PRIVACY POLICY

PRIVACY POLICY (EU REGULATION 2016/679: ART. 13-14)

MEDITERRANEA S.R.L. Corso Italia 49 – 20122 Milan Reg. Imp., C.F. and VAT no. 03088850247, Share Capital Euro 1,300,000 as Data Controller of personal data, pursuant to and for the purposes of EU Reg. 2016/679 hereafter ‘GDPR’, hereby informs that the previously mentioned legislation provides for the protection of data subjects with respect to the processing of personal data and that this treatment will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

Personal data will be processed in accordance with the legislative provisions of the previously mentioned legislation and the confidentiality obligations set forth therein.

1.

Purpose and legal basis of the processing

The data will be processed for the following purposes related to the implementation of obligations related to legislative or contractual obligations:

• purposes necessary to assess, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions;

• advanced navigation purposes or personalized content management;

• purposes related to the execution of a contract of which you are a part or to the execution of pre-contractual measures adopted at your request (e.g. contact request via the Contact form, registration with the Mediterranea s.r.l. service, etc.);

• purposes of statistical research / analysis on aggregate or anonymous data, without therefore the possibility of identifying the user, aimed at measuring the functioning of the Site, measuring traffic and evaluating usability and interest.

2.

Data processed

– Identification data such as name, addresses, telephone numbers or email addresses, provided upon registration;

– data related to offers, purchases or sales, provided during a transaction or other content based on the transactions generated or connected to your account following a transaction in which you participated;

– other content generated by you or connected to your account (for example, adding items to your shopping cart or items you observe, creating collections and the collections and sellers you follow);

– financial data (for example, credit card numbers or bank account) in connection with a transaction;

– data relating to shipments, invoices and other types, used to purchase or ship an object, as well as, where postal services are provided through one of our programs, information required for customs fulfilments (for example, tax identification numbers or other numbers identifiers) and shipping information (for example, shipping codes and related updates);

– other data that Mediterranea s.r.l. is required or authorized to collect and process, in accordance with current legislation, for the purpose of authenticating or identifying the user or verifying the information collected.

3.

Method of treatment

Personal data may be processed in the following ways:

• by electronic calculators using software systems managed by third parties;

• by electronic calculators with the use of software systems managed or programmed directly;

• temporary treatment in anonymous form.

Each treatment takes place in compliance with the methods referred to in articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided.

The data will be processed only by personnel expressly authorized by the Data Controller and, in particular, by the following categories of employees:

• programmers and analysts;

• marketing office;

• administrative office;

• customer service.

4.

Persons authorized to processing, responsible for processing and communication to third parties of your personal data

Your personal data may be known by the employees and external collaborators of the Owning Company or by suppliers, agents, intermediaries appointed as Managers. These employees and external collaborators will operate as persons authorized to process (therefore formally authorized to carry out processing operations by the owner or manager).

The data may be communicated to external subjects for a correct management of the relationship and in particular to the following categories of Recipients including all the duly appointed Data Processors:

• Google Analytics: Advertising target, Analytics / Measurement, Optimization;

• to the subjects necessary for the provision of the services offered by the Portal, including by way of example the sending of e-mails and the analysis of the functioning of the Site who typically act as data processors of Mediterranea s.r.l ..

5.

Disclosure of data and transfer of data abroad

Personal data will not be disclosed in any way, may be transferred, and limited to the purposes indicated above, in the following states:

• some of your Personal Data are transferred to Recipients that could be found outside the European Economic Area. Mediterranea s.r.l. ensures that the electronic and paper processing of your Personal Data by the Recipients takes place in compliance with the Applicable Regulations. The transfers are alternatively based on an adequacy decision or on the Standard Model Clauses approved by the European Commission.

In carrying out its business, the Company may also communicate your data to subjects based in countries not belonging to the European Union or to the European Economic Area but which the European Commission has established that guarantee an adequate level of protection. Your data may also be communicated to a foreign regulatory authority (outside the European Union) in fulfillment of binding legal obligations. These transfers take place by adopting the precautions provided by the GDPR and current legislation to ensure an adequate level of data protection.

6.

Storage period

We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the performance of the services provided.

DATA SUBJECT’S RIGHTS (EU REG. 2016/679: ART. 15, 16, 17, 18, 19, 20, 21, 22)

1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, their communication in an intelligible form and the possibility of making a complaint with the Control Authority.

2. The interested party has the right to be informed of:

a. the origin of personal data;

b. the purposes and methods of treatment;

c. the logic applied in case of treatment carried out with the aid of electronic instruments;

d. the identity of the owner, manager and the representative appointed pursuant to article 5, paragraph 2;

e. the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.

3. The interested party has the right to obtain:

a. updating, rectification or, when interested, integration of data;

b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment proves impossible o involves the use of means manifestly disproportionate to the protected right;

d. data portability.

4. The interested party has the right to object, in whole or in part:

a. for legitimate reasons, the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;

b. to the processing of personal data concerning him/her for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.

7.

Updates

This information is updated to the 2016/679 EU Regulation and may be subject to changes. We therefore recommend that you regularly check the section dedicated to the protection of personal data on our website www.vintage55.com and refer to the most updated version.