Privacy Policy

Privacy Policy – GDPR

Our Privacy Policy was updated on June 4, 2025

This Privacy Policy describes our policies and procedures regarding the collection, use and disclosure of information about you when you use the Service and tells you about your privacy rights and how the law protects you.

We use your Personal Data to provide and improve the Service. By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

Terms with an initial capital letter have the meaning defined in the following conditions. The following definitions shall have the same meaning whether in the singular or plural.

Definitions

For the purposes of this Privacy Policy:

“Account” means a unique account created to allow you to access our Service, or parts of it.
“Company” (referred to as “the Company”, “We”, “Us” or “Our” in this Agreement) refers to DianaStudio.
Pursuant to the GDPR, the Company is the Data Controller.
"Country" refers to Italy.
"Cookies" are small files that are placed on your computer, mobile device or other device by a website, containing the details of your browsing history on that site among its various uses.
"Data Controller" , pursuant to the GDPR (General Data Protection Regulation), means the Company as the legal person which, alone or together with others, determines the purposes and means of the processing of Personal Data.
“Device” means any device that can access the Service, such as a computer, mobile phone, or digital tablet.
"Personal Data" means any information relating to an identified or identifiable natural person.
For the purposes of the GDPR, Personal Data means any information relating to you, such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
"Service" refers to the Website.
"Service Provider" means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals engaged by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing the use of the Service.
For the purposes of the GDPR, Service Providers are considered Data Processors.
"Usage Data" refers to data collected automatically, either generated by the use of the Service or by the Service infrastructure itself (for example, the duration of a visit to a page).
“Website” refers to DianaStudio, accessible from dianastudio.myshopify.com.
“You” means the natural person accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under the GDPR, you may be referred to as a Data Subject or User, as you are the person using the Service.

Collection and Use of Your Personal Data

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

E-mail address
Name and surname
Phone number
Address, State, Province, ZIP/Postal Code, City
Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as your Device’s Internet Protocol (IP) address (e.g., Google Analytics), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information, as well as to improve and analyze our Service. The technologies we use may include:

Cookies or Browser Cookies. A cookie is a small file placed on your Device. You can set your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service. Unless you have adjusted your browser setting to refuse Cookies, our Service may use Cookies.
Web Beacons. Certain parts of our Service and our emails may contain small electronic files known as web beacons (also known as clear gifs, pixel tags, and single-pixel gifs) that allow the Company, for example, to count users who have visited certain pages or opened an email, and for other website statistics (for example, to record the popularity of a certain section and to verify the integrity of the system and server).

Cookies can be either "Persistent" or "Session". Persistent Cookies remain on your computer or mobile device even after you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use both Session and Persistent Cookies for the following purposes:

Necessary / Essential Cookies
Type: Session Cookie
Managed by: Us
Purpose: These Cookies are essential to provide you with the services available through the Website and to allow you to use some of its features. They help authenticate users and prevent fraudulent use of accounts. Without these Cookies, the services you have requested cannot be provided, and we use them exclusively to provide those services to you.
Cookie Policy / Cookie Acceptance
Type: Persistent Cookies
Managed by: Us
Purpose: These Cookies identify whether users have accepted the use of cookies on the Website.
Functional Cookies
Type: Persistent Cookies
Managed by: Us
Purpose: These Cookies allow us to remember the choices you make while using the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personalized experience and avoid you having to re-enter your preferences each time you use the Website.
Tracking and Performance Cookies
Type: Persistent Cookies
Managed by: Third Parties
Purpose: These Cookies are used to collect information about Website traffic and how users use the Website. The information collected through these Cookies can directly or indirectly identify you as an individual visitor. This is because the information collected is usually linked to a pseudonymous identifier associated with the device used to access the Website. We may also use these Cookies to test new pages, features or new sections of the Website to see how users react.

