Cookie Policy

This Privacy Policy is provided, in compliance with Articles 13 and 14 of the EU Regulation 679/2016 (hereinafter: "Regulation"), to the users (hereinafter: "Users" or "User") of the website https://www.ilmannarino.it/ (hereinafter: "Website") owned by "Il Mannarino S.r.l." with registered office in Monza (MB), via Castelfidardo n. 1, VAT No. 10747300969 (which is the Data Controller, hereinafter: "Data Controller") or to those who subsequently purchase products offered on the Website itself or register to the newsletter service (hereinafter: "Newsletter"), giving us their consent for a specific purpose (hereinafter: "Newsletter"): "Data Controller") or to those who subsequently purchase the products offered on the Site itself or register for the newsletter service (hereinafter: "Newsletter"), giving us their consent for a specific purpose (hereinafter: "Customers" or "Client"), and is aimed at describing the Site's management procedures with reference to the processing of personal data, as well as to allow Site Users to know the purposes and methods of the processing of personal data by the Data Controller in the event of their being provided. Where, on the other hand, while browsing the Site, the User and/or Customer access through links to pages or sites managed by third parties, for the processing of personal data, reference must be made to the Privacy Notices published therein.

In particular, this Privacy Policy describes how the Data Controller collects, uses, processes and communicates the User's personal data when accessing and using the Site and the services therein, specifically:

1. Who is the data controller?
2. Principles applicable to the Processing of Personal Data
3. Type of Users
4. What categories of data does the Data Controller collect and use?
5. Why are personal data collected?
6. Who sees, receives and uses the data and where can this be done?
7. Method of processing and storage of personal data
8. What are the data protection rights and how can they be exercised?
9. Contact details of the data controller
10. Information on Cookies
11. Update and previous versions of this Privacy Policy

This document also informs Users on how to exercise their rights (including the right to object to part of the data management performed by the Data Controller). Further information on the rights and how to exercise them is provided in the following paragraphs of this Privacy Policy.
As specified in the General Terms and Conditions of Service, the services offered by the Controller are intended for persons over the age of 18. Should the Controller become aware of the processing of data of minors under the age of 18 without valid parental or legal guardian consent, the Controller reserves the right to unilaterally discontinue the use of the service offered as well as to delete the data acquired.
Terms that are not defined in this Privacy Policy (such as "Service" or "Service Owner") have the same meaning as described in the General Terms and Conditions of Service.
Who is the Data Controller?
Where the terms 'Company', 'its/their' or 'Data Controller' appear within this Privacy Policy, they are intended to refer to:
"Il Mannarino S.r.l.", a company incorporated under the laws of Italy, registered in the Company Register of the Milan Chamber of Commerce with REA number MB - 2554487, C.F. / Partita IVA 10747300969 and having its registered office in Monza (MB), via Castelfidardo n. 1, which is the owner of the processing of Users' and/or Customers' personal data pursuant to this Privacy Policy.
Principles applicable to the Processing of Personal Data
The Data Controller, pursuant to and for the purposes of the Regulation, hereby announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.

What categories of data does the Data Controller collect and use?
If you visit the Site and use the search service or register with the Site, the Data Controller collects the following categories of personal data:
4.1. Personal data provided by the User

The personal data shared with the Data Controller, including those shared when registering for the Newsletter to receive marketing communications and those sent via the "Work with us" section of the Site, as well as those provided to us when using the services, including information entered into the platform and contained in comments, reviews or messages sent by e-mail or through social media channels.

More precisely:
When contact occurs between the Data Controller and the User and/or Customer via e-mail or through social media, the Data Controller may collect: personal data provided to it by the User and/or Customer when the same connects with the Data Controller, including first and last name, user name (if available), telephone number (where necessary) and e-mail address. In particular, Users have at their disposal a Live Chat system reserved for them, which allows them to reply to ads via chat. However, the messages exchanged between Users are encrypted and saved in the Data Controller's database by generating a unique encryption key for each message. Both the encrypted message and the key needed to decipher the message will then be saved in the database. Furthermore, Users will be able to decide whether or not to receive notifications of announcements by e-mail.

