Information on the Processing of Personal Data

Customer Data Collection & Tax Free Service
provided pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003

This Information describes the methods and purposes of processing the personal data of customers of Mattioli Brand S.r.l., as Data Controller, pursuant to Article 13 of Regulation (EU) 2016/679.

1. Data Controller

The Data Controller is:

MATTIOLI BRAND SRL
Via Bologna 220 – 10154 Turin – Italy
VAT / Tax Code 13292520015 — Turin Companies Register No. 1352771
Telephone +39 011 2481766
E-mail marketing@mattioli.it

2. Types of Data Collected

Mattioli collects exclusively the data strictly necessary for the purposes indicated, in compliance with the principle of minimization. In particular:

  • First and last name
  • Date of birth
  • Address, city, and country of residence
  • E-mail and telephone number
  • Language
  • Product and style preferences, where communicated
  • Passport or identity document data for Tax Free procedures

Document data are collected exclusively to fulfill tax and regulatory obligations connected to the Tax Free service.

3. Purpose of Processing

Personal data are processed for the following purposes:

  • Management of the relationship with the customer and provision of requested services, including the Tax Free service
  • Legal, tax, and administrative compliance
  • Improvement of service and customer assistance
  • Sending of commercial and marketing communications, with analysis of preferences to offer a personalized experience (profiling, subject to consent)

The data are also used in order to offer an experience consistent with the standards of Maison Mattioli.

4. Legal Basis of Processing

The processing is based on:

  • Performance of a contract or pre-contractual measures
  • Legal obligations (e.g., tax regulations for Tax Free)
  • Consent of the data subject (marketing and profiling)
  • Legitimate interest of the Controller (service improvement and assistance)
5. Marketing

Subject to explicit consent, the data may be used for:

  • Sending newsletters
  • Commercial communications
  • Invitations to exclusive events
6. Profiling

Subject to explicit consent, Mattioli may analyze preferences, habits, and purchasing behavior in order to offer personalized communications and proposals.

7. Methods of Processing

The processing is carried out using computerized and/or paper-based tools, in compliance with the principles of lawfulness, fairness and transparency, data minimization, security, and confidentiality.

8. Data Retention
  • Customer data: for the duration of the relationship
  • Tax data (Tax Free): according to legal obligations
  • Marketing data: until withdrawal of consent
9. Communication and Data Processors

The data may be communicated to:

  • Tax and customs authorities
  • Service providers (IT, CRM, logistics, marketing)
  • Authorized partners

Such parties, where necessary, are appointed Data Processors pursuant to Article 28 of the GDPR. Any transfers outside the EU occur in compliance with the safeguards provided for by the GDPR.

10. Data Collected Through the Website

The website may collect data through cookies and tracking tools. For further information, please refer to the dedicated Cookie Policy.

11. Nature of Data Provision

The provision of data is mandatory for contractual and legal purposes, optional for marketing and profiling purposes. Failure to provide mandatory data may prevent the provision of certain services (e.g., Tax Free).

12. Rights of the Data Subject

The data subject may exercise at any time the rights to:

  • Access to data, rectification, or updating
  • Erasure, restriction of processing, or objection
  • Data portability or withdrawal of consent

Requests may be sent to marketing@mattioli.it

Withdrawal of consent is always possible and does not affect the lawfulness of processing carried out before the withdrawal.

13. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the Guarantor for the Protection of Personal Data.

14. Minors

The services are not intended for persons under 18 years of age.

15. Data Security

The Controller adopts appropriate technical and organizational measures to protect data from unauthorized access, loss, or unlawful use.

16. Updates

This information may be updated for regulatory or operational adjustments.