PRIVACY POLICY

Information pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council and applicable law

1. Data Controller and Data Protection Officer
The Data Controller is The Makeover Group, headquartered at Piazza del Tiratoio 2/r, 50124, Florence, VAT number 07406690482, R.E.A. number FI - 701180, email: hello@yourtmg.com, acting as Data Controller through its legal representative. The Controller is obliged to guarantee the confidentiality of information acquired from clients or held due to its activities, and in any other case where current regulations require or allow disclosure, including following explicit consent given by the data subject.
In its activities, it collects and processes personal data of users (the “Data Subjects”) also through the website www.tmgbooks.com (hereinafter “the Site”)... Following a policy of transparency and fairness pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”), we inform you that the personal data you provide may be processed in compliance with national and EU legislation regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (“Applicable Law”).
The Controller has appointed, pursuant to Articles 37 et seq. GDPR, a Data Protection Officer (“DPO”) Alessandro Badalamenti, reachable at the email address hello@yourtmg.com.

2. Purposes and Methods of Processing – Data Retention Periods

2.1 The Controller processes the personal data of Data Subjects collected on the Site lawfully, proportionately, necessarily, and fairly, for the following purposes:
a) Institutional purposes connected or instrumental to The Makeover Group’s activity, such as: mediating, concluding, managing, and executing contracts related to commercial activity; providing, upon request of the Data Subject, information related to purchases; providing information related to the provision of services requested by Data Subjects and related to services offered by the Controller;
b) Compliance with legal obligations: regulations, Italian, EU, or international laws; execution of orders from Authorities and Supervisory Bodies of the commercial system and competent authorities;
c) Subscription to newsletters: Data Subject’s request to receive communications from The Makeover Group about commercial offers and new products;
d) Communication and commercial purposes: promotion and advertising in general, including sending newsletters, marketing, direct sales via letters, phone, email, SMS, MMS, etc.;
e) Research and profiling purposes: conducting surveys regarding customer/member satisfaction of The Makeover Group; research and statistical processing, even anonymously, as well as market studies and research, profiling users also with electronic tools;
f) Communication, transfer, or licensing of data to third parties so they may carry out, regarding their own and/or third-party services/products to which data may be communicated (becoming independent data controllers), marketing activities by any means, market research, studies and statistics, direct sales, user profiling, satisfaction surveys, promotion, and advertising. The legal basis for this processing is the consent of the Data Subject.
Data processing operations such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination, or any other form of making available, comparison or interconnection, limitation, deletion, or destruction are carried out both manually and electronically, and such data are stored in an electronic database dedicated to fulfilling the above obligations and purposes.
Personal data contained in the automated IT system, as well as those stored in the Controller’s electronic archives, are processed in compliance with current legislation and GDPR security measures to minimize risks of destruction, loss, alteration, unauthorized disclosure or access, accidental or illegal, or processing not compliant with the purposes of collection.
Personal data are also retained for the time necessary to achieve the above purposes and to comply with legal obligations imposed for the same purposes.

3. Types of Data Processed
The data collected and processed by the Controller may include: personal identification data, tax code, phone number, email address, etc., insofar as necessary for the activities of The Makeover Group or to request services offered by the Controller and/or any third parties connected to it as specified in point 6 and for the purposes described in point 2 above.

4. Provision of Data and Consent to Processing
Providing data for the purposes indicated in points (a), (b), and (c) of paragraph 2 is mandatory, and failure to provide such data will prevent the Data Subject from obtaining the requested services. Consent for purposes indicated in points (d), (e), and (f) is optional.
Failure to provide consent for points (d), (e), and (f) will result in:
(i) impossibility for the Data Subject to receive informational and/or commercial communications about products and/or services of The Makeover Group or third parties;
(ii) impossibility for The Makeover Group to analyze the consumption habits of the Data Subject to develop and send specific offers based on their preferences.
It is noted that if the Data Subject receives promotional communications from third parties, these third parties must provide their own information notice – for which The Makeover Group is not responsible – including the origin of the personal data communicated to them, i.e., that it comes from The Makeover Group, so that the Data Subject can also contact The Makeover Group to object to processing pursuant to Article 21 GDPR.
Third parties must also provide the User with an appropriate contact (e.g., an email address) to exercise their GDPR rights quickly, economically, and effectively.