When the User and/or Customer subscribes to personalised marketing services ('Newsletter') the following data may be provided to the Controller: personal details (including first name, last name and e-mail address), the way the website is accessed, including IP address, online identifiers and browser details.

Browsing behaviour or personal interests may also be provided. Note that some of this information may be collected automatically in accordance with Section 4.2.
When contact occurs between the Data Controller and the User (hereinafter also referred to as "Candidate") through the "Work with us" section of the Site, the Data Controller may collect the personal data provided to the same by the Candidate by filling in the online form available on the Site, including contact details (such as name, surname and email address), languages spoken and information relating to the Candidate's education and training, together with any other information that the latter may provide to the Data Controller in the Curriculum Vitae and/or in the cover letter attached to the online form or during any subsequent interviews with the Data Controller.

Particular categories of personal data, such as data relating to the Candidate's state of health, will only be collected with the Candidate's consent and where their use is strictly necessary for the pursuit of the purposes of recruitment and selection of personnel and the establishment of employment relationships (e.g. in the case of membership of certain protected categories), within the limits and in compliance with the applicable law.

Sending an application through the Site and any related information is entirely spontaneous and optional for the User of the Site. If the latter decides to submit his or her application through the "Work with us" section of the Site, he or she will be free to provide the personal data he or she deems most appropriate for this purpose.

However, if you do not provide the personal data required for your identification (such as, for example, your first and last name, email address or education) or the personal data specifically requested by the Company (during the interview or by email or indicated as mandatory by a notice shown below the field to be filled in), the Company may not be able to fully evaluate your application and complete the recruitment process.

With reference to the particular categories of personal data, it should be noted that the Data Controller, where strictly necessary and within the limits and in compliance with the law, will use such data exclusively to fulfil or request the fulfilment of specific obligations or to perform specific tasks provided for by European Union legislation.
The aforementioned personal data, when requested, are necessary for the proper performance of the contract between the Data Controller and the User and/or Customer and to enable the Data Controller to fulfil its legal obligations, except where the latter depends on the consent of the data subject as the legal basis for the processing and for the legitimate interest of the Data Controller. Without them, the latter may not be able to provide all the services requested.

It is important that all personal data provided by the User and/or Client are correct and accurate. This means, purely by way of example, the assurance by the User and/or Client that the contact details held by the Data Controller (including the e-mail address) are always correct.

4.2. Personal data automatically collected by the Site, communications sent by the Data Controller and/or third parties
The Data Controller collects information relating to visits to the Site and use of the Site, such as the device and browser used, the IP address or domain names of the computers connected to the Site, the URI (Uniform Resource Identifier) notation addresses of the requests made, the time of the request the date and time of the visit, the duration of the visit, the referral site and the navigation path on the Site relating to the visit and the interactions on the Site itself, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the User and/or the Customer.

For more information on the purposes for which the Data Controller collects and uses this information, please see the section on Cookies in this Privacy Policy (10. Cookie Information). Please note that personal information may also be linked to Cookies, e.g. to collect information on how you use the Site and the services offered on it.

The Data Controller may proceed to automatically collect certain personal data of the User and/or Customer also in order to understand how the User and/or Customer interacts with the communication material sent to him/her by the Data Controller, e.g. e-mails, including the actions he/she takes in relation to such communications, e.g. clicks on links in the text of the e-mail, the duration and frequency of interactions with the e-mail itself.

To the extent permitted by applicable law, the automatic collection of personal data of the User and/or the Customer may also take place in the event that the Controller receives additional information regarding the User and/or the Customer such as fraud detection information and warnings from third party service providers and/or partners for its fraud prevention activities.
5. Why are personal data collected?
In general terms, the Data Controller uses personal data to provide the services requested by the User and/or the Customer, to send service communications, to notify important changes to the Site and possibly to propose content and advertisements that the Data Controller deems may be of interest to the User and/or the Customer.

More specifically, personal data provided by Users through the use of the Site will be processed with their consent, for the purposes described below:
Provision of services accessible through the Site:

In order to provide certain services such as:
create and maintain the contractual relationship established for the supply of the requested product and/or service at every stage and through any possible integration and/or modification requested by the User and/or the Customer;
in-depth information on activities, events and other institutional and training initiatives organised or carried out by the data controller;
management and processing, in connection with the above, of applications and requests for interaction with the Data Controller and the entities traceable to the latter's organisation.

