Last updated: 26 February 2026

1. Introduction

This Privacy Policy (hereinafter referred to as the “Policy”) describes how the personal data of users visiting the website are processed. www.mb-industry.it (hereinafter referred to as the “Site”) and who purchase products marketed therein.

This Information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) and Legislative Decree 196/2003 (Privacy Code) as amended.

2. Data controller

The Data Controller is:

MB-Industry of Bolognesi Manuel

• Registered office: Via Vincenzo Zanasi 7, 44034 Copparo (FE)
• VAT No: IT01948540388
• REA: FE-212546
• Email: service@mb-industry.it
• Telephone: 3405745425

The Controller is the entity that determines the purposes and means of the processing of personal data and is responsible for their proper management.

3. Types of data collected

The Site collects the following categories of personal data:

3.1 Data provided voluntarily by the user

• Identification and contact data: first name, surname, company name, billing address, shipping address, email address, telephone number
• Tax data: tax code, VAT number (for professionals)
• Access data: username/email and password (for account registration)
• Payment data: credit card details (managed directly by Stripe, the Holder neither sees nor keeps the full numbers)
• Content of communications: any messages sent via contact forms or emails

3.2 Automatically collected data

• Browsing data: IP address, browser type, operating system, pages visited, time of visit, URL of origin
• Cookies and similar technologies: as detailed in the Cookie Policy

3.3 Third-party data
The Site uses third-party services that may collect data independently (e.g. Facebook, TikTok, Google). For more information, please see the section “Third-party services” and their respective privacy policies.

4. Purpose of processing, legal basis and retention periods

Personal data are processed for the following purposes:

4.1 Order and Contractual Relationship Management (product purchasing, invoicing, shipping, after-sales service)

• Legal basis: Performance of a contract (Art. 6.1.b GDPR)
• Data processed: Identification, contact, tax, payment data
• Storage period: 10 years from the conclusion of the relationship (tax obligations)

4.2 Fulfilment of legal obligations (tax, accounting, administrative, anti-money laundering)

• Legal basis: Legal obligation (Art. 6.1.c GDPR)
• Data processed: Identification, tax, transactional data
• Storage period: 10 years (limitation period + tax obligations)

4.3 Customer Account Registration and Management

• Legal basis: Performance of a contract (Art. 6.1.b GDPR)
• Data processed: Identification data, credentials
• Storage period: Until account deletion request

4.4 Responding to requests for information or assistance (contact form, email)

• Legal basis: Legitimate interest of the Controller (Art. 6.1.f GDPR)
• Data processed: Contact data, request content
• Storage period: 12 months from reply

4.5 Fraud Prevention and Site Security (Google reCAPTCHA, monitoring)

• Legal basis: Legitimate interest of the Controller (Art. 6.1.f GDPR)
• Data processed: Browsing data, IP address
• Storage period: 6 months

4.6 Direct Marketing (sending newsletters, promotional offers by email)

• Legal basis: Explicit user consent (Art. 6.1.a GDPR)
• Data processed: Name, email
• Storage period: Until consent is revoked (but no later than 24 months after the last interaction)

4.7 Profiling and Targeted Advertising (personalised advertising on social networks and other sites)

• Legal basis: Explicit user consent (Art. 6.1.a GDPR)
• Data processed: Cookies, pixels, navigation data
• Storage period: As per cookie duration (see Cookie Policy)

4.8 Statistical Analyses (Google Analytics, Sourcebuster)

• Legal basis: Consent (for non-technical statistics) / Legitimate interest (if aggregated statistics)
• Data processed: Anonymised browsing data
• Storage period: As per cookie duration

Note on consent: For the purposes of marketing (4.6) and profiling (4.7), consent is always free, specific and revocable at any time with no consequences on the possibility of purchasing products.

5. Modalities of processing

The processing of personal data is carried out by means of the operations or series of operations indicated in Article 4 GDPR (collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction).

The data are processed:

• By computer and telematic means, in compliance with the principles of lawfulness, correctness and transparency
• Adopting appropriate security measures to prevent unauthorised access, loss, destruction or dissemination (TLS/SSL encryption for pages, firewalls, controlled access)
• By authorised and trained personnel (employees and collaborators of the owner, designated as appointees or managers)

6. Disclosure of data to third parties

Personal data may be disclosed to

6.1 Third parties acting as data processors (appointed by the Holder)

• Couriers and carriers (for shipping orders)
• Banking institutions and payment gateways (Stripe, PayPal)
• Site hosting and maintenance company
• Tax consultants and accountants (for accounting obligations)
• Marketing services and newsletters (if authorised)

6.2 Autonomous third parties (Autonomous Holders)

• Social networks (Facebook, Instagram, TikTok) - when the user interacts with their buttons or embedded content
• Judicial or administrative authorities (in fulfilment of legal obligations)

The updated list of Data Processors is available upon request at the Controller's premises.

