Via this policy, the company MENGOTTI SRL with registered office in Via Giacomo Matteotti, 58 - 36061 Bassano del Grappa (VI), CF and VAT no. 04250820240, REA VI-390858, tel.+39 0424 521113, fax +39 0424 524097, e-mail firstname.lastname@example.org, PEC email@example.com, in its capacity as Data Controller of Personal Data (hereinafter simply "Data Controller") wishes to inform you about the processing of any personal data that you may provide by browsing this Website www.mengotti-online.com, hereinafter simply "Website".
For any clarification or further information, or to exercise the rights listed in this policy, please contact
address for sending recorded delivery post: Via Giacomo Matteotti n. 58 - 36061 Bassano del Grappa (VI).
EU Regulation 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, establish the rules for the protection and safeguarding of individuals with regard to the processing of their personal data and this document is prepared in accordance with the new legislative provision.
The information may be subject to change following the introduction of new rules, so we invite you to periodically visit this section to stay up to date.
According to the law, the processing of personal data is based on principles of correctness, lawfulness, transparency, accuracy, purpose limitation and retention, minimization, data integrity, protection of user privacy as well as protection of their rights.
The Data Controller undertakes to observe the aforementioned principles and, to this end, promptly informs you that - except for any processing which by law requires your explicit consent - by browsing this Website, uploading or providing personal data, you accept and agree to be bound by the conditions and terms set out in this statement. User consent to the processing of data can be revoked at any time by contacting the aforementioned addresses.
The Data Controller will process data in compliance with the applicable legislation, assuming that they refer to the user or to third parties who have expressly authorised him/her to provide them on appropriate legal grounds that legitimise the processing of the data in question. In the case of the latter, the user acquires the role of independent data controller and takes on all the relevant legal obligations and responsibilities. In this sense, you provide us with the broadest possible indemnity in respect of any dispute, claim, request for compensation for damage caused by processing, etc. that may reach our Data Controller from third parties whose personal data has been processed through your use of the Site in breach of the applicable legislation currently in force.
If you are under the age of 16, your consent is legitimate only if given or authorised by the person holding parental responsibility for you, in accordance with the provisions of art. 8 Reg. EU 2016/679. For interested parties on Italian territory, consent is legitimate, under the same conditions as above, for anybody aged 14 and over.
Access to the online store is allowed only to the adult user. The Data Controller may use the personal data of underage users to carry out checks on their age and to enforce any age restrictions defined by it or provided for by law.
In any case, we want to provide you with some information on the personal data processing activities carried out by this website and on those that manage them.
TABLE OF CONTENTS
PERSONAL DATA PROCESSED
PURPOSE OF DATA PROCESSING
LEGAL BASIS FOR PROCESSING PERSONAL DATA
DATA RETENTION PERIOD
RECIPIENTS OF PERSONAL DATA
SCOPE OF DATA CIRCULATION
LIST OF THE MAIN PERSONAL DATA PROCESSING ACTIVITIES USED BY THE WEBSITE
USER RIGHTS ACCORDING TO REG. EU 2016/679
- DATA CONTROLLER.
The Data Controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of personal data processing. The data controller also deals with security.
With respect to this Website, the Data Controller is the company MENGOTTI SRL as specified above, and for any clarification or exercise of your rights, you can write to the following e-mail address: firstname.lastname@example.org.
- PERSONAL DATA PROCESSED.
By "personal data" we mean all information that could directly or indirectly allow users to be identified.
The Data Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, address, telephone, e-mail, etc.) communicated by you when simply browsing the site, registering your own user profile, purchasing products, requesting information from the Data Controller or subscribing to the newsletter by filling in the appropriate contact forms.
By "processing of personal data" we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or a set of personal data. This site may carry out operations involving collection, registration, organisation, conservation, modification, extraction, consultation, use, communication by transmission, comparison or interconnection, limitation, cancellation or destruction.
- PURPOSES OF DATA PROCESSING
Except as provided for with regard to the individual personal data processing activities used within the Site, in general the purposes of the processing pursued are the following:
to allow and manage registration on the Site or, in cases where registration is not required, to manage the shopping cart procedure whereby data relating to the delivery of the goods and billing profiles for tax purposes etc. are entered;
to manage and execute purchase orders or proposals;
to perform activities related to the provision of services for users;
in general, to execute pre-contractual and contractual obligations with respect to established legal relationships, even at a distance;
to respond to requests for information and, in general, to contact the user;
to allow registration and, subsequently, send out the newsletter for commercial purposes;
to fulfil legal obligations;
to manage obligations pertaining to management, administrative, accounting and tax matters;
the archiving, hosting and management of the site's backend infrastructure;
interaction with social media and external platforms
statistics and cookie management;
displaying content from external platforms;
the prevention and detection of any abusive use of the Website, or any fraudulent activity, and therefore allow the Owners to protect themselves in court.