For more information about the cookies we use and your choices regarding them, please visit our Cookie Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service , including to monitor usage.
To manage Your Account: to manage your registration as a user of the Service. The Personal Data you provide may allow you to access different features of the Service available to registered users.
For the performance of a contract: for the development, fulfillment and performance of the contract for the purchase of the products, items or services you have purchased or any other contract entered into with Us through the Service.
To contact you: to contact you by email, phone call, SMS or other equivalent methods of electronic communication, such as push notifications of a mobile application, regarding updates or informative communications relating to the contracted functionalities, products or services, including security measures, when necessary or reasonable for their implementation.
To provide you with news, special offers and general information about other goods, services and events we offer that are similar to those you have already purchased or in which you have already shown interest, unless you have opted not to receive such information.
To manage your requests: to respond to and manage the requests you send us.
For Business Transfers: We may use your information to evaluate or effect a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data we maintain about users of our Service is among the assets transferred.
For Other Purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, evaluating the effectiveness of our promotional campaigns, and to improve our Service, products, services, marketing, and your experience.

We may share your personal information in the following circumstances:

With Service Providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service, to process payments, to contact you.
For Business Transfers: We may share or transfer your personal information as part of, or during negotiations of, a merger, sale of Company assets, financing, or acquisition of all or a portion of our business by another company.
With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under the same control as us.
With Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.
With Other Users: When you share personal information or interact in public areas with other users, that information may be viewed by all users and may be publicly distributed outside the Site.
With your consent: We may disclose your personal information for any other purpose with your consent.

Retention of Your Personal Data

The Company will retain your Personal Data only for as long as necessary to fulfill the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when such data is used to strengthen the security or improve the functionality of our Service, or we are legally obligated to retain it for longer periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and any other locations where the parties involved in the processing are located. This means that such information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those of your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country without adequate controls in place including the security of your data and other personal information.

Disclosure of Your Personal Data

Business Operations

If the Company is involved in a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose your Personal Data if required by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal obligations

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect yourself from legal liability

Security of Your Personal Data

The security of your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers we use may have access to your Personal Data. These third-party providers collect, store, use, process and transfer information about your activity on our Service in accordance with their respective Privacy Policies.

Analyses

We may use third-party Service Providers to monitor and analyze the use of our Service.

Email Marketing

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send you, or by contacting us directly.

GDPR Privacy

Legal Bases for Processing Personal Data under the GDPR

We may process Personal Data under the following conditions:

Consent: you have given your consent to the processing of Personal Data for one or more specific purposes.
Performance of a contract: the provision of Personal Data is necessary for the performance of a contract with you and/or for any pre-contractual obligations.
Legal obligations: the processing of Personal Data is necessary to comply with a legal obligation to which the Company is subject.
Vital interests: the processing of Personal Data is necessary to protect your vital interests or those of another natural person.
Public interest: the processing of Personal Data is related to a task carried out in the public interest or in the exercise of public authority vested in the Company.
Legitimate interests: the processing of Personal Data is necessary for the pursuit of the legitimate interest of the Company.

In any case, the Company will be happy to help you clarify the specific legal basis that applies to the processing, in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights Under GDPR

The Company undertakes to respect the confidentiality of your Personal Data and to ensure that you can exercise your rights.

You have the right, under this Privacy Policy and the law, if you are located in the EU, to:

Request access to your Personal Data. You have the right to access, update, or delete the information we have about you. When possible, you can access, update, or request deletion of your Personal Data directly in the settings section of your account. If you are unable to do this yourself, please contact us for assistance. You also have the right to receive a copy of the Personal Data we hold about you.
Request correction of the Personal Data we hold about you. You have the right to obtain correction of any incomplete or inaccurate information we hold about you.
Object to processing of your Personal Data. You have this right where we are relying on legitimate interest as our legal basis for processing and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Request the deletion of your Personal Data. You have the right to ask us to delete or remove your Personal Data when there is no longer any valid reason for continuing the processing.
Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used and machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw your consent. You have the right to withdraw your consent to the use of your Personal Data. If you withdraw your consent, we may not be able to provide you with access to certain specific features of the Service.

