PRIVACY POLICY

Mercuri Moda S.r.l. with registered office  in Via Palestro, n.80, CAP 63821, Porto Sant’Elpidio (FM), VAT no: 01583870447, Share capital 102.960,00 Euro fully paid capital, PEC (certified email): mercurimodasrl@pec.it, Alberto Mancini as controller, in his capacity as data controller (hereinafter “Controller” in the person of legal representative of the Company), informs you, pursuant to art. 13 of Leg. Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDP”) that your personal data shall be processed according to the following methods and for the following purposes:

 

1. Data subject to processing

The Data Controller processes the personal, identification and non-sensitive data (in particular, first name, last name, tax code, VAT number, email, phone number - hereinafter, “personal data” or just “data”) provided by you after entering into a contract for Data Controller’s services.

 

2. Purpose of data processing

Your personal data shall be processed:

A) Without your express consent (art. 24, letters a, b, c of the Privacy Code and art. 6, lett. b and e of the GDPR), for the following Service Purposes:

- concluding the contracts for the services of the Data Controller;

- fulfilling the pre-contractual, contractual and tax obligations deriving from relations with you in existence;

- fulfilling legal and regulatory obligations and complying with the provisions of EU legislation or orders issued by the Authorities (such as in anti-money laundering matters);

- exercising the rights of the Data Controller, for example, the right of defence in legal proceedings;

 

B) Only with your prior specific and express consent (arts. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following Marketing Purposes:

- sending you newsletter, commercial communications and/or advertising material via email and/or SMS and /or telephone, about the products or services offered by the Data Controller and evaluation of service quality on customers satisfaction;

- sending you commercial offers, newsletter or advertising material via email, SMS or telephone of third parties;

 

Please note that if you are already our customer, we may send you commercial offers relating to services and products of the Data Controller similar to those which you have already used, unless you disagree (art. 130, par. 4 of the Privacy Code).

 

3. Methods of processing

The processing of your personal data shall be performed according to the operations indicated in art. 4 of the Privacy Code and art. 4, 2) of the GDPR and specifically: the collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. 

Your personal data shall be processed both on paper, electronically and via automation.

 

The Data Controller shall process the personal data for the time necessary to fulfil the purposes referred to above.

Such period depends on purposes which data have been gathered for and specifically:

1) for no longer than 10 years for accounting, administrative and tax formalities;

2) up to your cancellation demand from newsletters and advertising/commercial information sending.

 

4. Data access

Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B) to:

- employees and collaborators appointed by us may have access to the data for the purposes indicated, if they maintain the professional secrecy conferred upon them.

These are companies in the categories banking services, IT services, logistics, printing services, telecommunications, collection, consulting, sales and marketing.

- employees and collaborators of the Data Controller, in their capacity as data processors and/or system administrators;

- third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers processing.

 

5. Data communication

Without the need for express consent (pursuant to Art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as all other parties to whom the transfer is required by law for the fulfilment of the aforementioned purposes.

These subjects will process the data in their capacity as independent data controllers.

Your information will not spread.

 

6. Data treatment

Your personal data are stored on servers located in Porto Sant’Elpidio, via Palestro n.80 (Company’s registered office), within the European Union.

It remains, in any case, understood that the Data Controller, where necessary in the future, shall have the right to change the location of the server in non-EU countries as well.

In this case, the Data Controller shall ensure as of now that the transfer of data outside the EU shall be in accordance with the provisions of applicable law, stipulating, where necessary, agreements adopting the standard contract terms envisaged by the European Commission.

 

7. Nature of the data provision and consequences of refusal

The provision of data for the purposes referred to in art. 2.A) is compulsory. In the absence of such data, we cannot guarantee services referred to in art. 2.A). 

The provision of data for the purposes referred to in art. 2.B) is optional. Therefore, you can decide not to provide any data or subsequently object to the processing of data already provided: in this case, the services referred to in part 2.B cannot be provided. In any case, you shall continue to be entitled to the services referred to in art. 2.A). 

8. Rights of the interested party

Each person concerned has: 

– the right of access under Article 15 of the GDPR;

– the right of rectification pursuant to Article 16 of the GDPR; 

– the right to cancellation pursuant to Article 17 of the GDPR; 

– the right to limit the processing pursuant to Article 18 of the GDPR; 

– the right to object within the meaning of Article 21 of the GDPR; 

– where applicable, the right in relation to the decision-making process and to automated profiling;

– where applicable, the right to data portability pursuant to Article 20 of the GDPR;

– where applicable, the right to lodge a complaint with an authority responsible for monitoring data privacy (Article 77 GDPR).

You can withdraw your consent to the processing of personal data granted to us at any time. This also applies to the revocation of consent statements made before the entry into force of the GDPR, i.e. before 25 May 2018.

Please note that the revocation is only valid for the future and has no effect on the processing before the same.

 

9. How to exercise your rights

You may at any time exercise your rights by sending:
- a letter with signed-for delivery to the Company addressed to: Mercuri Moda S.r.l. with its registered office in Via Palestro, n.80, Postal Code 63821, Porto Sant’Elpidio (FM), VAT 01583870447.
Or a certified email to mercurimodasrl@pec.it.

 

10. Data Controller and Data Processor

The data controller is Mercuri Moda with its registered office in Via Palestro, n.80, Postal Code 63821, Porto Sant’Elpidio (FM).

- The updated list of Data Processors is kept at the registered address of the Data Controller.

