1. Identity Miglior Materasso Srl (Best Mattress)
The data controller is Miglior Materasso Srl with registered office in via Sisto IV, 4 00167 Rome, capital stock 10000,00 REA RM-1449594 P.IVA 13469291002 that can be contacted at the following email address firstname.lastname@example.org.
Our customers can send requests concerning the protection of personal data, privacy and security to the CEO of Miglior Materasso Srl at the above mentioned address.
2. What data does the company collect?
You can visit our site anonymously.
If you choose to register on the site, four categories of data will be processed on your behalf:
When opening an account on our site, placing an order, subscribing to a newsletter, or completing a survey, contact data such as email, address and name of contact person, company name, address, phone number, VAT number, preferred language and currency, order number, email address of invoice recipient, and card numbers or unencrypted account information is collected.
"Order Configuration Data"
The company collects data entered by the customer after login, such as:
Biographical data (First name, last name, date of birth);
Contact data (email address and telephone numbers);
Delivery data (shipping addresses);
"End User Data".
Data generated by End Users who browse Customer's site(s) using the Service. When an End User sends a consent from the customer's site, the following data will be automatically recorded by Miglior Materasso Srl:
The End User's IP address in an anonymous form (the last three digits are converted to "0").
The date and time of consent.
The user agent of the End User's browser.
The URL from which the consent was sent.
A value of the anonymous, random, encrypted key.
The status of the End User's consent, which is evidence of the consent.
The key and the consent status are also saved on the End User's browser with a first party cookie, called "CookieConsent", so that the site can automatically read and respect the End User's consent on the occasion of subsequent requests of the page and future sessions of the End User for a period of up to 12 months. The key is used as a proof of consent and to verify that the consent status saved in the End User's browser is unchanged from the original consent sent to Miglior Materasso.
If you enable the Service's "All-inclusive Consent" feature to enable consent for multiple sites with a single End User submission, the Service will also save another unique, random ID with the End User's consent. If all of the following criteria are met, the key will be stored in encrypted form in a third-party cookie, named "CookieConsentBulkTicket" on the End User's browser:
Customer enables the all-inclusive consent feature in the Service configuration.
End User accepts third-party cookies from the browser settings.
End User has disabled the "Do Not Track" feature from the browser settings.
The End User accepts all types of cookies, or at least "preference" cookies when giving consent.
"System Generated Data".
The Service automatically creates and stores metadata based on other types of data, including:
Subscription data, such as start date, last invoice date, and the result of mandatory VAT number validation. Issued invoices are saved in order to allow access to them from the service management system.
definitions of cookies found when the Service scanned customer sites, including reports with the results of each scan.
aggregate statistical data on End User consents.
You may send instructions to Best Mattress ybot via configuration and/or perform relevant functions offered by the Service from the Service management system. If a specific instruction regarding personal data cannot be given via the Service management system, you may send such instructions to the company via the helpdesk from the "contact us" form.
The customer will be informed by Miglior Materasso about changes in the Service, such as implementation of additional features, by email, if he subscribes to Miglior Materasso's newsletter from the account settings page of the service management system.
3. For what purposes are the data provided used?
Every single data collected can be used for one or more of the following purposes:
to personalize the customer experience (the data provided helps Best Mattress to better meet the individual needs of each user);
to allow you to control the End Users' user experience and to allow the Service to automatically apply End User consent to other customer sites;
to improve our website (Miglior Materasso is constantly striving to improve the offers reported on our website, based on the data and comments we receive from users);
to identify the customer as a contracting party;
to enable the customer's secure login into the service management system on Migliormaterasso.it;
to establish a primary communication channel with the customer;
to allow Miglior Materasso to issue invoices with valid VAT and to process transactions (customer's information will not be sold, exchanged, transferred or provided to other companies for any reason without the customer's consent, except for the provision of the requested service);
to enable the automated management of subscriptions;
to produce and display Cookie Statements to End-Users, and to save and display the scan report to Customer;
To provide aggregate information about End Users' choices regarding the types of cookies accepted and to generate a graphical representation in the Service Management System; and/or
to send periodic emails (the email address provided for order processing may be used to send information and updates related to the same, as well as occasional news regarding the company (if the user gives consent), as well as updates or information regarding products or services, etc.).
If at any time you decide that you no longer wish to receive these emails, you can close your account by clicking on "Cancel my account" once you have logged in.
4. Legal Basis
4.1. General Data Protection Regulation (GDPR) in the EU
The processing of customer data is based on the consent provided or, on the fact that the processing is necessary for the performance of a contract in which the customer is a contracting party, or to take the necessary measures prior to the conclusion of the contract at the request of the customer. (see Art. 6(1)(a)-(b) of the GDPR).
If the processing is based on the user's consent, the user may revoke this consent at any time using the contact data set out in Article 1.
In order to proceed with the stipulation of a contract regarding the purchase of Miglior Materasso products, it is necessary to provide the company with the requested personal data. Should all the requested data not be provided, it will not be possible to provide the Service.