Exercising Your Data Protection Rights Under GDPR

You can exercise your rights of access, rectification, deletion and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will do our best to respond to you as soon as possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, if you are located in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

Privacy of Minors

Our Service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we learn that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your data and your country requires parental consent, we may require parental consent before collecting and using that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will notify you via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

We advise you to periodically review this Privacy Policy for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact us

If you have any questions about this Privacy Policy, you can contact us:

By visiting this page on our website: dianastudio.myshopify.com
By sending us an email: dianastudio@luidiana.com

INFORMATION FOR CUSTOMER

on the protection of personal data

pursuant to art. 13 of EU Regulation 2016/679

Dear Customers,

in compliance with the provisions of art. 13 of EU Regulation 2016/679 (the “GDPR”) and in application of the principles set forth by the GDPR itself, we are providing you with this information in order to make you aware of the characteristics and methods of processing (the “Processing”), by us, of any information provided by you in the context of the relationships established and/or to be established between us and concerning an identified or identifiable natural person (the “Data Subject”) (the “Personal Data”), expressly including your employees and collaborators. Pursuant to art. 4.1. GDPR, “ an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ”.

1. Data Controller (the “Data Controller”).

The Data Controller is the company Maglificio Diana Spa, CF and VAT number 01796810974, in the person of the legal representative pro tempore, with registered office in Prato (PO), at Via Della Mimosa, n. 3-5, tel. 0574634668, PEC: maglificiodianspa@pec.it, e-mail: diana@luidiana.com .

Any communication concerning the Processing, also pursuant to the following articles, must be sent, by You and/or the Interested Party, by registered mail with return receipt, PEC or e-mail to the addresses indicated above.

2. Purpose of the Processing (the “Purposes”) and legal basis.

The Personal Data collected, from the Data Subject (art. 13 GDPR) or otherwise (art. 14 GDPR), will be used by us exclusively for the purpose of:

fulfill pre-contractual and contractual obligations towards you;
fulfill and demand fulfillment of specific obligations arising from laws and regulations;
send commercial proposals for the purpose of selling products and/or services similar to those already purchased ( soft - spam );
send newsletters ;
carry out marketing activities (via postal mail, calls with an operator, calls without an operator, e-mail, fax, MMS, SMS) and market research;
carry out profiling activities pursuant to art. 4.4. GDPR;

The legal basis of the Processing is constituted by:

from our need to execute a contract to which the interested party is a party or from pre-contractual measures adopted at the request of the same;
from our need to comply with a legal obligation;
legitimate interest of the Data Controller (art. 6 letter f) GDPR);
for points (iv) and following only, from the express consent that will be freely released from time to time by the Interested Party (art. 7 GDPR), also by sending e-mails , filling in specific forms and placing the required flags .

With reference to point (iii), the Data Controller specifies that in the context of the sale of a product or service, the email coordinates of the Interested Party may be used by the Data Controller, without prior request for consent from the Interested Party, for the purpose of offering and selling services similar to those already being sold (art. 130, 4 Legislative Decree 196/2003). The Interested Party may object to such Processing at any time, free of charge, by means of a simple written request to the addresses indicated above .

With reference to point (v), the Data Controller specifies that the Interested Party may at any time indicate the contact method he/she prefers from those indicated above and may oppose the receipt of promotional communications through all or only some of the communication channels indicated above.

3. Mandatory or optional nature of providing Personal Data .

The communication of your Personal Data is optional, but necessary, since any refusal to provide it, as well as incorrect communication of the same data, makes it impossible for the Owner to establish the relationship or to implement the various Purposes for which the Personal Data are collected.

For the same reasons, as well as for the purpose of correct management of the existing relationship, we also ask you to communicate to us any changes in the Personal Data already collected, as soon as they have occurred.

4. Communication of Personal Data.

Personal Data is processed internally by subjects authorized to Process (the “Authorized Parties”) under the responsibility of the Owner for the Purposes indicated above.

