Privacy policy

Foreword

The territorial scope of General Data Protection Regulation (the GDPR or the Regulation) is determined by Article 3 of the Regulation.

Article 3(1) of the GDPR provides that the “Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not” (reference: https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en_1.pdf)

The Micheluzziglass portal is a web portal owned by Micheluzzi Glass di Margherita Micheluzzi, with registered office in: Dorsoduro 1071 - 30123 Venice, Italy, contact channel info@micheluzziglass.com.

In the future, it will be identified as "Portal" or "Owner" or simply "Micheluzzi Glass".

The site is hosted by Shopify (https://www.shopify.com/legal/privacy)

It is the User's responsibility to check the security of the site's external pages and their privacy policy; the Owner accepts no responsibility for non-proprietary sites, even if they can be reached from the Portal's pages.

In compliance with the obligations provided for by the European Privacy Regulation EU/2016/679 (GDPR), we hereby inform the User, who has the status of data subject pursuant to the GDPR, of the methods for processing the personal data generated through navigation on web pages, use of online services, interaction with the Portal, creation of User Profiles, e-commerce purchases.

This privacy policy is rendered in relation to the Portal referred to on the Home page https://www.micheluzziglass.com and does not extend to other Portals or sites that can be reached through hyperlinks or links to third party sites also implemented by other Users.

In particular, for the Owner's social network pages, this policy is in addition to and does not replace the privacy policy of the social network host and its rules of use.

This document does not affect in any way the general conditions of sale practiced by the Owner, which the data subject is invited to view.

The terms used hereafter are intended in the sense that they comply with the GDPR.

Identity and contact details of the Data Controller

Data Controller: Micheluzzi Glass di Margherita Micheluzzi
Registered office: Dorsoduro 1071 - 30123 Venice, Italy
E-mail for contact: info@micheluzziglass.com

Categories of personal data processed and methods of processing.

During navigation and use of the Portal, certain information relating to Users may be collected and processed. The Portal does not process data of a particular or judicial nature.
The data will be processed mainly by computer.
The information collected during the User's navigation mainly relates to interactions with the website, date and time of access, technology used by the User, using technical cookies present on the Portal,
Regarding cookies, please refer to the "Cookies Policy" on the Portal.

In detail, the following data will be processed.

(a) Website navigation.

The information collected mainly relates to interactions with the website, statistics on pages visited by the user, date and time of access, technology used by the user. Information on the user's source page and destination page may also be collected.

In addition, some information is collected automatically (in an anonymous and aggregate form) using cookies and similar technologies when you browse the website. You can read more about our use of cookies in our "Cookies Policy".

b) Creation of profiles and/or use of the e-commerce portal.

If you decide to purchase products using our E-commerce Platform, you can register in the Reserved Area of the Platform and create your account (in this regard, we invite you to read the General Conditions of Use and Sale of the E-commerce Platform). In this case, the information collected will concern, by way of non-exhaustive example: simple common data (customer details, shipping address, contact details; username, user IP sessions)

data generated by IT sessions resulting from the use of the account.

Information relating to visits to the e-commerce area, purchases, and product orders; data relating to the order also in relation to any discounts/promotions applied.

By the way, the creation of an account is not necessary in order proceed with purchases; the client can provide the information requested for the stipulation of the contract of sale, shipment, and payment through the platform on a spot basis.

c) other data provided voluntarily in the contact section and e-mail address for subscription to the newsletter service.

Purposes of the processing and relative legal basis

a) OPERATIONAL MANAGEMENT OF THE PORTAL.

The object of this processing is the personal data of users for navigation on the website, excluding the data provided for the creation of profiles. In this regard, it should be noted that the Data Controller uses technical cookies for site functionality and authentication and login management. These cookies do not require the user's consent.

Purposes:
Monitoring the use of the platform by Users, technical reasons and functionality of the Portal.

Legal basis:
Art. 122.1 Italian Legislative Decree number 196/03 - Technical needs

b) ACCOUNT CREATION and/or purchases operation.

This processing relates to the personal data that Users:

provide in order to manage their user profile and manage the related account privileges, as well as the related authentication procedure, password management and account cancellation or suspension procedures.
the stipulation of the contract of sale, shipment, and payment through the platform on a spot basis.

