Privacy


home >pt > Privacy

PRIVACY POLICY PURSUANT TO ARTICLE 13 OF (EU) REGULATION NO. 679/2016 (‘GDPR’)

Mariz s.r.l. (hereinafter also referred to as ‘Mariz’) protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation.

Pursuant to European Union Regulation No. 679/2016 (hereinafter the ‘GDPR’) and particularly Article 13 of the GDPR, please find below the information required by law for the processing of your personal data.

 

WHO WE ARE (ARTICLE 13, PARAGRAPH 1 (A), ARTICLE 15 (B) GDPR)

Mariz, with registered office at Viale Dell’Industria 32 – 35014 Fontaniva (PD) – Italy, acts as the Data Controller and can be contacted by e-mail at marketing@binotto.com and by phone at +39 0444 593290 (Monday to Friday from 08:30 to 16:30 – festivities excluded).

 

Data Processor (ARTICLE 4 GDPR)

 

All personal data pursuant to the of (EU) Regulation No. 679/2016 (‘GDPR’) which are collected through the website www.mariz.com are processed by Binotto s.r.l. (an Italian company under common control with Mariz s.r.l.)

Please find below the information about the Data Processor:

 

Binotto s.r.l

Via Divisione Julia 7/B

36031 Dueville (VICENZA) - Italy

VAT number: IT01468100241

REA No. VI – 166765

Share capital € 51.480,00 (fully paid up)

 

CATEGORIES OF DATA:

Mariz may collect, receive and process the following information relating to you:

 

- Contact details: first name, last name, physical address, nationality, residential province and city, landline telephone number and/or cellphone number, fax number, tax ID number, email address, social media contact details;

- Bank account and payment card details;

- Internet traffic data Logs, originating IP addresses.

 

Mariz does not require you to supply so-called "private" data. According to the GDPR (Art. 9), private data concern race or ethnicity, political opinions, religion or philosophy, union affiliation, genetic or biometric information used to uniquely identify a physical person, data associated with health or one's sex life, or sexual orientation.

 

WHY WE NEED AND COLLECT YOUR PERSONAL DATA:

 

a) Website registration and required services

Your personal data is processed to fulfil a registration request on the website of Mariz (hereinafter the ‘Website’) and to manage the requests of information, access to the reserved area and the other services that you may require through the Website.

The legal basis for this processing is to provide the services relating to a request for registration, information and contact, and/or sending informational materials, and to comply with legal requirements. Mariz reserves the right to provide and/or suspend the required services at its sole discretion.

 

b) Administering contractual relationships

Your personal data is processed to implement all actions (including preliminary actions) relating to contracts involving Mariz and the companies that are controlled by, in control of or under common control with Mariz (hereinafter the ‘Affiliates’), whether your relation with such contracts is direct or indirect. The related legal basis is to fulfil the obligations under the contracts and to comply with legal requirements.

 

c) Direct sales and business promotion related to products/services of Mariz and the Affiliates

Mariz, even without your explicit consent, may use the personal data you provided by reason of contractual relationship for direct sales of its and the Affiliates’ products/services, which are similar to the products/services you have already purchased or required information about, and for the related business promotion.

The above mentioned activities may be carried out with the following methods:

- emails;

- sms or other types of electronic messaging;

- telephone contact;

- mail.

 

d) Marketing activities

Mariz may use the personal data you provided for direct marketing purposes (for example sending you newsletters and promoting events involving Mariz and/or the Affiliates), unless you specifically refuse.

Pursuant to Recital 47 of the GDPR, in case you are a client of the Data Controller, Mariz is entitled to process your personal data for such direct marketing purposes.

In case you contact Mariz or the Affiliates for the first time through the Website, the processing of your personal data for such direct marketing activities is subject to your specific consent.

The above mentioned activities may be carried out with the following methods:

- emails;

- sms or other types of electronic messaging;

- telephone contact;

- mail.

 

e) Digital security

Pursuant to the Recital 49 of the GDPR, Mariz processes your personal data involving traffic to guarantee the security of networks and information of Mariz and the Affiliates. This means the capacity of the concerned network or information system to block, at a given level of security, any unforeseen events or illegal or malicious acts that would compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted as well as the security of the assets and systems of Mariz and the Affiliates.

The Data Controller will notify you if there is any risk of violation of your data.

The legal basis for this processing is to comply with legal requirements and the legitimate interests of the Data Controller in undertaking processing for the purpose of protecting corporate assets and the security of Mariz and the Affiliates’ offices and systems.

 

f) Profiling

Your personal data may also be processed for profiling purposes (such as analyzing the transmitted data and the selected services and required information on the Website), suggesting advertising messages and/or business offers. You give explicit and informed consent by accepting this Privacy Policy. The legal basis for this processing is the consent you initially granted for the processing itself, which you may freely withdraw at any time.

 

g) Fraud prevention (Recital 47 and Art. 22 GDPR)

Your personal data, except for private data (Art. 9 GDPR) or legal information (Art. 10 GDPR) will be processed to allow controls for monitoring purposes and prevention of fraud.

 

h) Protection of minors

In order to ensure the compliance with the age limitation pursuant to the GDPR the Data Controller implements preventive measures, such as checking tax identification numbers or the accuracy of the identification data on the identification documents issued by the relevant authorities.

