IT

Privacy Policy

Holliday and Brown
Information notice pursuant to Article 13 of EU Regulation 679/2016 (hereafter "GDPR")

 

Why are we providing this information?
This page describes how your personal data is processed. It is an information notice provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter ‘GDPR’).

Personal Data That May Be Processed
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); a natural person is considered identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Recitals 26, 27, 30 GDPR).

Navigation Data
The IT systems and software procedures supporting the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified data subjects, but which, by their nature, could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

Data Provided by the Data Subject
The optional, explicit, and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms results in the subsequent acquisition of the sender’s address necessary to respond to the requests, as well as any other personal data provided.

Information on the Processing of Personal Data via Social Media Platforms
Regarding the processing of personal data carried out by the operators of the Social Media platforms used by the Data Controller, reference should be made to the information provided by them through their respective privacy policies. The Data Controller processes the personal data provided by users through the Social Media platform pages dedicated to it, to manage interactions with users (comments, public posts, etc.) and in compliance with applicable law.

Specific Information
Specific information notices will be provided on the website pages in relation to services or data processing activities.

How to purchase products on this website?
Please refer to the Terms and Conditions of Sale.

Cookies

What are cookies? what are cookies used for?
Cookies are small text files that websites visited by users send to their devices, where they are stored and later retransmitted to the same websites upon subsequent visits. So-called “third-party” cookies, on the other hand, are set by a website different from the one the user is visiting. This occurs because each website may contain elements (images, maps, sounds, specific links to web pages on other domains, etc.) that reside on servers other than the visited site’s server. Cookies are used for various purposes: performing authentication, monitoring sessions, storing information about specific configurations regarding users accessing the server, saving preferences, and so on. For more information about the cookies used on this website, please refer to the cookies policy provided in the website footer and at the following link.

1. Who is the data controller? how to contact them?
The Data Controller is MANTERO SETA SPA, with its registered office in Via R. Mantero 15 - 22070 Grandate (CO), Tax code/VAT no. 02387120138, in the person of its acting legal representative. Contact details of the Data Controller: e-mail privacy@mantero.com.

2. Purposes of processing, legal basis, data retention period, nature of data provision

PURPOSES OF PROCESSING

LEGAL BASIS

 

 

DATA RETENTION PERIOD

 

NATURE OF DATA PROVISION

WEBSITE NAVIGATION: allowing the user to browse this website.

The data necessary for the use of the web services are also processed for the purposes of:

  • obtaining statistical information on the use of the services (most visited pages, number of visitors by hourly or daily intervals, geographic areas of origin, etc.).
  • monitoring the correct functioning of the services offered.

Data will also be used to establish responsibility in the event of alleged computer crimes against the website.

The processing is necessary for the purposes of the legitimate interests of the Data Controller or of third parties, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, taking into account the reasonable expectations of the data subject and the activities strictly necessary for the operation of the website and for browsing itself

(Art. 6(1)(f) and Recital 47 GDPR).

For the duration of the browsing session. See the section on cookies.

Providing this data is necessary for browsing the website.

For the use of cookies and similar technologies, please refer to the Cookies Policy in the footer.

For the use of cookies and similar technologies other than technical cookies, the processing is based on the user’s consent, expressed through the banner and managed in accordance with the Cookie Policy available on the website footer.

For the use of cookies please refer to the Cookies Policy in the footer.

Please refer to the Cookies Policy in the footer.

 

In addition to what is specified for website navigation, personal data will be processed for the following purposes:

PURPOSES OF PROCESSING

LEGAL BASIS

DATA RETENTION PERIOD

NATURE OF DATA PROVISION

A) Contacts, information requests, and customer care: through the contact details provided on our website, we will collect and respond to your requests, providing you with assistance with any needs related to the use of this e-commerce site, the purchase of our products, and the use of our services.

 

The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR).

30 days.

Processing is necessary. Failure to provide the required data will make it impossible to conclude and execute the purchase contract for the goods offered by the Data Controller.

B) Online purchases and related administrative-accounting activities (e.g., order management, invoicing, payments, shipment processing and handling of possible returns, management of possible receivables, and related pre-contractual/contractual obligations).

 

The processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request (Art. 6(1)(b) GDPR).

10 years from the purchase for Administrative and Accounting Purposes.

Processing is necessary. Failure to provide the required data will make it impossible to conclude and execute the purchase contract for the goods offered by the Data Controller.

C) Softspam: commercial/promotional information activities, including newsletters sent by e-mail to the address you provided at the time of purchase, concerning the same type of product and/or services like the product/service purchased – pursuant to Article 130(4) of Legislative Decree 196/03 / legitimate interest (Art. 6(f) GDPR), unless you object.