On what legal basis?
To fulfil a contract or for the performance of a service or measures connected with a contract and/or a service (i.e. to provide the services requested, and/or to provide the User with assistance)

B. Compliance with legal, regulatory and conformity requirements
To fulfil legal, regulatory and compliance requirements and to respond to requests from government or law enforcement authorities that are conducting an investigation.
On what legal basis?
To comply with the law (i.e. to share personal data with regulatory authorities)

C. Integrative and behavioural statistical analyses
To carry out aggregate statistical analysis on anonymous groups or to analyse the behaviour of identifiable individuals, so that we can see how they use the Site, the services provided therein and verify the performance of the relevant activity.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e. to improve the Site, its functionalities and the services offered therein)

D. Sending personalised and profiled marketing communications
In order to send personalised and profiled marketing communications exclusively with the consent of the User and/or Customer, as well as to share via e-mail and on the Site or third party sites (e.g. through advertisements) the best offers and promotions on products and services that the Data Controller deems may be of interest as they respond to the interests of the User and/or Customer. Personalised services or offers may be marketed by the Data Controller or by its partners or commercial collaborators operating in the following sectors: tourism, leisure, entertainment, high-tech, fashion, decoration, consumer goods, food & beverage, finance, banking, insurance, energy, environment, communication, mass media, real estate, pharmaceuticals, clothing and textiles, education and training, publications and publishing, information and communication technology, retail, sports, telecommunications and services in general. For this purpose, the Data Controller may:
- analysing the personal data collected to create a profile of the User's and/or Customer's interests and preferences in order to create personalised and targeted communications that are relevant and consistent with the User's and/or Customer's profile;
- combine the information collected through cookies with information relating to purchases made on the Site and with information that the Data Controller may receive from third parties, which collect the User's and/or Customer's data in a manner agreed with the same.
- analysing information on the interaction with the communication material sent by the Controller, e.g. data on when e-mails were opened or to determine whether advertisements were viewed and whether there was interaction with them, to record the number of times each advertisement was viewed, to prevent a single advertisement from being shown too frequently, etc.
- temporarily share an encrypted version of the User's and/or Customer's e-mail address with partners carefully selected by the Data Controller, who may combine this information with other forms of online identifiers or other personal data in order to show the same User and/or Customer the Data Controller's offers on multiple devices or channels, e.g. on social networks (Facebook, Pinterest, Instagram, Twitter).
- use automated decision-making processes to segment and target product offers according to the User's and/or Customer's requests and needs, reducing the risk of proposing inappropriate or irrelevant information and/or offers to the same. The User and/or Customer is entitled to request manual decision-making, to express his/her opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects. For further details, you may contact our Data Protection Officer, whose contact details are provided in Article 9 of this Privacy Policy.
On what legal basis?
Where the User and/or Customer gives their consent

E. Security of the Site and of the systems used by the Data Controller
To maintain the security of the Site and the systems used by the Data Controller to provide the Services and to prevent and detect fraud, security incidents and/or other crimes.
On what legal basis?
To pursue the legitimate interest of the Data Controller (i.e. to ensure the security of the Site and systems)

F. Verification of Compliance and Legal Actions
To verify compliance with the General Terms and Conditions of Service and for the establishment, exercise or defence of a right in court.
On what legal basis?
To pursue the legitimate interests of the Data Controller (i.e. in accordance with the General Terms and Conditions of Service, to protect the rights of the Data Controller in the event of disputes or complaints)

G. Customisation of advertisements and online marketing notifications
To tailor and customise advertisements and online marketing notifications based on information collected through cookies and relating to the User's and/or Customer's use of the Site, the products and services provided therein and other sites (for further information please refer to the section on Cookies of this Privacy Policy).
On what legal basis?
Where the User and/or Customer gives consent (i.e. via the Cookie banner or via the browser settings)
H. Staff recruitment and selection activities
To evaluate the applications sent by Users as part of the recruitment and selection process and, where appropriate for the open position, for the purposes of establishing the employment relationship and fulfilling the legal obligations relating to the relationship.
On what legal basis?
Where the User gives his or her consent, as well as the need to enter into a contract with him or her for the purpose of establishing an employment relationship.

