DATA PROTECTION INFORMATION

Information provided pursuant to art. 13 of Regulation (EU) no. 2016/679
of the European Parliament and the Council


Data Protection Officer: Simone Bongiovanni
Telephone: +39 011 4340002
email: avv.bongiovanni@sbp-dpo.it
PEC: avv.bongiovanni@pec.it


Manifattura Mario Colombo & C. S.p.A. wishes to inform you that, pursuant to art. 13 of Regulation (EU) no. 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data (hereinafter “European Regulation”), the company needs to process some personal data collected automatically or provided when you browse or use the Website https://www.colmar.it/ (hereinafter “Website”).

This Data Protection Information therefore refers exclusively to the Website indicated, and does not regard other websites, pages or online services that may be reached via hyperlinks that may be published therein.

DATA CONTROLLER

The Data Controller is Manifattura Mario Colombo & C. S.p.A., in the person of its legal representative, domiciled at the company’s registered office in Monza (MB), in Via Olimpia no. 3 (hereinafter “Manifattura Mario Colombo & C.” or “Data Controller”).

DATA BREACH POLICY

In the event of a breach of personal data, Manifattura Mario Colombo & C. has set up a crisis team and provided for specific intervention procedures, in order to swiftly resolve the problem and alert the user so that he or she can adopt suitable precautions to reduce to a minimum the potential damage that may caused by the breach.


The information provided to users in the event of a breach will specifically indicate:

  • the name and contact data of the Data Protection Officer, or any other contact that can provide information;
  • the measures adopted or proposed by the Legal Representative to remedy the breach of personal data and, if appropriate, to limit the possible negative effects.

Manifattura Mario Colombo & C. will issue a public communication, or take similar measures, and will not be obliged to inform the user if adequate technical and organisational measures are implemented to protect the data affected by the breach, if measures are subsequently adopted to prevent the user’s rights being placed at high risk again, or when the communication would require a disproportionate effort. In any case, Manifattura Mario Colombo & C. will consider whether it is opportune - even if it is not strictly compulsory - to keep the user informed.

Where necessary, Manifattura Mario Colombo & C. will also inform the Data Protection Authority of the breach within 72 hours.

For this reason, if a breach comes to the attention of a Data Processor, or another processor appointed thereby, he or she must notify the violation, within 12 and 24 hours respectively of discovery.

Any breaches of personal data may be notified by writing to infoedatabreach@mmcol.it.

DATA PROTECTION OFFICER

Manifattura Mario Colombo & C. believes that the protection of personal data is of primary importance, and has thus appointed a Data Protection Officer (DPO), whom you may write to at dpo@mmcol.it for any questions regarding the protection of personal data.

TYPE OF PERSONAL DATA PROCESSED

To allow you to use the Website and its services, including the possibility to create a personal area, to make purchases, send a speculative application or contact Manifattura Mario Colombo & C. (hereinafter “Services”), the Data Controller needs to have and to process some personal data.


Browsing data

In the course of their normal activity, the IT systems and software procedures used for the functioning of Manifattura Mario Colombo & C. acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or the domain names of the computers used by visitors to the Website, the URI (“Uniform Resource Identifier”) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (completed successfully, error, etc.) and other parameters related to the operating system and the user’s IT environment.

These data, necessary for the use of the Website, are processed only to obtain statistical information on the use of the Services (pages most frequently visited, number of visitors per time slot or per day, geographical areas of origin of visitors, etc.) and to check the Services offered are functioning properly.

Browsing data are not retained for longer than seven days, and are deleted immediately after they are aggregated, unless they are required by the Legal Authorities to verify the commission of offences.


Data voluntarily provided by users

To allow for the use of the Website and its Services, Manifattura Mario Colombo & C. processes the following personal data:

  • for registration with the personal area “my account”: name, surname, e-mail, password, gender, date of birth. To purchase products featured on the Website, billing and delivery addressed will also be required, if different;
  • to sign up for the newsletter: e-mail address;
  • to use the assistance services provided by the Call Centre: the personal data supplied for the Call Centre to provide the assistance requested.

The non-compulsory, explicit, voluntary sending of e-mail messages, and the sending of your CV allow us to acquire the name and surname of the sender and their e-mail address, which are necessary in order to reply to the requests, as well as other personal data that may be contained in the e-mail message, the forms or the CV, if attached.

