Privacy policy

PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the European Council

Musto Calzature srl, with registered office in Milan (Mi), Corso Vercelli n.2, VAT no. 08456260960 (hereinafter the “ Company ” or the “ Owner ”), the controller of personal data, provides the following privacy information pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter “ GDPR ”), to the interested parties (hereinafter the “ Interested Parties ”).

The Company, as data controller, undertakes to protect the confidentiality and rights of the interested party and, according to the principles dictated by the aforementioned regulations, the processing of the data provided will be based on the principles of correctness, lawfulness and transparency.

Contact the data controller at any time by sending a request from the website via email to info@mustocalzature.com , for any clarification, question or need related to your privacy and the processing of your personal data.

1. PURPOSE OF THE PROCESSING

The information is provided only for the Company's website and not for other websites that may be consulted by the Interested Party via links. The Interested Party may voluntarily provide their personal data that will be processed and used by the Company for the purposes related to the requested service indicated by specific information reported or displayed on the pages of the site for particular services or requests.

The personal data of the Interested Parties will be processed by the Company for the purposes related and/or connected to the provision of services by the Company in the context of browsing the website, such as the provision of services requested by the Interested Party during browsing the website including the collection, storage and processing of data for the purposes of establishing and subsequent operational and technical management.

Such data – the provision of which is necessary for the operational execution of the service – will also be processed with electronic tools, recorded in specific databases, and used strictly and exclusively within the scope of navigation on the website.

Since the communication of the interested party's personal data for the aforementioned purposes is necessary for the maintenance and provision of all services connected to navigation on the website, failure to communicate will make it impossible to provide the specific services in question.

The Data Controller may also process, without the consent of the interested party, personal data in the following cases:

a) anonymous and aggregate analysis of the use of the services enjoyed, to identify habits and propensities of the interested parties, to improve the services provided and to satisfy specific needs of users, or preparation of initiatives related to the improvement of the services provided;

b) comply with the provisions of national and foreign laws and regulations, or execute an order of the judicial authority or other authorities to which the Data Controller is subject;

c) exercise the rights of the Data Controller with particular reference to that of defense in court.

The processing is lawful as it is carried out in compliance with the provisions of laws and regulations and the exercise of the rights of the Data Controller.

2. METHODS OF TREATMENT

Data processing is carried out electronically and/or on paper, through recording, processing, archiving and transmission of data, also with the aid of IT tools.

The tools and media used in carrying out processing activities are suitable for guaranteeing the security and confidentiality of the data.

In carrying out processing activities, the Company undertakes to:

• ensure the accuracy and updating of the data processed, and promptly accept any corrections and/or additions requested by the interested party;

• adopt suitable security measures to guarantee adequate data protection, taking into account the potential impacts that the processing has on the fundamental rights and freedoms of the interested party;

• notify the interested party, within the timeframes and in the cases provided for by the binding legislation, of any violations of personal data;

• ensure that processing operations comply with applicable legal provisions.

3. COMMUNICATION AND DISSEMINATION OF DATA

Without prejudice to communications made in compliance with legal obligations, the personal data of the interested party may be known, in addition to the Data Controller, by:

• employees and collaborators of the Data Controller in their capacity as persons authorised to process data;

• authorities in general, administrations, public bodies and organizations, both national and foreign;

• third party service providers.

exclusively for the purposes listed above according to any consents given by the interested party. Personal data are not subject to disclosure.

4. TRANSFERS ABROAD

Personal data will be stored and processed within the European Union.

In the event of any processing of personal data outside the European Union, this will only take place after the adoption of adequate guarantees, as required by the applicable legislation.

5. DATA RETENTION POLICY

The Company stores personal data in its systems in a form that allows the identification of the interested parties according to the following criteria:

• for a period of time not exceeding the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations;

• to comply with specific regulatory or contractual obligations;

• where applicable and legitimate, until any request for cancellation by the interested party.

6. RIGHTS OF THE INTERESTED PARTY

The interested party may assert his/her rights, recognized by the binding legislation and in particular by articles 15 to 22 of the GDPR, such as:

• Right of access: right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the personal data and further information on the origin, purpose, categories of data processed, recipients of communication and/or transfer of data, etc.

• Right to rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing an additional declaration.

• Right to erasure: right to obtain from the Data Controller the erasure of personal data without undue delay in the event that:

• the personal data are no longer necessary for the purposes of the processing;

• the consent on which the processing is based has been revoked and there is no other legal basis for the processing;

• the personal data have been processed unlawfully;

• the personal data must be erased to comply with a legal obligation.

• Right to object to processing: right to object at any time to the processing of personal data which has as its legal basis a legitimate interest of the Data Controller.

• Right to restriction of processing: right to obtain from the Data Controller the restriction of processing, in cases where the accuracy of the personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data are necessary for the Data Subject to ascertain, exercise or defend a right in court, if following the opposition to the processing the Data Subject is awaiting verification of the prevalence or otherwise of the legitimate interest of the Data Controller.

• Right to data portability: right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only for cases in which the processing is based on consent or on a contract and only for data processed using electronic means.

• Right not to be subjected to automated decisions: right to obtain from the Data Controller not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning the Data Subject or which significantly affect his person, unless such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the Data Subject.

• Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, the Data Subject who considers that the processing concerning him or her violates the GDPR has the right to lodge a complaint with a supervisory authority.

In order to exercise the rights provided for by the GDPR, the interested party may:

(i) forward your requests to the Data Controller by email: info@mustocalzature.com.

(ii) or alternatively contact the Data Controller at the following address:

Musto Footwear Ltd.

Dante Street 4

20121 Milan

indicating “Privacy” in the subject.

7. CHANGES TO THIS DOCUMENT

This document may be subject to changes or updates, therefore interested parties are invited to periodically visit this section to update themselves on changes relating to current legislation.

Last updated: May 2024