Privacy policy Newsletter

Mod. INL – Update Date 09/2025

Information on the processing of personal data

Pursuant to Art. 13 of EUROPEAN REGULATION No. 679/2016

Dear Sir or Madam,

MASTER ITALIA SPA, as Data Controller pursuant to Article 13 of European Regulation No. 679/2016 ‘General Data Protection Regulation (GDPR)’ (hereinafter referred to as the EU Regulation), containing provisions on the processing of personal data, wishes to inform you about the processing of your personal data.

The law stipulates that anyone who processes personal data is required to inform the data subject about the data being processed and the elements qualifying the processing, which must in any case be carried out in a lawful, fair and transparent manner, as well as protecting confidentiality and guaranteeing the rights of the data subject.

It should be noted that data processing means any operation or set of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination and destruction of the data itself.

1) Data controller

The data controller is MASTER ITALIA SPA, with registered office in Via G. La Pira, 19, 30027, San

Donà di Piave (VE)), tax number and VAT number 02591350273, which can be contacted at the following address: telephone +39 0421 571111, email: people@atlantisheadwear.com (hereinafter referred to as the ‘Controller’ or ‘Data Controller’).

2) Nature of the data processed, purposes and legal basis for processing

Nature of the data processed. In relation to the purposes of processing listed below, we inform you that only ‘common personal data’ will be processed, such as:

  • personal details of the company contact person (first name, surname, company name, email address);
  • etc.

Purpose of processing. Your personal data will be processed for the following purposes:

  1. to respond to your request to subscribe to our newsletter: by voluntarily filling in the appropriate form found in this newsletter area;
  2. to comply with legal obligations;
  3. marketing: to send you advertising material, direct sales, market research and commercial and promotional communications;
  4. profiling: to analyse your preferences and receive personalised information and/or commercial communications.

Legal basis for processing. Personal data, for the purposes referred to in points 2A and 2B, will be processed lawfully to fulfil pre-contractual and contractual obligations between us and the user (Art. 6, para. 1, letter b), to fulfil our legal obligations (Art. 6, para. 1, letter c).

Your personal data, for the purposes referred to in points 2C-2D of this policy, may be lawfully processed only with your consent (Art. 6, paragraph 1, letter a of the EU Regulation), which must be specific, separate, express, documented, prior and entirely optional.

The consent you have given may be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation (Art. 7, paragraph 3 of the EU Regulation).

Furthermore, we inform the data subject that, pursuant to Art. 21 of the EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning him/her for direct marketing purposes (including profiling) and that, if the data subject objects to the processing, the personal data may no longer be processed for such purposes.

Clarification: in accordance with our company's principle of maximum transparency towards the data subject, we wish to inform you that if you decide to give your consent to point 2C (marketing), you must be informed in advance and aware that the purposes of the processing are of a specific commercial, advertising, promotional and marketing nature in the broadest sense, such as:

  1. send advertising and informational material (e.g. newsletters) of a promotional nature;
  2. send commercial information in paper, automated or electronic form and, in particular, by ordinary post or e-mail, telephone (e.g. calls, WhatsApp messages, SMS, MMS), fax and any other IT channel (e.g. websites, mobile apps);
  3. forward invitations to events, exhibitions and meetings of an informative and promotional nature;
  4. forward updates on promotional initiatives or technical innovations, services, training or assistance and/or surveys on quality satisfaction.

3) Recipients of the data and methods of processing Existence of automated decision-making, including profiling

The processing of your personal data will be based on principles of fairness, lawfulness and transparency and may be carried out using paper and electronic means by both the staff of the undersigned company, authorised/appointed to process personal data, and by external parties called upon to perform specific tasks on behalf of the Data Controller, in their capacity as Data Processors, pursuant to Article 28 of the EU Regulation, subject to our letter of appointment imposing on them the duty of confidentiality and security in the processing of personal data, and the adoption of appropriate security measures to prevent the loss of data. 28 of the EU Regulation, subject to our letter of appointment imposing on them the duty of confidentiality and security in the processing of personal data, and the adoption of appropriate security measures to prevent data loss, illicit and incorrect use, and unauthorised access, in compliance with current provisions on the protection of personal data.

For the sake of brevity, a detailed list of these figures is available at the Data Controller's headquarters and is at your disposal.

Your personal data will not be disclosed or transferred to third countries or international organisations, nor will it be communicated to third parties except for legal or contractual obligations (it should be noted that the communication of data to other companies directly linked to the Writer is also included in the contractual obligations, as their activities are essential to the completion/execution of your request).

With reference to the provisions of Article 13 of the EU Regulation, paragraph 2, letter f) and Article 14 of the EU Regulation, paragraph 2, letter g), we hereby inform you that the Data Controller does not currently use any automated decision-making systems or processes.

4) Data retention periods

Your personal data will be stored for a period of time not exceeding the achievement of the purposes for which they are processed, in compliance with the principle of storage limitation provided for by the EU Regulation and/or for the time necessary for legal and contractual obligations or until the specific consent is revoked by the data subject and, therefore

◦ with reference to the purposes indicated in points 2A-2B, the data will be stored for a period not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfilment of legal and contractual obligations;

◦ with reference to the purposes indicated in point 2C, data processed for marketing purposes will be retained for no longer than 24 months from collection.

