Privacy Policy
Extended Privacy Policy pursuant to Articles 12 and 13 of the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) concerning the protection of personal data of users of the Site.
MV Luxury Group s.r.l is committed to the protection and respect of personal data collected in the exercise of its corporate activity.
The purpose of this Policy is to describe the methods for managing the website www.marcovalentehighjewelry.com (hereinafter the “Site”) in relation to the processing of the personal data of the users who visit it and use its services and functionalities (hereinafter the “User” or “Data Subject”) in accordance with the provisions of Articles 12, 13 and, where applicable, 14 GDPR.
The Policy does not concern other sites that may be surfed by the User through links made accessible via this Site.
1. Data Controller and DPO
The Data Controller is MV Luxury Group s.r.l., with registered office in Piazza San Giorgio 2, Milan (MI), 20123 – Italy, Tel. (+39) 02.843.422.75, e-mail mvluxurygroup@legalmail.it (hereinafter the “Data Controller” or “MV”).
Since the Data Controller is established in Italy, no representative has been designated.
2. Type of personal data processed
2.1 Browsing data and environmental variables
In the course of their normal operation, the IT systems and procedures used to operate the Site automatically acquire certain personal data relating to Data Subject browsing, including environmental variables, the transmission of which is implicit in the use of internet communication protocols. This category of data includes, but is not limited to:
- The IP addresses of the computers operated by Users accessing the service;
- The quantity of accesses;
- The pages viewed;
- The date and time when access took place;
- What URL the browser was before it displayed our page;
- The type of browser;
- The operating system used.
Except as specified below and in the Cookie Policy (as defined hereafter), with regard to automatic browsing data mere surfing of the Site and its sections does not imply the processing of the User’s personal data.
The rules, purposes and methods for processing the User’s personal data collected or processed using cookies and other tracking tools (in compliance with GDPR, Article 10 of Directive 95/46/EC, as well as with the provisions of Directive 2002/58/EC, as amended by Directive 2009/136/EC, on the subject of cookies and, finally, in accordance with Article 122 of the Italian Privacy Code and the “Guidelines on the use of cookies and other tracking tools” adopted by the Garante Privacy (Italian Data Protection Authority) on 10 June 2021) are defined in detail in the “Cookie Policy” available on the Site at the following URL: https://marcovalentehighjewelry.com/cookie-policy/ (hereinafter the “Cookie Policy”).
2.2 Personal data provided voluntarily by the User
Without prejudice to the provisions of section 2.1 and the Cookie Policy, the Data Controller only acquires and processes the personal data provided explicitly and voluntarily by the User by means of:
- communications sent to the e-mail address indicated on the Site;
- communications sent to the ordinary postal address indicated on the Site.
- information required for User subscription to the newsletter service in the special section on the Site in the box “MV newsletter – Preview of new models and much more”;
- information provided when filling in the form on the Site under the “CONTACTS” header (hereinafter the “Form”).
The personal information provided by the User on such occasions may involve the acquisition by the Data Controller of the User’s commonly used personal data, such as, by way of example, e-mail addresses, names, surnames, home or residence addresses, landline or mobile phone numbers, or other personal data voluntarily communicated by Users as part of their communication or request.
The data thus collected will be stored and processed solely for the purpose of preserving correspondence and will not be used for any other purpose.
Sending of requests via the Form
The User’s personal data collected via the Form are:
- Name and Surname
- E-mail address
- Any additional personal data entered by the User in the free-text field
Pursuant to Article 9 GDPR, no special data will be processed and, if received, will be erased. The User is therefore asked not to include any particular data, including sensitive or highly sensitive personal data (e.g. data relating to his or her state of health), in the communications to be sent to the Data Controller by e-mail or ordinary post or through the Form.
Subscription to the newsletter service
The Site gives the User the option to subscribe to the newsletter prepared and sent periodically by the Data Controller. To avail of this option, after accepting this Privacy Policy the User should enter his or her e-mail address in the box “MV newsletter- Preview of new models and much more”.
