pursuant to article 13 of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (in brief “GDPR”)
Last update: June, 10 2019
Dear users / customers,
in compliance with the European and Italian legislation in force in the sector we ensure that the protection of Your personal data is guaranteed and that their confidentiality and integrity are preserved when You browse our Internet website and use it to discover our collections and obtain information on the products, to know the history and the reality of Malo, to search our shops and find our contact details.
We invite You to inspect this policy concerning the modalities, the means and the purposes of processing of Your personal data through the website //malo.it/.
1 — Controller
The Controller is MALO s.p.a., with registered office in Via Gattinella n. 6,– 50013 Campi Bisenzio (FI), which may be reached to exercise the rights afforded by the GDPR or to obtain clarifications concerning this policy, at the following addresses:
— e-mail: [email protected]
— telephone: +39 055.873171
— or by regular mail at the above-specified address.
2- Categories of data processed and purposes of processing
- A) During browsing through the sections of our Website, which is permitted to any user without need to register, we obtain and process the following personal data, for the specific purposes listed:
(i) Browsing data concerning the session
The IT systems responsible for the functioning of this Website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses, Internet connection and traffic data, domain names of the devices used by Website visitors).
This information is not collected to be associated to identified data subjects or to identify users.
The data might be used to ascertain responsibilities in case of possible IT crimes against the Website.
(ii) Browsing data concerning services provided by third parties and/or obtained by third parties through the Website
In addition, the functionalities connected to the sharing of the web page or of contents on social channels (Instagram and Facebook), entail the acquisition of certain data (e.g. the web pages visited by the user) and their transmission to the servers of third parties managing the social networks.
The processing of the above-specified data has the purpose of ensuring the correct functioning and use of our website, through: a) performance evaluations of the Website during the browsing session, aimed at monitoring and improving the services we offer; b) analysis of the browsing data, in aggregate form, for statistical purposes and to keep track of the behavior of users, without this entailing profiling activity, (using Google Analytics functionalities). The processing also aims at facilitating sharing of the contents of our Website by the users on Facebook and Instagram channels, through access to the personal profile of the user.
- B) Our Website shows, in the “contacts” section, addresses and contacts of the registered office, of the showroom and of the points of sale of our Company; sending, optionally and voluntarily, electronic mail to the addresses specified on this Website entails the consequent acquisition of the address of the sender, necessary to reply to the requests, as well as of any other personal data that may be included in the letter; by sending the e-mail, You consent to the data processing for the specified purposes.
We process the personal data in question to allow You to contact us, to request information and/or assistance, and to allow our Company to reply to Your requests.
- C) Remarketing
Our Website uses the specific Facebook service to promote products, new collections, special initiatives and events: remarketing may consist of advertising campaigns conducted within the social network, pointed only towards Websites’ visitors having an active Facebook account and having given their consent to the processing for this purpose. The activity takes place through the use of third-party cookies, as specified in paragraph 4 below, but it is configured as «direct marketing», being intended to promote Malo’s products.
Please, be aware of the fact that Malo has no access in any way to the specific data collected by Facebook’s tracking cookies and that the conditions of tracking are established exclusively by Facebook: it is possible to view those conditions and to set your preferences on advertisement (deciding whether and which to view or not) while you register yourself to create a Facebook account, or later, in the «Settings and privacy/Settings» Section of your personal Facebook account.
3 – Legal ground for the processing
The processing of personal data, depending on cases, is based on the following legal grounds:
- the pursuit of a legitimate interest of the Controller (article 6., paragraph 1, letter f):
- to ensure the security of the Website, control its correct functioning and obtain statistics in relation to its use, as to the browsing data concerning the session;
- to carry out activities aimed at direct marketing (in the form of remarketing), thus pursuing Malo corporate purposes, as better explained in Recital 47 of the Regulation according to which it is “it is “considered to pursue its legitimate interest the entity that processes personal data for direct marketing purposes»: according to this provision, Malo may process the users’ personal data, unless they explicitly deny / withdraw their consent for such purposes;
- and to exercise or defend a legal claim;
- the consent given by the user (through flagging a checkbox, clicking to continue browsing or on social buttons/widgets, sending e-mails) as to the processing of data provided through e-mail and as concerns the use of the browsing data related to services provided by third parties through the Website and/or obtained from third parties through the Website, also with the purposes of sharing on social channels (article 6, paragraph 1, letter a). Consent may be withdrawn at any time.
4- Modalities of processing
The processing of personal data will be performed through IT instruments, both automated and not automated (in such case, through human intervention in the management of IT systems) and through the use of analog instruments (paper management), according to logical processes closely correlated to the purposes of the same processing and, in any case, with the support of equipment and with modalities that guarantee the security and confidentiality of the same data, preventing loss of data, illegal or incorrect uses, and unauthorized accesses.