4.2. Compliance with the California Online Privacy Protection Act
Since Miglior Materasso takes the privacy of its customers very seriously, we have taken all the necessary measures to operate in compliance with the data protection law in force. Therefore, the company will not hand over any personal data to third parties without the customer's express authorization, except for the cases contemplated in article 7 above.
In accordance with the "Data Protection Act" in force, all users of our site have the right to modify their data at any time by accessing the "Profile" page of their account.
4.3. Compliance with the Children's Online Privacy Protection Act (COPPA)
Miglior Materasso complies with the requirements of the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under the age of 13. Our website and our products and services are directed to persons 13 years of age or older.
5. How is customer data protected?
Miglior Materasso implements the following technical, physical and organizational measures to protect the customer's personal data from accidental or unauthorized destruction, accidental loss or alteration, unauthorized use, modification, disclosure or access, and from all other forms of unlawful processing.
The Service utilizes the extensive capabilities of the cloud environment to ensure high availability, such as full redundancy, load balancing, automatic scaling capability, continuous data backup, and geo-replication and traffic management to address geographic "failovers" caused by data center level disasters. All failover mechanisms are fully automated.
No personal data is permanently stored outside of Miglior Materasso's cloud platforms. Physical security is managed by Miglior Materasso's subcontractor (see Article 7). Microsoft's data centers comply with industry standards, including ISO 27001 for physical security and availability, e.g., using 24-hour security staff, two-factor access control using biometric and card readers, barriers, fencing, security cameras, and other measures.
To ensure integrity, all data transfers are encrypted following best practices for protecting confidentiality and data integrity. For example, all credit card data provided is transmitted using Secure Socket Layer (SSL) technology, and then encrypted on our payment gateway provider's database, which is only accessible by those who are authorized to access such systems and subject to a confidentiality bond with respect to such data.
For data in transit, the Service uses industry standard transport protocols between devices and Microsoft's datacenters and within the datacenters themselves.
All personnel are subject to a confidentiality obligation, and any subcontractors and sub-subcontractors must sign a confidentiality agreement if such obligation is not part of the signed Contract between the parties.
Access to personal data by authorized personnel shall be made only via an encrypted connection. When a database is accessed, the IP address of the person accessing the data must be pre-authorized in order to gain access.
Any device used to access personal data is login protected by Best Mattress' Azure Active Directory (AAD), Microsoft's cloud-based identity and access management service. In addition, the device has Miglior Materasso's enterprise antivirus solution installed. Should personal data be saved temporarily on a device, the device's storage space must use advanced encryption.
On-site devices on which personal data is temporarily saved are kept in a safe, except when not actively used or relocated under constant supervision. Personal data is never stored on mobile devices such as USB drives and DVDs.
Miglior Materasso will always keep the customer informed of changes in the processes of privacy protection and data security, including practices and policies. At any time it is possible to ask for information on where and how data are saved, used and protected. Best Mattress will also provide a summary of the outcome of independent audits of the Service.
Access to personal data is normally blocked by a zero privilege policy. Access to personal data is limited to individually authorized personnel. Cybot's security and privacy officer issues authorizations and maintains a record of authorizations provided. Authorized personnel are provided minimal access based on actual need through our AAD.
5.6. Ability to intervene
Best Mattress provides users with rights of access, rectification, deletion, blocking, and objection, mostly by providing built-in data management features in the service management system, offering the option to send instructions to the Best Mattress helpdesk, and informing and offering the customer the ability to object when Best Mattress intends to implement changes to relevant practices and policies.
via email with information about the extent of the breach, the data affected, any impact on the Service, and Best Mattress' plan of action with measures to secure the data, and limit any adverse effects on personal data.
"Personal Data Breach" means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.
6. How cookies are used
7. Does the company disclose data to third parties?
Miglior Materasso does not sell, trade or transfer in any way its customers' personal data to third parties.
The above does not apply to trusted third parties or contractors who provide assistance in the management of our site and our activity or who provide services to the user. These trusted parties will have access to your personal information whenever necessary and will be contractually obligated to keep it confidential.
In addition, we may be required to disclose information in order to comply with applicable state law, to enforce the terms of your use of our website, or to protect our or others' rights, property, or safety. However, we may disclose non-personal information to third parties for marketing, advertising, or other uses.
7.1. Trusted Subcontractors/Third Parties
The cloud services subcontractors we engage follow and are audited against ISO/IEC 27001 standards. The primary subcontractor, OVH, has adopted the International Code of Practice for Cloud Privacy, ISO/IEC 27018. Subcontractor E-conomic International A/S is certified to the International Standards on Assurance Engagements 3000 (ISAE 3000).
Best Mattress will monitor subcontractors' and subcontractors' compliance with these standards and audits to ensure that data protection obligations are met.
All desired changes concerning the addition or replacement of subcontractors or sub-subcontractors handling personal data will be announced to the client with at least 3 months notice. The client retains the right to object to such changes or to terminate the contractual relationship with Miglior Materasso.
