Privacy policy

MySecretCase S.R.L. based in Corso Colombo 7, Milan (hereinafter the "Owner") is constantly striving to protect the online privacy of its users. This document has been prepared pursuant to art. 13 of the EU Regulation 2016/679 (hereinafter: "Regulation") in order to allow you to know our privacy policy, to understand how your personal information is handled when you use our site ("Site") and, if necessary, to give your express and informed consent to the processing of your personal data.

According to the rules of the Regulation, the treatments carried out by the Owner will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, data minimization, accuracy, integrity and confidentiality.

What types of personal data we process

a. Data provided during registration
The Owner will process the personal data necessary to register you correctly on the site to allow you access to our e-commerce and related services. This data is provided directly by the data subject and may include personal data and contact details, including but not limited to your first name, last name, date of birth, e-mail address and telephone number.

If you authorize us to do so, or through the use of cookies, we may store authentication or payment method data, which you can delete at any time and will only be used for the purposes of executing the contract.

b. Data collected to provide the service
In order to purchase our products we will ask you for data necessary for the execution of the contract, such as shipping and billing data.
To provide our service we may need to process special categories of data, pursuant to Article 9 of the Regulation.

c. Browsing data
The computer systems acquire, during the use of the platform and for its normal use, data that by their nature do not have an identifying function, but could assume it in limited cases when processed or associated with data held by third parties.
This category includes, for example, IP addresses, URI (Uniform Resource Identifier) addresses of the resources requested, such as the time of the requests, the characteristics of the device used, the size of the files exchanged or other types of information. This is anonymous or aggregate data that does not ordinarily permit your identification and is used to identify anomalies and issues. The data may be retained to protect our rights, but unless this is the case, it will not be retained for longer than seven days.

Purpose, legal basis and explanation

Below we set out the purposes for which we will use your personal data, the legal basis under Article 6 of the Privacy Regulation and a brief explanation of each purpose.

Purpose	Legal Basis	Explanation
a)Registration, authentication and use of the site	Fulfillment of contract
b)Order processing	Fulfillment of the contract
c)Storage of your payment details	Consent	We may ask you to save your data in order to speed up the purchasing process. Without consent we will not save anything.
d)Communication to our business partners and third parties	Consent	If you authorize us, we may communicate data to operational partners (logistics and courier) but will never be given to third parties for advertising or commercial operations.
Newsletter	Consent	By entering your e-mail in the newsletter section, you will allow us to send you news and information on topics of interest to you.
Profiling	Consent	If you authorize us to do so, we may use your data to analyze your interests in order to place you in specific categories or predict your behavior.
e)Sending direct marketing communications	Legitimate interest	We will send you emails to update youonly and exclusivelyof our products or services, if you have previously purchased something from us. This allows us to make new products or services more easily accessible and allows you to stay up to date. Our emails will not be frequent or invasive and you have the opportunity to at any time to deactivate their reception.
f) Maintenance and improvement of the service and your experience, management and market planning	Legitimate Interest	We use anonymous and aggregate data as much as possible for any form of service improvement or planning; we may also need your personal data, but it will only be used by us.
g) Detecting or preventing fraudulent activity	Legal obligation and legitimate interest	We may need to process your personal data in the event of malicious activity on our site.
h) Compliance with orders from a judicial or other public authority	Legal obligation
i) Preservation of accounting records	Legal obligation

Some products may involve access to special categories of data under Article 9 of the Privacy Regulation, so we may require your consent in order to provide you with additional services related to these products. Such data will generally be processed using encryption, anonymization and pseudonymization techniques.

What happens if you decide not to provide us with your data?

The provision of your personal data for the purposes a) and b) is necessary to allow you to register on the platform and to conclude the contract. Therefore, in the absence of the same it will not be possible for us to provide you with our services.
The consent for the purposes c) and d) is optional and does not imply any negative consequence for your user experience. We remind you, however, that consenting to these purposes allows us to grow and provide you with better and less expensive services.

To whom we disclose your information

On the basis of legitimate interest and as better specified in point 2 of this policy, we communicate your personal data to other companies belonging to our group for better organizational efficiency, taking all the necessary technical and legal precautions.
In addition, we disclose data to our suppliers for the needs of providing the service or, where there is a legitimate interest, as indicated in article 2.
Suppliers may include: delivery services, IT companies, legal advisors, payment processing companies, marketing companies. If suppliers process personal data on behalf of the Data Controller, they will be appointed as data controllers pursuant to Article 28 GDPR.

Transfer to third countries

Some of your personal data may be shared with parties outside the European Economic Area; we ensure that this is done in compliance with Regulation 679/2016, adopting precautions that provide for transfer only to countries subject to an adequacy decision, on standard contractual clauses approved by the European Commission, on consent or on another suitable legal basis.