5. Cookies
Cookies are text files stored on the user’s device via the browser, allowing the use of the Site, enabling the respective owner to collect information about the user and/or allowing the website operator to provide a better browsing experience.
Each cookie has its own validity period and may be automatically deleted when the browser closes or remain stored on the user’s device until a predetermined expiration (minutes, days, or years).
The Site uses proprietary cookies necessary for:
(i) transmitting communications over the internet between the Site and the user (“strictly technical cookies”);
(ii) improving the user’s browsing experience (“functionality cookies”);
(iii) providing services specifically requested by the user (“navigation cookies”);
(iv) conducting statistical analyses related to Site access (“analytics cookies”).
All these are considered “technical cookies” under the Italian Data Protection Authority’s general provision of May 8, 2014, no. 229.
The Site may also have third-party cookies (“third-party cookies”) for the above purposes and possibly for profiling the user to provide specific advertising related to their uses and needs and/or for statistical activities. The Controller disclaims any responsibility for these third-party cookies, which it does not own.
Through cookies on the Site, the Controller mainly collects aggregated statistical data generally not sufficient to identify the user. However, third parties, as independent controllers, may collect and process personal data of users through third-party cookies. The Controller disclaims responsibility for these treatments.
Users continuing to browse or closing the cookie banner accept the use of cookies.
Users can modify browser settings to block cookies, but blocking cookies may prevent navigation on all Site pages.
Instructions for modifying browser settings (Internet Explorer, Google Chrome, etc.) are provided.
Users can also delete saved cookies to revoke consent for proprietary cookies.
More information and options to disable third-party cookies are available on Google and Facebook pages. These services may use user data for commercial communication in various advertising forms, including banners, related to user interests. This does not mean all personal data are used for this purpose. Data and usage conditions are detailed in their respective privacy notices.
Some services may use cookies for user identification or behavioral retargeting (personalized ads based on interests and behavior detected even outside this website). For more information, consult the privacy policies of these services.

6. Scope of Data Communication – Transfer
6.1 For the above purposes, personal data may be communicated to:
(i) subjects for whom data transfer is necessary or functional to the Controller’s activities, companies providing services with which The Makeover Group has commercial agreements for executing and providing services requested by the Data Subject;
(ii) judicial authorities, supervisory authorities, or other subjects entitled to access such data by law or regulation;
(iii) auditing companies;
(iv) companies conducting surveys on service quality, customer satisfaction, new product offerings, marketing, and advertising;
(v) companies providing document archiving services related to customer relations.
6.2 Data for which consent has been given may be communicated, transferred, or licensed to natural or legal persons belonging to the above categories for the same purposes. These subjects will act as independent Data Controllers or external Data Processors.

7. Rights of the Data Subject
Pursuant to Articles 15 et seq. of the GDPR and applicable law, the User has the right, in addition to lodging a complaint with the Italian Data Protection Authority and revoking consent at any time, to:
a) obtain confirmation of the existence or not of personal data concerning them and receive such data in an intelligible form, in a structured, commonly used, and readable format with the possibility to transmit them to another controller (“Right to data portability”);
b) obtain information on:
(i) the origin of personal data, purposes and methods of processing, logic applied if processed with electronic tools;
(ii) identification details of the Data Controller, Data Processors, and Data Protection Officer;
(iii) subjects or categories of subjects to whom data may be communicated or who may become aware of them as designated representatives, processors, or appointees;
c) obtain:
(i) updating, rectification, or integration of data concerning them or, in case of dispute about data accuracy, limitation of processing for the time necessary for verification;
(ii) anonymization or blocking of unlawfully processed data, including data that must be kept for the purposes collected or subsequently processed;
(iii) certification that the above operations have been communicated to those to whom data were disclosed, unless impossible or disproportionate;
d) object, in whole or in part:
(i) to processing of data concerning them, even if relevant to the purpose of collection;
(ii) to processing of personal data for commercial information or direct marketing purposes.