MAG BOUTIQUE – Via dei Termini 49 – 53100 Siena (SI) Italy VAT No 01075620524 (hereinafter “Mag Boutique”) take seriously the rights of the customer in matters of personal data protection and the obligations to which we are bound. This Privacy Policy (“Policy”) describes how we process your personal data collected via www.magboutique.it (“Website”), and other means (e.g. via social media, cookies etc.). Please read this Policy carefully.
The personal data provided by the customer may be considered as controlled by MAG BOUTIQUE – Via dei Termini 49 – 53100 Siena (SI) Italy VAT number 01075620524 (hereinafter “Mag Boutique”) .

1.  Personal data we collect from the customer

We collect various types of personal data from you for the purposes described in this Notice, including:

• Customer data (such as name, birthday, nationality, e-mail address, postal address, telephone number and other personal data) provided by the customer through filling in forms on the Website, including the possibility of subscribing to our newsletter and registering and creating an account on the Website;

• Data of any transactions made by the customer;

• Personal data that may be contained in communications sent to us by the customer, for example to report a problem or to forward requests, issues or comments regarding the Website or its contents;

• Information from surveys that we may conduct over time on the Website for research purposes, where you choose to respond or participate;

• Debit/credit card information;

• Information about your use and browsing of our Website, such as your IP address and other device identifiers, operating system and browser type, and information about the pages of the Website you visit, collected through cookies or other tracking technologies; and

• Personal data collected from third parties, such as data that you agree to share with us on publicly accessible social networks (e.g. Facebook, Instagram, etc.) and/or that we may collect from other publicly available databases.

The customer is under no obligation to provide such personal data. The provision of personal data by the customer (in particular personal details, e-mail address, postal address, credit/debit card numbers, bank code and telephone number) is necessary for us to process your order for the purchase of products on the Website, for the provision of other services on our Website at your request or for the fulfilment of obligations under laws or regulations. The refusal by the customer to provide us with the data necessary for the pursuit of the above-mentioned purposes may result in our inability to process the order for the purchase of products sold on our Internet site or to comply with the obligations provided for by law or regulation. The failure to provide personal data may therefore, in some cases, constitute a legitimate and justified reason for not processing the order for the purchase of products sold on the Website or for not providing services on the Website.

The provision of additional personal data and other than those required for the fulfilment of legal obligations or contractual ones and for the correct display of our services with the necessary traffic data is on the contrary optional and does not produce any effect on the use of the Website and its services or on the purchase of products on the Website. We will inform you at each stage whether the provision of personal data is required or optional by means of a symbol (*) the information requested or data required for the purchase of products and/or the provision of services requested on the Website.

2. Minimum age

The protection of children’s safety and privacy is very important to us. We do not accept registrations or orders from anyone under the age of 16 (sixteen) years or under the age specified by the law of their country of residence that has other age limits, and we will not knowingly collect or process personal data from them. By registering or purchasing on the Website, the customer confirms that he has reached the age of majority required by his country of residence.

3. Cookie

Our website uses cookies. For more information, please see our Privacy Policy.

4. Use of customer personal data

Any processing of your personal data is based on a lawful “justification” (or legal basis) for the processing. In most cases, the processing of your personal data is justified on one or more of the following grounds:

• the processing is necessary for the fulfilment of the contract with the customer or to carry out the activities required by the customer in order to conclude the contract (e.g., sales contract);

• the processing is necessary to enable us to comply with our obligations under the law;

• The processing is our legitimate interest as a company and our interests do not prevail over your interests, fundamental rights or freedoms. Our legitimate interests may include the interest to use your personal data or the user of the Website for the performance and development of our business activities (including the conduct of ordinary marketing activities), with current or potential customers and users of the Website; and in the preparation, exercise or defense of legal actions; or

• Processing is based on the customer’s prior express consent, such as personalized and segmented marketing activities.

	The purposes of processing your personal data are as follows:	The processing of your personal data is justified on the following legal grounds:
1	Processing of customer purchases and provision of services and information offered through the Website and requested by the customer	Performance of a contract
2	Managing the customer account	Performance of a contract
3	Verification and execution of financial transactions related to payments made by the customer	Performance of a contract
4	Review and download of data from the Internet Site	Our legitimate interest in better understanding our customers and improving our services accordingly
5	Improve and personalize our Website and our products, services and activities in general, by tracking your preferences for our products, shopping history and interactions with the Website	Our legitimate interest in improving our products and services
6	Identification of visitors to the Website	Our legitimate interest in better understanding our customers and improving our services accordingly
7	Performing data analysis and market research	Our legitimate interest in better understanding our customers and improving our services accordingly
8	Carry out data enrichment, such as analysis of our customer’s product preferences, purchase history and interactions with the Site in conjunction with data collection from third parties, the data that you agree to share with us on social networks (e.g. Facebook, Instagram, etc.) and/or that we may collect from publicly accessible databases	The prior express consent of the customer
9	Get in touch with the customer to deal with requests or complaints	The prior express consent of the customer
10	Send you marketing communications regarding news, information and updates about our products and services, offers, promotions and special events and other marketing communications that may be of interest to you (via SMS, email or phone), and personalize the customer experience with us with the interests and purchasing habits of the customer and with the improvement of our services, in particular by profiling. We may also use the data that we collect about you as a support in advertising our products and services on third party websites – for more information please see our Cookie Policy	The customer’s prior express consent and our legitimate interest in keeping our customers/prospects up to date with regard to services and products

5. Communication of personal data of the customer

We may disclose your personal data to any of our affiliated companies or service providers who assist us in providing the services we offer, processing transactions, fulfilling inquiries, Receiving and sending communications, updating marketing lists, analyzing data, providing support services or performing other tasks over time.

