Data Controller

Miniconf SpA, with registered office in Ortignano (AR), 52010, in via Provinciale 1/A, VAT identification number [00249390519]

Data Controller e-mail address: privacy@miniconf.it

Scope of this Privacy Policy

This Privacy Policy applies to situations in which the Data Controller of Miniconf SpA processes the User’s personal data in paper or electronic format. It also applies to situations where authorised partners use your personal information on our behalf.

This Privacy Policy concerns all personal data collected, used and processed in any other way by the Data Controller and in connection with your relationship with Miniconf SpA as a customer or as a potential customer. Miniconf SpA will process your personal data as described in this Privacy Policy and as permitted by applicable laws.

The Privacy Policy applies to all cases where the Data Controller collects data through websites, including for mobile devices (www.miniconf.it, www.miniconfshop.it www.sarabanda.it, www.minibanda.it, www.ido.it, www.dodipetto.it, www.supergakidswear.it, partnerlab.miniconf.app), or through any applications owned and managed by the Controller and made available from time to time (Applications), or by visiting a Miniconf store to purchase or test products or to interact with our content and/or services or by contacting our Customer Support.

To be able to provide you with our products and services, the Data Controller needs to share your personal information with authorised partners who may also act as “data processors”. In any case, these parties are obliged to adopt appropriate security measures to protect the personal data in their possession, and are bound by a strict confidentiality agreement and specific contractual terms also put in place for your protection.

This Privacy Policy does not extend to services provided by other companies acting on their own behalf, such as licensees, or when the interested party shares information on social networks or other online platforms owned by other companies and managed by them. These other companies use their own privacy policies and if the interested party provides their personal data, the processing will be subject to their rules.

To use the Site and Applications you must be at least 13 years old (14 years if you are a customer within China, excluding islands, or 18 years if you are a customer in Saudi Arabia). If you are under the age of 13 (or 14 in China, excluding islands, or 18 in Saudi Arabia) or a minor in your country or state or region of residence, please ask one of your parents or legal guardian(s) to provide their data on your behalf.

If the Data Controller learns that he has received personal data from a child under the age of 13 (14 for China, excluding islands, 18 for Saudi Arabia) or of an equivalent minimum age depending on the legal system, such data will be deleted from the archives.

Comprehensive details on each type of data collected are provided in the dedicated sections of this Privacy Policy or through specific information displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using the Sites or Applications.

Methods of data collection and data sources

Your personal data may be collected when you create a personal profile registered on one of the sites managed by Miniconf SpA or in a physical store; collection may occur when you place an order, when you interact with our digital content on a computer or mobile device, when you request a service at a shop or when you request information from the Controller.

In any case, you will be informed whether the collection concerns your personal data and whether the transmission of your personal data is optional or mandatory for the service in question. Please keep in mind that, where data collection is mandatory and the requested information is not provided, the Data Controller may not be able to provide the relevant products or services.

As regards the sources of personal data concerning you, these may be sent to us:

a) BY YOU: when you send them to us directly, by filling in forms, by interacting with Customer Support or via messaging or Whatsapp, or even indirectly, by using our Sites or Applications.

b) FROM THIRD PARTIES: your personal data may be integrated with marketing and demographic information that we receive from our business partners and affiliated third party companies, in addition to other information that is in the public domain or that we are otherwise legally authorised to obtain, in order to ensure the accuracy of our records, to better understand the interests and preferences of our key customer audiences, and to improve our service. In the event that you do not wish for your data to be processed by the Controller, you may notify us of this in accordance with your rights as set out below.

Transaction information may be shared with us by our business partners and other third parties (including law enforcement and insurance companies) in order to identify and investigate suspected fraudulent transactions, for audit purposes and to support the safety of our services, where permitted under applicable laws.

c) INFORMATION FROM OR ON YOUR FRIENDS OR RELATIVES: where promotions are implemented that allow you to refer a friend or other person with whom you have a personal relationship who may be interested in our products, services, Site or Application, the Controller may receive information about you, including from third parties who choose to provide it.