Purposes:
User profile registration and/or purchases operation.

Legal basis:
6.1.b. Performance of a contract to which the data subject is party.

c) MANAGEMENT OF THE CONTRACTUAL RELATIONSHIP.

The object of this processing is the users' personal data functional to the management of the purchase and sale and the accessory and related activities (e.g. shipping, customer care management, complaints and possible litigation).

Purposes:
Management of the contractual relationship with the customer.

Legal basis:
6.1.b. Fulfilment of a contract to which the data subject is party.

Please note that the payment system is managed by the services:
- Paypal
- Shopify Inc
- Google Pay.

and the related technical cookies, which, based on the user's choice, process the payment system acting as autonomous controllers.

The privacy policy and general terms and conditions of use are set out at:

d) MANAGEMENT OF PROCEDURES FOR THE EXEMPTION OF THE RIGHTS OF THE DATA SUBJECT

This processing relates to the personal data that Users provide in order to manage the User profile and manage the related privileges, as well as the related authentication procedure, password management and account cancellation or suspension procedures, exercise their rights over personal data in general.

Purposes:
Management of requests to exercise the rights of data subjects.

Legal basis:
6.1.c. Fulfilment of legal obligation

e) REGISTRATION AND MANAGEMENT OF THE NEWSLETTER LIST

The purpose of this processing is to send newsletters to subscribers to the Portal, by means of the email communicated during registration, concerning the Owner's activities, blog pages offers and dedicated discounts.

Purposes.
Newsletter activities.

Legal basis.
6.1.f. GDPR: Legitimate interest of the Owner with regard to customers.
6.1.a. GDPR: Consent for non-customer users.

The provision of data is necessary for the purposes indicated, except for subscription to the newsletter, where the provision of data is optional; the newsletter activity vis-à-vis Users at the e-mail address communicated at the time of registration will cease at the simple request of the user, even in opt-out mode.

Categories of recipients of personal data

The subjects or categories of subjects who may become aware of the personal data or to whom it may be communicated are the following:
Data processors, IT companies and software houses, consultants and consulting companies, freelancers, self-employed workers, agents and representative agencies, transport, and logistics companies.
Judicial or supervisory authorities, administrations, public bodies, and agencies (domestic and foreign), but exclusively for the purpose of fulfilling legal obligations, regulations or EU legislation, auditors and audit companies for the same tasks.

Storage and transfer of personal data abroad

The handling and storage of personal data takes place in servers located within the European Union. Any transfer of personal data abroad will only take place under the conditions set out in Chapter V of the GDPR.

Period of storage of personal data

Notwithstanding legitimate needs for further retention, data will be processed in compliance with the following retention periods, without prejudice to legitimate rights of retention and higher processing (e.g. management of a pending litigation):

a) PORTAL FUNCTIONAL MANAGEMENT. Until the end of the browsing session, unless otherwise indicated by the cookies active on the portal, to whose privacy policy please refer.

b) ACCOUNT CREATION. Until cancellation and profile suspension after five years of inactivity.

c) MANAGEMENT OF THE CONTRACTUAL RELATIONSHIP: 10 years from purchase as ordinary prescription period under Italian law.

d) MANAGEMENT OF INTERESTED RIGHTS: 10 years from the closure of the proceedings (ordinary prescription period under Italian law). Immediate cancellation/limitation as a result of the exercise of the relevant right, provided that the prerequisites are met.

Exercisable rights

In accordance with the provisions of the GDPR, you may at any time request a copy of your personal data from the Data Controller, as well as information as to where your personal data is being processed.

At any time, you may freely revoke the consent given, without any charge and without prejudice to the lawfulness of the processing carried out up to that moment, and exercise the following rights of the data subject with respect to the Data Controller as provided by the European Privacy Regulation EU/2016/679 of Access, Rectification, Cancellation, Limitation, Opposition, Portability and Complaint to the Italian Privacy Guarantor https://www.garanteprivacy.it/web/garante-privacy-en

The rights could be exercised by contacting the Data Controller.