Personal Data may be communicated to external parties, charged with carrying out instrumental and/or accessory functions for the performance of our business activity , who will process said data on our behalf. These parties will be appointed by us as external Data Processors (the “External Processors”), in accordance with the provisions of art. 28 GDPR. An updated list of External Processors is available at the registered office of the Data Controller, which will be provided to the Interested Party upon written request to the aforementioned addresses.

Outside of the cases above, Personal Data may also be communicated to further recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the performance of activities inherent to the pre-contractual and/or contractual relationship established between us and/or to fulfill legal obligations and/or orders of the Authorities, and in any case always in compliance with the guarantees provided by the GDPR and the guidelines of the Italian Guarantor Authority, as well as by the Commission established in compliance with the aforementioned GDPR.

Without prejudice to the foregoing, Personal Data will not be disclosed and/or communicated to third parties under any circumstances, unless specifically consented to by the Data Subject and in any case only where necessary for the fulfillment of the Purposes.

5. Processing of “special categories of personal data” and “personal data relating to criminal convictions and offences”.

If, in the context of the Processing, the Data Controller becomes aware of Personal Data belonging to:

(i) to “ special categories ” pursuant to art. 9 GDPR ( i.e. those “ revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation ”), such data will be processed, always exclusively for the Purposes indicated, only with the prior consent of the Data Subject or, in any case, as the Processing is necessary to fulfill the obligations and exercise the specific rights of the Data Controller or the Data Subject in the field of employment law and social security and social protection, to the extent that it is authorized by European Union or Member State law or by a collective agreement pursuant to Member State law, in the presence of appropriate safeguards for the fundamental rights and interests of the Data Subject;

(ii) to “ criminal convictions and offences or related security measures ” pursuant to art. 10 GDPR, the Processing will take place only under the control of the public Authority or if the Processing is authorised by European Union or Member State law which provides for appropriate safeguards for the rights and freedoms of the Data Subjects. Any complete register of criminal convictions must be kept only under the control of the public Authority.

6. Methods of Processing.

The Processing takes place with the aid of electronic and/or paper tools and, in any case, adopting suitable organizational and IT procedures and measures to protect their security, confidentiality, relevance and non-excess.

7. Territorial scope.

Personal Data will be processed within the territory of the European Union.

If, for technical and/or operational reasons, it becomes necessary to use entities located outside of said territory, they will be appointed as External Processors and the transfer of Personal Data to the same, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of the GDPR, adopting all necessary precautions in order to guarantee the total protection of Personal Data and basing such transfer on the assessment of appropriate guarantees (including, for example, decisions of adequacy of the recipient third-party countries expressed by the European Commission, adequate guarantees expressed by the recipient third-party subject pursuant to Article 46 GDPR, etc.).

In any case, the interested party may request further details from the Data Controller if the Personal Data has been processed outside the European Union, requesting evidence of the specific guarantees adopted.

8. Retention period .

The Personal Data will be retained by the Data Controller for the period strictly necessary to pursue the Purposes, and in particular until the termination of the pre-contractual and contractual relationships between us in existence, without prejudice to any further retention period that may be imposed by law.

In relation to marketing purposes , the data will be stored, unless consent is revoked, for the period necessary to achieve the Purposes and, in any case, for a period not exceeding 24 months, or the different maximum period indicated by the Authority for the protection of personal data.

In the event of consent being given with reference to the Profiling Purposes, the data will be retained, unless consent is revoked, for the period necessary to achieve the Purposes and, in any case, for a period not exceeding 12 months, or the different maximum period indicated by the Authority for the protection of personal data.

In order to manage any disputes or litigation, and in any case for the ascertainment, exercise or defense of a right in court, the Personal Data may be retained for a further period, equal to the limitation period of the right itself.

9. Method of providing information.

In compliance with the principle of proportionality, in consideration of the evident difficulty, as well as excessive burden for the Data Controller to proceed with the direct release of the information to each Interested Party who collaborates or performs his/her activity in your favor, including your employees and collaborators, we invite you to transmit this information to said Interested Parties and, in any case, to inform them that the same can be consulted on our company website or that it will be sent upon simple written request to the addresses indicated above.

