Data Controller

Maglio Arte Dolciaria S.r.l.

Name and Surname of the Data Processor

__Maglio Arte Dolciaria srl____

e-mail address of the Data Processor

____info@www.cioccolatomaglio.it_____

 

Types of Data Collected

Your privacy is important to us. We would like to inform you that this website collects various data, either independently or through third parties. That data includes: Cookie, Usage data, name, surname, email, phone number, address, zip code, country, city, company name, gender, date of birth, VAT number, shipping address, billing address.

Details on the types of data collected will be provided later in this Privacy Policy or through specific disclosure documents that can be viewed before completing various forms.
Personal data can be freely provided by the user or, in the case of usage data, collected automatically as you browse the website.
Unless specified otherwise, all data requested is compulsory. If the user refuses to provide this data, it may be impossible to provide them the requested service. If the website indicates some data as optional, the users are free to abstain from providing this data, without there being any consequences on the availability or operation of the service.
Users who have any doubts regarding which data are compulsory, please contact the data controller.
Cookies – or other tracking tools – are used by this website or by the data controllers of third party services used by this website, unless otherwise specified, to provide the service requested by the user, as well as for other means described in this document or in the Cookie Policy, that can be used as reference.
The user is responsible for third party personal data acquired, published or shared on this website and guarantees to have the right to provide or share this, assuming all responsibility from the data controller regarding third parties.

Place and procedure of processing of collected Data

Location
All collected data is stored in secure facilities by the Controller to which only authorized persons have access. For more information one should contact the Data Controller.
When Personal Data is transferred to a country other than the User’s country, the User has the right to obtain more information about where the Data is processed and the Legal Basis for the data transfer outside the European Union and the measures taken by the Data Controller to protect the Data. The User is referred to the section on details on the processing of Personal Data.
For the transfer of Data outside the European Union we refer to the relevant sections of this document. The User can always or request information from the Data Controller.
Duration of processing
The Data collected will always be kept for the duration strictly necessary to achieve the purposes for which it is collected and will not be disseminated.
The collected Data may also be kept for longer periods when the User gives consent to the Processing and until this consent is revoked or when it is necessary to comply with a legal obligation or by order of an authority.
With reference to a contract between the Data Controller and the User, the Data will be retained until the contract is fully executed. With regard to Data collected solely for purposes attributable to legitimate interest, it will be retained until such interest is satisfied. In any case, the User, may contact the Controller to obtain more information regarding the legitimate interest or refer to the relevant section of this document.
Once the retention period for Personal Data has expired, it will be deleted and it will no longer be possible to access it or exercise any right of transfer.

How and where is your Data processed?

The Data Controller employs security measures necessary to prevent Personal Data from being improperly disclosed by preventing unapproved access, modification or destruction.
Personal Data is processed using telematic and computerized tools. Security measures are observed to prevent data loss, unlawful use, disclosure and unauthorized access.. It may happen that the Data Controller appoints other subjects as Data Processors in cases where it is necessary. These parties may be directly involved, e.g. sales, marketing department, administration, legal or external parties such as third party service providers, hosting providers, communication agencies, postal couriers. The Data Controller shall always have the list of these subjects updated should it be requested.
What is the legal basis of Data processing?
The legitimate interest of the Data Controller or third parties is the legal basis for the processing of the Data
The User’s Data are processed by the Data Controller only when the User has given consent for the processing of the Data for one or more purposes, in order for the contract with the User to be executed and/or to the performance of pre-contractual information obligations, for the fulfillment of a legal obligation, for the performance of a task of public interest or for the exercise of public powers vested in the Data Controller.
The User also has the right to request at any time from the Controller information about the concrete legal basis of each processing and to ask to specify whether the processing is based on law or if it is required by a contract or if it is necessary to conclude a contract

Purpose of Data Processing

What is the purpose of the Data Processing?

You should know that Data is collected by the Data Controller in order for the Data Controller to provide its Services. In addition to that there are other purposes such as: Hosting and backend infrastructure, Statistics, Contacting the User, Interaction with social networks and external platforms, Payment management, Content commenting, Advertising, Traffic optimization and distribution Access to accounts on third party services, Contact management and message sending, Tag management, Protection from SPAM, Displaying content from external platforms, Registration and authentication, Remarketing and behavioral targeting, Platform and hosting services.

You can refer to the relevant section for more information and details.

Contact Form

Once you have filled out the contact form with your Personal Data, you automatically give your consent to the processing of your Data that will be used to send you quotes, requests for information or send you information of any other nature indicated in the form.
The Personal Data collected in the Contact Form are: first name, last name, email, telephone, company name

Phone Number

If you provide your telephone number you may be contacted by telephone for commercial and/or promotional activities related to this website or to request information regarding the quality of services offered.

The Personal Data collected are: telephone number.

Newsletter or Mailing List

When you register for the newsletter or miling list, or leave your address after a purchase or after registering for this website, your email address is automatically saved in a list of contacts to whom commercial or promotional informational emails related to this website may be sent.

The Personal Data collected are your First Name, Last Name, Business Name, city, province, zip code, country, email, phone number

My Bank Unicredit

This website processes payments through payment processing services. Payment processing is done by bank transfer, credit card and other means and Personal Data is acquired directly from the operator of this service and not from this website.
It is implied that these payment processing services may allow emails to be sent to the User that contain invoices or notifications regarding payment.
MyBank is a payment service provided by UniCredit S.p.A.
Personal Data collected: various types of Data as specified by the privacy policy of the service.
Place of processing: Italy
To read the Privacy Policy of UniCredit Spa click on the following link: Privacy Policy.

Backend and Seeweb Hosting

For the operation of this website we make use of Hosting services on external servers and management platforms that allow us to update content and save your personal data.