- LEGAL BASIS FOR PROCESSING PERSONAL DATA
The legal bases for the processing of personal data provided by the user while browsing the site are:
the fulfilment of a legal obligation to which the Data Controller is subject pursuant to art. 6 co 1 lett. c) of the GDPR to fulfil the obligations established by the law, the regulations, community legislation or an order of the Authority;
the execution of a contract of which the interested party is a party or the execution of pre-contractual measures adopted at the request of the same, pursuant to art. 6 co 1 lett. b) of the GDPR as regards the data collected to allow registration on the site and the subsequent purchase of the products displayed therein, as well as to respond to requests for information from users sent through the appropriate contact form;
the user's consent pursuant to art. 6 co 1 lett. a) of the GDPR for the management of the newsletter. Consent is expressed via the voluntary release of one's data and by checking the appropriate consent box;
the legitimate interest pursuant to art. 6 co 1 lett. f) of the GDPR for the management of the backend infrastructure of the Site, for the management of the technical and analytical cookies present on the Site and, more generally, for the exercise of one's rights in the context of the information society.
- DATA RETENTION PERIOD
The data processed to fulfil legal obligations will be kept until they are fulfilled, and in any case for the period of time necessary to demonstrate compliance; data processed to fulfil contractual purposes up to the fulfilment of the same; and, if a contract is concluded or there have been pre-contractual negotiations, for ten years from the signing of the same in order to allow for any judicial or extrajudicial protection as well as to demonstrate the correct fulfilment of the obligations contractually assumed.
As regards the sending of newsletters by e-mail, personal data will be kept until such a time as the user revokes their consent via a request for cancellation from the service. In general, if the processing of personal data is based on the user's consent, the Data Controller may keep the personal data until the consent is revoked.
When the processing of personal data is necessary for the pursuit of a legitimate interest on behalf of the Data Controller, it will be kept until such interest is satisfied or until there is any opposition from the interested party, who can express this in the manner indicated below.
The data processed for the purposes of Prevention of Abuse and Fraud for the time strictly necessary to allow the Data Controller to defend himself in court.
- PROCESSING METHODS.
On this Website, data is collected electronically and processed through operations carried out mainly with the aid of electronic tools, ensuring the use of suitable security measures with regard to the data processed and its confidentiality.
- RECIPIENTS OF PERSONAL DATA.
Personal data will be processed by collaborators and / or employees of the Data Controller in their capacity as managers or subjects authorised to carry out the processing, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.
Additional categories of recipients who may become aware of your personal data during or after the execution of the contract are:
subjects that process data whilst executing specific legal obligations;
external consultants who provide functional services for the purposes indicated above, identified in writing and to whom specific written instructions have been given with reference to the processing of personal data;
subjects with whom it is necessary to interact to execute the requested services (e.g. hosting providers, credit institutions);
persons necessary for the provision of services offered by the Site including, by way of example, the sending of emails and analysis of Site operation, who typically act as data processors on behalf of the Data Controller;
persons authorized by the Data Controller to process personal data necessary to perform activities strictly related to the provision of the Service, whether they are committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees and collaborators of the Data Controller);
in general, all those public and private subjects for which communication is necessary for the correct and complete fulfilment of the purposes indicated.
Users' personal data may be disclosed to Judicial Authorities and Police Forces only in cases where this is required by law, and used by the Data Controller for the purposes of any defence of his rights in court, where strictly necessary.
- SCOPE OF DATA CIRCULATION.
The processing of personal data relating to the services of the Website takes place at the headquarters of the Data Controller and is only dealt with by authorised personnel.
The collected data will not be disclosed. However, for the actual execution of the requested service, some data will be shared with external parties called upon to carry out specific tasks on behalf of our company (e.g., hosting, housing, cloud providers, e-mail service providers for publication needs pertaining to the site and management of the e-mail / PEC service, web agency, marketing consultants, professionals, etc.).
To provide some services, personal data may be transferred to organisations or third countries, where the hosting servers or suppliers are located.
Should this be the case, the Data Controller ensures that the processing of your personal data by these recipients takes place in compliance with the applicable legislation. More information is available from the Data Controller by writing to the following address: email@example.com.
