Privacy POLICY

This Privacy Policy describes the methods for collecting and processing the personal data of users accessing and interacting with the website www.malo.com, as well as of those who visit the points of sale distinguished by the "Malo" brand. It also specifies the purposes of the processing and the rights granted to data subjects under current legislation on the protection of personal data.
The processing operations described in this policy refer exclusively to the services offered through the website www.malo.it and at the points of sale “Malo". We wish to inform you that within the site there may be links to third party websites, which operate as independent data controllers. For such sites, we invite the user to consult their respective privacy and cookie policies, as the Company is not responsible for the processing carried out there.
This Privacy Policy should be read in conjunction with the Website Terms of Use available here [insert link] and Terms of Sale and with the cookie policy.
We reserve the right to update the content of this page from time to time. We encourage you to consult this policy regularly so that you can keep up to date with any changes that have occurred since your last consultation.

In relation to personal data collected for the use of the services
available on this website and at the "Malo" branded points of sale,
the Data Controller is Malo S.r.l. (hereinafter "Malo") with
registered office in Via Gattinella 6 - 50013, Campi Bisenzio (FI). You can
contact Malo by writing an e-mail to privacy@malo.it

Below you can find a list of all the purposes for which we collect your personal data.

Website browsing: Navigation and use of content.

Navigation data, cookies and other tracking systems, other.

Legal basis: Legitimate interest.

Product purchase: Order processing and management of related activities.

Personal details, contact information, address, purchased product, IBAN (in case of return), other.

Legal basis: Performance of a contract.

Customer Care: Assistance via chat, phone, e-mail, online form, social media.

Name, e-mail, content of the request, phone recordings (≤30%), other.

Legal basis: Performance of a contract; legitimate interest (e.g., chat spam prevention and service quality).

Satisfaction surveys: Evaluation of the service received.

Ticket number, questionnaire content, contact details (if provided), other.

Legal basis: Consent.

Direct marketing: Sending commercial communications and surveys.

Contact details, other.

Legal basis: Consent.

Newsletter: We inform subscribers about commercial activities such as new collections, promotional events, sales/private sales.

Legal basis: Consent.

Profiling: Sending personalized communications and product development.

Purchase data, country, gender, age, interactions, statistical data, other.

Legal basis: Consent.

Access to the reserved area: Account creation and access to personalized content.

Personal and contact details, other.

Legal basis: Performance of a contract.

Statistical analysis: Reports and aggregated behavioral models.

Purchase data, country, age, gender, interactions, other.

Legal basis: Legitimate interest.

Compliance with legal obligations: Fulfillment of applicable laws and legal obligations.

Personal and contact details, other.

Legal basis: Compliance with legal obligations.

Extraordinary operations: Potential merger and acquisition activities.

Personal and contact details, other.

Legal basis: Legitimate interest.

Defending or exercising a legal claim, including any related investigations.

Personal and contact details, other.

Legal basis: Legitimate interest.

Video surveillance in retail stores: Security and asset protection.

Images and video recordings.

Legal basis: Legitimate interest.

When we rely on our legitimate interest as the legal basis for processing, we carry out a balancing test to ensure that your interests and fundamental rights and freedoms do not override ours.

You may request further details by writing to our contact details listed below.

Our legitimate interests include improving our services, preventing fraud, preventing misuse of IT systems, ensuring IT and network security, conducting internal investigations, or supporting potential merger and acquisition activities.

Providing your data is necessary when the legal basis for processing (as described above) is compliance with applicable laws or the performance of obligations arising from a contract with you. If you do not provide your personal data, we may not be able to process your registration or manage your purchases.
Providing personal data for marketing purposes and profiling is optional. Choosing not to provide your personal data for these purposes will not affect your ability to browse the site and/or make purchases.

