Italiano
Privacy Notice on the Processing of Personal Data (Articles 13–14 GDPR)
Data Controller: Majani 1796 S.p.A., Tax Code and VAT No. 02691991208, registered office at Via G. Brodolini 16, 40053 Valsamoggia (BO), Italy.
Contacts: customercare@majani.com • Postal address as above.
1. What data we process
• Account and order data: name, surname, contact details, shipping/billing address, purchased products, delivery notes.
• Payment data: managed through the Payment Service Provider (PSP) indicated at checkout; the Controller only receives the transaction result (no card numbers).
• Communications: customer service requests, newsletters (if subscribed).
• Technical browsing data: logs, online identifiers, cookies/similar technologies (see Cookie Policy).
• Marketing preferences: consents, interest categories (if provided/derived).
2. Why and on what legal basis
• Website management, account registration, cart, and online purchases
Legal basis: performance of a contract/pre-contractual measures (Art. 6.1.b GDPR).
• Legal obligations (tax, accounting, warranties, product safety)
Legal basis: legal obligation (Art. 6.1.c).
• Delivery/shipping and returns
Legal basis: performance of a contract (Art. 6.1.b).
• Customer support
Legal basis: performance of a contract or legitimate interest in efficiently handling requests (Art. 6.1.f).
• IT security, fraud prevention, protection of rights
Legal basis: legitimate interest of the Controller (Art. 6.1.f).
• Newsletters and promotional communications, surveys
Legal basis: consent (Art. 6.1.a); may be withdrawn at any time.
• Light marketing profiling for personalized communications
Legal basis: consent (Art. 6.1.a). No decisions producing legal effects.
3. Is providing data mandatory?
Providing contractual data is necessary to create an account and complete a purchase; without it, the order cannot be processed. Data for marketing/newsletters is optional.
4. Who we share data with (recipients)
• Couriers/Logistics: e.g. GLS General Logistics Systems (shipping/returns).
• IT/Hosting and maintenance providers: e.g. Europa Multimedia S.r.l. Unipersonale (server/website management).
• PSPs and banks, email/SMS providers, consultants (legal/tax), competent authorities when required.
All providers act as Data Processors under Art. 28 GDPR based on written agreements.
An updated list is available upon request at customercare@majani.com.
5. Data transfers outside the EEA
If certain providers are located or have systems in non-EEA countries, the transfer is carried out in compliance with Chapter V GDPR (adequacy decisions, Standard Contractual Clauses, and supplementary measures). Detailed information is available upon request.
6. Data retention periods
• Purchase/billing data: for the time necessary to perform the contract and up to 10 years for civil/tax obligations.
• Account: as long as the account remains active; if inactive, deletion/anonymization occurs after 24 months (subject to legal obligations).
• Customer support: up to 24 months after the request is closed.
• Marketing/newsletters: up to 24 months from consent collection or withdrawal.
• Technical security logs: 6–24 months depending on needs and security policies.
After these periods, data is deleted or anonymized.
7. Cookies and similar technologies
Technical cookies are necessary for the website’s functioning. Profiling/marketing cookies are installed only with consent via the banner and can be managed at any time from the Preference Center. For more details, see the Cookie Policy.
8. Data subject rights
You have the right to access, rectify, erase, restrict, and port your data, to object (especially to direct marketing), and to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise your rights: customercare@majani.com or the Controller’s postal address.
You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
9. Minors
The website/services are not intended for minors under 14 years of age (or the age set by applicable national law). If we become aware that we have collected data from a minor without valid consent, we will delete it.
10. Data security
We adopt appropriate technical and organizational measures (access controls, encryption where applicable, backups, logging, staff policies and training) in line with the principle of integrity and confidentiality (Art. 5.1.f GDPR).
11. Updates to this notice
We may amend this notice to comply with regulatory changes or our processing practices. In case of material changes, users will be informed with reasonable advance notice.
Version: 1.0 — Date: October 2025