Information pursuant to art. 13 and 14 of Regulation 2016/679 / EU

Why this notice?

MAYA S.r.l (Vat Number 11505120961) domicilies in Milan, via Tertulliano 32 (hereinafter also "MAYA" or "Owner") is committed to respecting and protecting your privacy and wants you to feel safe both while browsing the site and if you decide to provide us with your personal data to use the services made available. On this page the Data Controller intends to provide some information on the processing of personal data relating to users who visit or consult the website accessible electronically from the address (the "Site"). The information is provided only for the website of the Data Controller and not for other websites that may be consulted by the user via links (for which reference is made to the respective privacy policies / policies). The reproduction or use of pages, materials and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of the Owner. Copying and / or printing is permitted for personal and non-commercial use only (for requests and clarifications, contact the Data Controller at the addresses indicated below). Other uses of the contents, services and information on this site are not permitted.

Navigation data

The Data Controller informs that the personal data you provided and acquired at the same time as the request for information and / or contact, but also the so-called data only of "navigation" of the site by Users, will be treated in compliance with the applicable legislation. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the "IP addresses" or domain names of the computers used by users who connect to the site. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the Data Controller's website. It should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the website of the owner or other sites connected or linked to it.

Data provided by the user

The Data Controller collects, stores and processes your personal data in order to provide the products and services offered on the Site, or for legal obligations. We point out that you may access the Site or connect to areas where you may be enabled to publish information using blogs or message boards, communicate with others, for example coming from the Owner's page on Facebook®, Instagram®, Linkedin® and other social network sites, review products and offers and post comments or content. Before interacting with these areas, we invite you to carefully read the General Conditions of Use taking into account that, in certain circumstances, the information published can be viewed by anyone with access to the Internet and all the information you include in your publications can be read, collected and used by third parties.

Purpose of the processing and legal basis

The data are processed for the purposes:
1) strictly connected to the use of the related services, to the management of contact requests or information;
2) for ancillary activities related to the management of User / Customer requests and the sending of feedback which may include the transmission of promotional material; for the completion of the purchase order for the products and services offered;
3) related to the fulfillment of obligations under EU and national regulations, the protection of public order, the detection and prosecution of crimes.

The Data Controller also processes the data for activities of: The provision of data for the purposes referred to in points 1), 2) and 3), connected to a pre-contractual and / or contractual phase or functional to a user's request or provided for by a specific regulatory provision, is mandatory and, in defect, it will not be possible to receive information and access any services requested. The Data Controller may send commercial communications relating to products and / or services similar to those already provided, pursuant to Directive 2002/58 / EU, using the e-mail coordinates, or the paper ones, indicated by you on such occasions to which you can object with the methods indicated at the bottom of the communication or at the addresses indicated below for the exercise of the rights pursuant to art. from 15 to 22 of the GDPR.

Methods, logic of treatment, storage times and security measures

The processing is also carried out with the aid of electronic or automated means and is carried out by the Data Controller and / or by third parties which the same can use to store, manage and transmit the data. The data processing will be carried out with the logic of organization and processing of your personal data, also relating to the logs originating from the access and use of the services made available via the web, of the products and services used related to the purposes indicated above and, in any case, in a manner to guarantee the security and confidentiality of the data. The personal data processed will be kept for the times provided for by the legislation in the applicable time. Again with regard to data security, in the sections of the website set up for particular services, where personal data is requested from the navigator user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encodes the information before it is exchanged via the Internet between the user's computer and the central systems of SF, making it incomprehensible to unauthorized persons and thus guaranteeing the confidentiality of the information transmitted. Precisely with reference to the protection aspects of personal data, the Customer is invited, pursuant to art. 33 of the GDPR to report to the Data Controller any circumstances or events from which a potential "breach of personal data (data breach)" may arise in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to


A cookie is a short string of text that is sent to your browser and, possibly, saved on your computer (alternatively on your smartphone / tablet or any other tool used to access the Internet); such sending generally occurs every time you visit a website. The Owner uses cookies for various purposes, in order to offer you a fast and secure digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the site. The cookies stored on your terminal cannot be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your e-mail address. Each cookie is unique in relation to the browser and device you use to access the Website. Generally, the purpose of cookies is to improve the functioning of the website and the user experience in using it, even if the cookies they can be used to send advertising messages. For more information on what cookies are and how they work, you can consult the “All about cookies” website For detailed information on Cookies, read below.

Areas of communication and data transfer

For the pursuit of the aforementioned purposes, the Data Controller may communicate and have the personal data of users / customers processed in Italy and abroad by third parties with whom we have relationships, where these third parties provide services at our request. We will provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data. In this case, the recipients of the data will be subjected to protection and security obligations equivalent to those guaranteed by the Data Controller. In any case, only the data necessary for the pursuit of the intended purposes will be disclosed and the guarantees applicable to data transfers to third countries will be applied, where required. Furthermore, personal data may be communicated to the competent public subjects and authorities for the purposes of compliance with regulatory obligations or to ascertain responsibility in the event of computer crimes against the site as well as communicated to or allocated to third parties (as managers or, in the case of suppliers of electronic communication services, autonomous owners), who provide IT and telematic services (eg: hosting, management and development of websites) and which the Data Controller uses for the carrying out tasks and activities of a technical and organizational nature that are instrumental to the functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Managers appointed for this purpose by the Data Controller.

Personal data may also be known by the Data Controller's employees / consultants who have been specifically appointed as Data Processors.

The categories of recipients to whom the data may be communicated is available by contacting MAYA at the addresses indicated below.

Rights of interested parties

You can exercise at any time the rights that are recognized by the law, including:
a) to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
b) to obtain without delay the correction of inaccurate personal data concerning you;
c) to obtain, in the cases provided for, the cancellation of your data;
d) to obtain the limitation of the treatment or to oppose the same, when possible;
e) to request the portability of the data you have provided to MAYA, i.e. to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another owner, within the limits and with constraints provided for by art. 20 of the GDPR;

Furthermore, you can lodge a complaint with the Guarantor for the Protection of Personal Data pursuant to art. 77 of the GDPR.

The Data Controller and the Personal Data Protection Officer

The Data Controller is MAYA S.r.l (Vat Number 11505120961) domicilies in Milan, via Tertulliano 32 - ITALY.
To exercise your rights you can write to the following address:
• Via Tertulliano 32 - 20137 Milan – ITALY

The use of the Website, including those intended for tablets and / or smartphones, by the Customer and / or the User implies full knowledge and acceptance of the content and any information included in this version of information published by the Owner in the when the site is accessed. The Owner informs that this information can be changed without notice and therefore recommends a periodic reading.

This privacy statement was updated on February, 6th, 2021.