Magic Checkout
Privacy Policy


Last updated 09 April 2022

Magic Checkout Srl respects your privacy and is committed to protecting your personal data. This privacy policy informs you about how we process your personal data when you use our services, or otherwise access our products and services, and informs you about your rights and how the law protects you.

Magic Checkout Srl undertakes to process your data in accordance with the general regulation on data protection (EU) 2016/679 better known as "GDPR". In particular, the processing of personal data carried out by Magic Checkout Srl will be based on compliance with the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.

Important information and who we are.

PURPOSE OF THIS PRIVACY POLICY

This privacy policy is intended to inform you about how Magic Checkout Srl treats your personal data following your access to our website https://magiccheckout.com , including the data you may provide when you sign up to use our services. , sign up for our newsletter, get in touch with our customer support team or participate in a promotion or survey.

It is important that you read this privacy policy together with any other information we may provide to supplement, update or deepen the information regarding the collection and processing of personal data. We will try to coordinate these information, so as to represent at all times the conditions applied to the processing of personal data, in the most transparent and easily accessible way for the interested party.

DATA CONTROLLER

Magic Checkout Srl (hereinafter also "Magic", "Company", "we", "us" or "our") acts as data controller and is responsible for your personal data. Magic is a company of the Scalapay group.

We have appointed an external data protection officer (the "Data Protection Officer" or "DPO") who can be contacted by the interested parties, to receive answers regarding the processing of personal data implemented by the owner, at the following address: dpo @ magiccheckout.com


Our contact details (data controller)

Magic Checkout Srl Via Giuseppe Mazzini 9, 20123

Milan - Italy

help@magiccheckout.com


Contact of our data protection officer

Email: dpo@magiccheckout.com

If Magic Checkout Srl or the DPO have not replied to you within 30 (thirty) days or if you are not satisfied with their replies, you can write to us for further clarification. Furthermore, we remind you that you have the right to lodge a complaint with the Data Protection Authority:


Guarantor for the protection of personal data

Piazza Venezia, 11

00187 Rome

Italy

protoccolo@gpdp.it

www.garanteprivacy.it

Your duty to notify us of changes

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.

Third Party Links

This website ( https://www.magiccheckout.com/ ) may include links to third party websites (for example the merchant website on which you purchase products / services), by clicking on such links or

by enabling them it is possible that third parties process your personal data; therefore, we invite you to refer to the privacy policy of these sites.

If you do not provide your personal data

If we need to collect personal data by law or under the terms of a contract we have with you and you are unable to provide such data when requested, we may not be able to perform the contract we have or are trying to enter into with you. (for example, to provide you with goods or services). In this case, we may be forced to cancel the relationship you have with us, but we will notify you if necessary.

What personal information do we collect from customers?

The personal data we collect is subject to the use of our website and / or our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time you visit one of our web pages, the type and settings of your browser, your operating system, the last web page you visited. , the data transmitted and the access status, and your IP address.

If you use our services, personal data is necessary for the purpose of fulfilling the contract or providing the service, which may exist between you and our organization.

We collect:

For customers / consumers:

  • Name and surname.
  • Email address.
  • Telephone number.
  • Delivery address.
  • Tax number (if applicable).
  • The last four digits of your credit card, card issuer and its expiration date.

For our customers / companies:

When you fill out our online form to contact our sales team or customer support, we may ask you:

- The corporate email of a company employee.

- Business phone number of a company employee.

- Name and surname of a company employee.

- A copy of the identity card or other document of the owner and legal representative of the company.

- A copy of the tax code of the owner and of the legal representative of the company.

What do we do with your personal data?

We process personal data only for the purpose for which it was collected.

To facilitate the understanding of the purposes, legal bases and conditions under which we process the data, we provide below a table containing the categories of personal data processed and the purpose of the processing (the purpose). We also indicate the "legal basis" that authorizes all processing and confers lawfulness on it.

We may use your personal data for other purposes, including marketing and communications, but this will only happen if we have your consent or another legal basis for doing so.

We process and store personal data for the purposes, periods and legal basis indicated in the table below.

We limit the amount of personal data collected to only what is necessary for the purpose for which it is collected, as described below. We limit, protect and control all of our IT assets against unauthorized access, damage, loss or destruction, whether physical or electronic. We keep personal data only for the time described below, to respond to your requests, or longer if required by law. If we keep your personal data for historical or statistical purposes, we make sure that the personal data cannot be used further. While in our possession, with your help, we try to maintain the accuracy of your personal data.


‍ ‍ See Table 1 on the last page


International Transfers

Some of our third parties are based outside the EU so the processing of your personal data may involve a transfer of data outside the EU.