The Data Controller undertakes to protect the security of personal data by adopting all the IT and physical measures necessary for the protection of the personal data provided. No security system guarantees this protection with absolute certainty, therefore, except in cases of liability due to fault, the Data Controller is not liable for the fait accompli of third parties who illegally access the systems without the necessary authorisations. For this reason, users of the site are advised to ensure that their computer is equipped with suitable software for the protection of data transmitted over the network (for example, updated antivirus software) and that their Internet provider has adopted suitable measures to ensure the security of data transmitted over the network.
- LIST OF THE MAIN PERSONAL DATA PROCESSING ACTIVITIES USED BY THE WEBSITE.
When completing the "REGISTER" form, the user provides his / her identification data (name, surname, address, e-mail, password, telephone number, date of birth), some of which are required for registration, others are optional. The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however if data is omitted from the mandatory fields registration on the Website will not be possible. The processing of such data is aimed at allowing registration to the Site, managing user data, storing their preferences, and managing the purchase and return procedure of the goods. By filling in the "MY DATA" contact form, the user may modify all their data at any time. The processing of such data takes place via computerized systems and, in the case of purchases, also on paper. The data retention period ends - in the event that purchases have been made - ten years from the signing of the contract for judicial protection in the event of disputes arising from the contract.
By clicking on the "heart" symbol next to any of the products on the Site, the user allows the automatic compilation of their "WISHLIST" form. Via this procedure users express their preferences with regard to a particular product, and such data can be used to improve the service offered and to find the product more easily on the site. The user is not obliged to provide such data, however failure to indicate their preferences makes the service offered by the company less effective. The user may at any time request to cancel the preferences expressed simply by deleting the products from the wishlist or by contacting the company at the addresses indicated in the "General information" section of this document. The processing of such data is aimed at carrying out activities related to the provision of services for users, such as, for example, allowing the user to quickly view the products concerned, as well as allowing the company to better organise its commercial offer. The processing of such data takes place using computerized systems. The retention period ends with the cancellation of the product from the wishlist.
Within the product page there is a link to the "TELL A FRIEND" contact form. By filling in this contact form, the user provides their identification data (name, message), as well as the identification data of the person to whom the specific product selected is to be sent (e-mail). The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however if data is omitted from the mandatory fields the company will be unable to carry out the requested service. By clicking on the "SEND" button, users who intend to use this service declare they have acquired the recipient's consent to the sharing of the latter's e-mail address with the Data Controller for the sole purpose of allowing the sending of the specific product page. The processing of such data takes place using computerized systems. Data relating to the e-mail address of the recipient will not be stored following the transmission of the invitation e-mail.
Within the product page there is a link to the "INFO" contact form. By completing this contact form, the user provides their identification data (name, message, e-mail). The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however if data is omitted from the mandatory fields the company will be unable to carry out the requested service. The processing of such data takes place using computerized systems. Data relating to the e-mail address of the recipient will not be stored following the transmission of the invitation e-mail.
By accessing the individual product page and clicking on "ADD TO CART", the user expresses his preferences for a specific product. By clicking on "GO TO THE CART" the user can access their "SHOPPING BAG" and view all the selected products. By filling in the contact form called "PAYMENT / SHIPPING", the user provides their identification data (delivery data, in the case of delivery to an address other than the registered one, and the chosen method of payment). The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however if data is omitted from the mandatory fields the company will be unable to carry out the requested service. The processing of such data is aimed at calculating the cost of any shipping or delivery costs and allowing the choice of payment method for the products.
Users must be eighteen years of age or over in order to purchase products online. By clicking on "CONFIRM ORDER" the user proceeds with the purchase of the product. All data provided for the purpose of the order will also be processed to comply with tax and accounting obligations, in the case of returns, replacements and, more generally, the exercise of rights and duties arising from the contract. The Data Controller only processes data provided following registration, while the data provided for payment are processed by the entity who manages the corresponding payment procedure. In particular, in the case of payment by credit card, the information which is essential for the execution of the transaction (credit / debit card number, expiration date, security code) will be sent to the body responsible for the processing (in this case Setefi), or possibly to companies responsible for fraud control, using an encrypted protocol, without third parties being able to access it in any way. However, this information will never be viewed or stored by the Data Controller. The only data from digital payment companies and credit card payment institutions which the Data Controller will process are those which indicate the status of the payment (successful / refused). All additional information relating to the account (e.g. PayPal), prepaid card or credit card are stored by the entities that manage the relevant service, who are not authorised to use the personal data received through the Site for other purposes. Processing of data for purchases takes place via computerized and paper systems. The data retention period following purchases is ten years from the signing of the contract for judicial protection in the event of disputes arising from the contract itself.