It is not always possible to determine exactly where data is processed, as servers may be geographically displaced in different locations due to technical choices that are in no way dependent on the Data Controller, but rather are the responsibility of the providers of housing and hosting services.

Seeweb srl

It was created with the aim of providing a full range of Cloud services to meet the needs of companies, whatever their project. Develop a Virtual Infrastructure, store and share data, prepare for disaster recovery capabilities, outsource backups or even develop a SaaS offering from your own software.

Data is processed in Italy – Privacy Policy

Google Analytics service with anonymized ip

Google Analytics allows you to measure sales and conversions, but it also provides up-to-date data on how you use this site, how you came to this site, and suggests ways for this site to incentivize you to return.

The Service is offered by Google Inc and is a web analytics service that uses Personal Data collected to personalize advertisements in its advertising network.

Google Analytics offers a supplementary Service with anonymized IP. This Service consists of abbreviating the IP address of Users within the European Union or in countries outside the European Union but which have nevertheless joined the Agreement on the European Economic Area. Only in exceptional cases the IP address will be sent to Google’s servers in the United States and will be abbreviated within member countries.

The Personal Data collected are Usage Data and Cookies.

The Data is processed in the United States – Privacy Policy – Opt Out.

Wordpress Statistics

The Wordpress Statistics Service is provided by Automatic Inc.

The Personal Data collected by this service are Usage Data and Cookies.

Personal Data is processed in the United States. – Privacy Policy.

Mailup platform

Mail up is a platform for sending and managing newsletters, emails and SMS.

The Service is provided by Mail up S.p.A. and collects personal data such as first name, last name, email.

The Data is processed in Italy – Privacy Policy.

Site Registration

In order to register on this site, you will have to fill out a registration form and directly provide your personal information such as: first name, last name, e-mail address, phone number, address, city, user ID, username, password, country, zip code, company name, billing address, shipping address, VAT number, tax code.

Wordpress Platform

These services are intended to host and operate key components of this Web Site, making it possible to deliver this Web Site from a single platform. These platforms provide the Owner with a wide range of tools such as, for example, analytical tools, user registration management, comment and database management, e-commerce, payment processing etc. The use of such tools involves the collection and processing of Personal Data. Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.

WordPress.com (Automattic Inc.)

WordPress.com is a platform provided by Automattic Inc. that enables the Owner to develop, operate and host this Web Site.

Personal Data collected: various types of Data as specified by the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Google Font

This type of service allows to display content hosted on external platforms directly from the pages of this Website and interact with them.

In the event that such a service is installed, it is possible that, even if Users do not use the service, it may collect traffic data related to the pages where it is installed.

Google Fonts (Google Inc.)

Google Fonts is a font style display service operated by Google Inc. that allows this Website to integrate such content within its pages.

Personal Data collected: Usage Data and various types of Data as specified by the service’s privacy policy.

Place of processing: United States – Privacy Policy. Privacy Shield Adherent.

Youtube Video: Widgets

This type of service allows to display content hosted on external platforms directly from the pages of this Website and interact with them.

In the event that such a service is installed, it is possible that, even if Users do not use the service, it may collect traffic data related to the pages where it is installed.

YouTube Video Widget

YouTube is a video content display service operated by Google Inc. that allows this Website to integrate such content within its pages.

Personal Data Collected: Cookies and Usage Data.

Place of processing: United States – Privacy Policy. Privacy Shield Adherent.

Rights of the Data Subject

Users may exercise certain rights with respect to the Data processed by the Data Controller.

In particular, the User has the right to:
  • revoke consent at any time. The User may revoke the consent to the processing of its Personal Data previously expressed.
  • object to the processing of their Data. The User may object to the processing of its Data when it is done on a legal basis other than consent. Further details on the right to object are provided in the section below.
  • access to one’s own Data. The User has the right to obtain information about the Data processed by the Data Controller, certain aspects of the processing and to receive a copy of the Data processed.
  • verify and request rectification. The User may verify the correctness of its Data and request that it be updated or corrected.
  • obtain restriction of processing. When certain conditions are met, the User may request the limitation of the processing of its Data. . In this case, the Data Controller will not process the Data for any purpose other than its preservation.
  • obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Data Controller.
  • receive their Data or have it transferred to another Data Controller. The User has the right to receive its Data in a structured, commonly used, machine-readable format and, where technically feasible, to have it transferred unimpeded to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, a contract to which the User is a party or contractual measures related thereto.
  • propose complaint. The User may propose a complaint to the competent data protection supervisory authority or take legal action.

Data Subject’s Right to Object

When Personal Data are processed in the public interest, in the exercise of public authority vested in the Data Controller or in pursuit of a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Users should note that if their Data were processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out whether the Data Controller processes Data with direct marketing purposes, Users may refer to the respective sections of this document.

Additional Information

Defense in Law

The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages to its possible establishment for the defense against abuse in the use of this Web Site or related Services by the User.
The User declares that he/she is aware that the Data Controller may be obliged to disclose the Data by order of public authorities.
Specific Disclosures
Upon the User’s request, in addition to the information contained in this privacy policy, this Web Site may provide the User with additional and contextual disclosures regarding specific Services, or the collection and processing of Personal Data.
System Logs and Maintenance
For operation and maintenance purposes, this Web Site and any third-party services it uses may collect System Logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Responding to “Do Not Track” Requests
This Web Site does not support “Do Not Track” requests.
To find out whether any third-party services used support them, the User is encouraged to consult their respective privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page and, if possible, on this Website as well as, when technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller . Therefore, please consult this page regularly, referring to the date of last modification indicated at the bottom.
If the changes affect processing whose legal basis is consent, the Controller will collect the User’s consent again, if necessary.