Privacy Policy

Your data will be processed in the following ways and for the following purposes:

  1. Object of processing

The Controller processes personal, identifying and non-sensitive data (by way of example but not limited to, name, surname, address, telephone number, e-mail – hereinafter, ‘personal data’ or ‘data’) communicated by you when filling in contact forms via the Controller’s website www.stopbagsandgo.com (hereinafter, the ‘Site’), when taking part in opinion and approval surveys, when making online requests for clarifications or support.

  1. Purpose of processing
  1. Without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
  • Operate and maintain the Site;
  • Allow the use of any Services that may be requested;
  • Process a contact request;
  • Fulfil obligations required by law, regulation, EU legislation or an order from the Authority;
  • Prevent or detect fraudulent activity or abuse detrimental to the Site;
  • Exercise the rights of the Data Controller, such as the right to exercise a right in court.
  1. Treatment modalities

The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing, through the use of a website hosted on a Linux server managed by the company Hostinger. The Controller will process your personal data for the time necessary to fulfil the above purposes and in any case for no longer than 72 months from the termination of the relationship for the Service Purposes and for no longer than 24 months from the collection of the data for the Other Purposes.

  1. Security

The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, misuse or alteration. In particular: it has adopted the measures set out in Articles 32-34 of the Privacy Code and Article 32 GDPR; it uses the protected data transmission protocol known as HTTPS. Emails will be downloaded through servers with SSL certification.

  1. Access to data

Your data may be made accessible for the purposes set out in Articles 2.A) and 2.B):

  1. employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  2. to third party companies or other subjects (by way of example, website providers, cloud providers, service and payment providers, suppliers, hardware and software support technicians, forwarding agents and carriers, credit institutions, professional firms, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as data processors.
  1. Data Communication

Without your express consent (pursuant to Article 24 letters a), b) and d) of the Privacy Code and Article 6 letters b) and c) of the GDPR), the Data Controller may disclose your data for the purposes referred to in Article 2. Your data will not be disseminated.

  1. Data Transfer

The management and storage of personal data will take place in Europe, on servers/hosting/clouds located in Italy of the Data Controller and/or of third party companies appointed and duly appointed as Data Processors.

  1. Nature of data provision and consequences of refusal to answer

The provision of data for the purposes set out in Article 2.A) is obligatory. In their absence, we will not be able to guarantee the Services of Art. 2.A).

On the other hand, the provision of data for the purposes set out in Art. 2.B) is optional. You may therefore decide not to provide any data or to deny the possibility of processing data already provided at a later date: in this case, you will not be able to receive e-mail invitations to events, newsletters and opinion and approval surveys. In any event, you will continue to be entitled to the Services referred to in Section 2.A).

  1. Rights of the data subject

As a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR, namely the rights to:

  1. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and its communication in intelligible form;
  2. obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identity of the data controller, data processors and the representative designated pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing
  3. obtain: a) the updating, rectification or, where interested therein, integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  4. object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, as set out in point b) above, for direct marketing purposes by automated means extends to traditional marketing methods and that, in any event, the data subject’s right to object may be exercised even in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.

Where applicable, you also have the rights set out in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

  1. Methods of exercising rights

You may exercise your rights at any time by sending:

  • an email to info@stopbagsandgo.com
  • a PEC (certified electronic mail) to the addressmpmimmsrl@legalmail.it headed to MPM IMMOBILIARE S.R.L.
  1. Children

This Site and the Data Controller’s Services are not intended for children under 18 years of age and the Data Controller does not knowingly collect personal information from children. In the event that information about minors is unintentionally recorded, the Owner will delete it in a timely manner at the request of users.

  1. Owner, managers and appointees

The data controller is MPM IMMOBILIARE S.R.L. with registered office in Rome (RM), Via Francesco Crispi 24a, 00187 Roma.

The up-to-date list of data processors and persons in charge of processing is kept at the Data Controller’s head office.

  1. Amendments to this notice

This Information Notice is subject to change. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.

Information updated on 24-05-2025