Specifically, users who intend to send an application of a CV via the website are invited to pay maximum attention to the content thereof, and not to include, for any reason, any kind of personal data belonging to particular categories, or personal data that may reveal racial or ethnic origin, political opinions, religious or philosophical convictions, membership of a trade union, or any data referring to sexual health or sexual orientation.

PURPOSES OF PROCESSING AND LEGAL BASIS

The personal data the Data Controller comes into possession of are exclusively those provided when users browse the Website and use its Services.

The personal data are processed for the following purposes:

A) to conclude and execute the contract for the purchase of goods sold via the Website. It is mandatory to provide your personal data for this purpose, because they are a necessary requisite for the conclusion of the contract to which the purchaser is a party. Failure to provide your data would make it impossible for Manifattura Mario Colombo & C. to process your order, and you would not be able to purchase any of our products.

The legal basis processing is founded on is the need to execute a contract to which you are a party, and the need to comply with legal obligations.

B) to allow you to register with the personal area “my account” within the Website, and to use the services reserved for registered users. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for you to access the advantages and all the Services the personal area offers you.

The legal basis processing is founded on is your explicit consent for the processing of your personal data.

C) to manage requests transmitted to the Call Centre. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to process any requests you decide to make to our Call Centre.

The legal basis processing is founded on is your explicit consent for the processing of your personal data.

D) for sending your CV to apply for any work opportunities available. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to accept and assess your speculative application.

The legal basis processing is founded on is your explicit consent for the processing of your personal data.

E) for sending commercial and promotional messages containing offers of products and services similar to those you have already purchased (“soft spam”), using the e-mail address provided on the occasion of your previous purchase. It is not mandatory to provide your personal data for this purpose, and you may withdraw your consent at any time.

The legal basis processing is founded on is the Company’s legitimate interest in developing relations with its customers and increasing the volume of sales of products in which you have already shown an interest.

F) with your specific, explicit consent, your e-mail address may be used to send messages of a commercial nature regarding our products and Services, providing you with updates on new products, new arrivals, exclusive products, offers and promotions. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C. to keep you constantly updated on offers and promotions reserved for our customers.

The legal basis processing is founded on is your explicit consent for the processing of your personal data.

G) with your specific, explicit consent, your e-mail address may be used to send previews and commercial offers in line with your tastes and purchasing preferences. These customised messages will be drawn up by analysing your previous purchases and the other information described in the paragraph above “Definition and type of personal data processed”. It is not mandatory to provide your personal data for this purpose. However, failure to provide your consent will make it impossible for Manifattura Mario Colombo & C.to send you offers in line with your tastes and purchasing preferences.

The legal basis processing is founded on is your explicit consent for the processing of your personal data.

Your personal data may be processed both with IT tools and by hard copy means.

PERIOD FOR WHICH PERSONAL DATA MAY BE STORED

The Data Controller intends to store the personal data for a period of time no longer than is necessary to achieve the purposes for which said data have been collected and processed.

With this in mind, and in observance of the regulatory measures in force, Manifattura Mario Colombo & C. will store the personal data acquired thanks to the sale of its products for a period of time no longer than 10 years, after which they will be deleted or permanently, irreversibly anonymised.

With regard to the processing of your personal data for direct marketing purposes, if you have given your explicit authorisation, in observance with the regulatory requirements and the general measure adopted by the Data Protection Authority on 24 February 2015, Manifattura Mario Colombo & C. has established that your personal data processed for direct marketing purposes will be deleted within 24 months of the date on which they were recorded. Personal data processed for profiling purposes will be deleted within 12 months of the date on which they were recorded.

Data collected from you for personnel recruitment purchases will be stored for a maximum of 12 months.

