Privacy Policy

Privacy Policy

Pursuant to art. 4 Legislative Decree no. 196 of 30 June 2003, we provide you with the relevant definitions by which this Code refers to:

1) "processing", any operation or set of operations, carried out even without the aid of electronic instruments, concerning the collection, recording, organisation, conservation, consultation, processing, modification, selection, the extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation and destruction of data, even if not recorded in a database:

  • "personal data", any information relating to a natural person, legal person, body or association, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number;
    • "identifying data", personal data that allow direct identification of the interested party;
    • "sensitive data", personal data capable of revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union, as well as personal data suitable for revealing the state of health and sexual life;
    • "judicial data", personal data capable of revealing provisions referred to in article 3, paragraph 1, letters from a) to o) and from r) to u), of the Presidential Decree of 14 November 2002, n. 313, regarding criminal records, registry of administrative sanctions dependent on crime and related pending charges, or the status of accused or suspect pursuant to articles. 60 and 61 of the cpp;
    • "owner", the natural person, the legal person, the public administration and any other body, association or organization which is responsible, even jointly with another owner, for decisions regarding the purposes, methods of processing of personal data and the tools used, including the safety profile;
    • "responsible", the natural person, the legal person, the public administration and any other body, association or organization appointed by the owner to process personal data;
    • "persons in charge", the natural persons authorized to carry out processing operations by the owner or manager;
    • "interested party", the natural person, legal person, body or association to which the personal data refers;
    • "communication", giving knowledge of personal data to one or more specific subjects other than the interested party, the owner's representative in the territory of the State, the manager and the persons in charge, in any form, including by making them available or consulting them ;
    • "dissemination", giving knowledge of personal data to undetermined subjects, in any form, including by making them available or consulting them;
    • "anonymous data", data which originally, or following processing, cannot be associated with an identified or identifiable interested party;
    • "blocking", the retention of personal data with temporary suspension of any other processing operation;
    • "database", any organized set of personal data, divided into one or more units located in one or more sites;
    • "Guarantor", the authority referred to in the art. 153, pursuant to Law 31 December 1996, n. 675;

2) "electronic communication", any information exchanged or transmitted between a finite number of subjects via a publicly accessible electronic communications service. Information transmitted to the public via an electronic communications network as part of a broadcasting service is excluded, unless the information is linked to an identified or identifiable receiving subscriber or user:

  • "call", the connection established by a publicly accessible telephone service, which allows two-way communication in real time;
    • "electronic communications networks", transmission systems, switching or routing equipment and other resources that allow signals to be transmitted by cable, radio, optical fibers or other electromagnetic means, including satellite networks, terrestrial mobile and fixed circuit-switched and packet-switched networks, including the Internet, networks used for the circular broadcast of sound and television programmes, systems for the transport of electric current, insofar as they are used to transmit signals, cable television networks, regardless of the type of information carried;
    • "public communications network" means an electronic communications network used wholly or predominantly to provide publicly accessible electronic communications services;
    • "electronic communications service", services consisting exclusively or mainly in the transmission of signals on electronic communications networks, including telecommunications services and transmission services in networks used for circular radio and television broadcasting, within the limits set by art. 2, letter c), of Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002;
    • "subscriber", any natural person, legal person, body or association party to a contract with a provider of electronic communications services accessible to the public for the provision of such services, or in any case recipient of such services via prepaid cards;
    • "user", any natural person who uses an electronic communications service accessible to the public, for private or commercial reasons, without necessarily having subscribed to it;
    • "traffic data", any data processed for the purposes of transmitting a communication over an electronic communications network or related billing;
    • "location data" means any data processed in an electronic communications network which indicates the geographical position of the terminal equipment of the user of a publicly accessible electronic communications service;
    • "value-added service" means a service which requires the processing of traffic data or location data other than traffic data in addition to what is necessary for the transmission of a communication or related billing;
    • "electronic mail", messages containing text, voices, sounds or images transmitted via a public communications network, which may be stored in the network or in the receiving terminal equipment, until the recipient becomes aware of them;