10. Rights of the interested party and methods of exercising them.

The interested party may, at any time, exercise the rights granted to him by the GDPR (the “Rights of the interested party”), and in particular:

Art. 15 - Right of access by the interested party: the interested party has the right to access their data and the related Processing. This right consists in the possibility of obtaining confirmation as to whether or not their personal data is being processed, or in the possibility of requesting and receiving a copy of the data being processed;
Art. 16 - Right to rectification : the Data Subject has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him or her without undue delay. Taking into account the Purposes, the Data Subject has the right to obtain the integration of incomplete Personal Data, including by providing an additional statement;
Art. 17 - Right to erasure ('right to be forgotten') : the Data Subject has the right to request from the Data Controller that the Personal Data concerning him or her be erased and no longer subjected to Processing and in some cases, where there are grounds for it, to obtain the erasure without unjustified delay when the purpose of the Processing has been exhausted, consent has been revoked, opposition has been made to the Processing or when the Processing of his or her Personal Data is otherwise not compliant with the GDPR;
Art. 18 - Right to limit processing : the interested party has the right to limit the processing of his/her personal data in case of inaccuracies, dispute or as an alternative measure to cancellation;
Art. 20 - Right to data portability : the Data Subject, except in the case where the data are stored through non-automated processing (e.g. in paper format), has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him, where reference is made to data provided directly by the Data Subject, with express consent or on the basis of a contract, and to request that the same be transmitted to another data controller, if technically feasible;
Art. 21 - Right to object : the interested party has the right to object at any time, for reasons relating to his particular situation, to the processing of personal data concerning him.

If the interested party wishes to exercise one of the rights listed above, he/she must address his/her request directly to the Data Controller at the addresses indicated above, without prejudice to the right to lodge a complaint to be sent to the Guarantor Authority or to lodge an appeal before the competent Judicial Authority.

The deadline for the Data Controller to respond to the interested party is, for all rights (including the right of access) and also in the event of refusal, 1 month , extendable up to 3 months in cases of particular complexity .

However, Article 12 of the GDPR applies.

11. Revocation of consent.

In cases where the Processing must take place only following the consent of the Interested Party and the latter has provided it, he has the right to revoke the consent given at any time by sending a written request to the Data Controller at the addresses indicated above.

The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.

12. Right to object

The interested party has the right to object at any time to the Processing of Personal Data for direct marketing purposes , including profiling to the extent that it is related to such direct marketing , by means of a simple written request to the addresses indicated above.

Effective from 05/25/2018

Maglificio Diana spa – Share capital euro 1,000,000.00 int.ver.

Fiscal code, VAT number 01796810974 - Via della Mimosa, 3 – Tel. 0574-634668 E-mail: diana@luidiana.com

Company subject to management and coordination by OTTO Srl cf 02000450979

INFORMATION FOR CUSTOMER

on the protection of personal data

pursuant to art. 13 of EU Regulation 2016/679

Dear Customers,

1. Data Controller (the “Data Controller”).

Any communication concerning the Processing, also pursuant to the following articles, must be sent, by You and/or the Interested Party, via registered mail with return receipt, PEC or email to the addresses indicated above.

2. Purpose of the Processing (the “Purposes”) and legal basis.

The Personal Data collected, from the Data Subject (art. 13 GDPR) or otherwise (art. 14 GDPR), will be used by us exclusively for the purpose of:

fulfill pre-contractual and contractual obligations towards you;
fulfill and demand fulfillment of specific obligations arising from laws and regulations;
send commercial proposals for the purpose of selling products and/or services similar to those already purchased ( soft - spam );
carry out marketing activities (via postal mail, calls with an operator, calls without an operator, e-mail, fax, MMS, SMS) and market research;

The legal basis of the Processing is constituted by:

from our need to execute a contract to which the interested party is a party or from pre-contractual measures adopted at the request of the same;
from our need to comply with a legal obligation;
legitimate interest of the Data Controller (art. 6 letter f) GDPR);
for point (iv) only, by the express consent that will be freely given from time to time by the interested party (art. 7 GDPR), also by sending e-mails , filling in specific forms and placing the required flags .

