborators, in particular by IT consulting companies.
Disclosure of personal data
Without prejudice to disclosures made in compliance with legal and contractual obligations, as well as for the pursuit of a legitimate interest of the Controller, your data may be disclosed to public and/or private entities where disclosure is mandatory or necessary in relation to the purposes of processing and, in any event, in compliance with legal obligations, to constitutional bodies or bodies of constitutional relevance.
Dissemination
Your personal data will not be disseminated.
Your personal data may also be transferred, limited to the purposes indicated above, within EU countries.
How long is personal data stored?
In compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR, the retention period of your personal data is set for a period not exceeding:
- the performance of mandatory checks required by the Authority and public bodies;
- the achievement of the purposes for which the data is collected and processed.
Data Subject rights
As a Data Subject, you have the rights set out in Article 15 and following of the GDPR, including the right to:
- obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and its communication in an intelligible form.
In particular, the Data Subject has the right to obtain information about:
- the origin of the personal data;
- the purposes and methods of processing;
- the logic applied in the event of processing carried out with the aid of electronic tools;
- the identification details of the Controller and the Processors;
- the subjects or categories of subjects to whom personal data may be disclosed, or who may become aware of it, as appointed representative in the territory of the State, as Processors or authorised persons (persons in charge of processing).
The Data Subject also has the right to obtain:
- updating, rectification or, where interested, completion of data;
- erasure, anonymisation or blocking of data processed unlawfully, including data that is no longer necessary for the purposes for which it was collected or subsequently processed;
- certification that the operations above have been brought to the attention, including as regards their content, of those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the protected right;
- data portability.
The Data Subject has the right to object, in whole or in part, to the processing of personal data concerning them, for reasons related to their personal situation, even if relevant to the purpose of collection.
To exercise your rights and obtain any useful information regarding the processing of your data, you may submit an express written request to: info@fuix.com.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing concerning you violates the GDPR.
Controller, Processors and authorised persons
The Controller against whom the above rights may be exercised is Maggini Group S.r.l., which can also be contacted at the following email address: info@fuix.com.
The updated list of Processors and authorised persons is kept at the company’s operational headquarters at Via Francesco Serritelli n. 31, 00123 – Rome.
ACCOUNT CREATION
Why do we use personal data?
We use personal data to create and manage the User Profile.
We will provide the user with order history and order details, allowing the user to manage account settings. We also allow the customer to save items in the shopping cart.
What type of personal data do we collect?
We always process the email address and password provided by the user when registering the User Profile on www.fuix.com.
We process the following categories of personal data that the user chooses to provide to us:
- contact information such as name, postal address, email address and phone number
- date of birth
- gender
- country
- encrypted payment card data
We process the following categories of personal data when the user makes a purchase:
- order history
- delivery data
- payment history
We also process the following categories of personal data related to cookies:
- click history
- browsing and viewing history
Who has access to personal data?
Data transferred to third parties is used exclusively to provide the services mentioned above; to optimise the website we use IT consulting companies and analytics tools for product evaluation.
What is the legal basis for processing personal data?
Processing of the user’s personal data for managing the User Profile is based on consent, when the user creates the relevant account.
Processing personal data to provide relevant product information is based on our legitimate interest.
Right to withdraw consent:
The user has the right to withdraw consent to the processing of personal data at any time. By doing so, the User Profile will cease to exist and Maggini Group S.r.l. will not be able to provide the services mentioned above.
How long is personal data stored?
We retain personal data as long as the user has an active profile.
The user has the right to delete their User Profile at any time. If they decide to do so, the account will cease to exist and the user will be considered inactive. We retain the user’s personal data in the event of legal claims or disputes.
After the account has been deleted, all personal data will be deleted.
Data Subject rights
As a Data Subject, you have the rights set out in Article 15 and following of the GDPR, including the right to:
- obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and its communication in an intelligible form.
In particular, the Data Subject has the right to obtain information about:
- the origin of the personal data;
- the purposes and methods of processing;
- the logic applied in the event of processing carried out with the aid of electronic tools;
- the identification details of the Controller and the Processors;
- the subjects or categories of subjects to whom personal data may be disclosed, or who may become aware of it, as appointed representative in the territory of the State, as Processors or authorised persons (persons in charge of processing).
The Data Subject also has the right to obtain:
- updating, rectification or, where interested, completion of data;
- erasure, anonymisation or blocking of data processed unlawfully, including data that is no longer necessary for the purposes for which it was collected or subsequently processed;
- certification that the operations above have been brought to the attention, including as regards their content, of those to whom the data has been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the protected right;
- data portability.
The Data Subject has the right to object, in whole or in part, to the processing of personal data concerning them, for reasons related to their personal situation, even if relevant to the purpose of collection.
To exercise your rights and obtain any useful information regarding the processing of your data, you may submit an express written request to: info@fuix.com.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing concerning you violates the GDPR.
Controller, Processors and authorised persons
The Controller against whom the above rights may be exercised is Maggini Group S.r.l., which can also be contacted at the following email address: info@fuix.com.
The updated list of Processors and authorised persons is kept at the company’s operational headquarters at Via Francesco Serritelli n. 31, 00123 – Rome.