For clarity, we will obtain your express consent before sharing your personal data with other third parties for marketing purposes.

The personal data of the customer will be accessible by authorized personnel of the Owner, affiliated companies and service providers acting on our behalf, so that they can only be accessed if necessary.
The transfer of your personal data from your country of residence to third countries in which we operate involves France, Italy, Switzerland and the United States; Some of these countries are subject to a data protection adequacy decision by the European Commission, while others are not, such as the USA.

We may also share your personal data with third parties in relation to current or potential sales or restructuring of our company or any of our activities or those of any affiliated companies, in which case the personal data held by us and relating to our users may be one of the transferred activities.

We may also respond to requests for personal data where required by law or when we believe that the disclosure is necessary to protect our rights and/or to comply with court proceedings, court orders, to requests from supervisory authorities or any other legal action notified to us.

6. Safety

We attach great importance to the security of all personal data relating to our users. We take security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorised access. To better protect your personal data outside of our control, your devices must be protected (with up-to-date antivirus systems) and the Internet service provider of the customer must take appropriate measures to ensure that data is transmitted securely over the network (such as firewalls and spam filters).

Although we do our best to protect your personal data, we cannot guarantee that the personal data you provide us will be 100% secure or that there will be no data breaches.

You accept the implications of online trading and will not hold the Controller or its operators responsible for any data breaches unless we are negligent.

7. Retention of personal data of the customer

Our general approach is to keep your personal data only until it is required for the purposes for which it was collected. We generally retain your personal data for three years after our relationship ends or the last contact with you, unless local laws require otherwise. In some cases, however, we may retain personal data for longer periods of time, for example where we are required to do so in accordance with legal, tax or accounting requirements.

In specific cases we may also retain your personal data for longer periods of time that correspond to the applicable limits set by law so as to have accurate documentation of your dealings with us in the event of complaints or disputes.

8. The customer’s rights

The customer has the following rights in relation to his personal data:

• Right to withdraw consent – if applicable, the customer has the right to withdraw his or her consent at any time. For example, if you wish to unsubscribe from receiving electronic marketing communications, you may change your account settings on the Website by using the ‘unsubscribe’ link provided in our e-mailingmail or type the number STOP in our SMS, or otherwise contact us directly and we will stop sending communications.

• Right of access, rectification and deletion – – the customer has the right to request access to any personal data stored and to obtain a copy thereof, to request the correction of any inaccurate data and in some cases to request the deletion of personal data. The customer can view and update most of his data on-line or directly by contacting.

• Right to data portability – In certain cases, you have the right to receive all personal data provided to us in a structured format, commonly used and machine readable, and also to request transmission to another owner where technically possible.

• Right to restriction of processing – you have the right to restrict our processing of your personal data where:

or you dispute the accuracy of your personal data until we take appropriate measures to correct or verify the accuracy of your data;

or the processing is unlawful but you do not wish us to delete your data;

or we no longer need the personal data of the customer for the purposes of processing and the customer requests the aforementioned data for the preparation, exercise or defense of legal actions;

or the customer has objected to the processing on grounds of legitimate interest (see below) pending our determination of our overriding and legitimate reasons for continuing the processing.

If personal data is subject to such limitations, we will only process it with the customer’s consent or for the preparation, exercise or defense of legal actions.

• Right to object to processing on the basis of legitimate interest – in the case of processing your personal data on the basis of our legitimate interest, you will have the right to object to the processing. In the event of a customer dispute, we are obliged to stop processing unless we demonstrate compelling legitimate reasons for processing that outweigh our interests, The client’s rights and freedoms or the demonstration of the need to establish, exercise or defend legal claims. In the case of processing your personal data on the basis of our legitimate interest, we believe that we can demonstrate the above-mentioned overriding legitimate reasons, but each case will be considered individually.

• Right to object to the processing for marketing purposes – in the case of processing your personal data for marketing purposes, you have the right to object to the processing at any time.

You also have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates applicable law.

For more information about your rights or in the case of any complaints or requests regarding the processing of personal data of the customer please contact.

Please note that we may require you to prove your identity and we reserve the right to charge a fee where permitted by law, for example if your request is manifestly unfounded or excessive.
We will respond to your requests as soon as possible and within the applicable time frame.

9. Changes to this Policy

We may occasionally amend this Policy, for example to comply with new requirements imposed by applicable law or technical requirements. We will post the updated Notice on the Website. We may also notify you of any material changes and ask you to consent to such changes, where applicable law requires. We invite you to periodically review this page.