Miniconf SpA, with registered office in Ortignano (AR), 52010, in via Provinciale 1/A, VAT identification number 
Data Controller e-mail address: firstname.lastname@example.org
To be able to provide you with our products and services, the Data Controller needs to share your personal information with authorised partners who may also act as “data processors”. In any case, these parties are obliged to adopt appropriate security measures to protect the personal data in their possession, and are bound by a strict confidentiality agreement and specific contractual terms also put in place for your protection.
To use the Site and Applications you must be at least 13 years old (14 years if you are a customer within China, excluding islands, or 18 years if you are a customer in Saudi Arabia). If you are under the age of 13 (or 14 in China, excluding islands, or 18 in Saudi Arabia) or a minor in your country or state or region of residence, please ask one of your parents or legal guardian(s) to provide their data on your behalf.
If the Data Controller learns that he has received personal data from a child under the age of 13 (14 for China, excluding islands, 18 for Saudi Arabia) or of an equivalent minimum age depending on the legal system, such data will be deleted from the archives.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Sites or Applications.
Methods of data collection and data sources
Your personal data may be collected when you create a personal profile registered on one of the sites managed by Miniconf SpA or in a physical store; collection may occur when you place an order, when you interact with our digital content on a computer or mobile device, when you request a service at a shop or when you request information from the Controller.
In any case, you will be informed whether the collection concerns your personal data and whether the transmission of your personal data is optional or mandatory for the service in question. Please keep in mind that, where data collection is mandatory and the requested information is not provided, the Data Controller may not be able to provide the relevant products or services.
As regards the sources of personal data concerning you, these may be sent to us:
a) BY YOU: when you send them to us directly, by filling in forms, by interacting with Customer Support or via messaging or Whatsapp, or even indirectly, by using our Sites or Applications.
b) FROM THIRD PARTIES: your personal data may be integrated with marketing and demographic information that we receive from our business partners and affiliated third party companies, in addition to other information that is in the public domain or that we are otherwise legally authorised to obtain, in order to ensure the accuracy of our records, to better understand the interests and preferences of our key customer audiences, and to improve our service. In the event that you do not wish for your data to be processed by the Controller, you may notify us of this in accordance with your rights as set out below.
Transaction information may be shared with us by our business partners and other third parties (including law enforcement and insurance companies) in order to identify and investigate suspected fraudulent transactions, for audit purposes and to support the safety of our services, where permitted under applicable laws.
c) INFORMATION FROM OR ON YOUR FRIENDS OR RELATIVES: where promotions are implemented that allow you to refer a friend or other person with whom you have a personal relationship who may be interested in our products, services, Site or Application, the Controller may receive information about you, including from third parties who choose to provide it.
Please note that information about your Friend can only be disclosed with your permission. If your Friend authorises you to provide us with your data, we will use your information only for that purpose and not to send other unrelated offers. In the message we send to you, we may also indicate that it was you who shared your details with the Controller.
d) COOKIES: cookies are small text files that are sent to or accessed from your web browser or your device’s memory. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your device, such as user settings, browsing history and activities conducted while using the Site and Applications. By linking the information contained in these cookies with other information about the customer that you provide to us, for example, when you access the Site or Application, we may be able to identify the cookie information about you.
Most web browsers are initially configured to accept cookies. You can change your web browser settings so that it rejects cookies or signals when a cookie is sent. However, some features of our Sites or Applications may not work if cookies are deleted or disabled. Some of our Service Partners may use their own cookies, anonymous identifiers or other tracking technologies in relation to the services they perform on behalf of the Controller.
e) ONLINE ADVERTISING AND MONITORING: we may decide to allow third party companies to publish advertisements and collect certain anonymous information when someone visits our Site. These companies may use non-personal information (such as information on the click flow, browser type, date and time, content of clicked or scrolled advertisements) during your visits to the Site and other websites in order to propose adverts on goods and services that may be of interest to you. Typically these companies use a cookie to collect this information. Our systems do not recognise “Do Not Track” browser signals, but many of our Service Partners who use these cookies on our Sites allow you not to receive targeted advertisements. For more information on these advertising practices or to opt out of receiving this type of advertising, you can visit www.networkadvertising.org or www.aboutads.info/choices/. Additionally, you can request not to see interest-based online advertising from companies that participate in opt-out programmes through the Digital Advertising Alliance, the Interactive Digital Advertising Alliance, or Appchoices (applications only). In addition, we provide you with further tools to stop receiving advertising or promotional content.
We may also use Service Providers who are social media or internet search platforms, so that advertising for Miniconf products appears on those platforms.