3) "minimum measures", the set of technical, IT, organisational, logistical and procedural security measures which constitute the minimum level of protection required in relation to the risks envisaged in article 31:

  • "electronic tools", computers, computer programs and any electronic or automated device with which the processing is carried out;
    • "computer authentication", the set of electronic tools and procedures for even indirect verification of identity;
    • "authentication credentials", the data and devices, in the possession of a person, known by him or uniquely related to him, used for IT authentication;
    • "keyword", component of an authentication credential associated with a person and this note, consisting of a sequence of characters or other data in electronic form;
    • "authorization profile", the set of information, uniquely associated with a person, which allows identifying which data he can access, as well as the processing permitted to him;
    • "authorization system", the set of tools and procedures that enable access to data and the methods of processing the same, based on the authorization profile of the applicant;

4) "historical purposes", the purposes of study, investigation, research and documentation of figures, facts and circumstances of the past:

  • "statistical purposes", the purposes of statistical investigation or production of statistical results, including by means of statistical information systems;
    • "scientific purposes", the purposes of study and systematic investigation aimed at developing scientific knowledge in a specific sector.

Communication and dissemination of data:

the data provided by you may be subject to communication and/or dissemination to implement existing contractual relationships with our Company, for purposes connected to them, for purposes relating to the display of references, for commercial and promotional activities of the company's products our Company; they may also be communicated to:

  • company personnel as managers and data processors for the management of the procedures for the service requested by you; the staff has been duly trained on the security of personal data and the right to privacy.
    • Financial Administration, Tax Police bodies, Financial Police, Labor Inspectorate, and in general all the bodies responsible for checks and controls regarding the regularity of the obligations relating to the purposes indicated above.
    • Trade Association and CAAF for the performance of the services listed in the above purposes and professional firms appointed by us to process our data.

Different types of data processed

  • Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that they are not collected to be associated with identified interested parties. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user's computing environment. These data can be used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
    • Data provided voluntarily by the user: the optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message . Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
    • Cookies: no personal data of users is acquired by the site for this purpose. No use is made of "Cookies" for the transmission of information of a personal nature, nor are so-called persistent "Cookies" of any kind used, or systems for tracking users. The use of so-called session "Cookies" (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies used on this site avoid the use of other IT techniques that are potentially detrimental to the privacy of users' browsing and do not allow the acquisition of personal identification data of the user.
    • Voluntary provision of data: apart from what is specified for navigation data, the user is free to provide personal data. Failure to provide them may make it impossible to obtain what is requested. For the sake of completeness it should be remembered that in some cases (not subject to the ordinary management of this site) the Atelier Tattoo Supply Rome of Luca Di Girolamo & C. snc may request news and information pursuant to art. 157 of the Legislative Decree. n. 196/2003, for the purposes of controlling the processing of personal data.

The "processing" of data involves the identification of some subjects who bear specific burdens and responsibilities. In this case the following is communicated:

  • The Data Controller and Data Processor: MERZI.IT SRL Viale Europa 2/A 37023 Grezzana VR
  • Persons in charge of data processing: are the employees and/or collaborators of MERZI.IT SRL

To allow for the most complete understanding of the problem, we remind you that the articles. 7, 8, 9 of the TU expressly protect the rights of the interested parties; we report the art below. 7 Rights of the interested party (Right of access to personal data and other rights):

  1. The interested party has the right to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet registered, and their communication in an intelligible form.

    2. The interested party has the right to obtain the indication:
    a) the origin of the personal data;
    b) the purposes and methods of processing;
    c) of the logic applied in case of processing carried out with the aid of electronic instruments;
    d) the identification details of the owner, managers and representative designated pursuant to article 5, paragraph 2;
    e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents.

    3. The interested party has the right to obtain:
    a) the updating, rectification or, when interested, integration of the data;
    b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
    c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves the use of means that are manifestly disproportionate to the protected right.

