This document describes how to manage the website ("Site"), with reference to the processing of personal data of users ("User / Users") who consult it.
It is an information provided pursuant to art. 13 of Legislative Decree no. 196/2003, so called Personal Data Protection Code (hereinafter "Privacy Code") and Article 13 of EU Regulation 679/2016 (hereafter "GDPR"), to all those who visit the Website and interact with the web services of Mila Srl, accessible through the Website.
1. DATA PROCESSING HOLDER
The owner of the processing of his personal data is Mila S.r.l., Via Cottolengo 22 / a, 10072 Mappano - Italy, P.iva 06481140017, (hereinafter "Mila" or "Holder"), e-mail firstname.lastname@example.org.
2. WHAT TYPES OF DATA WE TRACK
2.1 NAVIGATION DATA
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
This is information that is not collected to be associated with identified individuals, but that by their very nature could allow users to be identified.
This category of data includes (i) the IP addresses or the domain names of the computers used by the Users who connect to the Website, (ii) the Uniform Resource Identifier (URI) addresses of the requested resources, (iii) the timetable of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii ) other parameters relating to the User's operating system and IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.
For the processing of data through cookies, please read the related policy, available at the following link https://www.naturalmila.com/it/cookie-law/
2.3 THE DATA THAT YOU SUPPLY
The Data Controller processes personal, identifying and non-sensitive data (name, surname, e-mail address, address, city, shipping details, telephone number) later "Personal Data".
The User assumes responsibility for the data of third parties published or shared via the Website and guarantees that he has the right to communicate or disseminate them. The User declares to be of age, freeing the Owner from any responsibility.
3. WHY WE TREAT YOUR DATA AND ON WHICH LEGAL BASIS
The processing of the User's Personal Data by the Owner is aimed at:
- pursuing, in compliance with art. 6.1, lett. f) of the GDPR, its own legitimate interest, consisting in ensuring the safety of the Site and the information exchanged therein, ie the ability of such Site to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the related services offered or made accessible;
- for the fulfillment of pre-contractual and contractual obligations as a result of request for information, sale of products offered by naturalmila.com, purchase made in-store / online, (eg tax and accounting obligations);
- only with its specific and distinct consent, in accordance with the articles 23 and 130 of the Privacy Code and art. 7 of the GDPR, for marketing purposes:
to. sending newsletters and communications having commercial and promotional, informative and / or advertising content in relation to Mila products or services, as well as statistical analyzes and market research strictly related to the services offered through the portal www.naturalmila.com;
b. to send proposals of a commercial nature relating to services and products supplied by third parties or not related to the products and services provided by the Mila website;
- to exercise the rights of the Owner, for example the right of defense;
- only with its specific and distinct consent, in accordance with the articles 23 and 130 of the Privacy Code and art. 7 of the GDPR for the performance of profiling activities, such as the analysis of habits or consumption choices of Mila customers dealing, mainly
(i) data relating to the date and time of viewing by the User of the e-mail messages containing information, including commercial and promotional information relating to the site www.naturalmila.com, as well as to the interaction of the User with them and information about clicks on links inserted in messages.
(ii) the data acquired on the occasion of the customer's purchases of products on the www.naturalmila.com website, therefore, also through the identification of the type and frequency of purchases;
- to fulfill the obligations established by the law, by a regulation, by community legislation or by an order of the Authority.
4. WHAT HAPPENS IN THE EVENT OF ANY REFUSAL TO ANSWER
5. PROCESSING METHODS
Personal Data are processed by computer systems and automated for the time necessary to achieve the purposes for which they are collected.
It should be noted, in particular, that the User's personal data are processed on paper and / or electronically, also with the aid of electronic means by the Data Controller or by persons duly appointed to perform the task. of these tasks (data entry companies, for purposes related to the execution of the service, management of the purchase order of online products, payment management), constantly identified and / or appointed, appropriately educated and made aware from the constraints imposed by the law, as well as through the use of security measures to ensure the protection of your privacy and to avoid risks of loss or destruction, unauthorized access, or processing that is not permitted or does not comply with the aforementioned purposes .
6. TO WHOM WE CAN COMMUNICATE YOUR DATA
In any case, the communication of data to companies expressly appointed to perform certain services within the activity carried out by the Owner and / or, in general, in his favor, which will operate as autonomous holders and / / o controllers, as well as the communication and / or dissemination of data required, in compliance with the law, by police forces, judicial authorities, information and security bodies or other public entities for defense or security purposes State or prevention, ascertainment or repression of crimes. Data is not subject to disclosure.
7. DATA TRANSFER
Personal Data are managed and stored on servers located in the European Union. In any case it is understood that the Data Controller, where necessary, will have the right to move the server location in Italy and / or in the European Union territory and / or in non-EU countries. In this case, the Holder ensures from now on that the transfer of non-EU data will take place in accordance with the applicable legal provisions stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the Commission European.
8. YOUR RIGHTS
Pursuant to art. 7 of the Privacy Code and articles 15 and ss. of the GDPR, the User has the right to obtain:
- confirmation of the existence or not of Personal Data concerning you, even if not yet registered, their communication in an intelligible form and access to them;
- a copy of your Personal Data;
- the correction of your Personal Data that may be inaccurate;
- the cancellation of your personal data;
- the limitation of the processing of your personal data;
- in a structured format, in common use and readable by automatic device, the Personal Data you have provided or which you yourself have created;
- the indication:
o of the origin of Personal Data;
o the categories of Personal Data processed;
o of the purposes and methods of processing;
o of the logic applied in case of treatment carried out with the aid of electronic instruments;
o of the identification details of the Data Controller and of any responsible parties;
o of the retention period of your Personal Data or of the criteria useful for determining this period;
o the subjects or categories of subjects to whom the Personal Data may be communicated or who may become aware of it as a designated representative in the territory of the State, of persons responsible;
o updating, rectification or, when interested, integration of data;
o the transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- Furthermore, the User has the right to object, in whole or in part:
o for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
o to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
To exercise the aforementioned rights, Users can send a communication to the e-mail address of the Owner, as per the previous art. 1, indicating "Privacy" in the subject. Finally, we inform you that if you believe that your rights have been violated by the Owner and / or a third party, you have the right to lodge a complaint with the Data Protection Authority and / or other competent supervisory authority in strength of the GDPR.
9. FOR WHAT TIME WE KEEP AND WE TREAT YOUR PERSONAL DATA
The User's Personal Data will be processed by the Data Controller for the only period of time necessary to achieve the purposes of the processing referred to in Article 3 above, after which they will be kept only in compliance with the legal obligations in force, for administrative purposes and / or to assert or defend a right. In particular, for marketing purposes, the User's Personal Data will be retained by the Owner for a maximum of two years; for profiling activities, the Data will be stored for a period not exceeding one year.
Finally, we inform you that if you believe that your rights have been violated by the Owner, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data and / or other competent supervisory authority pursuant to the Rules. On this page http://www.garanteprivacy.it/home/urp