Where the processing of personal information is based on legitimate interest, the Data Controller carries out an assessment to ensure that its interest in the use of the data is legitimate and that the User's fundamental privacy rights are not overridden by its legitimate interests ('balancing test'). Further information on the comparative assessment can be found by contacting the Data Controller at [email protected]

Who sees, receives and uses the data and where can this be done?
6.1. Categories of data recipients
The Data Controller shares personal data, for the purposes described in this Privacy Policy, with the following categories of recipients:
its employees and/or authorised collaborators who provide support and consultancy services in the areas of administration, product, legal advice, information systems, as well as personnel in charge of maintaining the network and hardware and software equipment of the Data Controller;
the competent authorities, if required by the regulations in force;
the competent authorities and third-party law enforcement agencies, where this is necessary to enforce the General Terms and Conditions of Service and to protect and defend the rights or property of the Data Controller or the rights and property of third parties;
third parties who receive the data (e.g. business consultants, professionals in the provision of tax due diligence services, 'due diligence' or who estimate the value and capacity of the business), where this is necessary in connection with sales of the Data Controller's business or assets (in which case the data will be disclosed to the Data Controller's consultants and advisers of any potential buyer and will be transferred to the new owners).
The personal data collected may also be processed by persons or categories of persons acting as data processors pursuant to Article 28 of the Regulation or who are authorised to process the data pursuant to Article 29 of the Regulation;
Furthermore, for some services, the data may be communicated to companies that collaborate with or use the services of the Data Controller with the sole purpose of providing the services requested by the User. In these cases the companies are autonomous data controllers, therefore the Data Controller is not responsible for the processing of the data by these companies. The Data Controller is also not responsible for the contents and compliance with the legislation on the protection of personal data by sites not managed by the same.
The full list of persons to whom personal data may be disclosed is available at the Data Controller's registered office and may be requested by writing to [email protected]
6.2. Transfer of data
The processing of the User's personal data will take place at the registered office of the Data Controller (see point 1), on the Data Controller's servers and on the premises of any other entities to which the data may be transmitted for the purpose of providing the services requested by the User to the Data Controller.
In addition, personal data collected through the Site may be transferred outside the national territory, solely and exclusively for the purpose of performing the services requested through the Site and in compliance with the specific provisions of the Regulation.
Some personal data may be shared with recipients located outside the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients will take place in compliance with the Regulation.
However, if the User would like further details on the safeguards put in place, he/she may contact the Data Controller by writing to [email protected]

7. Method of processing and storage of personal data

The Data Controller ensures that personal data will be processed in full compliance with the Regulations, by means of manual, computerised or telematic systems and, where necessary, in paper format, and will be stored in the Data Controller's database, protecting the privacy and rights of the User and/or Customer through the adoption of appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The processing may also be carried out by means of automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods such as to minimise the risks of unauthorised access, dissemination, loss and destruction of data, pursuant to Articles 25 and 32 of the Regulation.
Pursuant to Section 7(3) of the Regulation, the data subject has the right to obtain withdrawal of consent to processing at any time.
If no request for deletion is received by the Data Controller, personal data will be retained by the latter for as long as necessary to achieve the purposes and perform the activities described in this Privacy Policy, or as otherwise communicated to the User and/or Customer, or for as long as permitted by applicable law.
Further information on the retention period of personal data by the data controller can be found below:

Data relating to purchases made on the Site (name and surname, address, contact information, etc.) - Storage period: 10 years from the date of purchase;

Contractual documents - Retention period: 10 years from the date of purchase;

Unencrypted credit card data - Retention period: not retained;

Financial/transaction-related information - Retention period: 10 years from the completion of the financial transaction;

Data relating to checks for the detection of fraudulent transactions (anti-fraud) - Retention period: 5 years from the rejection of the transaction cause;

Data used for marketing purposes (data subject to the consent of the User and/or Customer and used for marketing activities towards them) - Storage period: 5 years from the granting or renewal of consent by the User and/or Customer through interaction with marketing communications.