    4. The interested party has the right to object, in whole or in part:
    a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
    b) to the processing of personal data concerning him for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication.

To exercise the rights provided for in the art. 7 of the Privacy Code, listed above, the interested party must send a written request to the Data Controller and Data Processor MERZI.IT SRL Viale europa 2/a 37023 Grezzana VR

ADAPTATION TO THE GDPR - EU Regulation 2016 679
In compliance with the provisions of the European Regulation on the protection of personal data, MERZI.IT SRL guarantees registered users of this site the following rights:

Right of access (art. 15)
• The right of access provides in any case the right to receive a copy of the personal data being processed.
• The information that the owner must provide does not include the "modalities" of the processing, while it is necessary to indicate the expected retention period or, if this is not possible, the criteria used to define this period, as well as the guarantees applied in the event of transfer of data. data to third countries.

The "registered" user can view all their data stored on this website by accessing, after logging in, the GDPR area ( link ).
From this web page the user will be able to obtain, by pressing the appropriate buttons, a copy of all the data stored by MERZI.IT SRL on this site; this data can be exported both in pdf and csv format.

The extraction of data in csv format also guarantees the right to portability provided for by the GDPR regulation in art. 20.

Unregistered users (commonly referred to as "guests" or "guests") who have made a purchase on this site do not have a personal reserved area.
These users may also request, using the contact form ( link ), information on the personal data stored on this site.
MERZI.IT SRL undertakes to respond promptly to requests sent by such users.

Right of cancellation (right to be forgotten) (art.17)
• The so-called right "to be forgotten" is configured as a right to the cancellation of one's personal data in a strengthened form. In fact, there is an obligation for the data controllers (if they have "made public" the personal data of the interested party: for example, by publishing them on a website) to inform other data controllers who process the deleted personal data of the cancellation request, including “any link, copy or reproduction” (see art. 17, paragraph 2).
• It has a broader field of application than that referred to in the art. 7, paragraph 3, letter b), of the Code, since the interested party has the right to request the deletion of their data, for example, even after revocation of consent to processing (see art. 17, paragraph 1).

All registered "users" and also "guest" or "guest" users may at any time request, using the contact form ( link ), the deletion of their data stored on this site.
MERZI.IT SRL undertakes to satisfy requests for data deletion within a reasonable time.
Before the definitive cancellation, the applicant will be notified via email of the start of the cancellation procedure.
From that moment MERZI.IT SRL will not be able to send further communications to the user as their data - and in particular the email of the applicant - will be definitively and irretrievably deleted from the database of this site.

DATA RETENTION
Your data is stored on servers equipped with all the most modern protection and security systems, located within the EU. Specifically, your data is stored on an IONOS SE server

Elgendorfer Str. 57

56410 Montabaur

Germany

to which we refer you to obtain detailed information regarding the Privacy Policy and the security technologies used.
With the exception of cases in which the user specifically requests the deletion of their data from the database of this site, all data relating to the individual user and his purchases are stored on this site for a period of 26 (twenty-six) months from last purchase made.
This data retention period corresponds to the period of validity of the "Legal Guarantee of conformity" provided for by the Consumer Code (articles 128 et seq.), this Guarantee protects the consumer in the event of the purchase of defective products, which function poorly or do not meet the the use declared by the seller or for which the good is generally intended.

EXCEPTIONS
The deletion of data from this site does not imply the elimination of any tax documents issued (invoices, receipts, transport documents, etc.) which will be retained in accordance with the provisions of the Civil and Fiscal regulations in force, i.e. for 10 (ten) years from the date of emission.

COMMUNICATIONS DURING THE PURCHASE PROCEDURE
Throughout the purchase procedure MERZI.IT SRL reserves the right to contact the Customer to inform him of the progress of the order status (e.g.: payment status, goods in preparation, shipping status, sending of the tracking code , delivery verification, etc.). Contact will take place preferentially using the email address indicated when the Customer enters the order and, exclusively in the case of emergencies, using the telephone number indicated.