When carrying out our activities we act in the capacity of a personal data controller and we perform activities on the collecting, processing and keeping personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR) and the applicable national and European legislation.
In this section, we explain the method in which we collect and process personal data of data subjects in their capacity as end-users.
COLLECTING, PROCESSING AND USING PERSONAL DATA
If a contract according to terms in the section Terms & Conditions is agreed, we collect and process the personal data that you provide to us in our system and use it for the purposes set out in this declaration for the duration of the contract, including the fulfilment of our contractual obligations to you, notably the execution of orders and any related invoicing. We may also retain and process personal data for a reasonable period after your order is complete, for example to assist in the processing of future orders by you and for the marketing purposes set out in this declaration. Personal data is defined as any information that could be used to identify a person, whether directly or indirectly, such as, for example: name, address, email address, date of birth, profession, bank details, etc.
We will, on request, provide you with all personal information about you registered with us free of charge. You can, at any time, request the correction, removal or deletion of your personal data that is registered with us.
We only use your personal data for orders made to our company, as well as third parties mandated to carry out orders (for example: carriers/couriers). In all other cases, unless expressly set out in this declaration we will not transmit your data to third parties without your express consent, especially for marketing purposes. Where the law or a legal ruling requires us to do so, we will transmit your data to the authorities authorized to receive them.
We store your information on highly secure servers. These are secured by subcontractor companies that are intended to prevent the loss, destruction, access, modification or dissemination of your data by any unauthorized person. Only a few authorized persons may access your data. While we will use all reasonable efforts to safeguard your personal data, and despite all standard controls, you acknowledge that it is not possible to guarantee complete protection against all risks to or losses of any personal data that are transferred from you or to you, in particular via the internet.
Your personal data will be encrypted before being transmitted online. To transmit the data, we use SSL (secure socket layer) encryption.
What data do we collect?
In order to provide the services offered, montieri.net needs to collect and process certain information about you. The data that is collected depends on the context of your interactions with the entities in the group, the choices you make and the services you subscribe to.
B. Categories of personal data
The data we collect and process may include the following categories (list inexhaustive):
• Identifying data: we will collect your personal data including your surname, first name(s) and other related data, date of birth, gender (title), country, nationality and language;
• Bank information (for web sales): we will collect your bank data such as the bank account number and the name of the financial institution, BIC and IBAN, in the scope of accounting transactions (billing, credit notes), or for contributions or participation in extra-contractual costs;
Based on the categories of data mentioned above, Montieri.net guarantees that no special categories of data are collected or processed, in accordance with Articles 9 and 10 of the GDPR.
Children and young people under the age of 18 may not send their personal data to us without the consent of their parents or legal representatives; the use of our web shop is prohibited for children and young people under the age of 18. We do not request personal data from children, we do not collect such data and we do not pass it on to third parties.
How do we collect data?
When you log in, information about you is retrieved automatically.
The personal data we collect when you submit the contact form, register online for the newsletter or participate in an event: we only collect and process personal data that is strictly necessary for the business relationship.
ANALYSIS OF IP ADDRESSES AND ANY OTHER INFORMATION
When you access the website, your data, notably IP address, date, time and pages viewed, will be recorded on our servers. It is possible that this data may be used to identify some users.
We do not use IP addresses to identify users. However, we may use the IP addresses collected for (anonymous) statistical analysis. In addition, we use information about your IP address as well as other personal data to prevent any fraudulent use (fraud prevention) or other unlawful use of our website. We may also use information about you to select the version of our online presence corresponding to the country concerned.
PAYMENT OF ORDERS
The payment of orders depends on the payment method selected via a service provider. For payments by credit card, it is necessary to transmit your personal information to the service provider or their intermediary so that your order can be processed. We will take reasonable steps to ensure that such service providers adhere to the standards of confidentiality and protection set out in this declaration.
WITHDRAWAL OF CONSENT
By submitting your information to us, you hereby give your express consent to the processing and use of that information in accordance with the terms of this declaration, including the transfer of your information to a location outside of the European Economic Area (EEA) for these purposes, and the processing of your information for email marketing purposes (as noted in the authorization set out below). However, you may withdraw your consent at any time in the future by notifying us.
AUTHORISATION TO SEND MARKETING EMAILS
By submitting your information to us, you hereby confirm as follows:
“I would like to receive offers by email. I understand that my email address will not be shared with third parties. I understand that I may, at any time, decide to opt out of these marketing emails by declaring as such.”
HOW DO WE PROTECT YOUR DATA?
Montieri.net is committed to protecting the personal data you entrust to us. We guarantee the implementation of appropriate organizational measures as well as physical and technical security measures.
Taking into account appropriate security measures, the processing of personal data constitutes a legitimate interest for the controller. Therefore, Montieri.net guarantees that the processing of your personal data will be carried out in complete confidentiality, with integrity and respect for fundamental rights and freedoms.
At Montieri.net online store, your security is our priority. You can browse our website and our offers completely anonymously. However, if you would like to make an order or if you send us your data by other means (by subscribing to newsletters, for example), we will record your data with your agreement.
All data indicated through the order process are encrypted before leaving your PC and being transmitted online. To do so, we use a secure encryption method "Secure Socket Layer" (SSL) with a 128 bit encryption key, in order to prevent anyone from reading your data.
We store all personal data on particularly secure servers. Technical and organizational measures are in place to secure against the loss, destruction, access, manipulation or dissemination of your data by any unauthorized person. Only a few authorized persons can access your data.
What are your rights as a data subject?
Montieri.net assures you the possibility of exercising your rights at any time and will respond to you in the most appropriate manner.
