Skip to content

Cart

Your cart is empty

Privacy Policy



Dear user,

This Privacy Policy is provided pursuant to articles 13 and 14 of EU Regulation 2016/679 – (hereinafter only GDPR) and related provisions of the Privacy Code (Legislative Decree no. 196/03) modified by Legislative Decree no. 101/18 regarding the protection of personal data to those who connect to the website https://musthavemilano.com/ and use the related services. This page describes the management methods of the website owned by EFFELLE SRL (hereinafter also “ the Data Controller ”) and the processing operations of the personal data of users who access and navigate the site. The information refers only to the page mentioned above and not to other websites that may be consulted by the user via specific links.


  • DATA CONTROLLER
  • Pursuant to art. 4, point 7 of the GDPR, the Data Controller is the person who “ determines the purposes and means of the processing of personal data” . With regard to this website, the Data Controller is: EFFELLE SRL – Fiscal Code / VAT number 12428060151, with registered office in Via Filippo Turati n. 40, 20121 Milan (MI) (hereinafter also “ the Data Controller ”). 


    1. DATA PROTECTION OFFICER

    The Data Protection Officer (also known in English as Data Protection Officer – DPO ) is a figure provided for by art. 37 of the GDPR. to perform support and control, consultative, training and information functions, whose designation is mandatory only in the cases provided for by art. 37, par. 1, letters b) and c), of the GDPR. This figure is not mandatory for the Owner of this website.


  • TYPE OF DATA AND PURPOSE OF PROCESSING

  • Browsing data
  • The computer systems and software procedures used to operate this web page acquire, during normal operation and for the sole duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols.

    This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI ( Uniform Resource Identifier ) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server (successful, error, etc.), the country of origin, the various temporal connotations of the visit (for example, the time spent on each page) and other parameters relating to the operating system and the user's IT environment. It is specified that the data is collected anonymously.

    This data may be used to:

    1. i) statistics : collection of data and information in aggregate and anonymous form in order to verify the correct functioning of the site. None of this information is related to the physical person-User of the site and does not allow identification in any way.
    2. ii) security : collection of data and information in order to protect the security of the site (e.g. firewall filters and virus detection) and of the Users and to prevent or detect illicit behaviors damaging the website ,

  • Data provided voluntarily by the user
  • This category includes:

    • the data that the user provides by filling in the form in the “contact us” section, i.e. name, e-mail, telephone number, any other personal data contained in the message sent;
    • email address provided by subscribing to the newsletter;
    • the personal data that the user provides to purchase products online: email address, telephone number, name and surname, shipping and billing address, tax code, certified email address, payment data.

    This data may be used to:

    1. order management : to allow the conclusion of the distance contract and the execution of the services, both of the user and of the Owner, object of the contract itself. As for the performance of the Owner, the specific purposes are to allow the user to process the order on the e-commerce platform, manage the shipment and manage the delivery.
    2. payment management process payments via paypal or bank transfer and issue payment invoices. The data provided for payment are acquired directly by the payment service manager (Paypal). With reference to this service, the user is invited to read the privacy policies of the chosen payment service manager.
    3. customer service : respond to requests for information or requests of any nature related to customer assistance.
    4. marketing : with the user's consent, sending email messages and newsletters containing information, including commercial and promotional information, relating to promotions, new products and offers.
    5. defense of one's rights and interests in the event of litigation.

  • Cookie
  • The site uses first and third party cookies, as detailed in the cookie policy to which reference is made (LINK) .


  • LEGAL BASIS
  • The legal bases for the processing of personal data for the purposes indicated in the previous paragraph are indicated below, referring to the cookie policy for the identification of the legal basis for the data acquired through the installation of cookies:

    • purposes specified in § 3, letter A), points i) and ii) and letter B) point v): legitimate interest of the Data Controller;
    • purposes specified in § 3, letter B), points ii), iii): contract and pre-contractual negotiations;
    • purposes specified in § 3, letter B) point iv): consent of the interested party.