Type of data collected and their use
The Data Controller may collect the following categories of data:
We may also use your contact information to send promotional communications and to contact you in relation to matters relating to the services offered, including after-sales services or to assist you with your future purchases on our Site and/or the Application and, occasionally, to request and respond to reviews relating to Miniconf products. We will use your contact information where permitted by applicable law or if you have given your consent (if consent is required by applicable law).
b) PAYMENT INFORMATION: information relating to your credit card, debit card, and/or other payment information to process payments relating to your orders.
c) DEMOGRAPHIC INFORMATION: the Data Controller may ask for your gender, date of birth and age or other information such as your preferences on the characteristics of the products, on the Sites or Applications or in physical stores. This information and/or your account and profile information may be used for the purposes of our internal demographic checks on customers, to offer a better service that suits customer preferences, including by identifying products, services and events that may interest you.
d) ADDITIONAL INFORMATION RELATING TO ACCOUNTS AND TRANSACTIONS: if you have a customer account (created online or in-store), or, in some cases, if you buy from physical stores, information may be collected on the products you viewed online or purchased, the place where you purchased the products, and other information relating to your purchases. The Controller will use this information to carry out demographic analyses of customers, in order to offer a service modelled on their preferences.
Together with non-personal information, this information may be used to carry out internal market analyses and demographic studies or to analyse, profile and monitor customer trends, with the aim of constantly improving our products and services. This allows us to offer our customers more personalised and integrated shopping and interaction experiences both in our stores and in our Sites and/or Applications.
e) INTERNET AND OTHER MULTIMEDIA ACTIVITIES: where permitted by applicable laws or with your consent (where consent is required by applicable laws), we may use information on how you use our Site, the Application and any in-store service to customise the sending of communications, adapt the content of the Site and the Application, and to customise the in-store service to suit your preferences and enable you to use any interactive features of the services. The Data Controller may process the information on the device used to connect to the Site services, the Applications or any interactive content provided. This data could include the type of device used, the internet browser or your location based on the unique identifier of the device, such as the IP or the code of the Application running on your device.
This information is used to ensure the proper functioning and security of the Site and the Application, to optimise the services offered and to better understand the use and effectiveness of the content and services. The data collected in-store from your mobile device through these technologies also allow us to obtain aggregate and anonymous statistics on the number of people in our stores, as well as information on the gender, size, height, ethnic origin and country/region of origin of our visitors, but cannot be used by or made available to Miniconf for the purpose of obtaining information on individual visitors.
f) LOCATION INFORMATION: when you visit the Site, the Controller may try to determine your location, for example, to find the nearest store or to provide more precise information based on your location. We can: (i) make a comparison with the contact details you provided, for example the post code, to indicate the nearest shop; (ii) verify the country/region in which it is located based on your device’s unique identifier (for example an IP address); or (iii) if you enable location services on your mobile device, we may establish your real-time location based on the latitude and longitude coordinates of your mobile device, via GPS signal, Bluetooth or Wi-Fi connection information, including the MAC addresses picked up by your device, where such information is available. In the case of mobile device location services, you can change your location preferences at any time by managing the device settings.
g) PROFILING: the Controller may use all the information described above to create a profile for you that reflects your preferences, characteristics, behaviour and attitudes. This information will be used to personalise and improve the services and to better understand the interests and preferences of key customers.
Methods of data processing and storage
In relation to the aforementioned purposes and in any case in such a way as to guarantee their security and confidentiality, the data will be subject to computer, telematic and paper processing in full compliance with the principles of necessity, data minimisation and limitation of the storage period, through the adoption of technical and organisational measures appropriate to the risk level of the processing.
Parties with whom the collected data may be shared
In certain circumstances, the Data Controller may share your personal data with other third parties and selected service providers (which could include franchisees and licensees) who sell or promote Miniconf products and services or perform other functional and connected services such as, by way of example, fulfilling orders, processing payments and performing promotional or data management services as permitted by applicable laws or with your consent (if required by applicable laws). Some data may be shared as aggregate or anonymous information that does not directly identify you.
In any case, the Data Controller will implement all the contractual measures necessary to request such third parties to guarantee that they will take all necessary precautions to safeguard your personal information, as required by applicable laws.
a) SERVICE PROVIDERS: your information may be shared with the companies in charge of managing the order shipping service, with any delivery company and with other companies that provide assistance services, including website hosting companies, IT service providers and fraud management support service providers. Your information may be shared with other companies (including social media and internet research platforms to which you have independently subscribed) that sell or promote Miniconf products and services to offer you a better customer experience. Your information may be shared with companies that assist Miniconf with other services, for example in analysing our customers’ data in order to better understand, profile and monitor customer trends so that we can constantly improve products and services. In each case, these companies will only be provided with the data they need to perform their services, whereas such parties will not be authorised to use such data for other purposes. These parties will be authorised to use your data only in accordance with the instructions we give them and in the manner permitted by applicable laws.
c) FINANCIAL INSTITUTES, PAYMENT PROCESSING PARTNERS AND SUPPORT SERVICE PROVIDERS FOR FRAUD MANAGEMENT: payments made through our Site or Application are made through our payment providers. In any case, it will provide credit or debit card information directly to our suppliers who process your payment details.
