Login

Cart

Your cart is empty

Privacy policy

MONSKI

DATA PROTECTION INFORMATION

Information pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council

This Privacy Policy of Monski, as an independent data controller, provides information regarding the processing of personal data, which are automatically collected or provided by the user when accessing the website, www.monski.co, managed by Monski, browsing, and using the services provided therein (hereinafter "Services").

1.DATA CONTROLLER

The data controller for the respective activities is Monski (VAT No. 13384760966), with registered office at Via Monte Pertica 1, Cesano Maderno (MB). Email address: support@monski.co.

2.TYPES OF PERSONAL DATA PROCESSED

Personal data means any information that concerns the user and is referable to them.

To enable navigation of the website and the use of the related Services (such as, for example, creating a personal area, making purchases), the processing may involve:

  1. Registration data: name, surname, email address, shipping and billing address, phone number.
  2. Payment data: data related to credit/debit cards, payment information via PayPal or other payment methods.
  3. Navigation data: IP address, browser type, pages viewed, time spent on the site.
  4. Purchase data: products purchased, order amounts, purchase preferences.

3. PURPOSES, LEGAL BASES OF PROCESSING, AND NATURE OF PROVISION

The data are processed for the following purposes:

  1. To enable navigation of the website, obtain anonymous statistical information on its use, as well as ensure its proper functioning and ascertain responsibility in case of computer crimes (hereinafter "Website Navigation"). The processing carried out by Monski is based on its legitimate interest (Art. 6.1 f) Regulation);
  2. Processing the purchase order of the selected products, fulfilling the concluded contract, and all legal and contractual obligations related to it, including administrative, accounting, and tax obligations (hereinafter "Product Purchase").
  3. Customer care, including managing any requests and/or complaints, as well as returns (hereinafter "Customer Care"). The processing carried out by the Controllers is based on the execution of the contract and pre-contractual measures (Art. 6.1 b) Regulation)
  4.  Allowing subscription to the newsletter and sending communications with informational and promotional content about Monski-branded products, services, and events (hereinafter "Newsletter"). The processing carried out by Monski is based on expressed consent (Art. 6.1 a) Regulation);
  5. Sending communications with commercial and promotional content about Monski-branded products and services, similar to those purchased, so-called soft spam (hereinafter "Soft Spam"). The processing carried out by the Controllers is based on legitimate interest (Art. 6.1 f) Regulation);
  6. Analyzing the user's interests, purchase habits, and tastes to allow the Company to customize the offer of its products and services, as well as to send further communications in line with the customer's interests (hereinafter "Profiling"). The processing carried out by Monski is based on expressed consent (Art. 6.1 a) Regulation);
  7. Registration to the personal area "My Account," creation of the related profile, and use of services reserved for registered users (hereinafter "Personal Area"). The processing carried out by Monski is based on expressed consent (Art. 6.1 a) Regulation);
  8. Verification of the correspondence between the purchaser and the holder of the selected payment method (hereinafter "Anti-Fraud Activities"). The processing carried out by Monski is based on its legitimate interest (Art. 6.1 f) Regulation);
  9. Exercise and defense of the Controllers' rights in any venue, including judicial, administrative, arbitration, and/or mediation and conciliation procedures (hereinafter "Defense"). The processing carried out by the Controllers is based on their legitimate interest (Art. 6.1 f) Regulation).

Except for navigation data (automatically collected by the system), the provision of data is:

  • Necessary for the pursuit of the purposes referred to in point 4) letters b), c), j), and l). Therefore, the failure to provide data marked with (*) by the user will make it impossible for the Controllers to fulfill the requested actions (e.g., processing the purchase order, fulfilling legal and contractual obligations, managing any requests or complaints, initiating the selection process), while the failure to provide data not marked with (*) does not affect the fulfillment of the requested actions by the Controllers and the aforementioned purposes;
  • Optional for the pursuit of the purposes referred to in point 4) letters d), f), g). Therefore, the failure to provide data makes it objectively impossible for the Controllers to proceed with the user's request (e.g., sending newsletters, performing profiling activities, creating a personal profile), without, however, affecting the pursuit of the purposes referred to in point 4) letters b), c), j) and the use of the website.

4.     COOKIES

Like many websites, we use Cookies on our Site. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and service providers to use Cookies on our Site to better tailor the services, products, and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

5.     PROCESSING METHODS

For the purposes indicated in point 4), the processing of data will mainly be carried out by electronic and automated means, as well as in paper form, in compliance with the regulatory provisions on personal data processing, adopting appropriate security measures. The processing of data is managed by Monski, save as provided by Articles 13 and 15.

6.     DATA DISCLOSURE

The data will not be disseminated. Within the limits strictly relevant to the purposes indicated in point 4), the data may be disclosed to:

  • External subjects to the Controllers who, as independent data controllers or data processors pursuant to Article 28 of the Regulation, are involved in data processing operations, such as, for example, credit institutions, internet providers, transport companies, marketing companies, entities responsible for IT infrastructure and its management and maintenance, companies responsible for system security and anti-fraud checks, companies responsible for website management, tax consultants.
  • Subjects authorized by law or regulation, such as, for example, competent public authorities and the judiciary.