  • NATURE OF THE PROVISION
  • Apart from what is specified for navigation data and except when provided for in the cookie policy to which reference is made, the user is free to provide personal data by registering or logging in to the e-commerce platform, through a specific account or social account. Visiting the site does not require prior registration and login.

    Unless otherwise specified, the Data requested by the e-commerce platform are mandatory to complete the order. If the User refuses to communicate them, it may be impossible to provide the e-shop Service.

    If the user provides, publishes, shares or otherwise processes personal data of third parties in using the features of the site, he/she guarantees from now on that he/she has the right to carry out the processing and, where necessary, that he/she has previously acquired the consent of the third party to the processing of information concerning him/her, assuming all responsibility in this regard with all indemnification in favor of the Owner of the site.


  • METHODS AND PLACE OF DATA PROCESSING, COMMUNICATION AND DISSEMINATION
  • The processing of personal data occurs in a lawful, correct and transparent manner and, in any case, in compliance with the provisions of articles 5 and 6 of EU Regulation 2016/679 - GDPR. Your personal data are processed using manual and computerised tools with logic strictly related to the purposes for which they were acquired and in any case in a way that guarantees the security and confidentiality of the data.

    Data management and storage takes place on a server located in …………… where the company providing the hosting service is based.

    Personal Data may be communicated and processed by internal collaborators and/or employees of the Data Controller, as persons authorised to process data, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.

    In some cases, they may be communicated to external parties acting on behalf of the Data Controller, duly appointed, if necessary, as Data Processors pursuant to Article 28 of the GDPR on the protection of personal data, such as:

    • Natural and legal persons who perform the site development and maintenance service and hosting providers ;
    • Natural and legal persons who perform, on behalf of the owner, services connected to the e-shop, logistics, payment services;
    • Natural and legal persons who carry out marketing activities on behalf of the owner;
    • Accountants, lawyers and other professionals to whom the Data Controller turns;
    • Financial institutions and public bodies.

    The updated list of the Responsibles can always be requested from the Data Controller. It is specified that your data will not be disclosed to unspecified third parties.

    The data may be transferred to countries outside the European Union and ensures that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection or by adopting the standard contractual clauses provided by the European Commission.


  • RETENTION PERIOD
  • Except as provided in the cookie policy, the data collected are stored for the time strictly necessary to carry out the activities specified in § 3. Upon expiration, the data will be deleted or anonymized, unless there are additional purposes for storing them. Data for direct marketing purposes are stored for 24 months.

  • USER RIGHTS
  • You may exercise your rights towards the Data Controller, using the following contact details: email info@cashconverters.it and tel 02.20480341. To ensure the correct exercise of your rights, you must be unequivocally identifiable. The Data Controller undertakes to provide feedback within 30 days and, in the event of impossibility to respect these deadlines, to justify any extension of the expected terms. The feedback will be free of charge except in cases of groundlessness (e.g. there is no data concerning the interested party making the request) or excessive requests (e.g. repetitive over time) for which a fee may be charged not exceeding the costs actually incurred for the research carried out in the specific case. At any time you may exercise, pursuant to articles 15 to 22 of the GDPR, the right to:

    1. a) ask for confirmation of the existence or otherwise of your personal data;
    2. b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
    3. c) obtain the rectification and deletion of data;
    4. d) obtain the limitation of the processing;
    5. e) obtain data portability, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without hindrance;
    6. f) oppose the processing at any time and also in the case of processing for direct marketing purposes;
    7. g) to object to automated individual decision-making, including profiling.
    8. h) ask the data controller for access to personal data and the rectification or erasure of the same or the limitation of the processing concerning him or her or to oppose their processing, in addition to the right to data portability;
    9. i) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
    10. j) lodge a complaint with a supervisory authority.

    You may also manage your preferences regarding the use of cookies in the manner specified in the cookie policy.


  • CHANGES TO THIS DOCUMENT
  • This document constitutes the privacy policy of this site.

    It may be subject to changes or updates. If there are significant changes or updates, these will be reported with specific notifications to users.