As part of the process of accepting the User’s subscription to the newsletter service, the Site and the Data Controller collects solely the User’s e-mail address.
For the provision of the service, the User’s e-mail address will be uploaded by the Data Controller to e-mail marketing platforms of third-party partners based within the EU.
3. Principles applicable to data processing
In accordance with the requirements of GDPR, the Data Controller makes constant efforts to ensure that personal data are:
a) processed lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness, fairness and transparency” principle);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will, in accordance with Article 89(1) GDPR, not be considered incompatible with the initial purposes (“purpose limitation” principle);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization” principle);
d) accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay (“accuracy” principle);
e) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as they will be processed solely for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR subject to implementation of the appropriate technical and organizational measures required under GDPR in order to safeguard the rights and freedoms of the Data Subject (“storage limitation” principle);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures (“integrity and confidentiality” principle).
The Data Controller will take appropriate technical and organizational measures to ensure the protection of personal data from the outset of the design and to ensure that only those data necessary for each specific purpose are processed by default.
This Privacy Policy may be subject to amendment in line with the development of the legislation in force and the technical and organizational measures adopted over time by the Data Controller.
4. Methods of data processing
4.1 Methods of processing data provided voluntarily by the User by post or using the Form
The processing of the personal data of Users provided voluntarily via e-mail or ordinary post, or through the Form, is carried out both manually and automatically by means of analogue, digital, online and electronic tools, in accordance with logic strictly related to the purposes indicated in this Policy, in particular to ensure the fulfilment of any requests made by the User and, at any rate, in such a way as to ensure the security and confidentiality of the data.
4.2 Types of cookies and tracking tools used
As better described in the Cookie Policy, the Site uses technical, statistical and non-technical (or profiling) cookies according to the definitions in the “Guidelines on the use of cookies and other tracking tools” adopted by the Garante Privacy (Italian Data Protection Authority) on 10 June 2021, in order to ensure the proper functioning and to optimize the performance of the Site, as well as for performance analysis and evaluation purposes as better described under section 5.
Cookies are usually strings of text that websites (publishers or “first parties”) visited by the User, or different sites or web servers (“third parties”) place and store – directly, in the case of publishers, and indirectly, i.e. through publishers, in the case of “third parties” – in a terminal available to the User.
The main types of cookies used by the Site are:
- technical cookies, i.e. cookies used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or User to provide such service” (see Article 122(1) of the Italian Privacy Code). Technical cookies are necessary and help to make a website usable by enabling basic functions such as page browsing and access to protected areas of the Site. The Site cannot function properly without these cookies.
- statistical cookies, i.e. cookies aimed at collecting information, in aggregate form, on the Users of the Site and similar to technical cookies provided that: (i) they are only used to produce aggregate statistics and in relation to a single site or mobile application; (ii) at least the fourth component of the IP address is masked for third-party cookies; (iii) third parties refrain from combining analytics cookies, thus minimized, with other processing methods (customer files or statistics of visits to other sites, for example) or from passing them on to other third parties (without prejudice to the possibility for third parties to produce statistics with data relating to multiple domains, websites or apps that can be traced back to the same publisher or group of undertakings). This is without prejudice to the right of the Data Controller to carry out, on its own initiative, the mere statistical processing of data relating to the Site and to several domains, websites and apps that can be traced back to it, including by use of unencrypted data in compliance with the purpose limitation;
- profiling (or non-technical) cookies, i.e. cookies used to link specific actions or behavioral patterns recurring in the use of the functionalities offered to specific identified or identifiable subjects, in order to group the different profiles within homogeneous clusters of different sizes, so that it is also possible to modulate the provision of the service in an increasingly customized way, as well as to send targeted advertising messages, i.e. in line with the preferences expressed by the User during web browsing.
The detailed list of cookies and other tracking tools used by the Site, as well as the type of data processed and their characteristics and purposes, are detailed in the Cookie Policy.