By filling in the contact form called "NEWSLETTER", users provide their own identification data (e-mail, language, gender). The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however failure to provide the requested data means the company will be unable to perform the requested service. The processing of such personal data informs the sending of informative and commercial material and the processing takes place via computerized systems. The user can unsubscribe from the newsletter at any time by using the "unsubscribe" link at the bottom of any commercial communication received, or by writing to the e-mail address firstname.lastname@example.org. The retention period for the data provided ends with the revocation of the consent previously issued by the user.
When filling in the "CONTACTS" form, the user provides his own identification data: name, surname, e-mail, telephone number, mobile number, message. The release of such data does not depend on a legal or contractual obligation. The release of such data is therefore optional, however if data is omitted from the mandatory fields the company will be unable to carry out the requested service. The processing of such data is aimed at allowing direct contact with the Data Controller or his/her representative in order to receive the requested information. The processing of such data takes place through computerized systems and, in some cases, also on paper. The retention period of such data ends with completion of the requested service, unless the stipulation of a contract derives from this. In this case, the data will be kept for ten years from the signing of the contract for judicial protection in the event of disputes arising from the contract.
Apart from the guidelines on cookies (to which you are directed for further information), this website does not employ an automated decision-making process for commercial profiling purposes (targeted marketing technique which involves the collection and processing of user data in order to understand their choices and behaviours and divide these into "profiles" or homogeneous groups by increasingly specific behaviours or characteristics).
- USER RIGHTS ACCORDING TO EU REG. 2016/679
Art. 13 par. 2 and Articles 15 to 22 of EU Reg. 2016/679 (GDPR) list the user's rights
The Data Controller therefore intends to inform Users about the existence:
of the right of the interested party to ask the Data Controller for access to personal data (Article 15 of the GDPR), the rectification (Article 16 of the GDPR) or limitation (Article 18 of the GDPR) of the processing that concerns them or to oppose, for legitimate reasons, to their treatment (Article 21 of the GDPR), in addition to the right to data portability (Article 20 of the GDPR);
of the right to request the erasure (Article 17 of the GDPR), anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed.
Requests can be addressed to the Data Controller in question, without any particular formalities or, alternatively, using the form provided by the Guarantor for the Protection of Personal Data available on the Site:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924, by sending an e-mail to the address: email@example.com.
If processing is based on art. 6, paragraph 1, lett. a) - express consent to use - or on art. 9, paragraph 2 letter. a) - express consent to the use of genetic, biometric, health-related data revealing religious or philosophical beliefs or union membership, which reveal racial or ethnic origin, political opinions - the user has the right to revoke consent at any time without prejudice to the lawfulness of any processing based on consent given before the revocation.
Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, as the authority responsible for monitoring data processing in the Italian territories. The form for submitting a complaint to the Privacy Guarantor can be found at:
For a more in-depth consideration of your rights, see arts. 15 and following of the GDPR.
To exercise one or more of the aforementioned rights, you can contact us at the following e-mail address: firstname.lastname@example.org.
What are cookies?
Cookies are small code strings sent to the user's terminal (usually to the browser: Google Chrome, Internet Explorer, Mozilla Firefox, etc.) by the sites he/she visits. They are then stored on the terminal before being re-transmitted each time the user accesses the same sites.
Why are they useful?
Cookies enable the visited website to recognise the user's device and this leads to an improvement in the browsing experience. Cookies can fulfil a variety of functions, including allowing the user to efficiently navigate between the various pages of the Website, reminding the user of his/her favourite sites, memorising language preferences, etc.
How do you select or disable cookies?
By changing your browser settings, cookies can be limited or blocked. To manage cookies, refer to the help manual or instructions provided by your browser, by following the following paths (provided for the most common browsers):
If the user uses multiple browsers, the procedure for deleting cookies must be carried out separately for each of them. If the user uses different devices (such as smartphones or tablets), to uninstall cookies it will be necessary to refer to the instruction manual of the specific device.
It should be noted that if you choose to block the receipt of cookies this could compromise or prevent the proper functioning of the Website, as some cookies are strictly necessary for navigation.
How many types of cookies are there?