7.2. Disclosures required by law
Miglior Materasso will not disclose the client's data to public security authorities, except for cases in which it has been authorized by the client or is obliged to do so by law. When the authority makes a legitimate request to access customer data to Miglior Materasso, the company will try to limit the disclosure. In particular, Miglior Materasso will only release specific data to the extent required by law.
If obliged to disclose the data, Miglior Materasso will inform the customer and provide a copy of the request unless expressly prohibited by law.
8. Links to third parties
Occasionally, at its discretion, the company may present on its site links to third parties, such as suppliers of products or services (such as partner couriers). These third party sites have different privacy policies that are independent of ours. Therefore, the company disclaims any responsibility for the content or activities of such linked sites. Nonetheless, we are committed to protecting the integrity of our site at all times, and we welcome any comments you may have on such sites.
9. Where does the company store data?
No saved data will be subject to backup or transfer and recovery by Miglior Materasso outside the European Union.
9.1. Location of personal data
All data are saved in databases and file repositories on OVH data centers at Miglior Materasso's cloud vendor. All data is automatically replicated in real time to secondary hot failover databases and file repositories in data centers located in CE Europe.
Databases are continuously backed up to allow for anytime recovery with a 35-day retention period. Backups are stored on data storage spaces in the same geographic location as the database.
A copy of account data is also stored at Miglior Materasso's cloud accounting system, Siriocloud by the company Carnova Srls.
10. Access assistance, data portability, migration and transfer
You can ask Miglior Materasso for confirmation of the processing of your personal data at any time.
10. Access assistance, data portability, migration and transfer
You can request confirmation at any time from Miglior Materasso regarding the processing of your personal data.
At any time you can request a complete copy of your data, which you can transmit to another data controller. The data will be delivered within 10 working days by Miglior Materasso in the form of a Microsoft Excel spreadsheet. The logical relationships between the different data sets will be preserved with unique identifiers. Upon delivery of each copy of the data a payment of 1000 € + applicable taxes is required.
11. Request for rectification, restriction or deletion of personal data
The rectification of inaccurate personal data concerning the customer can be obtained without undue delay at any time (see Article 5.6).
11.2. Limitation of the processing of personal data
At any time the client may request that Miglior Materasso limits the processing of personal data in one of the following cases:
if the accuracy of the personal data is contested, for a period of time that allows Miglior Materasso to verify the accuracy of the same;
If the processing is not lawful and the client objects to the deletion of the personal data and instead requests a restriction on its use; or
if Best Mattress no longer needs the personal data for the purpose of processing, but the same are required by the client for the establishment, exercise or defence of legal claims.
The client may, without undue delay, request the deletion of his personal data, and Miglior Materasso will delete his personal data, without undue delay upon the occurrence of one of the following conditions
if the personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
If you withdraw the consent on which the processing is based, and where there is no other legal obligation for the processing;
if you object to the processing, where the processing is related to direct marketing purposes;
if the personal data have been processed unlawfully; or
if the personal data must be deleted in accordance with a European or national legal obligation.
12. Data Retention
12.1. Data Retention Policy
For tax purposes, account data will be retained for up to five full fiscal years after the customer's termination of Service.
Configuration data and system-generated data will be deleted immediately if the customer terminates the Service.
End User data will be deleted on an ongoing basis 12 months after registration and immediately if Customer terminates the Service.
12.2. Data retention for legal purposes
Miglior Materasso cannot be required to change any predefined retention period, except for the cases provided for in article 11.3 on deletion, but it is possible to suggest changes according to the laws and regulations specific to the sector.
12.3. Return of data and/or deletion
No data, with the exception of account data, will be kept after the end of the contractual relationship. A copy of the data may be requested prior to termination. The client must not close the account linked to the Service until a copy has been delivered, since, by doing so, Best Mattress would be unable to deliver a copy of the data.
Miglior Materasso uses an extensive set of integrated logging and audit trail features provided by Microsoft on the OVH cloud platform. Best Mattress also logs all system updates, configuration changes, and access to provide an audit trail if unauthorized or accidental changes are made.
Miglior Materasso will collaborate with the customer in order to ensure compliance with applicable data protection regulations, e.g. to allow the customer to exercise subject rights (right of access, rectification, cancellation, blocking, opposition), to manage incidents, including forensic analysis in case of security breaches.
15. Terms and conditions of purchase
We invite you to consult the section "Terms and conditions of service" in which you will find information about the use, disclaimers and limitations of liability governing the use of our website www.migliormaterasso.it/it/content/termini-e-condizioni-di-uso-3.
16. User Consent
At any time, the client may file a complaint with a supervisory authority regarding the collection and processing of personal data by Miglior Materasso. In Italy it is possible to file a complaint with the Garante della Privacy, www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.
DISCLAIMER: In case you wish to report an error or inaccuracy in the English translation, please send an email through the "contact us" form.