When making a payment, the Controller may share your information, including details of your transaction, with service providers who provide fraud detection and management solutions related to your transaction.
d) LEGAL INFORMATION: in some circumstances (where required or permitted by applicable laws or with your consent), the Data Controller may disclose your personal data to third parties in order to fulfil the obligations arising from any legal or regulatory procedure, to obtain legal advice, to prevent and detect fraud, for the purpose of verifying sanctions and/or to protect and defend the rights and assets of Miniconf and other parties directly connected to the Data Controller. In any event, all reasonably necessary measures will be taken to ensure that such data remains protected.
e) TRANSFERS OF DATA ABROAD: the personal data provided through the Site and/or the Applications are processed within the EU and stored on servers in the same countries.
Your data may be processed abroad if this is necessary for all the circumstances described above to occur. In any case, all the necessary measures required by the regulations and laws in force will be adopted to protect the processing of your personal data.
Legal basis of the processing
The Data Controller processes the personal data of the interested party if one of the following conditions is met:
- the User has given consent for one or more specific purposes; please note that in some jurisdictions the Data Controller may be authorised to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
- the processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
- the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;
- the processing is necessary for the execution of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller;
- the processing is necessary to pursue the legitimate interest of the Data Controller or third parties.
However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
Place where data processing takes place
The Data is processed at the Data Controller’s operational headquarters and in any other places where the parties involved in the processing are located. For more information, you can contact the Data Controller.
Data retention period
The Data is processed and stored for such time as is required by the purposes for which it was collected.
- Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the performance of that contract is completed.
- Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until this interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, deletion, rectification and the right to data portability can no longer be exercised.
Purpose of the processing of collected data
The User’s Data is collected to allow the Controller to provide the Service, fulfil legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes: Statistics, Displaying content from external platforms, Contacting the User, including by e-mail, telephone, SMS or Whatsapp, and Tag Management.
To obtain detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can access their data and request its rectification or even deletion as described in the next paragraph.
Rights of the User
Users can exercise certain rights with reference to the Data processed by the Data Controller.
In case of superior protection, the User can exercise all the rights listed below. In any other case, the User can contact the Controller to find out which rights are applicable in their situation and how to exercise them.
In particular, the User has the right to:
- withdraw consent at any time. The User may revoke their previously expressed consent to the processing of their Personal Data
- oppose the processing of their Data. The User can object to the processing of their Data when it occurs on a legal basis other than consent. Further details on the right to object are indicated in the section below.
- access their Data. The User has the right to obtain information on the Data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the Data processed.
- verify and request rectification. The User can verify the correctness of their Data and request for it to be updated or corrected.
- obtain restriction of processing. When certain conditions are met, the User can request the restriction of processing of their Data. In this case, the Data Controller will not process the Data for any other purpose other than its conservation.
- secure the deletion or removal of their Personal Data. When certain conditions are met, the User can request the deletion of their Data by the Controller.
If you request to delete your personal data, we point out that we may not delete all of your data. We may still process your personal data if necessary and permitted by law. For example, in the following circumstances:
- Transactional: to complete a transaction for which personal data was collected, to provide goods or services requested by you, or to execute a contract entered into;
- Safety and Maintenance: in tracing and/or preventing security incidents and/or correcting or rectifying any errors; or
- Legal: to protect against fraud or illegal activity or to comply with applicable laws or to resolve legal claims or to exercise rights under applicable laws.
- receive their data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data is processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures connected to it.
- lodge a complaint. The User can lodge a complaint with the competent personal data protection supervisory authority or take legal action.
Details on the right to object
When Personal Data is processed in the public interest, in exercising public authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to oppose the processing for reasons connected to their particular situation.
Users are reminded that, if their Data is processed for direct marketing purposes, they can oppose the processing thereof without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to exercise rights
To exercise the User’s rights, Users can address request using the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.
Further information on processing
Defence in court
The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings in order to defend against abuses in the use of this Website or related Services by the User.
The User declares that it is aware that the Controller may be obliged to disclose the Data by order of the public authorities.
System log and maintenance
For operation and maintenance related needs, this Website and any third party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.
Response to “Do Not Track” requests
This Website does not support “Do Not Track” requests.
To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.
If the changes concern processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.