Last updated 09 April 2022
Magic Checkout Srl undertakes to process your data in accordance with the general regulation on data protection (EU) 2016/679 better known as "GDPR". In particular, the processing of personal data carried out by Magic Checkout Srl will be based on compliance with the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
Important information and who we are.
Magic Checkout Srl (hereinafter also "Magic", "Company", "we", "us" or "our") acts as data controller and is responsible for your personal data. Magic is a company of the Scalapay group.
We have appointed an external data protection officer (the "Data Protection Officer" or "DPO") who can be contacted by the interested parties, to receive answers regarding the processing of personal data implemented by the owner, at the following address: dpo @ magiccheckout.com
Our contact details (data controller)
Magic Checkout Srl Via Giuseppe Mazzini 9, 20123
Milan - Italy
Contact of our data protection officer
If Magic Checkout Srl or the DPO have not replied to you within 30 (thirty) days or if you are not satisfied with their replies, you can write to us for further clarification. Furthermore, we remind you that you have the right to lodge a complaint with the Data Protection Authority:
Guarantor for the protection of personal data
Piazza Venezia, 11
Your duty to notify us of changes
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.
Third Party Links
This website ( https://www.magiccheckout.com/ ) may include links to third party websites (for example the merchant website on which you purchase products / services), by clicking on such links or
If you do not provide your personal data
If we need to collect personal data by law or under the terms of a contract we have with you and you are unable to provide such data when requested, we may not be able to perform the contract we have or are trying to enter into with you. (for example, to provide you with goods or services). In this case, we may be forced to cancel the relationship you have with us, but we will notify you if necessary.
What personal information do we collect from customers?
The personal data we collect is subject to the use of our website and / or our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time you visit one of our web pages, the type and settings of your browser, your operating system, the last web page you visited. , the data transmitted and the access status, and your IP address.
If you use our services, personal data is necessary for the purpose of fulfilling the contract or providing the service, which may exist between you and our organization.
For customers / consumers:
For our customers / companies:
When you fill out our online form to contact our sales team or customer support, we may ask you:
- The corporate email of a company employee.
- Business phone number of a company employee.
- Name and surname of a company employee.
- A copy of the identity card or other document of the owner and legal representative of the company.
- A copy of the tax code of the owner and of the legal representative of the company.
What do we do with your personal data?
We process personal data only for the purpose for which it was collected.
To facilitate the understanding of the purposes, legal bases and conditions under which we process the data, we provide below a table containing the categories of personal data processed and the purpose of the processing (the purpose). We also indicate the "legal basis" that authorizes all processing and confers lawfulness on it.
We may use your personal data for other purposes, including marketing and communications, but this will only happen if we have your consent or another legal basis for doing so.
We process and store personal data for the purposes, periods and legal basis indicated in the table below.
We limit the amount of personal data collected to only what is necessary for the purpose for which it is collected, as described below. We limit, protect and control all of our IT assets against unauthorized access, damage, loss or destruction, whether physical or electronic. We keep personal data only for the time described below, to respond to your requests, or longer if required by law. If we keep your personal data for historical or statistical purposes, we make sure that the personal data cannot be used further. While in our possession, with your help, we try to maintain the accuracy of your personal data.
See Table 1 on the last page
Some of our third parties are based outside the EU so the processing of your personal data may involve a transfer of data outside the EU.
Whenever we transfer your personal data outside the EEA, we ensure a level of protection similar to that found within the EU, by making sure that at least one of the following safeguards is implemented:
• Adequacy measures: when we will transfer personal data to countries that have been deemed capable of providing an adequate level of personal data protection by the European Commission;
• Standard contractual clauses: in the absence of adequacy measures, we will use specific contracts approved by the European Commission, aimed at guaranteeing the same protection of personal data as envisaged within the European territory.
Who can we share your personal data with?
We may share your personal data with the categories of recipients listed below, for the purposes listed below. Exactly which recipients we share your personal data with and for what purposes will depend on the services you use. In doing so, we take all reasonable contractual, legal, technical and organizational measures to ensure that your personal data is treated with an adequate level of protection.
Suppliers and subcontractors. Magic Checkout Srl may share personal data with suppliers and subcontractors that we use to provide you with the services. Suppliers and subcontractors are companies that are authorized to process only the personal data they receive from Magic Checkout Srl. Examples of such suppliers and subcontractors are software and data storage providers, payment processing services and business consultants.
Payment Service Providers ("PSP") : PSPs provide online services to stores for accepting electronic payments through a variety of payment methods including credit card, bank payments such as direct debit, etc.
How long will we use your data?
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, as set out in the "What we do with your personal data" section, including to meet legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the quantity, nature and sensitivity of personal data, the potential risk of harm resulting from the unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes by other means, and the applicable legal requirements. You can find more information on the retention period in Table 1 .
Your legal rights
In certain circumstances, you have rights under data protection laws in relation to your personal data. We briefly describe these rights below:
2: Request access to your personal data (commonly known as "data subject access request") **: This allows you to receive a copy of the personal data we hold about you and to verify that we are processing it legitimately.
3: Request the rectification of your personal data: This allows you to have any incomplete or inaccurate data we have about you corrected, although we may need to verify the accuracy of the new data you provide to us.
4: Request the deletion of your personal data: This allows you to ask us to delete or remove your personal data when there is no good reason to continue processing it. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information illegally or when we are required to delete your data. personal to comply with local law. Please note, however, that we may not always be able to fulfill your cancellation request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
5: Object to the processing of your personal data: When we use a legitimate interest (or those of a third party) as a legal basis and there is something in your particular situation that prompts you to object to the processing as you believe it has an impact about your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. In some cases, we can demonstrate that we have legitimate interests in processing your information that override your rights and freedoms
6: Request the restriction of the processing of your personal data: This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; or (b) if you have objected to our use of your data but we need to check if we have overriding legitimate reasons for using it
7: Request the transfer of your personal data to you or a third party: We will provide you, or a third party of your choice, with your personal data in a structured, commonly used and readable format. Please note that this right only applies to automated information that you initially consented to use or where we used the information to perform a contract with you.
8: Withdraw consent at any time when we rely on consent to process your personal data **: However, this will not affect the lawfulness of any processing carried out prior to the withdrawal of consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will notify you if this is the case when you withdraw your consent.
How can you access your personal data?
If you want to make a request to see what personal data we hold, you can make a request by sending an email to email@example.com .
If you have previously given your consent to the processing of your personal data, you also have the right to request that we take or transfer your personal data to a different service provider or to yourself if you wish.
Where it has been necessary to obtain your consent to use your personal data, at any time, you have the right to withdraw that consent. If you withdraw your consent, we will cease to use your personal data without prejudice to the lawfulness of the processing based on consent prior to your withdrawal.