WHAT IS THE CONTENT OF THIS DOCUMENT? WHAT HAPPENS TO MY PERSONAL DATA WHEN I INTERACT WITH THIS SITE OR WITH MERIDIO LTD IN GENERAL?
This privacy policy (“Privacy Policy”) applies to any collection and processing of personal data carried out:
– when you interact with the website www.meridioband.com (the “Site”) operated by Meridio Ltd with headquarter in Milan (Italy)
– when you purchase a product or request other services from Meridio LTD, whether online including when you contact our customer service for post-sale customer services or specific questions or requests;
– when we communicate with you as part of our marketing activities.
By accessing and using this Site or otherwise providing us with your personal data, for example when visiting our stores or when contacting our customer service, you confirm that you have read and that you understand the way we collect, process, use and disclose your personal data as described in this Privacy Policy.
For specific processing activities, we need to obtain your consent to collect and process your personal data. When we need your consent, we will ask you, before you submit personal data or use the relevant sections of the Site, to confirm electronically that you consent to the processing activity at stake, as described in this Privacy Policy, by ticking specific boxes.
Your affirmative action in ticking the relevant box and your use of this Site signify that you agree to the processing activity at stake as described in this Privacy Policy. Our records of your acceptance of this Privacy Policy, the date there of, and of all future amendments to this Privacy Policy, shall be regarded as conclusive and written evidence of your consent.
You will also be informed of this Privacy Policy – and, when a specific processing activity requires your consent, be asked to consent – when contacting our customer service or when providing us with your personal data in our stores.
We collect and process your personal data in accordance with all applicable data protection laws and regulations, including, without limitation, the laws promulgated on the matter by the European Union, such as the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data and all the laws promulgated in the EU Member States, as well as the orders and guidelines issues by the competent data protection authorities, as applicable, and the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and supplementing national provisions applicable as of 25 May 2018 (the “Data Protection Laws”).
WHO CONTROLS THE PROCESSING OF MY PERSONAL DATA? WHO IS ACCOUNTABLE FOR IT?
The controller of the personal data that are collected when you use this Site (other than when you purchase goods from us), and that are collected for our marketing and profiling activities is: Meridio Ltd Unit 1504, 15/Fl., Global Gateway Tower, No. 63 Wing Hong Street, Cheung Sha Wan-Kowloon-Hong Kong. For further details and how to contact us, please refer to Contact Us.
The controller of your personal data when you purchase goods from us is Meridio LTD. This entity is also the controller of the personal data that you provide when you interact with our customer service.
WHAT PERSONAL DATA ARE PROCESSED?
Automatic Information Collection on this Site
The processing of your personal data when you merely visit and consult the Site is limited to the so-named surfing data, namely the data whose transmission to the Site is implicit in the functioning of the systems in charge of the managing of the Site and in the communications protocols peculiar to the Internet. Surfing data are, for example, the IP addresses of the devices you use to connect to the Site and other parameters relating to your device and operating system.
In principle, surfing data, such as these above specified, and for example the number of visits and the time spent on the Site, are collected and processed by us exclusively for statistical purposes and in aggregated form for purposes of measuring and enhancing the functioning of the Site. Due to the nature itself of surfing data, these data may lead to identification of users if they are associated with data held by third parties; however, we do not collect surfing data in order to associate them with identified users, except where said data may be used for purposes of assessing possible responsibilities in case of information crimes realized against the Site or through the Site to the extent permitted by law.
Besides, certain information is gathered on this Site by means of cookies and other tracking technologies as described in our Cookies Policy available at Cookie Policy. By actively closing the Site Cookie Banner and by setting your cookie preferences through our tool and in your browser, you are agreeing to our use of cookies and similar technologies. If you do not agree to our use of cookies in this way, you should set your cookie preferences accordingly. You will always be able to withdraw your consent and change your cookie preferences at any time. If you disable cookies that we use, this may impact your user experience while on this Site.