Data Retention

Personal data will be kept only and only for the needs related to each of the purposes mentioned in paragraph 2 and in accordance with the principle of minimization.
We may need your data to defend your or our rights (art. 2946 cc. and following), as well as to comply with obligations to maintain accounting records. Therefore we keep this data for as long as necessary and in any case not longer than 10 years.
We also keep your data whenever we are required by law or by an order of public authorities. We keep your data for marketing purposes for two years after your last business contact. This is without prejudice to your right to withdraw your consent at any time by making a request to the Controller.

More information about the data retention period and the criteria used to determine these periods can be obtained by writing to:privacy@mysecretcase.com

Your Rights

You have the right to access your data at any time, pursuant to art. 7 of the Privacy Code and articles 15-22 GDPR. In particular, you can request access (art. 15 Regulation), rectification (art. 16 Regulation), cancellation (art. 17 Regulation), limitation of the processing of data in the cases provided for by art. 18 of the Regulation, the portability of data concerning you in the cases provided for by art. 20 of the Regulation, and to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data). You also have the right to revoke your consent at any time, pursuant to Article 7 of the Regulation; it is specified that the revocation of consent does not affect in any case the lawfulness of processing based on consent prior to revocation.

You can formulate a request to oppose the processing of your data pursuant to art. 21 of the Regulation in which you give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted in case of the existence of compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms.

How to exercise your rights or request information about the privacy policy

For any information or need, as well as to exercise the rights mentioned, we are at your disposal at the e-mailprivacy@mysecretcase.com.

Changes

This privacy policy is in force since 22/05/2018. The Owner reserves the right to modify or simply update its content, in part or in full, also due to changes in applicable legislation. The Owner will inform you of these changes and they will be binding as soon as they are published on the Site. The Data Controller therefore invites you to visit this section regularly in order to be aware of the most recent and updated version of the privacy policy so that you are always up to date on the data collected and the use made of it by the Data Controller.

COOKIES POLICY

What is a cookie?

Cookies are small text strings that sites visited by the user send to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites the next time the same user visits. During the navigation on a site, the user can receive on his terminal also cookies that are sent by different sites or web servers (so-called "third parties"), on which may reside some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) on the site he is visiting.

Why does MySecretCase use cookies?

Cookies are used for different purposes, such as performing computer authentication, session monitoring, storing information on specific configurations or for targeted advertising.

What cookies are used?

The Site uses the following cookies which can be de-selected, except for third party cookies for which you should refer directly to the relevant cookie selection and de-selection methods, indicated by means of links:

Technical navigation or session cookies and strictly necessary for the operation of the Site or to enable you to take advantage of the content and services requested.
Functionality cookies, i.e. used to activate specific features of the Site and a number of selected criteria (e.g. language) in order to improve the service provided.

WARNING: by disabling technical and/or functionality cookies, the Site may not be accessible or some services or some features of the Site may not be available or may not work properly and you may be forced to change or manually enter some information or preferences each time you visit the Site.

Third party cookies, i.e. cookies from websites or web servers other than MySecretCase S.R.L. used for the purposes of such third parties. It should be noted that these third parties, listed below with the relevant links to their privacy policies, are typically autonomous controllers of the data collected through the cookies they serve; therefore, reference must be made to their policies on the processing of personal data, disclosures and consent forms (selection and de-selection of their respective cookies), as specified in the cited provision. For the sake of completeness, it should also be noted that MySecretCase S.R.L. does its utmost to track cookies on its Site. These are updated regularly in the table below, where we give transparency on the cookies directly sent by MySecretCase S.R.L. and their purpose. With regard to third parties who send cookies through our site, we provide below links to their privacy policies: these third parties are responsible for providing information and collecting your consent, as required by the provision. This responsibility refers not only to the cookies that third parties send directly, but also to any additional cookies that are sent through our Site by virtue of the use of services that third parties themselves use. MySecretCase S.R.L. has no control over these cookies, which are sent by the service providers of these third parties, and does not know their characteristics or purpose. Below are the links to information on third party cookies:

Google:https://www.google.com/policies/privacy/partners/
Google Adwords:https://policies.google.com/technologies/cookies
Facebook:https://www.facebook.com/policies/cookies/
Bing:https://privacy.microsoft.com/it-it/privacystatement
Hotjar:https://www.hotjar.com/legal/policies/cookie-information

In detail, the cookies sent by MySecretCase S.R.L. through the Site are indicated below:

Cookie type and owner	Technical name of cookies	Functioning and purpose	Persistence time
Technical - HotJar	_hjIncludedInSample	This cookie is used to evaluate navigation problems on the site	1 year
Technical - Google Analytics	_ga	This cookie is used to evaluate the performance of the site and the traffic on it and to distinguish unique users.	2 years
Technical - Google Analytics	_grid	This cookie is used to evaluate the performance of the site and the traffic on it and to distinguish unique users.	24 hours
Analytical - MailChimp		This cookie is used to evaluate orders, purchases, conversions and commercial statistics in aggregate form.

How can I disable cookies?

You can authorize, block or delete (in whole or in part) cookies through the specific functions of your browser. For more information on how to set preferences on the use of cookies through the Browser, you can consult the relevant instructions: