This information is provided pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation" or "GDPR") and describes how the personal data of users who consult and use this website, accessible at https://mtj-new.webflow.io/ (hereinafter also the "Site") owned by Procosmet s.r.l. is processed, with full information at: https://procosmet.com/pages/privacy-policy
The Data Controller is Procosmet S.r.l., via della Solidarietà n. 29/A, 40056 Crespellano (BO), P.I. 02883540243 hereinafter referred to as "Data Controller".
Following consultation of the Site, data relating to the user accessing the site (defined as "interested party" as an identified or identifiable natural person) may be processed.
The owner can be contacted at the following e-mail address: support@procosmet.com
Personal Data may be collected autonomously by the Data Controller or through third parties. In this case, the computer systems and software procedures used to operate this Site acquire certain Personal Data of the Users, of a technical-informatics nature (e.g. the IP address, the type of browser used, the operating system, the domain name and addresses of the websites from which access or exit was made, etc.), the transmission of which is inherent to the normal operation of the Internet. Such Data may be processed for the sole purpose of obtaining anonymous statistical information on the use of the site and/or to check its correct functioning and will be deleted immediately after processing.
The Data that the User voluntarily chooses to provide are collected to enable the Website to provide its services, as well as for the following Purposes:
The optional, explicit and voluntary sending of communications by filling in the form on the site entails the subsequent acquisition of the data communicated by the user, including his or her e-mail address or telephone number and consent to receive any messages in response to his or her requests.
In this case, the provision of your e-mail address and any other data you may provide is optional, but indispensable in order to be able to use the service and receive a reply to your request and, in their absence, we will not be able to proceed with processing.
The personal data provided in this way are used solely for the purpose of fulfilling or replying to the transmitted requests and are only disclosed to third parties if this is necessary for that purpose. The data is stored for the period necessary for the purpose of fulfilling the request and in accordance with current legislation.
Legal basis: the processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Controller with the service (Art. 6(1)(b)).
Retention: Data provided voluntarily by the user is retained for the period necessary to fulfil the request and as permitted by applicable law and any contractual obligations that may have arisen.
If explicitly requested by the user, it is possible to provide his or her contact details in order to receive commercial and/or informative communications regarding the activity of the Owner with reference to the site consulted and MTJ products.
The provision of such data for these purposes is entirely optional but indispensable in order to proceed with the provision of the promotional information service described above. Personal data provided in this way are used solely for the purpose of fulfilling or replying to the transmitted requests and are disclosed to third parties only if necessary for this purpose and only with the explicit consent of the person concerned.
For sending the newsletter we use www.klaviyo.com, read their full information here.
Legal basis: processing is carried out on the basis of the explicit consent of the data subject (Art. 6(1)(a)).
Retention: the data provided will be retained for the period necessary to carry out the activity for which they were provided and in any case, specifically for the purposes described above, no longer than two years as expressly provided for by law (unless renewed consent is given by the person concerned for use for other purposes as provided for by current legislation).
The Data Controller may send promotional communications by e-mail to the User concerning Products and/or Services similar to those already purchased or re-propose the same without the need for the express and prior consent of the User pursuant to Article 130, paragraph 4, of the Privacy Code, provided that the User does not exercise his/her right to object.
Legal Basis: this processing is based on Article 130, paragraph 4, of the Privacy Code as amended by Legislative Decree No. 101 of 2018.
Method and location of data processing
Treatment modes
The Data Controller processes the Users' Personal Data by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data.
The processing is carried out by means of computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of people involved in the organisation of the site (administrative, commercial, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data.
External parties appointed as External Data Processors include business partners (the suppliers).
The updated list of Data Processors can always be requested from the Data Controller.
Place and Time
The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. The Data are processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User may always request the interruption of the Processing or the deletion of the Data.
Data Transfer
Personal data are not transferred abroad.
Rights of Interested Parties
Data subjects - the identified or identifiable natural persons to whom the data refer - may exercise specific data protection rights, which are listed below:
a) right of access: the right to obtain from the Controller confirmation as to whether or not personal data are being processed and, if so, to obtain access to the personal data and detailed information on the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and so on;
b) Right of rectification: the right to obtain from the Controller the rectification of inaccurate personal data without undue delay, as well as the supplementation of incomplete personal data, including by providing a supplementary declaration;
c) the right to erasure ("oblivion"): the right to obtain from the Controller the erasure of personal data without undue delay where: i. the data are no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data have been processed unlawfully; iv. the personal data must be erased in order to comply with a legal obligation;
d) Right to object to processing: the right to object at any time to the processing of personal data that have as their legal basis a legitimate interest of the Controller;
e) Right to restriction: the right to obtain from the Controller the restriction of processing, where the accuracy of personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has objected to the processing;
f) the right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, if technically feasible, only where the processing is based on consent or contract and only for data processed by electronic means;
(g) the right to lodge a complaint with the supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning him or her are in breach of the Regulation shall have the right to lodge a complaint with the supervisory authority of the Member State in which he or she resides or habitually works, or of the State in which the alleged breach occurred.
Rights may be exercised by contacting the Controller at the following addresses: support@procosmet.com