Information you provide voluntarily to us:
We collect and process:
- 1. personal data that you provide when you interact with the Site functionalities, for example, when you open an account or upload user-generated content on the Site. This personal data may include:
- your name, e-mail address, telephone number
- your username and password
- 2. personal data that you provide when you take part/subscribe to our marketing activities (whether through our Site or in our stores), for example, when you subscribe to our newsletter(s) or mailing list(s) or participate to promotions and other initiatives such as loyalty programs, contests and sweepstakes, etc. This personal data may include:
- your name, e-mail address, telephone number
- the history of your purchases
- your gender
- your preferences and interests
- 3. personal data that you provide when you purchase goods from us (whether online or in our stores). This personal data may include:
- your name, e-mail address, telephone number
- the history of products you purchase
- details regarding your transaction
- 4. personal data that you provide when you interact with our customer-service, for example, when you send a question about a product, communicate feedback to us, contact our customer service call center for support, or request specific assistance or service from our customer-service. This personal data may include:
- your name, e-mail address, telephone number
- the history of products you purchase
- information regarding the reasons why you contacted customer service
- content of your communications relating to your interaction with customer service
Where you have provided us with personal data about another person, (for example when using the function e-mail to a friend, gift card functionalities or other purposes) to the extent permitted by applicable laws you hereby confirm that you are entitled to communicate such personal data to us and that you have informed said person about – and where necessary, have obtained his/her consent to – the processing of his/her personal data for the purposes set out in this Privacy Policy.
FOR WHAT PURPOSES ARE MY PERSONAL DATA PROCESSED?
We collect and process your personal Data for the following purposes:
- 1. Meridio LTD, as controller, processes your personal data for the following purposes:
- a. to operate and manage the Site, including:
- to provide you with the services or functionalities that you request on the Site;
- to create your account and manage your subscription on the Site;
- to improve your browsing experience and ameliorate the Site;
- b. to conduct marketing activities for Meridio LTD, including :
- for direct marketing purposes, including:
- to manage your subscription to our newsletter(s) or mailing list(s) or loyalty program(s);
- to allow participation to promotions and other initiatives, such as contests and sweepstakes;
- to send you (subject to your consent, that is optional), also through e-mail or other electronic communications means such as SMS, MMS, fax, etc. promotional information and material on our products and services, on special initiatives on price and promotions and on initiatives such as loyalty programs, events, exhibitions and fairs organized by Meridio LTD or to which Meridio LTD takes part;
- for survey purposes (subject to your consent, that is optional);
- for profiling purposes (subject to your consent, that is optional);
- to improve our products and services;
- for direct marketing purposes, including:
- a. to operate and manage the Site, including:
c. for other purposes:
- for fraud prevention purposes;
- to comply with our obligations under applicable laws, regulations and Community legislation, and to assess and defend a legal right.
2. Meridio LTD, as controllers, process your personal data for the following purposes:
- a. to manage your purchases of goods (online and in our stores):
- this includes all activities relating to the purchase of goods, such as for example delivery of goods, billing, returning and exchanging of goods, receiving refunds, purchase and use of gift cards and e-gift cards, as applicable, payment related activities, including use of vouchers;
- b. to provide you with our customer-service (see details section 3 below), including:
- to provide you with after-sale services;
- to respond to your request(s) of information, question(s), communication(s) or feedback
- for internal training purposes and improvement of our customer-service;
- c. for other purposes:
- for fraud prevention purposes
- to comply with our obligations under applicable laws, regulations and Community legislation, and to assess and defend a legal right.
WHAT ARE THE LEGAL BASES FOR THE PROCESSING OF MY PERSONAL DATA AS DESCRIBED HEREIN?
We will collect and process your personal data for the purposes described in the Section “For what purposes are my personal data processed?” on one of the following legal bases:
- The processing of your personal data is necessary for performance of a contract with you or in order to take steps prior to entering into a contract with you at your request (Article 6, 1., (b) of the GDPR, as of 25 May 2018);
- The processing is necessary for the purposes of our legitimate interests or our affiliates’ or other third parties’ legitimate interests, and such interests are not overridden by your interests or fundamental rights and freedoms (Article 6, 1., (f) of the GDPR, as of 25 May 2018); The legitimate interests that we pursue notably include our interest to manage and maintain the contractual relationship with you, to answer to your specific requests, to ask your feedback in order to improve our Site and our products, or to pursue other general marketing activities.