You have the following rights:
• Right to information about and access to your personal data
• Right to rectification
• Right to erasure (‘right to be forgotten’)
• Right to restriction of processing
• Right to portability
• Right to object
• Right to lodge a complaint with a supervisory authority
If you wish to assert your rights, please email the following address: firstname.lastname@example.org
Please note that in order to respond to your request in the most appropriate way, we may ask you for proof of your identity; any proof that is sent to us will be destroyed as soon as the processing of your request is completed.
The deadlines by which we are obliged to respond to your request are listed below:
What are the purposes of processing?
In order for the processing to be lawful under the GDPR, a lawful basis must be identified and established before the processing of personal data is carried out.
We use your personal data for the following purposes in accordance with the GDPR:
• Service provision:
o Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
o Payment online: payment for orders depends on the chosen method of payment, which may include payment via an intermediary payment service provider. If you pay by credit card, your personal data must be sent to the service provider or via its intermediary in order for your order to be processed.
• Sending communications related to marketing activities;
o the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
o Sending targeted messages by direct mail such as promotional offers or participation in events organized by www.montieri.net or in partnership with other data controllers, including the collection of consent: the processing is necessary for the purposes of the legitimate interests pursued by the data controller.
o We reserve the right to contact you by email, telephone, fax, video-conference or other communication channels in order to notify you of events, new features or other information that may be relevant to your interaction with montieri.net. In the cases expressly provided for by the laws and regulations in force, your consent will be requested before sending any communication for direct marketing purposes so that you are able to object or agree to receive such communication: when personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data, including profiling insofar as it is related to the direct marketing.
• Management and administration of infrastructure and operations to develop the information system: the controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
• Compliance with internal policies and procedures: The processing is necessary for the purposes of the legitimate interests pursued by the controller.
• Compliance with any laws and regulations in force, code of conduct or guidelines issued by a supervisory authority or with a request from a public authority
Montieri.net does not sell, disseminate or provide information to third parties without your prior consent.
HOW WILL WE DEAL WITH A BREACH OF PERSONAL DATA?
Pursuant to Article 33 of the GDPR, in the case of a personal data breach, the entities of Montieri.net are required without undue delay and, where feasible, not later than 72 hours after having become aware of it, to notify the personal data breach to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The processor is required to notify the controller without undue delay after becoming aware of a personal data breach.
Pursuant to Article 34 of the GDPR, Montieri.net will notify its customers and any person affected (e.g. prospects) of any breach of their personal data if said breach is likely to result in a high risk to the rights and freedoms of a natural person, i.e. of the customer and/or any other person concerned.
WHAT ARE THE RETENTION PERIODS FOR YOUR DATA?
Montieri.net keeps your personal data:
• For the period necessary for the purposes of the processing
• For the period defined by the laws and regulations in force
The majority of cookies that we use are "session" cookies, which are deleted once your session has ended. There are also longer duration cookies that allow us to recognize visitors to our site.
You can delete the cookies that we have created at any time.
Most browsers are configured to accept cookies automatically. You can, however, deactivate cookies or configure your browser so that it tells you when cookies are being sent. Please be aware that if you deactivate cookies you may lose some functionality of our site.
USE OF GOOGLE ANALYTICS
This site uses Google Analytics, a website analysis service provided by Google Inc. ("Google"). Google Analytics uses analytic cookies, which are placed on your computer in order to analyze your use of the site. The information generated by the cookie about your use of the site are generally sent and stored on a Google server in the United States. Where IP anonymization is used on this site, your IP address will only be processed in its abbreviated form in the member states of the European Union or European Economic Area. The complete IP address will only be sent in exceptional circumstances to a Google server in the United States, where it is abbreviated. Google uses this information to evaluate your use of the site, to compile activity reports for its publisher, and to provide the latter with other services relating to the activity of the site and the use of the internet. The IP address sent by your browser as part of the Google Analytics service is not collected with other data held by Google. You can deactivate cookies by configuring your browser. However, deactivating cookies may mean that you will not enjoy optimal use of all the site's functions. In addition, you can also prevent the collection and processing by Google of all data generated by the cookie concerning your use of the site (including your IP address) by downloading and installing the plugin available at the following address (http://tools.google.com/dlpage/gaoptout?hl=de).
USE OF FACEBOOK SOCIAL PLUGINS
Our online presence uses the social plugins ("plugins") of social network, facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Plugins are accompanied by a Facebook logo or followed by "Facebook Social Plugin".
If you view a site with our online presence or one that uses this kind of plugin, your browser will establish a direct connection with Facebook servers. The content of the plugin will be directly transmitted to your browser by Facebook and as such integrated into the website.
By integrating plugins, Facebook receives information about your access to and use of the site in question. If you are logged into Facebook, Facebook may associate your visit with your Facebook account. If you interact with plugins, by clicking the "like" button or leaving a comment, for example, the corresponding information will be directly transmitted by your browser to Facebook, where it will be recorded.
To find out the purpose and volume of the data collected, as well as to find out more about the processing and collection of data by Facebook, your rights and the possibility of amendments to protect your private life, please refer to the "Facebook Data Policy", as publicized by Facebook from time to time.
If you would not like Facebook to collect information about you via our site, you must log out of Facebook before visiting our site.
REVISION OF THIS NOTICE
HOW TO CONTACT US
If you have any questions or require any information about how we use of data or about this notice, please contact us
- via our email: email@example.com
- via Contact form in “Contacts” section.
In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Commission as follows:
Name: Commission for Personal Data Protection
Address: Bulgaria, Sofia 1592, 2 Proffesor Cvetan Lazarov blvd.
Telephone: +359 2 915 3 518
E-mail address: www.cpdp.bg