Privacy and Cookie Policy

Privacy Policy

The purpose of this document is to inform the natural person (hereinafter "Data Subject") regarding the processing of their personal data (hereinafter "Personal Data") collected by the data controller, MC DONALD S.R.L., with registered office at Via Follereau Raul, 8. 24027 Nembro (BG), Tax Code/VAT number 00963060165, email address web@zenoniecolombi.com, (hereinafter "Controller"), through the website www.zenoniecolombi.com (hereinafter "Application").

Changes and updates will be binding as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Data Subject is required to cease using this Application and may request the Data Controller to delete their Personal Data.

  1. Categories of Personal Data processed

The Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

    • Contact data: first name, last name, address, email, phone, images, authentication credentials, any additional information sent by the Data Subject, etc.
    • Tax and payment data: tax code, VAT number, credit card data, bank account details, etc.

    The Data Controller processes the following types of Personal Data collected automatically:

      • Technical data: Personal Data produced by devices, applications, tools, and protocols used, such as, for example, information about the device used, IP addresses, browser type, Internet Service Provider (ISP) type. Such Personal Data may leave traces that, especially if combined with unique identifiers and other information received from servers, can be used to create profiles of natural persons.
      • Navigation and Application usage data: such as, for example, visited pages, number of clicks, actions performed, session duration, etc.
      • Data relating to the exact location of the Data Subject: for example, geolocation data that precisely identify the location of the Data Subject, which can be collected via satellite network (e.g., GPS) and other means, collected with the prior consent of the Data Subject. The Data Subject may revoke consent at any time.

      The failure by the Data Subject to provide Personal Data for which there is a legal or contractual obligation, or when they constitute a necessary requirement for the conclusion of the contract with the Data Controller, will result in the Data Controller being unable to establish or continue the relationship with the Data Subject.

      The Data Subject who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.

      1. Cookies and similar technologies

      The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data of the Data Subject on the pages, on the visited links, and on other actions performed when the Data Subject uses the Application. They are stored to be transmitted during the Data Subject's next visit. The complete Cookie Policy can be viewed at the following address: ____________________

      1. Legal basis and purpose of the processing

      The processing of Personal Data is necessary:

        • for the execution of the contract with the Data Subject, specifically:
        1. fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
        2. registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access, and be identified also through external platforms
        3. support and contact with the Data Subject: to respond to the Data Subject's requests
        4. payment management: to manage payments via credit card, bank transfer, or other instruments
      1. by legal obligation, specifically:
            1. compliance with any obligation provided by current laws, regulations, and rules, particularly regarding tax and fiscal matters
              • based on the Controller's legitimate interest, for:
                  1. marketing purposes via email of the Controller's products and/or services to directly sell the Controller's products or services using the email provided by the Data Subject in the context of the sale of a product or service similar to the one subject to the sale
                  2. management, optimization, and monitoring of the technical infrastructure: to identify and resolve any technical issues, to improve the Application's performance, to manage and organize information in an IT system (e.g., servers, databases, etc.)
                  3. security and anti-fraud: to ensure the security of the Controller's assets, infrastructures, and networks
                  4. statistics with anonymous data: to perform statistical analyses on aggregated and anonymous data to analyze the Data Subject's behaviors, to improve the products and/or services provided by the Controller and better meet the Data Subject's expectations
                    • based on the Data Subject's consent, for:
                        1. profiling of the Data Subject for marketing purposes: to provide the Data Subject with information about the Controller's products and/or services through automated processing aimed at collecting personal information in order to predict or evaluate their preferences or behaviors
                        2. retargeting and remarketing: to reach the Data Subject who has already visited or shown interest in the products and/or services offered by the Application with a personalized advertisement using their Personal Data. The Data Subject can opt-out by visiting the Network Advertising Initiative page
                        3. marketing purposes of the Controller's products and/or services: to send commercial and/or promotional information or materials, to carry out direct sales activities of the Controller's products and/or services, or to conduct market research using automated and traditional methods
                        4. detection of the exact location of the Data Subject: to detect the presence of the Data Subject, to control access, times, and the presence of the Data Subject in a specific place, etc.

                        Based on the legitimate interest of the Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies, to which reference is made. Interactions and information acquired by this Application are in any case subject to the privacy settings chosen by the Data Subject on such platforms or social networks. This information – in the absence of specific consent for further processing purposes – is used solely to enable the use of the Application and provide the requested information and services.

                        The Data Subject's Personal Data may also be used by the Controller to protect itself in legal proceedings before the competent judicial authorities.

                        1. Methods of processing and recipients of Personal Data

                         

                        The processing of Personal Data is carried out using paper and IT tools with organizational methods and logic strictly related to the indicated purposes and by adopting adequate security measures.

                        Personal Data are processed exclusively by:

                          • persons authorized by the Data Controller who have committed to confidentiality or have an adequate legal obligation of confidentiality;
                          • subjects operating independently as separate data controllers or subjects designated as data processors by the Controller in order to carry out all processing activities necessary to pursue the purposes of this privacy notice (e.g., business partners, consultants, IT companies, service providers, hosting providers);
                          • subjects or entities to whom it is mandatory to communicate Personal Data by law or by order of the authorities.

                          The above-mentioned subjects are required to use appropriate safeguards to protect Personal Data and may only access those necessary to perform the tasks assigned to them.

                          Personal Data will not be indiscriminately disclosed in any way.

                          1. Location

                          Personal Data will not be subject to any transfer outside the territory of the European Economic Area (EEA).

                          1. Retention period of Personal Data

                          Personal Data will be retained for the period necessary to fulfill the purposes for which they were collected, in particular:

                            • for purposes related to the execution of the contract between the Data Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary statute of limitations period of 10 years. In the case of legal disputes, for the entire duration of the dispute, until the expiration of the appeal periods
                            • for purposes related to the legitimate interest of the Data Controller, they will be retained until such interest is fulfilled
                            • for compliance with a legal obligation, by order of an authority, and for legal protection, they will be retained in accordance with the timeframes provided by such obligations, regulations, and in any case until the expiration of the statute of limitations provided by the applicable laws
                            • for purposes based on the Data Subject's consent, they will be retained until the consent is revoked

                            At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

                            1. Rights of the Data Subject

                            Data Subjects may exercise certain rights regarding the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:

                              • to be informed about the processing of their Personal Data
                              • to withdraw consent at any time
                              • to restrict the processing of their Personal Data
                              • to object to the processing of their Personal Data
                              • to access their Personal Data
                              • to verify and request the correction of their Personal Data
                              • to obtain the restriction of processing of their Personal Data
                              • to obtain the deletion of their Personal Data
                              • to transfer their Personal Data to another controller
                              • to file a complaint with the data protection supervisory authority and/or take legal action.

                              To exercise their rights, Data Subjects may send a request to the following email address web@zenoniecolombi.com. Requests will be handled by the Data Controller immediately and processed as soon as possible, in any case within 30 days.

                              Last updated: 03/24/2023

                               

                              Cookie Declaration