Please note that information about your Friend can only be disclosed with your permission. If your Friend authorises you to provide us with your data, we will use your information only for that purpose and not to send other unrelated offers. In the message we send to you, we may also indicate that it was you who shared your details with the Controller.

d) COOKIES: cookies are small text files that are sent to or accessed from your web browser or your device’s memory. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your device, such as user settings, browsing history and activities conducted while using the Site and Applications. By linking the information contained in these cookies with other information about the customer that you provide to us, for example, when you access the Site or Application, we may be able to identify the cookie information about you.

Most web browsers are initially configured to accept cookies. You can change your web browser settings so that it rejects cookies or signals when a cookie is sent. However, some features of our Sites or Applications may not work if cookies are deleted or disabled. Some of our Service Partners may use their own cookies, anonymous identifiers or other tracking technologies in relation to the services they perform on behalf of the Controller.

When you access our Site or Application, you will be provided with information on our use of cookies and other device identification tools. By continuing to use our Sites or Applications or services without managing your cookie and device choices and preferences, you acknowledge and accept our cookie and device identification settings, stating that you understand our Cookie Policy. Please note that restricting certain cookies or other device identifiers will affect your ability to use the Sites or Applications.

Consult the Cookie Policy for more information on cookies and other technologies used on our Sites and Applications, including information on how to manage cookie settings and preferences.

e) ONLINE ADVERTISING AND MONITORING: we may decide to allow third party companies to publish advertisements and collect certain anonymous information when someone visits our Site. These companies may use non-personal information (such as information on the click flow, browser type, date and time, content of clicked or scrolled advertisements) during your visits to the Site and other websites in order to propose adverts on goods and services that may be of interest to you. Typically these companies use a cookie to collect this information. Our systems do not recognise “Do Not Track” browser signals, but many of our Service Partners who use these cookies on our Sites allow you not to receive targeted advertisements. For more information on these advertising practices or to opt out of receiving this type of advertising, you can visit www.networkadvertising.org or www.aboutads.info/choices/. Additionally, you can request not to see interest-based online advertising from companies that participate in opt-out programmes through the Digital Advertising Alliance, the Interactive Digital Advertising Alliance, or Appchoices (applications only). In addition, we provide you with further tools to stop receiving advertising or promotional content.

We may also use Service Providers who are social media or internet search platforms, so that advertising for Miniconf products appears on those platforms.

 

Type of data collected and their use

The Data Controller may collect the following categories of data:

a) CONTACT INFORMATION AND OTHER IDENTIFICATION INFORMATION: your name, address, telephone numbers and e-mail addresses. The following information is used to identify the customer, to process orders, to provide products and services, to process payments, to update our records and, in general, to manage the accounts created in the manner indicated in this Privacy Policy. The collection of some personal data is optional, but if certain information is not provided we may not be able to process the order and/or send the necessary order confirmation or shipping confirmation communications.

We may also use your contact information to send promotional communications and to contact you in relation to matters relating to the services offered, including after-sales services or to assist you with your future purchases on our Site and/or the Application and, occasionally, to request and respond to reviews relating to Miniconf products. We will use your contact information where permitted by applicable law or if you have given your consent (if consent is required by applicable law).

b) PAYMENT INFORMATION: information relating to your credit card, debit card, and/or other payment information to process payments relating to your orders.

c) DEMOGRAPHIC INFORMATION: the Data Controller may ask for your gender, date of birth and age or other information such as your preferences on the characteristics of the products, on the Sites or Applications or in physical stores. This information and/or your account and profile information may be used for the purposes of our internal demographic checks on customers, to offer a better service that suits customer preferences, including by identifying products, services and events that may interest you.

d) ADDITIONAL INFORMATION RELATING TO ACCOUNTS AND TRANSACTIONS: if you have a customer account (created online or in-store), or, in some cases, if you buy from physical stores, information may be collected on the products you viewed online or purchased, the place where you purchased the products, and other information relating to your purchases. The Controller will use this information to carry out demographic analyses of customers, in order to offer a service modelled on their preferences.