7.     DATA RETENTION PERIOD

The Controllers retain the data for the period strictly necessary to achieve the respective purposes for which the data were collected. Specifically, the data processed for the purpose of:

  • Product purchase will be retained for the duration of the relationship and, in any case, until the rights arising from the relationship itself are prescribed;
  • Customer care will be retained for the period strictly necessary to achieve the purpose;
  • Newsletter will be retained until the user's consent is revoked;
  • Profiling will be retained for a maximum period of 12 (twelve) months from the date of collection;
  • Personal Area will be retained until the profile is closed by the user, which can be requested at any time;

Notwithstanding the right to revoke consent for those processing activities based on such legal basis, the right to object to processing, as well as compliance with specific retention obligations provided by law and the exercise of the right of defense in case of dispute.

8.     DATA SUBJECT'S RIGHTS

With reference to the data, the right to request Monski in the manner indicated by the Regulation and without prejudice to the provisions and limitations of Legislative Decree No. 196/2003 (Part I - Title I - Chapter III) is provided:

  • Access, in the cases provided (Art. 15 Regulation);
  • Rectification of inaccurate data and integration of incomplete data (Art. 16 Regulation);
  • Deletion of data for the reasons provided (Art. 17 Regulation), such as when they are no longer necessary for the purposes indicated above or are not processed in compliance with the Regulation;
  • Limitation of processing in the cases provided (Art. 18 Regulation), such as when the accuracy of the data is contested and needs to be verified;
  • Portability, i.e., the right to receive, in the cases provided (Art. 20 Regulation), in a structured, commonly used, and machine-readable format, the data and to transmit such data to another data controller;
  • Objection to processing, in the cases provided (Art. 21 Regulation).

It is also recognized the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or significantly affects them in a similar way, unless they have previously and explicitly given their consent (Art. 22 Regulation). By way of example and not exhaustively, this category includes any form of automated processing of personal data aimed at analyzing or predicting aspects concerning consumption and purchase choices, economic situation, interests, reliability, behavior.

All the rights listed above can be exercised by sending Monski a communication via email to support@monski.co or by registered letter to the same address: Cesano Maderno, Via Monte Pertica 1.

In the communication, the user must specify: name, surname, any purchase code, details of the request, and contact details.

Additionally, to no longer receive the newsletter, it will be possible to unsubscribe by clicking the "unsubscribe" button at the bottom of each communication.

9.     COMPLAINT

If the user believes that the processing violates the provisions of the Regulation, they have the right to lodge a complaint with the Data Protection Authority as indicated in Article 77 of the Regulation.

10.   DATA TRANSFER TO THIRD COUNTRIES

For the provision of the Services, the data may be transferred to third countries. In such cases, the Controllers undertake to ensure that the transfer of data to these countries is carried out in compliance with the Regulation and, specifically, in the presence of adequate safeguards (adequacy decisions, standard contractual clauses approved by the European Commission, etc.).

Further information can be requested by contacting the Controllers at the email address support@monski.co.

11.   MINORS

It is explicitly prohibited for minors under the age of eighteen (18) to use the Services on the website. Considering the available technologies and the Services provided, the Controllers have adopted age verification systems to ensure that consent to the processing of personal data of minors is given or authorized by the person exercising parental responsibility. By registering or purchasing products on the website, the user confirms that they have reached the age required by the country of residence.

12.   DATA BREACH POLICY

Monski has adopted a procedure for managing any personal data breaches that will handle the analysis of the event and the assessment of the risk level. This is to determine whether the breach exists and to carry out all the requirements of Articles 33 and 34 of the Regulation.

In particular, if the breach poses a high risk to the rights and freedoms of users, Monski will be required not only to notify the Data Protection Authority within 72 hours of becoming aware of it but also to inform all affected users, to enable them to take appropriate precautions to minimize the potential damage resulting from the breach.

In the communication to users, Monski will indicate:

  • The name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
  • The likely consequences of the personal data breach;
  • The measures taken or proposed to be taken to address the personal data breach and, if applicable, to mitigate its possible adverse effects.
  • This communication will not be required if: i) Monski has implemented appropriate technical and organizational protection measures on the data subject to the breach; ii) Monski has subsequently taken measures to prevent new high risks to the rights and freedoms of users; and iii) this requires disproportionate efforts. In this last case, Monski may issue a public communication or a similar measure.
  • Considering the short timeframes for notifying the Data Protection Authority, Monski invites:
  • The subjects appointed as data processors pursuant to Article 28 of the Regulation to communicate the breach respectively within 24 and 12 hours of discovery;
  • Anyone who becomes aware of a personal data breach to promptly report it by writing to the email address infoedatabreach@mmcol.it, so that it can be handled by the Crisis Team, which will proceed according to the procedure.

 13.   SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to users.

Your data is stored through Shopify's data storage, databases, and the general Shopify application. The data is stored on a secure server behind a firewall.

Payments:

If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data. The data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). The purchase transaction data is stored only as long as necessary to complete the purchase transaction. After completion, the purchase transaction data is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS, managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more information, you may also want to read Shopify's Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

14.   CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here of the update, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we can continue to sell products to you.

For any questions regarding our privacy policy, please contact us.

15.   THIRD-PARTY SERVICES

In general, the third-party providers we use will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand how your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities in a different jurisdiction than either you or us. So if you choose to proceed with a transaction that involves the services of a third-party service provider, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation.

Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website's Terms of Service.

Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.