PRIVACY STATEMENT
MAVOIX
1. Introduction
This Privacy Policy describes how Malox Srl Unipersonale, owner of the MaVoix brand, collects, uses, stores, and protects the personal data of users who access and use the website https://mavoix.boutique/ (the “Website”).
Personal data are processed in compliance with Regulation (EU) 2016/679 (GDPR), applicable national laws, and internationally recognized principles on the protection of personal data.
2. Scope of application
This Privacy Policy applies to all users who visit or interact with the Website, regardless of their place of residence or nationality.
For users residing in the European Union, the processing of personal data is governed by the GDPR.
For users residing outside the European Union, personal data are processed in accordance with applicable local laws, where compatible, and in compliance with internationally recognized principles of lawfulness, fairness, and transparency.
3. Data Controller
Malox Srl Unipersonale
Registered Office: Via Salvestrina 12, 50129 Firenze – Italia
VAT: 07114000487
Email: info@malox.biz – info@mavoix.boutique
Certified Email: malox@legalmail.com
4. Personal data processed
The Data Controller may collect and process the following categories of personal data:
- identification and contact details (first name, last name, email address, shipping and billing address, telephone number);
- data relating to orders, purchases, and transactions carried out on the Website;
- data voluntarily provided by the user through contact forms, information requests, or direct communications;
browsing and usage data of the Website (IP address, browser type, device, technical information), also collected through cookies and similar technologies.
Payment data are processed directly by payment service providers; the Data Controller does not have access to complete card or payment instrument details.
5. Purpose of processing
Personal data are processed for the following purposes:
- to enable navigation and ensure the proper functioning of the Website;
- to manage user registration and access to restricted areas;
- to manage orders, payments, shipments, returns, and customer support;
- to comply with legal, tax, and accounting obligations;
- to respond to user inquiries or communications;
to send informational or promotional communications, subject to the user’s consent; - to analyze Website usage and improve the services offered;
- to carry out marketing, remarketing, and advertising performance measurement activities, subject to the user’s consent.
6. Legal basis for processing
The processing of personal data is based on:
- the performance of a contract or pre-contractual measures;
- compliance with legal obligations;
- the consent given by the user, where required;
- the legitimate interest of the Data Controller, provided that the fundamental rights and freedoms of the user are respected.
For users residing outside the European Union, personal data are processed in accordance with the laws applicable in the user’s country of residence, where compatible, and on the basis of lawfulness criteria equivalent to those provided for by the GDPR.
7. Processing methods and security
Personal data are processed using electronic and organizational tools suitable to ensure their security, integrity, and confidentiality.
Payment transactions are managed through certified and secure systems (encryption, SSL, PCI-DSS standards), without direct access to payment data by the Data Controller.
8. Data recipients
Personal data may be disclosed to:
- technical, IT, and logistics service providers;
e-commerce and order management platforms;
payment service providers; - professional advisors and competent authorities, where required by law.
Certain payment methods, such as deferred or installment payment services, may involve independent processing of personal data by the respective providers, including for credit assessments or automated decision-making, in accordance with their own privacy policies.
9. Transfer of data to non-EU countries
Personal data may be transferred to and processed in countries outside the European Union.
In such cases, the Data Controller adopts all necessary measures to ensure an adequate level of data protection, in accordance with Articles 44 et seq. of the GDPR, including:
- adequacy decisions adopted by the European Commission;
- Standard Contractual Clauses;supplementary technical and organizational measures.
For transfers to the United States, where applicable, processing is also carried out on the basis of the providers’ adherence to the EU–US Data Privacy Framework.
10. Data retention
Personal data are retained for the time strictly necessary to achieve the purposes for which they were collected and thereafter for the period required by applicable law or necessary to protect the rights of the Data Controller.
11. User rights
Users may exercise at any time the rights provided for in Articles 15–22 of the GDPR, including:
- access to personal data;
- rectification or updating;
- erasure;
restriction of or objection to processing;
data portability;
withdrawal of consent.
Users residing outside the European Union may also exercise the rights granted by the applicable laws of their country of residence by contacting the Data Controller at the details provided above.
12. Cookies and similar technologies
The Website uses cookies and tracking technologies as described in the dedicated Cookie Policy, available on the Website.
Users may manage and withdraw their consent at any time through the Consent Management Platform (CMP)
13. Amendments to this Privacy Policy
The Data Controller reserves the right to amend or update this Privacy Policy at any time. Any changes will be published on the Website and shall take effect as of the date indicated therein.
