I. NAME OF THE RESPONSIBLE
The person responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Via Francesco Crispi, 84
00187 – Roma
Phone: + 39 06 4819609
REA code: 414383
You may submit inquiries regarding personal data protection, privacy and security matters to firstname.lastname@example.org.
II. GENERAL INFORMATION ABOUT THE COLLECTION AND PROCESSING OF YOUR DATA
1. Scope of processing
In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, or based on legitimate interest, cf. GDPR art. 6(1)(a)-(b), (f).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
3. Storage and deletion of your data
In principle, we only store personal data for as long as is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject (see details in sections 3.1-3.3). Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
III. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
1. Scope of data processing
Marsil processes personal data only if this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
Any of the information we collect from you may be used for one or more of the following purposes:
1.1. To personalize your experience (the information will help Marsil better respond to your individual needs);
1.2. To improve our website (Marsil continually strives to improve our website offerings based on the information and feedback we receive from you);
1.3. To establish a primary channel of communication with you;
1.4. To enable you to scan your website for trackers;
1.5. To enable you to talk to an expert.
2. Data processed
2.1 Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. E.g. this is information like
– Information about the type and version of your internet browser,
– The operating system of your computer or smartphone,
– Your internet service provider,
– Your IP address,
– Date and time of your access,
– Geographic location,
– Websites from which you came to us,
– Websites that you visit from our site;
We collect such technical information in so-called “log files”, so that you can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, the legal basis is legitimate interest in the processing of data according to GDPR art. 6(1)(f).
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website.
2.2 Each time you use our Service to scan your website, your email address will be processed and definitions of the cookies found when the Service has scanned your website(s), including reports on the result of each scan.
IV. CONTACT REQUESTS FOR PRODUCT INFORMATION, A DEMO OR OTHER CONCERNS
1. Description and scope of data processing
On our website you can contact us via various options: e.g. book a demo, request a quote, request product information, request guides, contact request form, support tickets and our chat function. If you make use of these options, the data entered in the input mask will be transmitted to us and saved. In addition to the specific input macro data, the IP address and the date and time of the request are collected and stored.
Alternatively, a contact via email address is possible. In this case, your personal data transmitted by email will be stored.
In this context, there will be no disclosure of the data to third parties, unless this is necessary for the processing of the query (for example, demo booking tool). In any case, the data will be used exclusively for processing the conversation, unless agreed upon otherwise.
2. Legal basis for processing
Legal basis for the processing of the data is in general the consent of the user, GDPR art. 6(1)(a).
3. Purpose of the data processing
The processing of personal data from the input mask is solely for the processing of your request.
4. Duration of storage
If you have booked a demo, requested product information or an offer, we reserve the right to store the data for two years to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data entered in the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
5. Revoking consent and removal possibility
You have the possibility at any time to revoke your consent to the processing of the personal data. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
When signing up for the Newsletter, data entered into the input mask will also be stored, in order to provide the Newsletter. The legal basis for this processing is GDPR art. 6(1)(a). Your email address, time of subscription and the IP address used for subscribing will be retained as long as you subscribe to our Newsletter. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can unsubscribe from this service by opting out via the link provided in each Newsletter any time.
You will be informed by Marsil about relevant changes concerning the Service, such as the implementation of additional functions, by email, if you subscribe to Marsil’s newsletter.
Optionally, your first name, last name, company name and the country you are located in will be processed to provide you with personalized newsletters.
VI. COOKIES AND TRACKING TECHNOLOGIES
See Marsil’s Cookie Declaration at https://marsilmoda.it/en/cookie-declaration/ for information on the cookies we use.
VII. ONLINE PRESENCE IN SOCIAL NETWORKS
We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services.
The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users and on-site behavior, if it exists. For this purpose, cookies and other identifiers are stored on the users’ computers. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.
As part of the operation of our online presences, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the data of the social networks that we can access as operators of the online presences.
The legal basis for data processing is GDPR art. 6(1)(a)-(b), in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For the legal basis of the data processing carried out by the social networks on their own responsibility, please refer to the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Below is a list with information on the social networks on which we operate online presences:
- Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Operation of the Facebook Fanpage in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller).