Together with non-personal information, this information may be used to carry out internal market analyses and demographic studies or to analyse, profile and monitor customer trends, with the aim of constantly improving our products and services. This allows us to offer our customers more personalised and integrated shopping and interaction experiences both in our stores and in our Sites and/or Applications.

e) INTERNET AND OTHER MULTIMEDIA ACTIVITIES: where permitted by applicable laws or with your consent (where consent is required by applicable laws), we may use information on how you use our Site, the Application and any in-store service to customise the sending of communications, adapt the content of the Site and the Application, and to customise the in-store service to suit your preferences and enable you to use any interactive features of the services. The Data Controller may process the information on the device used to connect to the Site services, the Applications or any interactive content provided. This data could include the type of device used, the internet browser or your location based on the unique identifier of the device, such as the IP or the code of the Application running on your device.

This information is used to ensure the proper functioning and security of the Site and the Application, to optimise the services offered and to better understand the use and effectiveness of the content and services. The data collected in-store from your mobile device through these technologies also allow us to obtain aggregate and anonymous statistics on the number of people in our stores, as well as information on the gender, size, height, ethnic origin and country/region of origin of our visitors, but cannot be used by or made available to Miniconf for the purpose of obtaining information on individual visitors.

f) LOCATION INFORMATION: when you visit the Site, the Controller may try to determine your location, for example, to find the nearest store or to provide more precise information based on your location. We can: (i) make a comparison with the contact details you provided, for example the post code, to indicate the nearest shop; (ii) verify the country/region in which it is located based on your device’s unique identifier (for example an IP address); or (iii) if you enable location services on your mobile device, we may establish your real-time location based on the latitude and longitude coordinates of your mobile device, via GPS signal, Bluetooth or Wi-Fi connection information, including the MAC addresses picked up by your device, where such information is available. In the case of mobile device location services, you can change your location preferences at any time by managing the device settings.

g) PROFILING: the Controller may use all the information described above to create a profile for you that reflects your preferences, characteristics, behaviour and attitudes. This information will be used to personalise and improve the services and to better understand the interests and preferences of key customers.

 

Methods of data processing and storage

In relation to the aforementioned purposes and in any case in such a way as to guarantee their security and confidentiality, the data will be subject to computer, telematic and paper processing in full compliance with the principles of necessity, data minimisation and limitation of the storage period, through the adoption of technical and organisational measures appropriate to the risk level of the processing.

 

Parties with whom the collected data may be shared

In certain circumstances, the Data Controller may share your personal data with other third parties and selected service providers (which could include franchisees and licensees) who sell or promote Miniconf products and services or perform other functional and connected services such as, by way of example, fulfilling orders, processing payments and performing promotional or data management services as permitted by applicable laws or with your consent (if required by applicable laws). Some data may be shared as aggregate or anonymous information that does not directly identify you.

In any case, the Data Controller will implement all the contractual measures necessary to request such third parties to guarantee that they will take all necessary precautions to safeguard your personal information, as required by applicable laws.

a) SERVICE PROVIDERS: your information may be shared with the companies in charge of managing the order shipping service, with any delivery company and with other companies that provide assistance services, including website hosting companies, IT service providers and fraud management support service providers. Your information may be shared with other companies (including social media and internet research platforms to which you have independently subscribed) that sell or promote Miniconf products and services to offer you a better customer experience. Your information may be shared with companies that assist Miniconf with other services, for example in analysing our customers’ data in order to better understand, profile and monitor customer trends so that we can constantly improve products and services. In each case, these companies will only be provided with the data they need to perform their services, whereas such parties will not be authorised to use such data for other purposes. These parties will be authorised to use your data only in accordance with the instructions we give them and in the manner permitted by applicable laws.

b) OTHER SHIPPING AND DELIVERY PARTNERS: when your order is delivered by a third party used by Miniconf for the provision of delivery or shipping services, only the information necessary for delivery is provided to them. The privacy policy of that partner for order delivery or shipping services may also apply when that service provider processes your personal data, due to its role as data controller under applicable data protection laws.