With regard to other personal data, since it is not possible to accurately determine how long your personal data will be stored for, the Data Controller undertakes to ensure that your personal data are processed based on the principles of adequacy, relevance and minimisation, as required by the European Regulation, and to verify each year whether they still need to be stored. Therefore, once the purposes for which the data were collected and processed have been achieved, we will remove them from our systems and records and/or we will take appropriate measures to anonymise them, so that they cannot be used to identify you, without prejudice to instances in which it may be necessary to maintain said data in order to comply with regulatory obligations, or to verify, exercise or defend our rights in court.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The personal data processed will not be disclosed to third parties. Your data may, however, come to the attention of the following subjects, for the processing purposes set forth above:

  • subjects who may access data under the terms of European Union law, or the law of the member state to which the Data Controller is subject;
  • subjects who - within the European Union, completely independently, as separate Data Controllers, or as data processors appointed for the purpose by Mario Colombo & C. - perform activities accessory to the services mentioned in paragraph 4., i.e, banking operators, internet providers, courier and shipping companies, companies that carry out marketing activities, companies that offer IT infrastructures and IT assistance and consulting services, or design and create software and websites, legal firms, companies that offer services to customise and optimise our services, companies that offer data analysis and development services (including data on how users interact with our services), service centres, companies or consultants entrusted with providing other services to the Data Controller, within the limits established by the purposes for which they were collected;
  • the company issuing the credit card you use, providers of services for anti-fraud checks connected with the payment process and (where necessary) for the activation of the procedure for anti-fraud checks.

In addition, your personal data may come to the attention of our employees, if they have been appointed as subjects acting under the authority of the Data Controller, in accordance with art. 29 of the European Regulation, or as a System Administrator.

Any disclosure of your personal data will be fully compliant with the legal measures provided for in the European Regulation and with the technical and organisational measures provided for by the Data Controller to guarantee an adequate level of security.

TRANSFER OF PERSONAL DATA TO THIRD-PARTY COUNTRIES

In order to provide services, the Data Controller may transfer your personal data to third-party countries. In such cases, we undertake to:

  • ensure that the country your personal data are sent to is able to guarantee an adequate level of protection, as provided for in art. 45 of the European Regulation; or
  • use the standard data protection contract clauses approved by the European Commission for the transfer of personal information outside the EEA (clauses approved pursuant to art. 46.2 of the European Regulation); or
  • ensure, in the event we transfer your personal data to the USA, that the third-party subject is compliant with the Privacy Shield framework.

For further information on the norms governing the transfer of data to third-party countries, click here.

ANY AUTOMATED DECISION-MAKING PROCESSES

If you have given your consent for profiling, the data you provided may be used to analyse and predict preferences or behaviours, and to identify your GPS location, in order to customise the content of commercial communications and offer you products and offers dedicated to you and in line with your tastes and preferences.

Specifically, the following may be identified and analysed:

  • the number and type of requests for information on the products featured on the Website over the last 12 months;
  • the number and type of products featured on the Website purchased and the amount spent over the last 12 months;
  • the number and type of visits to the Website in a set period of time, also via third-party profiling cookies.

As provided for in the regulations in force, for the installation of said profiling cookies, your prior consent is required. For this reason, when you log in to the Website, a banner will appear informing you that (i) profiling cookies are used on the Website, and that (ii) by closing the banner, scrolling down the home page or clicking on any element outside the banner, you agree to the use of said cookies. If you give your consent for the installation of cookies in this way, we will keep track of this consent with a dedicated technical cookie, to avoid you having to view the banner on your subsequent visits to the Website. Please note that if you delete this technical cookie from your device or from your browser, all trace of this consent will be lost, so the banner will appear again on your next visit.

You are of course free to block the installation of profiling cookies at any time; this will not affect your ability to visit the Website and use its services in any way.

Prior consent is also requested for the sending of offers, discounts and any other benefits and promotional initiatives modelled on your specific needs and purchase inclinations. For this reason, when you register with the Website, you can check the dedicated box to give your consent. Also in this case, you may change your choice at any time from the dedicated control panel in your personal area, accessible from https://www.colmar.it/rto/account/newsletterunsubscribe.

In any case, as required by art. 22, para 3 of the European Regulation, the Data Controller will adopt all the most appropriate measures to safeguard your rights, also in the case of profiling, as well as any other legitimate rights, as indicated in detail in Paragraph 9 (“Rights of the Data Subject”) in this Data Protection Information.