Since cookies are normal text files, they can be accessed using word processing programs. However, the browser can be configured by the User to prevent it from processing cookies and to delete or deactivate cookies by visiting the following web pages:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=it;
- Mozilla Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop;
- Internet Explorer: https://support.microsoft.com/it-it/windows/eliminare-e-gestire-i-cookie-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/it-it/guide/safari/sfri11471/mac
5.Purpose and legal basis of data processing Option of consent and consequences of non-consent
5.1 Purpose and legal basis of data processing
In relation to technical cookies and browsing data, processing of the User’s personal data is carried out in order to facilitate correct use of the Site. Data processing is necessary for browsing the Site and to ensure the Site functions perfectly. In this case, the legal basis of data processing is the legitimate interest of the Data Controller. Hence the prior express consent of the User will not be necessary.
In relation to non-technical cookies, personal data is processed to enable the following purposes to be pursued: (i) statistical analysis of the Site’s performance through the collection and aggregate processing of data relating to the number and browsing preferences of Users; (ii) profiling and marketing of profiles aimed at enabling the offer of a customized browsing experience and of banners and advertising messages consistent with the User’s preferences. The legal basis for data processing aimed at pursuing these purposes is exclusively the express, optional, free consent of the User revocable at any time.
With regard to the data voluntarily provided by e-mail, the processing of personal data makes it possible to respond to requests from Users. The legal basis for the processing is the legitimate interest of the Data Controller in responding to the Data Subjects. Hence the prior express consent of the User is not required.
In relation to the data voluntarily provided by the User via the Form, the processing of personal data presupposes acceptance of this Privacy Policy. The legal basis for the processing is the legitimate interest of the Data Controller in responding to requests made by Data Subjects via the Form. Hence the prior express consent of the User is not required.
The User’s free, express and informed consent is the legal basis for the subscription to the newsletter service through the special section of the Site called “MV Newsletter” and for the processing of the User’s personal data in accordance with this Privacy Policy.
The legitimate interests of the Data Controller or of third parties may constitute a valid legal basis for data processing, provided that the interests or fundamental rights and freedoms of the Data Subject are not overridden. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the Data Controller and the Data Subject, for instance when the Data Subject is a customer of the Data Controller.
5.2 Ways of obtaining consent
Consent to the processing of the User’s personal data by means of non-technical cookies must be expressed
- with a choice made by the User in the specific banner on the Site by clicking alternatively (i) on the “Accept All” button or (ii) on the “Accept Selected” button after first having selected the item “Statistics and Analysis” and/or the item “Marketing and Advertising” by means of a specific click on the list of individual categories of cookies.
Mere scrolling or browsing on the Site does not under any circumstances constitute an expression of consent to the use and installation of tracking tools, with the exception of technical cookies only.
By clicking on the “Accept only necessary cookies” button, or by closing the cookie banner without selecting any button, the User acknowledges that the Site will only install the technical cookies necessary to ensure correct operation and use of the Site.
6. Interactions with third-party sites and platforms
The Site contains interaction icons which, on being clicked, redirect the User to the page/profile of the Data Controller present on the social network related to the icon.
Except as provided for in the Cookie Policy, pages containing such icons do not issue cookies either from the Data Controller or from third parties. However, by clicking on the icon the User will be redirected to third-party sites and/or platforms (not available to or managed by the Data Controller) that may install cookies or other tracking tools on the User’s device and aimed at collecting traffic data and subsequently processing them for profiling, marketing and advertising purposes.
The Data Controller has no power over how third-party platforms operate, the data they collect and the use of this information by the third-party provider.
7. Source of personal data
Without prejudice to the provisions of the Cookie Policy, only data provided by the User in accordance with this Policy, collected through the Site by an e-mail or Form filled in by the User, will be processed.
Data from publicly accessible sources will not be processed.