With reference to point (iv), the Data Controller specifies that the Interested Party may at any time indicate the contact method he/she prefers from those indicated above and may oppose the receipt of promotional communications through all or only some of the communication channels indicated above.

3. Mandatory or optional nature of providing Personal Data .

4. Communication of Personal Data.

Personal Data is processed internally by subjects authorized to Process (the “Authorized Parties”) under the responsibility of the Owner for the Purposes indicated above.

5. Processing of “special categories of personal data” and “personal data relating to criminal convictions and offences”.

If, in the context of the Processing, the Data Controller becomes aware of Personal Data belonging to:

6. Methods of Processing.

7. Territorial scope.

Personal Data will be processed within the territory of the European Union.

8. Retention period .

9. Method of providing information.

10. Rights of the interested party and methods of exercising them.

The interested party may, at any time, exercise the rights granted to him by the GDPR (the “Rights of the interested party”), and in particular:

Art. 15 - Right of access by the interested party: the interested party has the right to access their data and the related Processing. This right consists in the possibility of obtaining confirmation as to whether or not their personal data is being processed, or in the possibility of requesting and receiving a copy of the data being processed;
Art. 16 - Right to rectification : the Data Subject has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him or her without undue delay. Taking into account the Purposes, the Data Subject has the right to obtain the integration of incomplete Personal Data, including by providing an additional statement;
Art. 17 - Right to erasure ('right to be forgotten') : the Data Subject has the right to request from the Data Controller that the Personal Data concerning him or her be erased and no longer subjected to Processing and in some cases, where there are grounds for it, to obtain the erasure without unjustified delay when the purpose of the Processing has been exhausted, consent has been revoked, opposition has been made to the Processing or when the Processing of his or her Personal Data is otherwise not compliant with the GDPR;
Art. 18 - Right to limit processing : the interested party has the right to limit the processing of his/her personal data in case of inaccuracies, dispute or as an alternative measure to cancellation;
Art. 20 - Right to data portability : the Data Subject, except in the case where the data are stored through non-automated processing (e.g. in paper format), has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him, where reference is made to data provided directly by the Data Subject, with express consent or on the basis of a contract, and to request that the same be transmitted to another data controller, if technically feasible;
Art. 21 - Right to object : the interested party has the right to object at any time, for reasons relating to his particular situation, to the processing of personal data concerning him.

However, Article 12 of the GDPR applies.

11. Revocation of consent.

The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.

12. Right to object

Effective from 05/25/2018

***

Release of information:

INFORMATION FOR WEBSITE USERS

on the protection of personal data

pursuant to art. 13 of EU Regulation 2016/679

Dear Users,

in compliance with the provisions of art. 13 of EU Regulation 2016/679 (the “GDPR”) and in application of the principles set out in the GDPR itself, we invite you, before starting to browse our website ( the “Website"), to read this information on the processing of personal data , in order to make you aware of the characteristics and methods of the processing (the “Processing”) that we will carry out with respect to any information acquired by us following navigation by any subject (the “User”) on the Website, as well as provided by them through the Website itself and relating to an identified or identifiable natural person (the “Data Subject”) (the “Personal Data”. Pursuant to art. 4.1. GDPR, “ an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ”.

1. Data Controller (the “Data Controller”).

The Data Controller is the company Maglificio Diana Spa, CF and VAT number: 01796810974 , in the person of the legal representative pro tempore, with registered office in Prato (PO), at Via Della Mimosa, n. 3-5, tel. 0574634668, PEC: magliificiodianspa@pec.it, e-mail: diana@luidiana.com . website: diana.studio.

Any communication relating to the Processing, also pursuant to the following articles, must be sent, by You and/or the Interested Party, by registered mail with return receipt, PEC or e-mail to the addresses indicated above.