Cookies are classified into different types:
in relation to DURATION, the cookie can be defined as "session" (automatically deleted when the browser is closed) or "persistent" (active until its expiration date or its cancellation by the user);
in relation to ORIGIN, the cookie can be defined as "first party" (sent to the browser directly from the site you are visiting) or "third party" (sent to the browser from other sites and not from the site you are visiting);
in relation to their PURPOSES, the cookie can be defined as "technical" or "profiling". "Technical" cookies include those necessary for navigation (indispensable), performance, process or safety; functionality, language preference and session status cookies are also "technical"; and lastly, first-party or third-party statistical-analytical cookies with IP masking, and not involving correlation of data, are also "technical" cookies. Your prior consent is not required for the installation of "technical" cookies. On the other hand, the third-party statistical-analytical cookie that uses the entire IP address is a "profiling" cookie; in addition, advertising, promotional, tracking or conversion cookies are "profiling" cookies. Your prior consent is required for the installation of "non-technical" cookies.
What cookies does this site use?
This Website uses "technical" cookies, without which some operations would be very complex or impossible to perform. Technical cookies do not require the user's prior consent for their installation or reading of information.
These are so-called strictly necessary technical cookies that allow the user to navigate effectively on the website and take advantage of its essential features, such as computerised authentication, recording of previous actions, saving of items in the user's cart or wishlist, and the saving of the history of recently viewed products. By blocking the use of these cookies, the user's browsing experience may be compromised and some essential services may not be provided (such as authentication and the use of the shopping cart).
This Website also uses so-called technical functionality cookies that improve the browsing experience by storing the preferences expressed by the user, such as language, name and place. Furthermore, these cookies can be used to proactively provide services or to prevent users from receiving services that they have previously refused. By blocking these cookies, the browsing experience will not be compromised, however the user will not be able to take advantage of the useful services offered.
This Website may also have installed technical cookies for storing consent. It is advisable not to block these cookies that allow the owner of the website to store the users consent preferences.
Third party cookies:
This Website also uses third-party cookies, some in the form of session cookies, others permanent.
The third-party analytical technical cookies installed on this website enable us to collect information on how users interact with the site, analysing the number of pages visited, the time spent on the website, the most visited pages and any other matter arising during the course of navigation, such as any errors on the page visited. These cookies allow the website owner to obtain statistical data relating to navigation and, on the basis of these, to improve the services offered to the user. The "analytical" technical cookies used on this website do not determine the processing of personal data (such as the user's name and surname, or IP address) since the data are collected in aggregate form for merely statistical purposes and the site owner has also adopted tools which diminish the identifying power of the analytical cookies used (for example, by masking significant portions of the IP address).
The third-party cookies used on this website are not controlled directly by the owner of the site and consequently, to deactivate them or for more information, the user must carry out the following procedures:
- by clicking http://www.youronlinechoices.com/it/ the user can obtain more information about behavioural advertising as well as about third-party cookies, and promotional and targeting cookies stored on their terminal. The user can deactivate all or some of these cookies by clicking on the following link: http://www.youronlinechoices.com/it/le-tue-scelte
- the third-party cookies used on this website will be listed below. To manage and deactivate these cookies, the information and consent forms of these third parties must be accessed by clicking on the links indicated.
The website uses Google Analytics for the installation of technical analytical cookies on the user's terminal. The data generated by Google Analytics are stored according to the terms indicated at the following address:
The user can disable Google Analytics by installing the opt-out add-on available at the following address on their browser:
Blocking these cookies will not compromise the user's browsing experience.
The pages of the website feature Social Network buttons and widgets to facilitate interaction with social platforms and the sharing of content directly from the pages of this website. In particular, there are buttons on the pages of this site to improve the user's browsing experience via the sharing of content on social networks such as Facebook and Instagram.
The management of the data collected by third parties is governed by the relevant documents to which reference must be made for any clarification. The Data Controller is not responsible for the operation of third-party cookies / plugins on its site. However, for convenience and transparency, the web addresses of the various policies and methods for managing cookies / plugins are shown below.
https://www.facebook.com/about/basics/it and https://www.facebook.com/help/cookies/
the privacy and cookie information for Instagram available on the site:
https://help.instagram.com/155833707900388 and https://www.facebook.com/policies/cookies/
To learn how to disable Facebook and Instagram profiling cookies, click on the following address:
Blocking all the aforementioned third-party cookies does not compromise the user's browsing experience, but it could decrease the quality of the services offered by the website.
For more information, also relating to the disabling of third-party profiling cookies sent to the user's browser while browsing this website, see: http://www.youronlinechoices.com/it/
or contact the following addresses:
by e-mail: email@example.com
address for sending recorded delivery post: Via Giacomo Matteotti n. 58 - 36061 Bassano del Grappa (VI).