Your data will be retained only as long as it is strictly necessary to fulfil the purpose for which it was collected and in accordance with the retention limitation principles set out in applicable privacy laws.
In particular, for personal data processed
- to enable your registration on the site, your data will be retained as long as your account remains active;
- to fulfil after-sales service requests, we will retain your data for as long as necessary to fulfil your request;
- we may need to retain your data for a longer period to comply with applicable laws.

We will inform you, where appropriate, of any extended data retention obligations we need to comply with.

We may share your personal data with:
- our third party service providers, when necessary to fulfil the purposes of use set out above. Our service providers act as data processors and are appointed and commissioned on the basis of a specific contract. Service providers will process only personal data on our behalf to the extent necessary to perform their support functions in accordance with our instructions and your applicable privacy laws. You can request an updated list of data processors by contacting us at our contact details below.
- third parties, such as law enforcement, regulatory authorities or other similar government bodies, where necessary to comply with a legal obligation, applicable laws or regulations;
- third parties such as auditors, legal advisers or other professional advisers

Recipients of data may be established in third countries around the world without an adequate level of protection for personal data (for example, in the case of shipments outside the EU that require the disclosure of data to local couriers or other suppliers). We take all necessary steps to ensure that the transfer of data outside the EU is adequately protected as required by applicable privacy laws, including using the European Commission's Standard Contractual Clauses and any required local low addenda, if applicable, and implementing appropriate safeguards as required by applicable privacy laws. You can obtain more information about the countries to which we transfer personal data and the safeguards we adopt for such transfers by contacting us at our contact details below.

On our website you may also find social buttons/widgets, i.e. those special 'buttons' representing the icons of social networks (e.g. Facebook and Instagram) and interactive social walls (presenting content from social networks). These 'buttons' allow users who are browsing our site to interact with a click directly with the social network, which acquires data relating to your visit. In some areas of the site there is also the so-called social login, which allows you to access your reserved area via your social network account. When you perform the social login, you accept the terms, conditions of use and privacy policy of the social network itself.

Your personal data may be processed manually or electronically, in each case using the logic and procedures necessary to protect your data and ensure its security. We take appropriate security measures, including physical, technological and procedural measures, to help safeguard your personal data and prevent unauthorised access and disclosure.
Unfortunately, the transmission of information via the Internet is not completely secure. We do our best to protect your personal information, but we cannot guarantee the security of data transmitted to us; any transmission is at your own risk. Once we receive your information, we use strict procedures and security features to try to prevent unauthorised access.

You can contact us at the contact details below to exercise your rights under applicable privacy laws and to request further information regarding the processing of your personal data.
Your privacy rights are:
- Right of access: you may request access to your data and verify their origin and accuracy.
- Right to data portability: in some cases, you may also obtain a machine-readable copy of your personal data to enable you to exercise your right to data portability and transfer it to another data controller or ask us to transfer such data directly to another data controller, to the extent technically feasible.
- Right of rectification: you may request the integration of incomplete data and the rectification or updating of inaccurate data.
- Right to erasure: you can request the erasure of your data and the portability of your data.
- Right to restrict processing: you can request the restriction of processing and to object to the processing of your personal data.
- Right to withdraw consent: you may withdraw any consent you have given.

- Right to object: you have the right to object to the processing of your personal data at any time, for reasons related to your particular situation. In that case, we may be required to stop the processing, unless we can demonstrate compelling legitimate grounds prevailing over your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

- Right to object to direct marketing: when your personal data are processed for direct marketing purposes, you have the right to object at any time and without justification to the processing of your personal data for such direct marketing purposes (including profiling insofar as it is related to such direct marketing).

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data is contrary to applicable privacy laws.

If you have any questions or comments regarding this Privacy Policy, if you wish to assert your privacy rights or if you would like to receive an updated list of our data processors and third parties with whom we share your personal data or to receive further information on the balancing test performed when we rely on our legitimate interest in processing your data and on the transfer of your personal data to third countries, you can contact us at privacy@malo.it