- Where your specific consent is required to the processing of your personal data as described herein, your personal data will be processed based on such consent (Article 6, 1., (a) of the GDPR, as of 25 May 2018);
HOW LONG WILL MY PERSONAL BE DATA PROCESSED?
Personal data are not kept for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under applicable Laws.
ARE MY PERSONAL DATA SAFE?
We are committed to protect the security and confidentiality of your personal data. We take – and require that any service provider and/or third party processor processing personal data on our behalf and on our instructions takes – appropriate technical and organizational measures to prevent loss and destruction, even accidental, of data, unauthorized access to data, unlawful or unfair use of data. Moreover, information systems and software programs are configured so that personal and identification data are used only when necessary to achieve the specific processing purpose from time to time sought.
We deploy a variety of advanced security technologies and procedures to help protecting personal data against the risks outlined above. For example, personal data provided by users are stored on secured servers placed in controlled locations. Moreover, for the transmission of some data through the Internet are deployed encryption techniques such as the Secure Socket Layer (SSL) protocol.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your personal data, we cannot guarantee that loss, misuse, or alteration of data will never occur.
WHERE DO MY PERSONAL DATA GO? WHO ARE THE RECIPIENTS, WHERE IS IT TRANSFERRED AND FOR WHAT PURPOSES?
Personal data collected through our Site, as part of the sale of goods in our stores and as part of our customer service are stored on the servers provided and managed by our third-party storage and hosting provider HOLOCRON, with registered offices at Via Marche 8/A, 56123 Pisa, Italy . We communicate personal data within the limits and under the circumstances specified in this Privacy Policy, subject to your specific consent when required under applicable Data Protection Laws:
- 1°. Your personal data will be accessible within our organization by the internal and external personnel that need to access it because of their duties in relation to the processing purposes herein specified. We ensure that these persons are held by appropriate security and confidentiality duties.
- 2°. Your personal data may also be accessible by third party service provider that we appoint to process personal data on our behalf and on our instructions (as Processors).
These Processors include:
MISSING PROCESSORS LIST
- third party service providers to which we may revert to for performance of professional, technical and organizational services functional to the managing of the Site and the activities performed therein, such as for example the sales of goods and related activities, the managing of functionalities offered by the Site and of the initiatives and services that you may subscribe to and require through the Site, and for services strictly functional to achievement of the other processing purposes herein specified;
- third party service providers to which we revert for closing purchase transactions and payment processing through our e-commerce platform;
- third party service providers that are managing and supporting the Site, the relevant e-com platform and all the pre- and post-sale activities, such as, order processing, performance marketing, financial services, warehouse management, and customer relationship management;
Your personal data may also be shared with institutions, authorities, public entities, banks and financial institutions, professionals, independent consultants, also in associate form, business partners or other legitimate recipients as permitted by applicable laws and regulations, for example in case of judicial processes, request by competent courts and authorities or other legal obligation, to protect and defend our rights and property and the Site.
Lastly, we may also communicate your personal data to third parties in case of mergers, acquisitions, transfers of any of our assets, products, websites or operations.
Except for the foregoing, personal data will not be shared with third parties, natural persons or legal entities, that are unrelated to, or that do not perform a business, professional or technical function for us.
Personal data will not be communicated to third parties for their own marketing purposes.
This Cookie Policy describes and informs you about our use of cookies and other tracking technologies such as flash cookies, server logs, web beacons or pixel gifs.
Please note that third party websites, which may be linked to the Site, are not covered by this Cookie Policy.
By clicking the “Close” button on the Site’s Cookie Banner or selecting your preferences on the “cookie preferences” function available on the Site’s Cookie Banner, you are agreeing to our use of cookies and similar tracking technologies in line with your current cookie preferences and in accordance with this Cookie Policy.