RIGHTS OF THE DATA SUBJECT

With regard to the processing of your personal data, pursuant to the European Regulation, the data subject has the right to:

  • withdraw consent for processing at any time. It must be made clear, however, that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, as provided for in art. 7, para. 3 of the European Regulation;
  • ask the Data Controller for access to personal data, as provided for in art. 15 of the European Regulation;
  • obtain from the Data Controller the rectification of inaccurate personal data, including by means of providing a simple supplementary statement, as provided for in art. 16 of the European Regulation;
  • obtain from the Data Controller the erasure of personal data where one or more of the grounds provided for in art. 17 of the European Regulation applies;
  • obtain from the Data Controller restriction of processing where one or more of the cases provided for in art. 18 of the European Regulation applies;
  • receive from the Data Controller the personal data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance to another Data Controller, as provided for in art. 20 of the European Regulation;
  • object, at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her carried out pursuant to art. 6, para. 1, letters e) or f), including profiling based on those provisions, as provided for in art. 21 of the European Regulation;
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, without his or her prior, specific consent, as provided for in art. 22 of the European Regulation. This category includes, but is not limited to, any form of automated processing of personal data with the aim of analysing or predicting aspects regarding consumer and purchase choices, economic situation, interests, reliability and behaviour;
  • lodge a complaint with a supervisory authority (art. 77) or seek an effective judicial remedy (art. 79), if he or she believes his or her data have been processed in breach of the European Regulation. The complaint may be lodged in the Member State in which the data subject is habitually resident or works, or in the place where the presumed breach occurred.

To exercise each of your rights, you may contact the Data Controller, in the person of the legal representative, by writing to Via Olimpia no. 3, Monza (MB), or you may contact the Data Protection Officer, by writing to Studio Legale Bongiovanni, Via Susa no. 31, Turin (TURIN) or dpo@mmcol.it, providing the following personal data:

- Name, surname and postal address;
- Details of the request;
- Purchase code;
- Photocopy of a valid identity document.

CONSENT OF MINORS IN RELATION WITH INFORMATION SOCIETY SERVICES

It is explicitly forbidden for minors under the age of sixteen (16) to use the Services provided through the Website. Considering the technologies available and the services provided, Manifattura Mario Colombo & C. has provided for checking systems designed to verify that consent for the processing of the personal data of a minor has been granted or authorised by the parent or legal guardian. By registering with or making a purchase on the Website, you confirm that you have reached the age of majority established in your country of residence.

CALL CENTER

Any calls made to the Call Centre numbers indicated on the Website may result in the processing of the caller’s personal data, in order to provide the services requested by the same, such as, merely by way of example, personal data required for managing requests regarding returns or post-sales assistance. Manifattura Mario Colombo & C. may also use the services of third-party call centres that operate - in full compliance with the data protection regulations - under the terms of a service agreement on behalf of the Data Controller, in their capacity as data processors, pursuant to art. 28 of the European Regulation.

NEWSLETTER

Policy regarding the processing of personal data, in accordance with Article 13 of European Regulation no. 2016/679

Pursuant to Art. 13 of European Regulation no. 2016/679 (hereinafter "Regulation"), we are providing the following information relating to the processing of personal data that you provide us with for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.

1. Data Controller

The Data Controller is Manifattura Mario Colombo & C. S.p.A. (Tax code. 00763670155 and VAT no. 00691110969), with registered office in Monza, Via Olimpia no. 3; email address: infoedatabreach@mmcol.it; PEC email address: amministrazionemmc@legalmail.it (hereinafter referred to as the "Company").

2. Data Protection Officer

The Data Protection Officer appointed by the Company can be contacted by sending an email to dpo@mmcol.it (hereinafter referred to as "DPO").

3. Personal Data

Personal data is any information about you that can be traced back to you. Specifically, the processing will involve the following data: name, surname, email address, DOB, country and biological sex (hereinafter “Data”).

4. Processing Purpose

Your data will only be used for the purposes of sending communications containing information and promotional and/or advertising content about our products, services and events.

5. Legal Basis of Processing

The legal basis for the processing of your data for the purposes indicated in paragraph 4) lies in the express consent you have provided, pursuant to Article 6.1, let. a) of the Regulation, by actively selecting the “Subscribe/Send” button.

6. Processing methods

With regard to the purposes outlined in section 4) above, and in compliance with the principles of lawfulness, correctness, transparency, accuracy and relevance, and without excessive processing, your data will be processed by electronic means, in compliance with legal provisions regarding the processing of personal data, and appropriate security measures shall be adopted. The processing of your data will be carried out by specially trained and instructed personnel to ensure adequate security and confidentiality, and to avoid the risk of loss and / or destruction and access by unauthorised individuals.