8. Transfer of personal data to third parties
Personal data subject to processing for the above-mentioned purposes may be communicated by the Data Controller to:
- parties within the Data Controller’s organization who need it as a function of their duties. Said individuals (hereinafter “persons in charge”), are authorized to process the data under the direct authority of the Data Controller pursuant to Article 4 No. 10 of Regulation (EU) 2016/679;
- subsidiary or parent companies within the meaning of Article 2359 of the Italian Privacy Code that are authorized to process them for internal administrative purposes;
- third parties to whom the Data Controller may outsource certain activities and who consequently provide the Data Controller with certain instrumental services, in any event related to the data processing operations and purposes described above, such as, by way of example, administrative services, Site hosting services, companies that perform communication activities on behalf of the Data Controller, companies offering information society services and communications company service providers.
Except as specified below, the transfer of personal data to such entities, when established in a third country or an international organization, is carried out subject to an adequacy decision of the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country or the international organization in question can ensure an adequate level of protection of the rights of Data Subjects. In any event, should he or she deem it appropriate, the Data Controller reserves the right to enter into specific separate agreements obliging such parties to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees with regard to User rights.
However, on this point it should be noted (and as better described in the Cookie Policy) that, subject to the User’s express consent, the Site uses third-party analysis and profiling cookies that involve the transfer of data collected in the United States.
Under current law, the United States is a third country that does not provide an adequate level of protection under Article 45 GDPR and does not offer a similar level of data protection and protection of the rights of Data Subjects as within the EU. In particular, data, including personal data, collected by third-party providers (such as Google Inc. and Google Analytics cookies) of Data Subjects residing in the EU will be accessed by the Federal Law Enforcement Agencies of the US Government.
By consenting to the installation of non-technical cookies in the manner set out in the Cookie Policy, the User expressly agrees to and authorizes the transfer of personal data collected by third-party non-technical cookies to the United States pursuant to Article 49 (1)(a) GDPR.
9. Data retention period
Unless otherwise provided for in the Cookie Policy, personal data processed and stored for all the purposes set out in this Policy will be processed and stored for a period not exceeding 24 months from the date of individual collection.
The Data Controller reserves the right, in any event, to request that the Data Subject renew his or her consent to the processing and/or verify any consent already given.
10. Rights of the Data Subject
Pursuant to Article 7 of the Italian Privacy Code and Articles 15 et seq. GDPR, the Data Controller hereby informs the User of the existence of the following rights:
- Data Subject’s right of access: the Data Subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her is being processed and, if so, to obtain access to personal data and specific information, in accordance with Article 15 GDPR;
- Right of rectification: the Data Subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning him or her. With due regard to the purposes of data processing, the Data Subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 GDPR;
- Right to erasure of data, including the right to withdraw consent: the Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her and the Data Controller has the obligation to erase said data without undue delay. The Data Subject also has the right to withdraw his or her consent if the grounds defined in Article 17 GDPR exist. In this case, the right to withdraw may be exercised at any time without prejudice to the lawfulness of the processing based on the consent given before said withdrawal;
- Right of restriction of processing: the Data Subject has the right to obtain from the Data Controller the restriction of processing when the terms defined in Article 18 GDPR apply;
- Right to data portability: the Data Subject has the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning him or her provided to the Data Controller and further has the right to transmit such data to another controller without hindrance from the Data Controller in the cases and under the conditions specified by Article 20 GDPR;
- Right to object: The Data Subject has the right to object, at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f) GDPR, including profiling on the basis of these provisions. The Data Controller will refrain from any further processing of personal data unless he or she can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims. In relation to direct marketing purposes, the Data Subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling when it is related to such direct marketing. If the Data Subject objects to processing for direct marketing purposes, his or her personal data are no longer processed therefor.
11. Exercise of rights
Requests to exercise the rights set out in this Privacy Policy should be addressed directly via e-mail to the Data Controller at mvhj1953@mvluxurygroup.com.
Alternatively, the User may exercise his or her rights by sending a communication via registered letter with return receipt to Via della Posta 8, Milan (MI), 20123 – Italy.
12. Accessibility of the Privacy Policy
The Privacy Policy is accessible at www.marcovalentehighjewelry.com as well as at the registered office of the Data Controller.