The processing is necessary for the purposes of the legitimate interest of the Data Controller in sending promotional commercial communications via e-mail to the address provided at the time of purchase, concerning the same type of product and/or service (Soft Spam) similar to the product/service purchased, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, taking into account the reasonable expectations of the data subject (customer) based on their relationship with the Data Controller

(Art. 6(1)(f) and Recital 47 GDPR).

Until objection.

Providing this data is necessary at the time of purchase and, subsequently, for sending so-called Soft Spam communications. As a data subject, you have the right to object at any time to the processing of your data for the stated purpose, and you will no longer receive such communications. Any objection, even after receiving these e-mail communications, will not affect the contract or any other processing purposes.

D) Prevention and handling of disputes and other legal matters, as well as defense in case of litigation.

The processing is necessary for the purposes of the legitimate interest of the Data Controller in protecting its rights, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data

(Art. 6(1)(f) and Recitals 47–50 GDPR).

Unless you object, for the time necessary for legal defense and, subsequently, for 10 years.

Providing this data is necessary.

 

Any objection must be balanced against the legitimate interest of the Data Controller as indicated in the purposes described in this section.

E) Management of requests regarding personal data protection and requests from other data subjects, pursuant to arts. 15 et seq. of the gdpr (data subject rights).

The processing is necessary to comply with a legal obligation to which the Data Controller is subject (Recital 45).

Art. 6(1)(c) GDPR.

5 years from the closure of the request, unless there are ongoing disputes.

Providing personal data is necessary, as it is essential to comply with legal obligations (handling your request in accordance with the law).

 

3. To whom will personal data be disclosed?
Your personal data may be disclosed, also based on the purposes specified in particular areas, to entities that will process the data as independent Data Controllers or Data Processors (Art. 28 GDPR), and to natural persons (Art. 29 GDPR) acting under the authority of the Controller and/or Processors based on specific instructions regarding the purposes and methods of processing, for specific purposes according to the relevant area. Data will be disclosed to recipients based in Italy, belonging to the following categories:

  • Entities providing services for the management of the website and communication networks, including e-mail, hosting and website management, newsletter systems, etc.
  • Freelancers, professional firms, or companies helping and consultancy services.
  • Entities provide services for the management of the activities mentioned for the purposes above.
  • Payment service providers (e.g., PayPal).
  • Commercial partners of the Data Controller, entities within the distribution network, and service and logistics companies, including couriers.
  • Competent authorities for compliance with legal obligations and/or directives from public bodies, upon request.

The list of Data Processors is constantly updated and available by writing to privacy@mantero.com or to the other contact details provided above.

4. Will the data provided be transferred outside the european economic area (eea)?
The personal data provided for the purposes indicated above will be transferred abroad to non-EEA countries in compliance with the limits and conditions set out in Articles 44 et seq. of the GDPR. In particular, the Data Controller has decided to rely on providers that offer appropriate safeguards, specifically Ovosodo. More information could be found on the following link: www.ovosodo.net.
Regarding payment, the personal data you provide on the designated platform will be transferred abroad to non-EEA countries in compliance with the limits and conditions set out in Articles 44 et seq. of the GDPR. In particular, the Data Controller has decided to rely on providers offering adequate safeguards, specifically PayPal. For more information’s click here: www.paypal.com.
You may obtain a copy of the terms governing the transfer by contacting the Data Controller at the e-mail address privacy@mantero.com.

5. What are your rights? how can you exercise them?
You may exercise your rights as provided under Articles 15 et seq. of the GDPR by contacting the Data Controller at the e-mail address privacy@mantero.com or at the other contact details provided above. You have the right, at any time, to request access to your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), or restriction of processing (Art. 18). The Data Controller communicates (Art. 19) to each recipient to whom personal data has been disclosed any rectifications, erasures, or restrictions on processing carried out pursuant to Articles 16, 17(1), and 18 GDPR. The Data Controller will inform the data subject of these recipients upon request. Furthermore, in cases provided for specific forms in certain areas, you have the right to data portability (Art. 20), and in such cases your data will be provided in a structured, commonly used, and machine-readable format. You also have the right to object (Art. 21), at any time, to the processing of data based on legitimate interest, and for processing based on this legal basis, you may request information on the balancing test conducted by the Data Controller. In addition, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Please refer to the specific information notices applicable to data processing in specific areas. If you believe that the processing of personal data by the Data Controller violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or to seek redress through the competent judicial authorities.

6. Changes to the policy
The Data Controller reserves the right to modify, update, add, or remove parts of this privacy notice. To facilitate review and verification of the text, the notice will include the date of the latest update.

Last update: 21.01.2026