7. Disclosure and Sharing of Data

Your data will not be disclosed. Within limits applied strictly to the purpose outlined in section 4) above, your data may be disclosed to specially designated persons within the Company who carry out activities linked to and instrumental to the sending of Company communications containing information and promotional and/or advertising content (for example, sales personnel, staff working in the marketing department, etc.). Where necessary to carry out activities relating to the management and maintenance of computer systems and the website, Data may be processed by the subjects/entities in charge, which have been specifically appointed as Data Processors.

8. Data Retention Period

Your Data will be stored until you revoke your consent. This includes unsubscribing in the manner referred to in section 9) below.

9. Rights of the Data Subject

With regard to your data, you have the right to ask the Company, in the ways specified by the Regulation and without prejudice to the provisions and limitations of Legislative Decree no. 196/2003 (Part I - Title I - Chapter III), to:

  • access it in cases provided for by the Regulation (Art.15);
  • have inaccurate data rectified and incomplete data supplemented (Art. 16 of the Regulation);
  • have data deleted for reasons provided for by the Regulation (Art. 17), such as when they are no longer necessary for the purposes outlined above or are not processed in accordance with the Regulation;
  • limit data processing based on scenarios provided for by the Regulation (Art. 18), such as when the accuracy of the data is contested and needs to be verified;
  • You also have the right to portability, i.e. the right to receive data, in cases provided for by the Regulation (Art. 20), in a structured, commonly used and machine-readable format, and to have said data transmitted to another Data Controller;
  • and to oppose to data being processed in cases provided for by the Regulation (Art. 21).

In relation to the purpose referred to in section 4) above, you also have the right to revoke your consent at any time without prejudice to the lawfulness of processing carried out before withdrawal of consent. You may exercise any of the rights listed above by sending an email to the Company (infoedatabreach@mmcol.it) or by registered letter to the Company's address: Monza, Via Olimpia no. 3. Also, if you no longer wish to receive communications from the Company containing information and promotional and/or advertising content, you can click on the link at the bottom of each communication, or send an e-mail to infoedatabreach@mmcol.it, with "Cancel subscription" in the subject line.

10. Complaints

If you believe that the processing of your data contravenes the provisions set out in the Regulation, you have the right to complain to the Italian Data Protection Authority, in accordance with Art. 77 of the Regulation.

11. Nature of Data Provision

The provision of your personal data is required to enable us to send communications containing information and promotional and/or advertising content about our products, services and events. Failure to provide even certain parts of your data will make it objectively impossible to send these communications.

12. Transferring Data Abroad

Your Data will not be transferred abroad and is stored at the Company's registered office and on servers located within the European Union. The Company also uses cloud services provided by third country companies recognised as adequate in terms of security by the European Commission, in accordance with Art. 45.3 of the Regulation.

In the event of a breach of personal data, Manifattura Mario Colombo & C. has set up a crisis team and provided for specific intervention procedures, in order to swiftly resolve the problem and alert the user so that he or she can adopt suitable precautions to reduce to a minimum the potential damage that may caused by the breach.


The information provided to users in the event of a breach will specifically indicate:

  • the name and contact data of the Data Protection Officer, or any other contact that can provide information;
  • the measures adopted or proposed by the Legal Representative to remedy the breach of personal data and, if appropriate, to limit the possible negative effects.

Manifattura Mario Colombo & C. will issue a public communication, or take similar measures, and will not be obliged to inform the user if adequate technical and organisational measures are implemented to protect the data affected by the breach, if measures are subsequently adopted to prevent the user’s rights being placed at high risk again, or when the communication would require a disproportionate effort. In any case, Manifattura Mario Colombo & C. will consider whether it is opportune - even if it is not strictly compulsory - to keep the user informed.

Where necessary, Manifattura Mario Colombo & C. will also inform the Data Protection Authority of the breach within 72 hours.

For this reason, if a breach comes to the attention of a Data Processor, or another processor appointed thereby, he or she must notify the violation, within 12 and 24 hours respectively of discovery.

Any breaches of personal data may be notified by writing to infoedatabreach@mmcol.it.