Trattamento dati personali
The company Mezcal S.r.l., with registered office in via Tintoretto 10, 20093, Cologno Monzese (MI)
registered with the Companies’ Register of Milan, REA No. MI-2654889, Tax Code/ VAT No. 12330350963 with share capital of Euro 10,000 (“MEZCAL”, “we”) is the owner of the processing of Personal Data concerning you in the manner described in this document
Following consultation of this site, data relating to identified or identifiable natural and/or legal persons may be processed.
PLACE OF DATA PROCESSING
The processing operations connected to the web services of this site take place at the aforesaid premises and are carried out only by personnel in charge of processing, or by persons in charge of occasional maintenance and secretarial operations. The data released may be communicated to third parties in relation to services performed for the data controller; such parties will be appointed as data processors pursuant to Art. 28 of EU Reg. 2016/679.
TYPE OF DATA PROCESSED
Navigation data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data provided voluntarily by the user: the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data included in the message or in the registration form for the reserved area. For purposes such as sending newsletters or profiling, specific consent will be required, which is always revocable by contacting the owner or through the unsubscribe procedure at the bottom of each newsletter;
E- commerce: With regard to the purchases you make on this website, the personal data we request serve to:
ensure the management of orders (e.g. delivery, claims management, after-sales service, litigation management), in execution of the sales contract concluded with us and on our Website;
personalise the communications we send you and the offers we make to you, based on your browsing on the Site and your previous purchases, on the basis of your consent, which is always revocable;
send you offers from our partners on the basis of your consent, which is always revocable;
process marketing statistics and analyse our marketing tools (e.g. accounting for the number of views and activations of our sales areas, establishing statistics on the frequentation of pages and elements of the Site), on the basis of the legitimate interest we have in being able to understand and improve the performance of our Site;
fight against fraud (e.g. implementation of security measures), based on the legitimate interest that we have in ensuring the security of transactions carried out on our Site, under the conditions set out in Article 8-2 below
OPTIONAL PROVISION OF DATA
Apart from what has been specified for navigation data, the user is free to provide the personal data indicated in the request forms, reserved area registration or in any case indicated in contacts. Failure to provide them may make it impossible to obtain what has been requested. It will be made explicit in the specific information when the data subject’s consent is required and the data subject will be informed of the ways in which they may revoke a previously expressed consent.
Personal data are processed by computer for the time strictly necessary to achieve the purposes for which they were collected, and are compared with any data already in the possession of the data controller for the performance of activities or services. In the event of a discrepancy, the person in charge may contact the sender to verify the integrity of the data or arrange for its possible correction. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised access.
FURTHER INFORMATION ON PROCESSING
The User’s personal data may be used for the Owner’s defence in legal proceedings or in the preparatory phases of any legal proceedings, against abuses in the use of the same or related services by the User.
The User declares that they are aware that the Data Controller may be required to disclose data at the request of public authorities.
System logs and maintenance
For operation and maintenance purposes, this Site and any third-party services used by it may collect System Logs, i.e. files that record interactions and which may also contain personal data, such as the User’s IP address.
Period of storage
Personal data will be kept in compliance with legal obligations and for as long as it is strictly related to the purposes of processing.In particular, in our active database, data will be kept for a maximum of 5 years from the last activity, i.e. from:
- your last purchase;
- your last visit to our Site, provided that you have logged into your account and visited our pages;
- your last contact with our support service;
- the opening of a hyperlink in a newsletter or other commercial e-mail we send, with your consent.
A few weeks before this deadline, we may contact you to inform you of the cancellation, and you may ask to keep your account active. If you do not, or do not respond, we will close your account and delete the Data from our active database and you will no longer be able to access your account with your old credentials.
The deletion of the Data from our active database will be followed by a period of temporary storage in order to comply with our legal, accounting and tax obligations, as well as to be able to handle any claims, within the applicable statute of limitations. In the event that your Data is to be archived at a later date, it will be irreversibly anonymised.
Personal Data will not be disclosed. On the other hand, personal data provided for the purchase and order of products may be communicated to subjects to whom such communication must be made in order to fulfil or to require the fulfilment of specific obligations provided for by laws, regulations and/or Community legislation
external natural and/or legal persons who provide services instrumental to the Controller’s activities (e.g. call centres, suppliers, consultants, companies, bodies, professional firms). These subjects will act as data processors.
Transfer of data outside the EU
It may happen that the Data transit or are hosted on servers owned or owned by our partners, located outside the European Union. These servers may be located around the world, in countries whose laws may provide a different level of protection than ours. However, we are committed to taking the necessary steps to maintain an adequate level of privacy and security. For example, we may require our subcontractors and partners to implement measures to ensure the level of protection required by applicable Personal Data laws.
Security and confidentiality of payments
We attach great importance to your purchases being made under the best security conditions. Therefore, transactions are confidential, encrypted, and protected using the SSL (Secure Sockets Layer) protocol. When you pay for your order with a credit card or your PayPal (bank) account, the transaction takes place between you and (your bank) PayPal, or between you and Stripe. Both are international services recognised for their reliability in Internet transactions.
We ensure that several mechanisms are in place in the fight against fraud:
when you confirm your order, the payment interface service (PayPal, Stripe, …) checks the validity of your credit card number or your bank account and ensures that there are no problems.
With regard to anti-fraud processing for credit cards, we may perform checks to ensure the veracity of your identity and address. In this context, we may carry out checks on the information you provide us with, such as your surname, first name, e-mail address, delivery address, IP address used, your order history and transactions relating to the orders concerned, and finally the credit card used (type, country of issue and partial numbers reported by banks and payments, consisting of only the first four digits and the last two, as well as the expiry date). If necessary, we may ask you to e-mail us a copy of your identity document and proof of address dated less than three (3) months. These documents are not kept longer than necessary for verification purposes and are not passed on to third parties. We reserve the right to cancel the order in question and block your account. If we do not receive the requested documents within the deadline, we will cancel the order at our sole discretion.
As part of this processing, we remind you that you have all the rights listed in Articles 1-6 above.
We do not store your bank details on our servers. For each order, you will have to complete the appropriate fields during the purchase of your order. However, and only with your consent, the authorisation to proceed with the quick payment may be stored by PayPal or Stripe for use in future payments on the Site. To do so, simply check the appropriate box when confirming the payment authorisation.
You can request the cancellation of the PayPal fast payment authorisation at any time by going to the PayPal site and removing the consent in the authorisation section.
You can request to cancel your Stripe quick payment authorisation at any time by going to the Stripe website and removing the consent in the authorisation section.
Like most of you, we are present on many social networks such as Facebook or Instagram. You can find them on our Site on several occasions
when you connect to our Site via your Facebook account. As stated in Article 2, we will then have access to your public profile information and, depending on the choices you have made via Facebook, to the e-mail address you have entered on Facebook. However, we will never publish anything on your Facebook profile;
when you share our sales on social networks.
Information not contained in this policy
Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact information.
EXERCISE OF RIGHTS BY USERS
The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or non-existence of such data at the Data Controller, to know its content and origin, to verify its accuracy or request its supplementation, deletion, updating, rectification, transformation into anonymous form or blocking of personal data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, its processing. Requests should be addressed to the Data Controller, who can be contacted at the e-mail address firstname.lastname@example.org. It is also possible to lodge a complaint with the Garante authority for the protection of personal data (www.garanteprivacy.it).