2. Purpose of the Processing (the “Purposes”) and legal basis.

The Personal Data collected, from the Data Subject (art. 13 GDPR) or otherwise (art. 14 GDPR), will be used by us exclusively for the purpose of:

allow the use of the Website;
respond to User requests;
fulfill pre-contractual and contractual obligations towards you;
fulfill and demand fulfillment of specific obligations arising from laws and regulations;

The legal basis of the Processing is constituted by:

from our need to execute a contract to which the interested party is a party or from pre-contractual measures adopted at the request of the same;
from our need to comply with a legal obligation;
legitimate interest of the Data Controller (art. 6 letter f) GDPR);

3. Mandatory or optional nature of providing Personal Data .

The communication by you - also by sending e-mails , filling out specific forms and placing the required flags - of Personal Data is optional, but necessary, since any refusal to release it, as well as the incorrect communication of the same data, makes it impossible for the Owner to establish the relationship or to implement the various Purposes for which the Personal Data are collected.

4. Communication of Personal Data.

Personal Data is processed internally by subjects authorized to Process (the “Authorized Parties”) under the responsibility of the Owner for the Purposes indicated above.

5. Processing of “special categories of personal data” and “personal data relating to criminal convictions and offences”.

If, in the context of the Processing, the Data Controller becomes aware of Personal Data belonging to:

6. Methods of Processing.

7. Territorial scope.

Personal Data will be processed within the territory of the European Union.

8. Retention period .

9. Methods of issuing the information and subsequent amendments.

This information is provided exclusively with reference to the Website and not with regard to other websites that may be consulted by the User via links or accessed via social buttons on the Website, for which the Data Controller assumes no responsibility.

Any changes or updates to this information will be available to Users in the appropriate section of the Website and will apply from the date of their publication. If the Interested Party does not intend to accept any changes, he/she may stop using the Website. Therefore, the Interested Parties are invited to periodically consult the aforementioned section.

10. Rights of the interested party and methods of exercising them.

The interested party may, at any time, exercise the rights granted to him by the GDPR (the “Rights of the interested party”), and in particular:

Art. 15 - Right of access by the interested party: the interested party has the right to access their data and the related Processing. This right consists in the possibility of obtaining confirmation as to whether or not their personal data is being processed, or in the possibility of requesting and receiving a copy of the data being processed;
Art. 16 - Right to rectification : the Data Subject has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him or her without undue delay. Taking into account the Purposes, the Data Subject has the right to obtain the integration of incomplete Personal Data, including by providing an additional statement;
Art. 17 - Right to erasure ('right to be forgotten') : the Data Subject has the right to request from the Data Controller that the Personal Data concerning him or her be erased and no longer subjected to Processing and in some cases, where there are grounds for it, to obtain the erasure without unjustified delay when the purpose of the Processing has been exhausted, consent has been revoked, opposition has been made to the Processing or when the Processing of his or her Personal Data is otherwise not compliant with the GDPR;
Art. 18 - Right to limit processing : the interested party has the right to limit the processing of his/her personal data in case of inaccuracies, dispute or as an alternative measure to cancellation;
Art. 20 - Right to data portability : the Data Subject, except in the case where the data are stored through non-automated processing (e.g. in paper format), has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him, where reference is made to data provided directly by the Data Subject, with express consent or on the basis of a contract, and to request that the same be transmitted to another data controller, if technically feasible;
Art. 21 - Right to object : the interested party has the right to object at any time, for reasons relating to his particular situation, to the processing of personal data concerning him.

However, Article 12 of the GDPR applies.

11. Minors.

The Owner does not process Personal Data relating to minors. By accessing the Website and using the services, the User declares to be of legal age.

12. Revocation of consent.

The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal.

13. Right to object

The interested party has the right to object at any time, for reasons related to his/her particular situation, to the Processing of Personal Data concerning him/her pursuant to art. 6, paragraph 1 letters e) or f) including profiling based on these provisions, by means of a simple written request to the addresses indicated above.

YOUR CART (0)

Special instructions for seller

Add Coupon

Special instructions for seller

Add Coupon

We are happy to welcome you to our online Boutique.