Privacy policy

Dear User,
This page describes the methods of managing Privacy for the following website, owned by: M.C.M. LAVORAZIONE E ARREDI IN METALLO S.R.L., (hereinafter referred to as M.C.M. Srl).

Data Controller

M.C.M. LAVORAZIONE E ARREDI IN METALLO S.R.L.
Registered office: Via Giacomo Konz, 100 – 52100 – Ponte a Chiani, Arezzo (AR), Italy – VAT No.: 01525620512

Purpose of Processing

Your data will be processed lawfully, fairly, and transparently, ensuring that it is accurate and adequate, relevant, and limited to what is necessary in relation to the purposes pursued, which are:

1. Managing privacy during navigation through technical cookies and the provision of website services;

2. Subscription to receive newsletters;

3. Promotional purposes through sending newsletters to communicate information and/or commercial offers.

Legal Basis

The legal basis for processing is:

• For purposes 1, 2, and 3, the execution of pre-contractual measures adopted at your request (Art. 6(1)(b) GDPR), as the processing is necessary for providing the Service.

Provision of Personal Data

Please note that providing personal data is not mandatory; however, failure to provide such data will result in:

1. Inability to activate the services provided by the site (purposes 1, 2, and 3);

2. Inability to collect your preferences and receive promotional and/or personalized offers (purpose 3).

Personal Data Collected

Browsing Data:
The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature could allow users to be identified through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, time of request, method used to submit the request to the server, size of the file obtained, status code of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on site usage and to ensure proper functioning, to identify anomalies and/or abuse, and are deleted immediately after processing. The data could be used by competent authorities to ascertain responsibility in case of hypothetical computer crimes against the site.

Data Voluntarily Provided by the User:
Apart from what is specified for browsing data, users are free to provide personal data through forms on the website (e.g., newsletter subscription, product purchase, etc.). Failure to provide such data may result in the inability to provide the requested service. In such cases, only the data necessary for the service requested will be required (see specific policies).

Data Sharing and Location – Disclosure to Third Parties

Your personal data may be shared with:

1. Employees of the Data Controller who are duly authorized and trained, in compliance with the Regulation;

2. Suppliers of the Data Controller, appointed as Data Processors;

3. Subjects who have legal, regulatory, or EU-based access rights to the data.

Data Transfer

Personal data collected through browsing or registration will not be transferred outside the European Union.

Data Retention

Your personal data will be retained for the period necessary to fulfill the purposes outlined above and in any case, for no longer than 10 years from the time of collection.

Personal data acquired for marketing purposes will be retained for a maximum of 3 years, after which renewed consent will be requested. Consent for marketing (purpose 3) can be withdrawn at any time without affecting the legality of the processing based on consent before its withdrawal.

Data Subject’s Rights

You have the right to request from the Data Controller at any time:

• Withdrawal of any consent provided (Art. 7 GDPR);

• Access to your personal data (Art. 15);

• Rectification (Art. 16) or erasure (Art. 17) of data;

• Restriction of processing (Art. 18);

• Objection to processing (Art. 21);

• Data portability (Art. 20).

You can exercise these rights by submitting the appropriate form (available on the website of the Italian Data Protection Authority) via:

• Email to the Data Protection Officer: info@mcmarredimetallo.it

You also have the right to:

• File a complaint with the Supervisory Authority (Art. 77) via https://www.garanteprivacy.it/home/modulistica-e-servizi-online

• Take legal action (Art. 79).

Further Information and GDPR Compliance

M.C.M. LAVORAZIONE E ARREDI IN METALLO S.R.L. (hereinafter, “the Controller”), pursuant to Art. 12 GDPR, provides this privacy notice to inform the data subject as per Art. 13 and communication obligations under Articles 15 to 22.

The processing involves the management, organization, use, administrative tasks related to purchases and invoicing, data storage, database creation, soft spam and marketing activities (Art. 130 para. 4 of the Privacy Code — opt-out available via “unsubscribe”), statistics, communication to partners (appointed Data Processors under Art. 28 GDPR), shipping carriers, and consultants involved in company operations.

Processing also includes data destruction or correction as per user request and consultation. Data processing may occur both inside and outside the EU in accordance with Articles 45 and 46 GDPR.

M.C.M. Srl Processes Personal Data for the Following General Purposes:

1. Social media integration

2. Google Analytics

3. User support and communication

4. Data storage and retention

5. Communication of products and services (e.g., newsletter)

If the user has subscribed to receive promotional materials (e.g., via newsletter), such communications may refer to the Controller’s products or brands. Per Art. 130(4) of the Privacy Code as amended by Legislative Decree 101/2018, users may object at any time using the “unsubscribe” link in each email.

M.C.M. Srl uses Mailchimp services for managing newsletters. Users are encouraged to review Mailchimp’s privacy policy for details on their data handling.

Data Handling and Security

Processing may be conducted both electronically and on paper by authorized personnel. The Controller does not use solely automated decision-making or profiling.

Data will be stored for 10 years for administrative purposes or for the time necessary to fulfill the purposes of collection.

The Controller implements physical, electronic, and organizational security measures as required by applicable law. While M.C.M. Srl strives to protect users’ data, complete security cannot be guaranteed for data transmitted over the Internet. Users are advised to take precautions (e.g., use strong passwords, secure browsers, update regularly).

Limitations to Data Subject’s Rights

The Controller informs you that your rights under Articles 15–22 GDPR may not be exercised in certain cases where doing so would result in actual and concrete prejudice to specific categories of data subjects and/or activities, as described under Art. 2-undecies of Legislative Decree 196/03 as amended by Legislative Decree 101/2018.

Additional Processing Purposes

If the Controller intends to process personal data for purposes other than those for which they were collected, you will be informed of such new purposes beforehand and specific consent will be requested, if required.

Changes to the Privacy Policy

M.C.M. Srl reserves the right to modify this privacy policy at any time by notifying users on this page. Users are encouraged to check this page often, referring to the date of the last modification shown at the bottom. If users do not agree with the changes, they must stop using the website and may request the Controller to delete their personal data.