If you do not agree to our use of cookies and similar tracking technologies in this way, you should set your cookie preferences or browser settings accordingly. You will always be able to withdraw your consent and change your choice by amending your cookie preferences or browser settings in the future.
Once you have accepted the use of cookies and similar tracking technologies on the Site, notably through the use of the “cookie preferences” function available on the Site’s Cookie Banner, your preferences with regard to the use of cookies will be saved in the form of a cookie for your future visits to the Site for as long as you do not remove the cookies stored on your device. If you disable cookies that we use, some parts of the Site may not work properly and some functionalities of the Site may be unavailable, depending on the type of cookie you have disabled.
WHAT ARE COOKIES?
Cookies are small text files sent to your device by the Site. Cookies are uploaded onto your device, thus allowing the Site to recognize you and store certain information concerning you, in order to permit or improve the service offered. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e. how long the cookie will remain on your device), and a value, which is usually a randomly generated unique number.
As regards the lifetime of cookies, two types of cookies may be used, “session cookies” and “persistent cookies”. Session cookies are automatically deleted at the end of your browsing session. Persistent cookies remain longer on your device, for the duration of each specific cookie, and will remain valid until its set expiry date (unless deleted by the user before the expiry date).
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website. Cookies do not contain any information that personally identifies you, [but personal information that we store about you may be linked to the information stored in and obtained from cookies].
We also use other types of tracking technologies, such as flash cookies, server logs, web beacons or pixel gifs in connection with our Website and services. These technologies are similar to cookies in that they are stored on your device and can be used to maintain information about your activities and preferences.
WHAT TYPES OF COOKIES DOES THE SITE USE?
We may use different types of cookies. We may use what we call “required” cookies to enable core site functionalities, such as logging-in and completing an Order for Products. These cookies do not collect personal information for marketing purposes and can not be disabled.
“Functional” cookies provide more advanced functions, such as remembering log-in details, remembering what is in your shopping cart and remembering your preferences such as language and country, analyzing Site usage to measure and improve performance. Also these cookies do not collect information that can identify users. These cookies can be disabled in accordance with Section “How can you control, delete or withdraw your consent to the use of cookies ?” below.
“Advertising” cookies may be finally used to keep record of certain behaviours or preferences expressed by you, so as to present content that is more relevant to your interests, in compliance with the applicable data protection and privacy laws and upon collection of your express consent if required by law. These cookies may also enable you to share some Site content through social networks such as Facebook and Twitter. To review the respective privacy policies cookies, you can visit the social networks websites.
In the case of Facebook and Twitter please visit https://www.facebook.com/help/cookies and https://twitter.com/privacy.
These cookies can be disabled in accordance with Section “How can you control, delete or withdraw your consent to the use of cookies ?” below.
In any case, our cookies do not run programs on users’ device nor upload viruses on it, and do not allow any kind of control over the device.
AM I OBLIGED TO PROVIDE MY PERSONAL DATA? WHAT ARE THE CONSEQUENCES IF I REFUSE TO PROVIDE THEM?
Except in relation to the surfing data (please refer to the above section 3 – “What personal data are processed? ), providing your personal data may be a requirement necessary to enter into or to perform a contract, including for the performance of certain services and functionalities offered by the Site, such as subscription to the Site, subscription to our newsletter(s), the purchase of goods through the Site or in our stores, the management of participation to loyalty programs, promotions and other initiatives communicated through the Site or in our stores, replying to and managing of request of information, questions, communication or feedback. In the above referenced circumstances, refusal to provide your personal data would make it impossible for us to perform the contract or to provide the requested services, products or information as above specified.
Providing your personal data for survey, marketing and other profiling purposes as above specified is optional; refusal to provide your personal data for these purposes will not have any impact on the entering into or performance of the contract. When requested under Data Protection Laws, we will collect your prior consent before proceeding to processing your personal data for these purposes.
