MV Luxury Group s.r.l is committed to the protection and respect of personal data collected in the exercise of its corporate activity.
The purpose of this Policy is to describe the methods for managing the website www.marcovalentehighjewelry.com (hereinafter the “Site”) in relation to the processing of the personal data of the users who visit it and use its services and functionalities (hereinafter the “User” or “Data Subject”) in accordance with the provisions of Articles 12, 13 and, where applicable, 14 GDPR.
The Policy does not concern other sites that may be surfed by the User through links made accessible via this Site.
1. Data Controller and DPO
The Data Controller is MV Luxury Group s.r.l., with registered office in Piazza San Giorgio 2, Milan (MI), 20123 – Italy, Tel. (+39) 02.843.422.75, e-mail firstname.lastname@example.org (hereinafter the “Data Controller” or “MV”).
Since the Data Controller is established in Italy, no representative has been designated.
2. Type of personal data processed
2.1 Browsing data and environmental variables
In the course of their normal operation, the IT systems and procedures used to operate the Site automatically acquire certain personal data relating to Data Subject browsing, including environmental variables, the transmission of which is implicit in the use of internet communication protocols. This category of data includes, but is not limited to:
- The IP addresses of the computers operated by Users accessing the service;
- The quantity of accesses;
- The pages viewed;
- The date and time when access took place;
- What URL the browser was before it displayed our page;
- The type of browser;
- The operating system used.
2.2 Personal data provided voluntarily by the User
- communications sent to the e-mail address indicated on the Site;
- communications sent to the ordinary postal address indicated on the Site.
- information required for User subscription to the newsletter service in the special section on the Site in the box “MV newsletter – Preview of new models and much more”;
- information provided when filling in the form on the Site under the “CONTACTS” header (hereinafter the “Form”).
The personal information provided by the User on such occasions may involve the acquisition by the Data Controller of the User’s commonly used personal data, such as, by way of example, e-mail addresses, names, surnames, home or residence addresses, landline or mobile phone numbers, or other personal data voluntarily communicated by Users as part of their communication or request.
The data thus collected will be stored and processed solely for the purpose of preserving correspondence and will not be used for any other purpose.
Sending of requests via the Form
The User’s personal data collected via the Form are:
- Name and Surname
- E-mail address
- Any additional personal data entered by the User in the free-text field
Pursuant to Article 9 GDPR, no special data will be processed and, if received, will be erased. The User is therefore asked not to include any particular data, including sensitive or highly sensitive personal data (e.g. data relating to his or her state of health), in the communications to be sent to the Data Controller by e-mail or ordinary post or through the Form.
Subscription to the newsletter service
As part of the process of accepting the User’s subscription to the newsletter service, the Site and the Data Controller collects solely the User’s e-mail address.
For the provision of the service, the User’s e-mail address will be uploaded by the Data Controller to e-mail marketing platforms of third-party partners based within the EU.
3. Principles applicable to data processing
In accordance with the requirements of GDPR, the Data Controller makes constant efforts to ensure that personal data are:
a) processed lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness, fairness and transparency” principle);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will, in accordance with Article 89(1) GDPR, not be considered incompatible with the initial purposes (“purpose limitation” principle);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization” principle);
d) accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay (“accuracy” principle);
e) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as they will be processed solely for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR subject to implementation of the appropriate technical and organizational measures required under GDPR in order to safeguard the rights and freedoms of the Data Subject (“storage limitation” principle);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures (“integrity and confidentiality” principle).
The Data Controller will take appropriate technical and organizational measures to ensure the protection of personal data from the outset of the design and to ensure that only those data necessary for each specific purpose are processed by default.
4. Methods of data processing
4.1 Methods of processing data provided voluntarily by the User by post or using the Form
The processing of the personal data of Users provided voluntarily via e-mail or ordinary post, or through the Form, is carried out both manually and automatically by means of analogue, digital, online and electronic tools, in accordance with logic strictly related to the purposes indicated in this Policy, in particular to ensure the fulfilment of any requests made by the User and, at any rate, in such a way as to ensure the security and confidentiality of the data.
4.2 Types of cookies and tracking tools used
Cookies are usually strings of text that websites (publishers or “first parties”) visited by the User, or different sites or web servers (“third parties”) place and store – directly, in the case of publishers, and indirectly, i.e. through publishers, in the case of “third parties” – in a terminal available to the User.
The main types of cookies used by the Site are:
- technical cookies, i.e. cookies used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or User to provide such service” (see Article 122(1) of the Italian Privacy Code). Technical cookies are necessary and help to make a website usable by enabling basic functions such as page browsing and access to protected areas of the Site. The Site cannot function properly without these cookies.
- statistical cookies, i.e. cookies aimed at collecting information, in aggregate form, on the Users of the Site and similar to technical cookies provided that: (i) they are only used to produce aggregate statistics and in relation to a single site or mobile application; (ii) at least the fourth component of the IP address is masked for third-party cookies; (iii) third parties refrain from combining analytics cookies, thus minimized, with other processing methods (customer files or statistics of visits to other sites, for example) or from passing them on to other third parties (without prejudice to the possibility for third parties to produce statistics with data relating to multiple domains, websites or apps that can be traced back to the same publisher or group of undertakings). This is without prejudice to the right of the Data Controller to carry out, on its own initiative, the mere statistical processing of data relating to the Site and to several domains, websites and apps that can be traced back to it, including by use of unencrypted data in compliance with the purpose limitation;
- profiling (or non-technical) cookies, i.e. cookies used to link specific actions or behavioral patterns recurring in the use of the functionalities offered to specific identified or identifiable subjects, in order to group the different profiles within homogeneous clusters of different sizes, so that it is also possible to modulate the provision of the service in an increasingly customized way, as well as to send targeted advertising messages, i.e. in line with the preferences expressed by the User during web browsing.
Since cookies are normal text files, they can be accessed using word processing programs. However, the browser can be configured by the User to prevent it from processing cookies and to delete or deactivate cookies by visiting the following web pages:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=it;
- Mozilla Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop;
- Internet Explorer: https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/it-it/guide/safari/sfri11471/mac
5.Purpose and legal basis of data processing Option of consent and consequences of non-consent
5.1 Purpose and legal basis of data processing
In relation to technical cookies and browsing data, processing of the User’s personal data is carried out in order to facilitate correct use of the Site. Data processing is necessary for browsing the Site and to ensure the Site functions perfectly. In this case, the legal basis of data processing is the legitimate interest of the Data Controller. Hence the prior express consent of the User will not be necessary.
In relation to non-technical cookies, personal data is processed to enable the following purposes to be pursued: (i) statistical analysis of the Site’s performance through the collection and aggregate processing of data relating to the number and browsing preferences of Users; (ii) profiling and marketing of profiles aimed at enabling the offer of a customized browsing experience and of banners and advertising messages consistent with the User’s preferences. The legal basis for data processing aimed at pursuing these purposes is exclusively the express, optional, free consent of the User revocable at any time.
With regard to the data voluntarily provided by e-mail, the processing of personal data makes it possible to respond to requests from Users. The legal basis for the processing is the legitimate interest of the Data Controller in responding to the Data Subjects. Hence the prior express consent of the User is not required.
The legitimate interests of the Data Controller or of third parties may constitute a valid legal basis for data processing, provided that the interests or fundamental rights and freedoms of the Data Subject are not overridden. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the Data Controller and the Data Subject, for instance when the Data Subject is a customer of the Data Controller.
5.2 Ways of obtaining consent
Consent to the processing of the User’s personal data by means of non-technical cookies must be expressed
- with a choice made by the User in the specific banner on the Site by clicking alternatively (i) on the “Accept All” button or (ii) on the “Accept Selected” button after first having selected the item “Statistics and Analysis” and/or the item “Marketing and Advertising” by means of a specific click on the list of individual categories of cookies.