- Information on the processed Page Insights data and the contact option in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
- Opt-out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com.
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
- Google my business
- We operate a so-called Google My Business entry. Should you find us in this way, we make use of the information service offered by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).
- We do not know how Google uses the data from the visit for its own purposes, to what extent activities of individual users are assigned, how long Google stores this data and whether data is passed on to third parties. When accessing Google services, the IP address assigned to your terminal device is transmitted to Google. Google also stores information about its users’ end devices; this may enable Google to assign IP addresses to individual users or user accounts.
- We, as the provider of our Google My Business entry, do not collect or process any further data from your use of this Google service. Beyond that, we do not use any Google functions on our website.
VIII. THIRD PARTY LINKS
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
XII. RECIPIENTS OF DATA AND DATA TRANSFER TO THIRD COUNTRIES
12.1 Recipients of Data
Marsil does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or processors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of others, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We only pass on the data we have collected if this is necessary for the fulfillment of the contract or for the provision of the technical functionality of the website, or if there is another legal basis for passing on the data.
In addition, disclosure may take place in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement. When governments make a lawful demand for customer data from Marsil, Marsil strives to limit the disclosure. Marsil will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Marsil will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
If Marsil commissions third parties with the collection, processing and use of data within the scope of commissioned processing in accordance with Art. 28 GDPR, this will also take place exclusively in compliance with the statutory provisions on data protection.
12.2 Data Transfer to third Countries
If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
12.3 Processors /Trusted Third Parties
|Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
|Data hosting for CMP
Web analytics service
MSCLKID, Browser language, Clicked advertisements, GUID generated by UET tag, IP address, Microsoft cookie, Page title, Referrer URL, Screen color depth,
Screen resolution, UET ID tag, Page load time, Publisher/URL accessed
|Databases are hosted on servers within EU member states, specifically Ireland with a hot fail-over mechanism to Microsoft’s datacenter in Amsterdam, the Netherlands
|GDPR Art. 6 (1) lit. b
|Google Ads, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Web analytics service
|Gclid, Ads viewed, Cookie ID, Date and time for visit, Device info, Geographic location, IP address, Search terms, Ads shown, Impressions, Online identifiers, Browser info
|In Ireland and the USA
|GDPR Art. 6 (1) lit. a
|Google Analytics, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Web analytics service
|Google Client ID, Click path, Date and time for visit, Device info, Location info, IP address, Pages visited, Referrer URL, Browser Info, Hostname, Browser language, Browser type, Screen resolution, Device operating system, Interaction data, User behavior, Visited URL
|In Ireland and the USA
|GDPR Art. 6 (1) lit. a
|Meta Platform Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
|Facebook Pixel – Web analytics service
|FBClid, Ads viewed, Content viewed, Device info, geographic location, HTTP-header, Interactions with advertisement, services and product, IP address, Items clicked, Marketing info, Pages visited, Pixel ID, Referrer URL, Usage behavior, Facebook cookie info, Facebook user ID, Usage/click behavior, Browser info, Device operating system, Device ID, User agent, Browser type
|In the EU (Ireland), Singapore and the USA
|GDPR Art. 6 (1) lit. a
|Youtube Video, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
|Web analytics service
|Gclid, Device info, IP address, Referrer URl, Video viewed
|In Ireland and the USA
|GDPR Art. 6 (1) lit. a
X. YOUR RIGHTS
If we process your personal data you have – after successful identification – the following rights towards us:
- Right to information (Article 15 GDPR)
- Right to deletion (Article 17 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR) – You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Marsilas spreadsheet files in Microsoft Excel format. Logical relations between datasets will be preserved in the form of unique identifiers. You are required to pay €1.000 (Euro one thousand) and any applicable taxes on delivery for each data copy order.
- Right to withdraw consent (Article 7(3) GDPR)
- Right to object to certain data processing activities (Article 21 GDPR).
In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the responsible“.
You may at any time lodge a complaint with a supervisory authority regarding Marsil’s collection and processing of your personal data.
XI. SECURITY AND INTEGRITY OF THE DATA
Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. Marsil has taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.