DOES THE SITE CONTAIN ELEMENTS CONTROLLED BY THIRD PARTIES? WHO IS RESPONSIBLE AND LIABLE FOR THESE ELEMENTS?
The Site may contain links to other sites, as well as objects or elements controlled by third parties.
An example is plug-ins that may connect our Site to social networks like Facebook or Twitter (“social plug-in”) and that are usually identified by the relevant social network’s logo. If you interact with a social plug-in on our Site, your browser may send such social network certain data relating to you, such as your user ID, information on the Site, date and time, and other browser-related information. Such information will be processed by the social networks, owned and operated by third parties, according to their privacy policies.
We do not have access nor control over elements, objects, plug-ins, cookies, web beacon and other items or tracking technologies owned and operated by third parties, available on our Site or on the relevant third party websites, which users may access on or from the Site, and over the relevant methods of processing of personal data through such elements or sites. We disclaim any responsibility for such websites. You should check the privacy policy of third party websites and elements accessed from the Site to learn about the conditions applicable to the processing of personal data since this Privacy Policy applies only to this Site.
WHAT ARE MY RIGHTS IN RELATION TO THE PROCESSING OF MY PERSONAL DATA AND HOW CAN I EXERCISE THEM?
You are entitled at any moment to enforce the rights available to you under applicable Data Protection Laws, including but not limited to the right of access, rectification, restriction, erasure, opposition (including objecting, at any time and for free, to the processing of your personal data for direct marketing purposes), right to portability as well as the right to withdraw your consent. You also have the right to lodge a complaint with the competent supervisory authority.
For a summary on what the abovementioned rights involve and how you can exercise them, please refer to Appendix 1 to this Privacy Policy.
Browser settings
If you wish to withdraw your consent to our use of cookies on this Site, or if you wish to delete or control the placing of cookies on your computer, you can also change your browser settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings at:
– Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/How-to-manage-cookies-in-Internet-Explorer-9
– Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&hlrm=nl&answer=95647
– Safari: http://support.apple.com/kb/PH5042
If you disable the cookies that the Site uses, this may impact your experience while on the Site.
You can also delete cookies already stored on your computer. Again, doing this may have a negative impact on the usability of many websites.
CAN WE MAKE CHANGES TO THIS PRIVACY POLICY?
We reserve the right to update and amend all or parts of this Privacy Policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force. If we change this Privacy Policy, we will notify you of such changes by posting a link on the home page of the Site to the amended privacy policy that reads “Newly Revised Privacy Policy” and/or notifying you in any other manner (such as by email where appropriate or required by law and to the extent that we have your e-mail address).
APPENDIX 1 – DATA SUBJECT’S RIGHTS
As an individual whose personal data is processed as described in this Privacy Policy, you have a number of rights which are summarized below. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law.
Right of access
Subject to applicable law, you have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, if so, to request access to such personal data including, without limitation, the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If you request more than one copy of the personal data undergoing processing, we may charge a reasonable fee based on administrative costs.
Right to rectification
You have the right to request from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
You have the right to request from us the erasure of personal data concerning you in certain circumstances as defined under applicable law. When your request falls within one of those circumstances, we will erase your personal data without undue delay. If, for technical and organisational reasons, we were not able to erase your personal data, we will ensure that it is fully and irreversibly anonymized so that we will not longer be holding such personal data about you.
Right to restriction of processing
In certain circumstances as defined under applicable law, you have the right to request the restriction of processing of your personal data. In such case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to data portability
In certain circumstances as defined under applicable law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another controller or to have such personal data transmitted directly from us to another controller, where technically feasible.
Right to object
In certain circumstances as defined under applicable law, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. This notably applies in case of processing of your personal data based on our legitimate interests or for statistical purposes.
Right to object to direct marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).
Right not to be subject to a decision based solely on automated processing
Subject to certain restrictions, you have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on you similarly significantly affects you.
Right to withdraw consent
If you have declared your consent for any personal data processing activities as described in this Privacy Policy, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent.
Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
In case you have a complaint about the processing of your personal data, you have the right to lodge a complaint with a competent supervisory authority.