Mercuri Moda S.r.l. with registered office  in Via Palestro, n.80, CAP 63821, Porto Sant’Elpidio (FM), VAT no: 01583870447, Share capital 102.960,00 Euro fully paid capital, PEC (certified email): mercurimodasrl@pec.it, Alberto Mancini as controller, in his capacity as data controller (hereinafter “Controller” in the person of legal representative of the Company), informs you, pursuant to art. 13 of Leg. Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDP”) that your personal data shall be processed according to the following methods and for the following purposes:

 

1. Data subject to processing

The Data Controller processes the personal, identification and non-sensitive data (in particular, first name, last name, tax code, VAT number, email, phone number - hereinafter, “personal data” or just “data”) provided by you after entering into a contract for Data Controller’s services.

 

2. Purpose of data processing

Your personal data shall be processed:

A) Without your express consent (art. 24, letters a, b, c of the Privacy Code and art. 6, lett. b and e of the GDPR), for the following Service Purposes:

- concluding the contracts for the services of the Data Controller;

- fulfilling the pre-contractual, contractual and tax obligations deriving from relations with you in existence;

- fulfilling legal and regulatory obligations and complying with the provisions of EU legislation or orders issued by the Authorities (such as in anti-money laundering matters);

- exercising the rights of the Data Controller, for example, the right of defence in legal proceedings;

 

B) Only with your prior specific and express consent (arts. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following Marketing Purposes:

- sending you newsletter, commercial communications and/or advertising material via email and/or SMS and /or telephone, about the products or services offered by the Data Controller and evaluation of service quality on customers satisfaction;

- sending you commercial offers, newsletter or advertising material via email, SMS or telephone of third parties;

 

Please note that if you are already our customer, we may send you commercial offers relating to services and products of the Data Controller similar to those which you have already used, unless you disagree (art. 130, par. 4 of the Privacy Code).

 

3. Methods of processing

The processing of your personal data shall be performed according to the operations indicated in art. 4 of the Privacy Code and art. 4, 2) of the GDPR and specifically: the collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. 

Your personal data shall be processed both on paper, electronically and via automation.

 

The Data Controller shall process the personal data for the time necessary to fulfil the purposes referred to above.

Such period depends on purposes which data have been gathered for and specifically:

1) for no longer than 10 years for accounting, administrative and tax formalities;

2) up to your cancellation demand from newsletters and advertising/commercial information sending.

 

4. Data access

Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B) to:

- employees and collaborators appointed by us may have access to the data for the purposes indicated, if they maintain the professional secrecy conferred upon them.

These are companies in the categories banking services, IT services, logistics, printing services, telecommunications, collection, consulting, sales and marketing.

- employees and collaborators of the Data Controller, in their capacity as data processors and/or system administrators;

- third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers processing.

 

5. Data communication

Without the need for express consent (pursuant to Art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as all other parties to whom the transfer is required by law for the fulfilment of the aforementioned purposes.

These subjects will process the data in their capacity as independent data controllers.

Your information will not spread.

 

6. Data treatment

Your personal data are stored on servers located in Porto Sant’Elpidio, via Palestro n.80 (Company’s registered office), within the European Union.

It remains, in any case, understood that the Data Controller, where necessary in the future, shall have the right to change the location of the server in non-EU countries as well.

In this case, the Data Controller shall ensure as of now that the transfer of data outside the EU shall be in accordance with the provisions of applicable law, stipulating, where necessary, agreements adopting the standard contract terms envisaged by the European Commission.

 

7. Nature of the data provision and consequences of refusal

The provision of data for the purposes referred to in art. 2.A) is compulsory. In the absence of such data, we cannot guarantee services referred to in art. 2.A). 

The provision of data for the purposes referred to in art. 2.B) is optional. Therefore, you can decide not to provide any data or subsequently object to the processing of data already provided: in this case, the services referred to in part 2.B cannot be provided. In any case, you shall continue to be entitled to the services referred to in art. 2.A). 

8. Rights of the interested party

Each person concerned has: 

– the right of access under Article 15 of the GDPR;

– the right of rectification pursuant to Article 16 of the GDPR; 

– the right to cancellation pursuant to Article 17 of the GDPR; 

– the right to limit the processing pursuant to Article 18 of the GDPR; 

– the right to object within the meaning of Article 21 of the GDPR; 

– where applicable, the right in relation to the decision-making process and to automated profiling;

– where applicable, the right to data portability pursuant to Article 20 of the GDPR;

– where applicable, the right to lodge a complaint with an authority responsible for monitoring data privacy (Article 77 GDPR).

You can withdraw your consent to the processing of personal data granted to us at any time. This also applies to the revocation of consent statements made before the entry into force of the GDPR, i.e. before 25 May 2018.

Please note that the revocation is only valid for the future and has no effect on the processing before the same.

 

9. How to exercise your rights

You may at any time exercise your rights by sending:
- a letter with signed-for delivery to the Company addressed to: Mercuri Moda S.r.l. with its registered office in Via Palestro, n.80, Postal Code 63821, Porto Sant’Elpidio (FM), VAT 01583870447.
Or a certified email to mercurimodasrl@pec.it.

 

10. Data Controller and Data Processor

The data controller is Mercuri Moda with its registered office in Via Palestro, n.80, Postal Code 63821, Porto Sant’Elpidio (FM).

- The updated list of Data Processors is kept at the registered address of the Data Controller.

  • White Facebook Icon
  • White Instagram Icon

MERCURI MODA S.r.l.

Via Palestro, 80 - 63821 Porto Sant'Elpidio (FM) - Italy

Tel. +39 0734 909250 - info@mercurimoda.com
Iscr. Reg. Imp di Fermo -  Cod. Fisc. e P.Iva: 01583870447

R.E.A. FM-157951

© Copyright  - All Right Reserved 2019-2020   -    Credits