◦ with reference to the purposes indicated in point 2D, data processed for profiling purposes will be retained for no longer than 12 months from collection.

To guarantee the stated retention periods, an annual review of the data processed and the possibility of deleting it if it is no longer necessary for the intended purposes is carried out.

5) Access to data (categories of recipients to whom the data may be disclosed)

We also inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other parties for the fulfilment of tax and legal obligations or for the fulfilment of the purposes (where authorised), subject to our letter of appointment imposing on them the duty of confidentiality and security in the processing of personal data.

With reference to Article 13, paragraph 1, letter e) of the EU Regulation, we hereby indicate the subjects or categories of subjects (duly identified and instructed) who may become aware of the user's personal data in their capacity as data processors or persons in charge of processing, and provide a specific list by category below:

  • Partners, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as persons in charge of/authorised and/or responsible for processing (e.g. commercial, technical, administrative, legal and press offices; system administrators, external professionals, various service providers, etc.)
  • Partner companies and/or companies directly connected with the undersigned, as their activities are essential to the completion/execution of your request.

Your personal data may also be disclosed to external parties who are recipients of the files concerning you, in the performance of their activities, and to external parties who interact with the undersigned, always and exclusively for activities functional to the purposes described above, external parties called upon to perform specific tasks on behalf of the Data Controller, in their capacity as Data Processors, pursuant to Article 28 of the EU Regulation.

For the sake of brevity, a detailed list of these figures is available at our headquarters and is at your disposal.

6) and 7) Communication and transfer of data

Without the need for express consent (Art. 6, para. 1, letters b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2B to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by law for the fulfilment of the above-mentioned purposes.

These subjects will process the data in their capacity as independent data controllers.

Personal data is stored on devices located at the Data Controller's headquarters or at providers within the European Union.

Your data will not be disclosed.

To ensure the security of such transfers, we only use entities that offer the necessary guarantees to implement appropriate technical and organisational measures to ensure that the processing complies with the provisions of EU Regulation 679/2016.

Both with regard to the data on its own devices and any data held by providers, the Data Controller has implemented appropriate technical and organisational measures to ensure an adequate level of security, in full compliance with the provisions of the EU Regulation.

8) Consequences of failure to report data

The personal data referred to in points 2A-2B of this policy are necessary; without such data, it would be impossible for us to proceed and fulfil our contractual and legal obligations.

The personal data referred to in point 2C, on the other hand, is optional. Refusal to provide it will not have any consequences and will not affect your request to proceed with registration or the fulfilment of contractual and legal obligations. You may therefore decide not to provide any data or subsequently refuse to allow the processing of data already provided at any time.

9) Rights of the data subject

As a data subject, you have the rights set out in Articles 15 to 22 of the EU Regulation below, namely the right to:

  • obtain confirmation of the existence and processing of personal data concerning you and, if so, obtain access to your data (known as the right of access);
  • obtain information about the purposes of the processing, the categories of data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, in particular if they are recipients in third countries or international organisations, the envisaged period of storage of the data or the criteria used to determine that period; and if the data are not collected from the data subject, obtain all available information about their origin;
  • obtain the rectification of data concerning him/her (so-called right of rectification)
  • obtain the erasure of data concerning him/her (so-called right to be forgotten);
  • obtain restrictions on processing (known as the right to restriction of processing);
  • obtain data portability, i.e. receive them from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance (known as the right to data portability);
  • object to processing at any time (known as the right to object). We specifically inform you, as required by Article 21 of the EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning him/her for such purposes and that if the data subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes;
  • be informed (with the possibility of objecting) of the existence of automated decision-making relating to natural persons, including profiling;
  • withdraw consent at any time without prejudice to the lawfulness of processing based on consent given prior to withdrawal;
  • lodge a complaint with a supervisory authority (Personal Data Protection Authority).

Please note that there may be conditions or limitations on the rights of the data subject. It is therefore not certain that, for example, you have the right to data portability in all cases, as this depends on the specific circumstances of the processing activity.

Another example: if you decide to object to the processing of your data, the Data Controller has the right to assess your request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

10) How to exercise your rights

Without any formalities, you may exercise your rights at any time in a clear and explicit manner by sending:

- a registered letter with return receipt to the undersigned (see the address indicated on the letterhead);

- an email to people@atlantisheadwear.com.

Or by contacting the Data Controller directly at: +39 0421 571111.

11) Minors

The services offered by the Data Controller and the subject of the relationship with you do not involve the intentional collection of personal information relating to minors. In the event that information on minors is unintentionally recorded, the Data Controller will delete it promptly, upon request or notification by the data subject.

12) Data Protection Officer (DPO) – Data Processors/Authorised Persons – Data Controllers

Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards data subjects is a fundamental part of our business.

Appointed/Authorised. The updated list of persons in charge of/authorised to process data is kept at the Data Controller's headquarters.

Data controllers.

For the sake of brevity, a detailed list of these figures is available at our headquarters.