For more information, please review the privacy policy on the website(s) of the order delivery or shipping services partner that will deliver your order.

c) FINANCIAL INSTITUTES, PAYMENT PROCESSING PARTNERS AND SUPPORT SERVICE PROVIDERS FOR FRAUD MANAGEMENT: payments made through our Site or Application are made through our payment providers. In any case, it will provide credit or debit card information directly to our suppliers who process your payment details.

When making a payment, the Controller may share your information, including details of your transaction, with service providers who provide fraud detection and management solutions related to your transaction.

d) LEGAL INFORMATION: in some circumstances (where required or permitted by applicable laws or with your consent), the Data Controller may disclose your personal data to third parties in order to fulfil the obligations arising from any legal or regulatory procedure, to obtain legal advice, to prevent and detect fraud, for the purpose of verifying sanctions and/or to protect and defend the rights and assets of Miniconf and other parties directly connected to the Data Controller. In any event, all reasonably necessary measures will be taken to ensure that such data remains protected.

e) TRANSFERS OF DATA ABROAD: the personal data provided through the Site and/or the Applications are processed within the EU and stored on servers in the same countries.

Your data may be processed abroad if this is necessary for all the circumstances described above to occur. In any case, all the necessary measures required by the regulations and laws in force will be adopted to protect the processing of your personal data.

 

Legal basis of the processing

The Data Controller processes the personal data of the interested party if one of the following conditions is met:

However, it is always possible to ask the Controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.

 

Place where data processing takes place

The Data is processed at the Data Controller’s operational headquarters and in any other places where the parties involved in the processing are located. For more information, you can contact the Data Controller.

 

Data retention period

The Data is processed and stored for such time as is required by the purposes for which it was collected.

Therefore:

When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for longer until such consent is revoked. Furthermore, the Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of this term the right of access, deletion, rectification and the right to data portability can no longer be exercised.

 

Purpose of the processing of collected data

The User’s Data is collected to allow the Controller to provide the Service, fulfil legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities, as well as for the following purposes: Statistics, Displaying content from external platforms, Contacting the User, including by e-mail, telephone, SMS or Whatsapp, and Tag Management.

To obtain detailed information on the purposes of the processing and on the Personal Data processed for each purpose, the User can access their data and request its rectification or even deletion as described in the next paragraph.

 

Rights of the User

Users can exercise certain rights with reference to the Data processed by the Data Controller.

In case of superior protection, the User can exercise all the rights listed below. In any other case, the User can contact the Controller to find out which rights are applicable in their situation and how to exercise them.

In particular, the User has the right to:

If you request to delete your personal data, we point out that we may not delete all of your data. We may still process your personal data if necessary and permitted by law. For example, in the following circumstances:

 

Details on the right to object

When Personal Data is processed in the public interest, in exercising public authority vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to oppose the processing for reasons connected to their particular situation.

Users are reminded that, if their Data is processed for direct marketing purposes, they can oppose the processing thereof without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise rights

To exercise the User’s rights, Users can address request using the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

 

Further information on processing

Defence in court

The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory stages of such proceedings in order to defend against abuses in the use of this Website or related Services by the User.
The User declares that it is aware that the Controller may be obliged to disclose the Data by order of the public authorities.

Specific information

At the request of the User, in addition to the information contained in this Privacy Policy, this Website may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

System log and maintenance

For operation and maintenance related needs, this Website and any third party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User IP address.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Response to “Do Not Track” requests

This Website does not support “Do Not Track” requests.
To find out if any third-party services used support them, the User is invited to consult the respective privacy policies.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying Users on this page and, if possible, on this Website as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details it has. Please therefore consult this page frequently, referring to the date of the last change indicated at the bottom.

If the changes concern processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary.

 

27.10.22