 

COMMUNICATION TO THIRD PARTIES AND CATEGORIES OF RECIPIENTS (ARTICLE 13, PARAGRAPH 1 GDPR)

 

Your personal data is communicated to recipients whose activity is necessary to perform the business activities of Mariz and the Affiliates and to meet certain legal requirements, such as:

 

The Data Controller requires the above mentioned recipients to adhere to security measures that are equal to those Mariz adopts for your personal data.

With the consent to your data processing according to this Privacy Policy, you explicitly accept that, exclusively for the purposes specified above, the Data Controller may transfer your personal data to countries outside the European Union on the conditions set forth in Chapter 5 of the GDPR, even in the absence of an adequacy decision pursuant to Article 45 Paragraph 3 of the GDPR, or of appropriate safeguards pursuant to Article 46 of the GDPR and binding corporate rules pursuant to Article 47 of the GDPR. You explicitly acknowledge that in such cases the concerned third country may not ensure an adequate level of protection of your personal data equivalent to the GDPR, with specific reference to the following elements:

 

Categories of recipientsPurposes
Binotto, the Affiliates, third parties that resell the products of Binotto and the Affiliates and/or perform related servicesFulfillment of commercial, promotional, administrative, accounting and legal requirements relating to the business activities (sales, purchase, assistance, production, maintenance, delivery/shipping, and others)
Credit and electronic payment institutions, banks/post offices, insurance companiesManaging deposits, payments, reimbursements associated with the above mentioned business activities
External professionals/consultants and consulting firms

Fulfillment of legal requirements, exercising rights, protecting contractual rights, credit recovery

Governmental authorities, Ministries, Public Bodies and Agencies, Legal Authorities, Supervisory and Oversight AuthoritiesFulfillment of legal/tax obligations, protection of rights
Computer network administrators, technicians, data centersFunctioning of the computer network and softwares of Binotto and the Affiliates, including storage of data

- the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organization which are complied with in that country or international organization, case-law, as well as effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred;

 

- the existence and effective functioning of one or more independent supervisory authorities in the third country or to which an international organization is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the data subjects in exercising their rights and for cooperation with the supervisory authorities of the Member States;

 

- the international commitments the third country or international organization concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in particular in relation to the protection of personal data.

 

Limitations as per Article 49 of the GDPR shall apply.

 

Analytics

 

The services contained in this section enable the Data Controller and Data Processor to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookie and Usage data.

Place of processing : USA – Privacy - Opt-out

 

HOW WE PROCESS YOUR DATA (ARTICLE 32, GDPR)

The Data Controller makes use of appropriate security measures to preserve the confidentiality, integrity and availability of your personal data, and requires the same security measures from third parties and the Processors, where applicable. The Data may be processed in hardcopy, by automated or electronic means.

 

HOW LONG IS YOUR DATA STORED? (ARTICLE 13, PARAGRAPH 2 (A) GDPR)

Unless you explicitly require to remove it, your personal data shall be processed and stored for as long as required by the purpose the data has been collected for. The personal data collected for the purposes of the Data Controller’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by Mariz within the relevant sections of this document or by contacting the Data Controller.

The Data Controller may be obligated to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

 

WHAT ARE YOUR RIGHTS? (ARTICLES 15 - 20 GDPR)

You have the right to obtain the following from the Data Controller:

 

a) confirmation on whether your personal data is being processed and if so, to obtain access to your personal data and the following information:

1. the purposes of the processing;

2. the categories of personal data in question;

3. the recipients or categories of recipients that have received or will receive your personal data, in particular if these recipients are in third party countries or are international organizations;

4. when possible, the anticipated storage period of your personal data or, if not possible, the criteria used to determine this period;

5. your right to require the Data Controller to correct or delete your personal data or the limits on processing your personal data or to oppose the processing of the data;

6. the right to lodge a complaint with a supervisory authority;

7. in the event the data is not collected from you, all of the information available regarding its origin;

8. whether there is an automated decision process, including profiling, and, at least in these cases, significant information on the logic used, as well as the importance and consequences to you for this processing;

 

b) the right to obtain a copy of the personal data processed, provided that this right does not affect the rights and freedoms of others;

c) the right to edit any of your incorrect personal data from the Data Controller without unjustified delay;

d) the right to have your personal data deleted by the Data Controller;

e) the right to obtain limits on the processing from the Data Controller;

f) the right to obtain information from the Data Controller on the recipients who have received the requests for any corrections or deletions or limits on the processing implemented, except when this is impossible or would create a disproportionate effort;

g) the right to receive your personal data in a structured format, commonly used and readable by automatic devices as well as the right to transfer this data to another Data Controller without obstruction from the original Data Controller, in those cases outlined by Art. 20 of the GDPR, and the right to obtain direct forwarding of your personal data from one Data Controller to another, where technically feasible.

 

For further information and to send your request, contact the Data Controller and the Data Processor by e-mail at marketing@binotto.com and by phone at +39 0444 593290 (Monday to Friday from 08:30 to 16:30 – festivities excluded). To guarantee that the rights noted above are exercised by you and not by unauthorized third parties, the Data Controller may require you to provide other information necessary for this purpose.

 

HOW AND WHEN CAN YOU OPPOSE THE PROCESSING OF YOUR PERSONAL DATA? (ARTICLE 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing your personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. Mariz shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

 

WHO CAN YOU LODGE A COMPLAINT WITH? (ARTICLE 15 GDPR)

Without prejudice to any other ongoing administrative or judicial action, you may lodge a complaint with the applicable supervisory authority of the Italian territory (Italian Personal Data Protection Authority) – https://www.garanteprivacy.it/web/garante-privacy-en