Privacy policy

Privacy Policy iCommerce S.r.l.
This privacy policy sets out how iCommerce S.r.l. uses and protects any information of its online customers visiting www.marionzimet.com (the “site”) and recognise the importance of protecting the information collected about them. This Privacy Policy addresses the use and disclosure of personal information collected from you.

IMPORTANT: If you voluntarily provide us with your data, you automatically consent to their use as described in this Privacy Policy. If you do not intend to consent to the processing of your data, please avoid disclosing them.

The following information is provided according to Art. 13 of EU Regulation 679/2016 (GDPR).

Data processing
1. Data Controller

  • A data controller is a person, company, or other body determining the purpose and means of data processing.
  • ICOMMERCE S.R.L. is the Data Controller of www.marionzimet.com with a registered office in Viale Gramsci n.5 – 80122 Naples, Italy.

    • Tax Code, VAT number and Commercial Registration: 06760371218 – R.E.A.: 837637 (“marionzimet”).

For any clarification, you can reach us by fax at +39 081.649371, telephone +39 081.0900057 or send an email at privacy@marionzimet.com.

2. Data processing premises
Our data processing occurs at the above-mentioned premises in Naples, Italy. However, other services such as data transfer, management, and storage, take place on servers located within the European Union.

3. DPO (Data Protection Officer)
iCommerce S.r.l. has designated a Data Protection Officer (DPO) to ensure that the company processes the information of its data subjects in compliance with the applicable rules under Art. 37 and followings of the GDPR. For further information, contact dpo@marionzimet.com.

4. Data processing for children and underaged
The products on sale on this website may be purchased by persons of the age of majority under Italian law (over 18 years). If a parent or appointed guardian has reason to believe that their child or a minor has transmitted data to us, they should get in touch with us at the earliest. The subscription to the promotional and commercial newsletter is restricted to users at least 14 years old who have a valid email address.

Processing operations
1. Data processing operations
By processing data, we mean any operation or set of operations pursuant to Art. 4 2), which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Access to data
Only authorised subjects are allowed to reach your data within the scope of the duties assigned by the Controller.
Communication and dissemination of data
Your data will not be disseminated, yet may be communicated without the need for your consent under Art. 6 b) and c) and f of the GDPR, exclusively to:

  • Institutional control bodies of Public Safety.
  • External consultants appointed to provide administrative, accounting, legal and tax services.
  • Credit institutions, data processing companies, related to the temporary management of the data associated with the commercial and financial aspects with iCommerce S.r.l.
  • Freight forwarders
  • Suppliers of IT products and services

Some of the subjects mentioned above act as data controllers. The communication to those who act as autonomous controllers is carried out as prescribed by legal obligations or necessary to fulfil the obligations deriving from the contractual relationship or to the owner’s legitimate interest in maintaining the safety of the IT systems and in carrying out defensive activities.

Further communication will only take place with your explicit consent.

2. Purpose of data collection and legal basis:
We use your data for various legitimate reasons and commercial purposes:

  • To provide you with the products you have purchased and to send you communications related to your order. In addition, we will use your data to manage your order, confirm your purchase and manage related services such as shipping. The legal basis of this processing is the execution of the sales contract to which you are a party upon accepting the terms and conditions of the sale mentioned on the site.
  • To fulfil current accounting and tax obligations, to fulfil those obligations established by law, by a regulation, community legislation or by an authority (tax, anti-money laundering, banking, and public security among others), as well as by supervision and control authorities and for anonymous and aggregated statistical purposes. The legal basis for this treatment is compliance with legal obligations.
  • To control unlawful conduct and / or prevent other offences or fraud, as permitted by applicable legislation. The legal basis is the legitimate interest of the Data Controller.
  • For the start, exercise, or defence of legal actions, the company “ICommerce S.r.l.” is part, or it could be part. The legal basis of this processing is the legitimate interest of the Data Controller.
  • For marketing purposes via email, including newsletter services, if subscribed to. The legal basis for this processing is your explicit consent.
  • For the sole purpose of assessing the quality of the products offered and measuring customer satisfaction through requests for reviews on the products purchased. The legal basis of this treatment is the legitimate interest of the Data Controller.

3. Data retention period
The data retention period is the length of time we store data for business or compliance purposes.
Data will be kept in compliance with the terms provided by the tax regulations and for the duration necessary to achieve the purposes they were collected.
Your data may also be stored to prevent fraud, solve any disputes, assist in the event of investigations, and take other actions where required by national law; moreover, when needed to assert or defend a right in court, the Data Controller may be obliged to keep data for a longer time.
For marketing purposes, the data retention period is twenty-four months from the date of collection.
At the end of the retention period, data will be deleted. Therefore, at the end of this term, the right to access, cancellation, rectification, and data portability (as indicated below) can no longer be exercised.

Data security
Methods of data protection

To protect your data, we will take appropriate measures in line with the laws and regulations regarding data protection and security, including requesting our service providers to use further efforts to protect the confidentiality and security of your data.
Depending on the technological progress, the implementation costs, and the nature of the data to protect, technical and organisational measures are taken to prevent risks such as the destruction, loss or alteration of your data and the disclosure or unauthorised access to the same.
Obligations of data subjects
We remind you that it is your responsibility to ensure, as far as you are concerned, that the data provided by you is correct, complete, and up to date. Additionally, if you are responsible for sharing another person’s data with us, you will need to get that person consent priorly.

Rights of data subjects
Exercise of the rights
In compliance with the provisions of Chapter three of the GDPR, the data subjects may exercise the rights provided therein at any time and in particular:

  • Right of access: the data subjects shall have the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period (Art. 15 of the GDPR)
  • Right of rectification: the data subjects shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. The right to have incomplete personal data completed, including by means of providing a supplementary statement.
    (Art. 16 of the GDPR).
  • Right to erasure: the data subjects shall have the right to obtain from the Controller the erasure of personal data without undue delay, and the Controller shall have the obligation to erase personal data without undue delay (so-called “right to be forgotten”
  • Art. 17 of the GDPR).
  • Right to restriction of processing: the data subjects shall have the right to obtain from the controller restriction of processing in cases listed in Art. 18 of the GDPR).
  • Right to data portability: the data subjects shall have the right to receive the personal data which they have provided to a controller in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided (Art. 20 of the GDPR)
  • Right to object: the data subjects shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data (Art.21 of the GDPR)
  • Right to withdraw consent: the data subjects shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
  • Right to judicial remedy against a controller or processor: without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77, each data subject shall have the right to an effective judicial remedy where they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data in non-compliance with this Regulation.

It is possible to amend, update or remove any personal data by contacting privacy@marionzimet.com.

If you are no longer interested in receiving advertisements and other marketing information via email, send a request to privacy@marionzimet.com (including full name, email address and postal address), or unsubscribe by clicking on the link at the bottom of the email or by accessing the private customer area, in the dedicated section for subscriptions.

Amendments to this document
Amendments to data processing and Privacy Policy
We may update this Privacy Policy from time to time. Whenever we make a change, we will post the revised policy on this site, and we encourage you to check our policy periodically. If you have any questions or concerns regarding this Privacy Policy, don’t hesitate to get in touch with us.
The document was updated on 12th June 2021 in line with applicable laws and regulations, particularly in compliance with EU Regulation no. 2016/679 and Legislative Decree 101/2018.
For further questions regarding the processing of personal data, contact us at privacy@marionzimet.com.