Whenever we transfer your personal data outside the EEA, we ensure a level of protection similar to that found within the EU, by making sure that at least one of the following safeguards is implemented:

• Adequacy measures: when we will transfer personal data to countries that have been deemed capable of providing an adequate level of personal data protection by the European Commission;

• Standard contractual clauses: in the absence of adequacy measures, we will use specific contracts approved by the European Commission, aimed at guaranteeing the same protection of personal data as envisaged within the European territory.

Who can we share your personal data with?

We may share your personal data with the categories of recipients listed below, for the purposes listed below. Exactly which recipients we share your personal data with and for what purposes will depend on the services you use. In doing so, we take all reasonable contractual, legal, technical and organizational measures to ensure that your personal data is treated with an adequate level of protection.

Suppliers and subcontractors. Magic Checkout Srl may share personal data with suppliers and subcontractors that we use to provide you with the services. Suppliers and subcontractors are companies that are authorized to process only the personal data they receive from Magic Checkout Srl. Examples of such suppliers and subcontractors are software and data storage providers, payment processing services and business consultants.

Online shops. Magic Checkout Srl shares personal data with the online store you visit or from which you make a purchase. This is done in order to allow the store to administer your purchase and your relationship with the store, send you the goods, manage disputes and also to prevent fraud. Personal data shared with a store will be subject to the policies and practices contained in the store's privacy policy.

Payment Service Providers ("PSP") : PSPs provide online services to stores for accepting electronic payments through a variety of payment methods including credit card, bank payments such as direct debit, etc.

How long will we use your data?

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, as set out in the "What we do with your personal data" section, including to meet legal, accounting or reporting requirements.  

To determine the appropriate retention period for personal data, we consider the quantity, nature and sensitivity of personal data, the potential risk of harm resulting from the unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes by other means, and the applicable legal requirements. You can find more information on the retention period in Table 1 .

Your legal rights

In certain circumstances, you have rights under data protection laws in relation to your personal data. We briefly describe these rights below:

1: Be informed: Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. This privacy policy and our cookie policy satisfy this requirement.

2: Request access to your personal data (commonly known as "data subject access request") **: This allows you to receive a copy of the personal data we hold about you and to verify that we are processing it legitimately.

3: Request the rectification of your personal data: This allows you to have any incomplete or inaccurate data we have about you corrected, although we may need to verify the accuracy of the new data you provide to us.

4: Request the deletion of your personal data: This allows you to ask us to delete or remove your personal data when there is no good reason to continue processing it. You also have the right to ask us to delete or remove your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information illegally or when we are required to delete your data. personal to comply with local law. Please note, however, that we may not always be able to fulfill your cancellation request for specific legal reasons which will be notified to you, if applicable, at the time of your request.

5: Object to the processing of your personal data: When we use a legitimate interest (or those of a third party) as a legal basis and there is something in your particular situation that prompts you to object to the processing as you believe it has an impact about your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. In some cases, we can demonstrate that we have legitimate interests in processing your information that override your rights and freedoms

6: Request the restriction of the processing of your personal data: This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; or (b) if you have objected to our use of your data but we need to check if we have overriding legitimate reasons for using it

7: Request the transfer of your personal data to you or a third party: We will provide you, or a third party of your choice, with your personal data in a structured, commonly used and readable format. Please note that this right only applies to automated information that you initially consented to use or where we used the information to perform a contract with you.

8: Withdraw consent at any time when we rely on consent to process your personal data **: However, this will not affect the lawfulness of any processing carried out prior to the withdrawal of consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will notify you if this is the case when you withdraw your consent.

How can you access your personal data?

If you want to make a request to see what personal data we hold, you can make a request by sending an email to dpo@magiccheckout.com .

If you have previously given your consent to the processing of your personal data, you also have the right to request that we take or transfer your personal data to a different service provider or to yourself if you wish.

Where it has been necessary to obtain your consent to use your personal data, at any time, you have the right to withdraw that consent. If you withdraw your consent, we will cease to use your personal data without prejudice to the lawfulness of the processing based on consent prior to your withdrawal.


Data category
Purpose of the treatment
Legal basis
Retention period
Consumer contact details
Marketing communications
Consent
Until the withdrawal of consent
Consumer contact details;

Consumer payment details
Consumer support
Contract
Duration of the contract
Consumer contact details and payment data
Consumer authentication;
Emails relating to the transaction; Change of payment method;
Transfer of information to the seller for the execution of the contract
Contract
10 years after the termination of the Agreement
Contact details of the owners / representatives and employees of the company and any related documents
Execution of pre-contractual obligations ("KYC") and execution of the Agreement
Contract
10 years after the termination of the Agreement
Consumer payment details
Payment management by third parties
Contract
Duration of the Agreement (the period necessary for the exercise of the rights relating to the purchase made by the customer.)
Consumer payment details
Soft Spam
Legitimate interest
Customer opt-out
Customer contact details and payment information
Analysis of the data entered by the Customer to solve any problems relating to the service
Contract
Duration of the Agreement (the period necessary for the exercise of the rights relating to the purchase made by the Customer.)