Data collected during personnel recruitment and selection activities - Term of retention: Such personal data shall be retained for a period of time no longer than is strictly necessary for the evaluation of the candidature for possible inclusion in the Company's personnel and, in any case, no longer than 12 months, after which such data shall be removed by the Data Controller both from the computer systems and from any paper files in its possession, without prejudice to any further retention obligations provided for by the applicable law and unless otherwise requested by the User and/or Candidate (in this case the legal basis for such further processing shall be the consent of the User and/or Candidate themselves).

With regard to personal data collected through tags, the following retention periods apply:

Technical cookies - Storage period: maximum 3 years, starting from the date of browsing the Site;
Non-technical cookies - Storage period: maximum 1 year, starting from the date of the data subject's consent.

As for personal data collected through the "Work with us" section of the Site, these will be kept for a period of time no longer than is strictly necessary to assess the Candidate's request for possible inclusion in the Data Controller's staff (and, in any event, no longer than 12 months), after which they will be removed from both the computer systems and any paper files, without prejudice to further retention obligations under applicable law, unless otherwise requested by you (in which case the legal basis for this further processing will be the Candidate's consent).

8. What are the data protection rights and how can they be exercised?

You can exercise the rights guaranteed by the Regulation (Articles 15-22), including the rights to
Right of access: to receive confirmation of the existence of personal data, to have access to their content and to obtain a copy.

Right of rectification: update, rectify and/or correct personal data.

Right to erasure/right to be forgotten and right to restriction: to request the erasure of data or the restriction of data that have been processed in breach of the law, including data whose storage is not necessary for the purposes for which the data were collected or processed; where we have made personal data public, you also have the right to request the erasure of personal data and the taking of reasonable steps, including technical steps, to inform other data controllers who are processing personal data of your request to erase any links, copies or reproductions of such personal data.

Right to data portability: to receive in a structured, commonly used and machine-readable format a copy of the personal data provided to the Data Controller for the purposes of a contract or with the User's consent, and to request the transfer of such personal data to another data controller.

Right of revocation of consent: in the event that the Data Controller depends on the User's consent, the User shall always have the possibility of revoking such consent, although the Data Controller may have other legal bases for processing such data for other purposes.

Right to object at any time: the right to object at any time to the processing of personal data in certain circumstances (in particular in cases where it is not necessary to process the data in order to fulfil contractual or legal requirements, or where the company uses such data for direct marketing activities.

Right not to be subject to a decision based solely on automated processing, including profiling: it is always possible to request that a manual decision-making process be carried out instead, to express one's opinion or to contest decisions based solely on automated processing, including profiling, if such decisions produce legal or other similar effects.

You can exercise these rights at any time in the following ways:
by contacting the Data Controller by e-mail at [email protected]
Rights relating to personal data may be limited in certain situations. For instance, if fulfilling this request would reveal the personal data of another person or if there are legal requirements or compelling legitimate grounds, the controller may continue to process the personal data for which deletion has been requested.
You also have the right to lodge a complaint if you believe that your personal information has been mishandled. You are invited to address the Data Controller in the first instance, but you may, insofar as this right applies to your case, lodge a complaint directly with the competent data protection supervisory authority.

9. Contact details of the data controller
The contact details of the data controller are:
"Il Mannarino S.r.l.", a company incorporated under the laws of Italy, enrolled in the Company Register of the Milan Chamber of Commerce with REA number MB - 2554487, Fiscal Code/VAT No. 10747300969 and having its registered office in Monza (MB), via Castelfidardo n. 1.

10. Information on cookies
For all information on cookies, please visit the following page.

11. Update and previous versions of this Privacy Policy

This Privacy Policy may be subject to change over time - also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations. Therefore, the Data Controller reserves the right to amend this Privacy Policy at any time in accordance with this paragraph. Should the Data Controller make any changes to this Privacy Policy, it will post the revised Privacy Policy on the Site and insert the "last updated" date at the beginning of this Privacy Policy.