Mere scrolling or browsing on the Site does not under any circumstances constitute an expression of consent to the use and installation of tracking tools, with the exception of technical cookies only.
By clicking on the “Accept only necessary cookies” button, or by closing the cookie banner without selecting any button, the User acknowledges that the Site will only install the technical cookies necessary to ensure correct operation and use of the Site.
6. Interactions with third-party sites and platforms
The Site contains interaction icons which, on being clicked, redirect the User to the page/profile of the Data Controller present on the social network related to the icon.
The Data Controller has no power over how third-party platforms operate, the data they collect and the use of this information by the third-party provider.
7. Source of personal data
Data from publicly accessible sources will not be processed.
8. Transfer of personal data to third parties
Personal data subject to processing for the above-mentioned purposes may be communicated by the Data Controller to:
- parties within the Data Controller’s organization who need it as a function of their duties. Said individuals (hereinafter “persons in charge”), are authorized to process the data under the direct authority of the Data Controller pursuant to Article 4 No. 10 of Regulation (EU) 2016/679;
- subsidiary or parent companies within the meaning of Article 2359 of the Italian Privacy Code that are authorized to process them for internal administrative purposes;
- third parties to whom the Data Controller may outsource certain activities and who consequently provide the Data Controller with certain instrumental services, in any event related to the data processing operations and purposes described above, such as, by way of example, administrative services, Site hosting services, companies that perform communication activities on behalf of the Data Controller, companies offering information society services and communications company service providers.
Except as specified below, the transfer of personal data to such entities, when established in a third country or an international organization, is carried out subject to an adequacy decision of the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country or the international organization in question can ensure an adequate level of protection of the rights of Data Subjects. In any event, should he or she deem it appropriate, the Data Controller reserves the right to enter into specific separate agreements obliging such parties to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees with regard to User rights.
Under current law, the United States is a third country that does not provide an adequate level of protection under Article 45 GDPR and does not offer a similar level of data protection and protection of the rights of Data Subjects as within the EU. In particular, data, including personal data, collected by third-party providers (such as Google Inc. and Google Analytics cookies) of Data Subjects residing in the EU will be accessed by the Federal Law Enforcement Agencies of the US Government.
9. Data retention period
The Data Controller reserves the right, in any event, to request that the Data Subject renew his or her consent to the processing and/or verify any consent already given.
10. Rights of the Data Subject
Pursuant to Article 7 of the Italian Privacy Code and Articles 15 et seq. GDPR, the Data Controller hereby informs the User of the existence of the following rights:
- Data Subject’s right of access: the Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to personal data and specific information, in accordance with Article 15 GDPR;
- Right of rectification: the Data Subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning him or her. With due regard to the purposes of data processing, the Data Subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 GDPR;
- Right to erasure of data, including the right to withdraw consent: the Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her and the Data Controller has the obligation to erase said data without undue delay. The Data Subject also has the right to withdraw his or her consent if the grounds defined in Article 17 GDPR exist. In this case, the right to withdraw may be exercised at any time without prejudice to the lawfulness of the processing based on the consent given before said withdrawal;
- Right of restriction of processing: the Data Subject has the right to obtain from the Data Controller the restriction of processing when the terms defined in Article 18 GDPR apply;
- Right to data portability: the Data Subject has the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him or her provided to the Data Controller and further has the right to transmit such data to another controller without hindrance from the Data Controller in the cases and under the conditions specified by Article 20 GDPR;
- Right to object: The Data Subject has the right to object, at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f) GDPR, including profiling on the basis of these provisions. The Data Controller will refrain from any further processing of personal data unless he or she can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims. In relation to direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling when it is related to such direct marketing. If the Data Subject objects to processing for direct marketing purposes, his or her personal data are no longer processed therefor.
11. Exercise of rights
Alternatively, the User may exercise his or her rights by sending a communication via registered letter with return receipt to Via della Posta 8, Milan (MI), 20123 – Italy.