We use technical cookies, both first party and third party, for data processing on our Website.
A “cookie” is a small quantity of data that are sent to the browser of the user by a Web server and that are subsequently stored on the hard drive of his or her computer.
The use of so-called session cookies is strictly limited to the transmission of session identifiers (represented by random numbers generated by the server), necessary to enable the secure and efficient exploration of the website, and to the acquisition of data to save the browsing preferences of the user (e.g., setting the language, managing statistics), in order to optimize the experience on the Website. Session cookies used in this Website avoid recourse to other IT techniques potentially prejudicial to the confidentiality of users’ browsing and do not allow acquisition of personal data identifying the user.
Social buttons/widgets (sharing cookies).
Our Website includes special “buttons” (called “social buttons/widgets”) that represent the icons of social networks (Facebook and Instagram). These buttons allow the users that are browsing the website to interact with a “click” directly with the social networks there represented. In such case the social network obtains the data concerning the user visit.
“Sharing” (or social network) cookies are used to enable the user to interact with websites through his or her social account and are useful, for example, to express appreciation and to share it with contacts.
The presence of plug-ins entails the transmission of cookies from and to all websites managed by third parties. Management of the information collected by “third parties” is governed by the respective privacy policies, to which You may refer.
If You access one of our web pages, equipped with the plug-in, the Internet browser directly connects to the third-party server and the plug-in is shown on the screen thanks to the connection with the browser. The plug-in might disclose to the third-party server which pages have been browsed by the user.
5- Disclosure and dissemination of data
The entities that may become aware of the personal data are our employees and collaborators, who take care of the administrative management of the Web page and of relations with users / customers. The company taking care of the management of the Website may, possibly, become aware of the personal data, on the occasion of assistance / maintenance interventions.
The data are never transferred to, or in any case acquired by, third party entities located or in any case operating in countries outside the European Union, with the exception of the following: Cloudflare, Inc., limited to reverse proxy services and to Content Delivery Network and caching functionalities; Google, LLC, limited to Google Analytics functionalities; Facebook, Inc limited to the functionalities for social sharing of Facebook and Instagram and to the Pixel usage for remarketing (all the companies are included in the so called Privacyshield List //www.privacyshield.gov/welcome: thus, they guarantee an appropriate level of protection, according to Article 45 of the Regulation).
Where needed, should we have an obligation to report a crime or in any case the need to pursue a legitimate interest to exercise or defend a legal claim on our part, the data of users might be disclosed to the judicial Authority or to police forces.
Apart from the cases just specified, personal data will not be disclosed to third parties and/or in any way disseminated outside the context of the European Union.
6- Data retention periods
Browsing data are deleted immediately after the processing, at the end of the browsing session (closure of the browser).
Data provided voluntarily by users (by sending e-mails), or by fax or by telephone, will be stored for the 30 days following delivery to users of the requested information, unless further storage of the data is necessary to comply with legal obligations, or the parties enter into another relationship.
Data processed through third party cookies (including sharing cookies) are stored for the period of time provided by the operators, according to the respective privacy policies.
Facebook cookies used for remarketing are applied for a maximum period of ….. days.
Data processed through the use of Google Analytics cookies are stored for 26 months from their collection.
7- Rights of the data subject concerning the processing of personal data (Articles 15-22 and 77 of the Regulation)
It is possible to submit requests to exercise the rights afforded by the Regulation (access, rectification, erasure, objection, restriction and portability if the conditions are present) by sending them to the above indicated Malo’s addresses.
To enable us to respond quickly, we kindly ask You – thanking You in advance for Your cooperation – to specify Your first and last name, e-mail address. Certain requests (for example concerning exercise of the right to access) must be accompanied by a photocopy of an identity document with Your signature to verify Your identity; it is also necessary to specify the address at which You wish to receive the answer. The answer will be sent within one month of receipt of the request.
The data subject has also the right, if he or she believes the processing of his or her data to be performed in infringement of the provisions of the Regulation, without prejudice to the right to complain to the competent civil or administrative judicial authorities, to lodge a complaint with the Supervisory Authority for the protection of personal data, within the limits of its jurisdiction.
 It is possible to oppose to advertising campaigns carried out through Facebook — thus, withdrawing the consent to the processing of personal data — choosing among the options available at the following link: //www.facebook.com/ads/website_custom_audiences/
 The following guides for the deactivation or activation of cookies are also available for mainly-used browsers:
In addition, the User may take advantage of the information provided by EDAA (EU), Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services, to manage the tracking preferences of the majority of advertising instruments.