The data are not subject to dissemination (publication or making available to unspecified persons).

7. Transfer of data outside the EU

Certain third-party services used by the Site may transfer personal data to countries outside the European Economic Area (EEA), in particular to the United States.

In such cases, the transfer takes place:

• To countries for which the European Commission has issued an adequacy decision (Art. 45 GDPR)
• In the absence of an adequacy decision, based on adequate safeguards such as the Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR)
• Prior explicit consent of the user, informed of the possible risks (Art. 49 GDPR)

The main services with extra-EU transfer are:

• Google (Analytics, reCAPTCHA) - Privacy Shield (new framework) / Standard contractual clauses
• Facebook/Meta - Standard contractual clauses
• TikTok - Standard contractual clauses
• Stripe - Standard Contractual Clauses

For more details, please consult the respective privacy policies linked in the Cookie Policy.

8. Period of data retention

Personal data are kept for the time strictly necessary to achieve the purposes for which they were collected, according to the following criteria:

• Administrative-accounting and tax data: 10 years (as provided for in Article 2220 of the Civil Code and tax regulations)
• Data relating to the execution of the contract: until the termination of the relationship and in any case no longer than 10 years
• Navigation data and logs: 6 months (unless a criminal offence needs to be established)
• Marketing data (with consent): until consent is revoked, periodically checked for willingness to remain on the list
• Application data (if any): 12 months

After the retention period has expired, the data will be irreversibly deleted or anonymised.

9. Nature of data provision

• The provision of data for the purposes of points 4.1, 4.2, 4.3 (order management, legal obligations, account) is mandatory in order to conclude the purchase contract and use the services of the Site. Any refusal will make it impossible to complete the order or register.
• The provision of data for the purposes of 4.6 and 4.7 (marketing, profiling) is optional. Refusal has no consequence on the possibility of purchasing products.

10. Rights of the data subject

Pursuant to Articles 15-22 GDPR, the data subject has the right to:

10.1 Access (Art. 15)
Obtain confirmation of the existence or non-existence of personal data concerning him/her and receive communication of such data in intelligible form.

10.2 Rectification (Art. 16)
Obtain the correction of inaccurate data or the supplementation of incomplete data.

10.3 Deletion (Art. 17 - “right to be forgotten”)
Obtain the deletion of data, in the cases provided for by law.

10.4 Limitation (Art. 18)
Obtaining restriction of processing in certain cases.

10.5 Portability (Art. 20)
Receive their data in a structured, commonly used and readable format and transmit them to another data controller.

10.6 Opposition (Art. 21)
Object to the processing of data, including for direct marketing purposes.

10.7 Withdrawal of consent
Withdraw consent given at any time, without affecting the lawfulness of the processing based on the consent before withdrawal.

10.8 Methods of exercising rights
Requests should be sent to:

• Email: service@mb-industry.it
• Registered mail with return receipt: MB-Industry di Bolognesi Manuel, Via Vincenzo Zanasi 7, 44034 Copparo (FE)

The Controller will comply with the request within one month of receipt, extendable to two months in the event of particular complexity.

10.9 Right of complaint
The data subject has the right to lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome - www.garanteprivacy.it) if it considers that the processing of its data violates the GDPR.

11. Third-party services on the site

The Site integrates the following third-party services, which act as autonomous data controllers or data processors:

11.1 WooCommerce

• Purpose: Online shop management, shopping cart, orders
• Data collected: name, address, email, telephone, payment details (in anonymous form for card details)
• Privacy policy: https://automattic.com/privacy/

11.2 Stripe

• Purpose: Handling of credit card payments
• Data collected: card details, IP address, billing data
• Place of processing: United States (SCC)
• Privacy policy: https://stripe.com/it/privacy

11.3 Google reCAPTCHA

• Purpose: Protection from spam and abuse, distinction between human users and bots
• Data collected: IP address, mouse/touch interactions, browser information
• Place of processing: United States (SCC)
• Privacy policy: https://policies.google.com/privacy

11.4 Facebook (Meta)

• Purpose: Targeted advertising (retargeting), tracking pixels, social buttons
• Data collected: cookies, browsing data, interactions
• Place of processing: United States (SCC)
• Privacy policy: https://www.facebook.com/privacy/policy

11.5 TikTok

• Purpose: Targeted advertising, tracking pixels, video content
• Data collected: cookies, browsing data, interactions
• Place of processing: United States (SCC)
• Privacy policy: https://www.tiktok.com/legal/privacy-policy

11.6 Sourcebuster JS

• Purpose: Statistical analysis of traffic sources
• Data collected: cookies, navigation data, referrer
• Place of processing: Locally stored data

11.7 Polylang

• Purpose: Site language management
• Data collected: language preferences (technical cookie)
• Privacy policy: https://polylang.pro/privacy-policy/

11.8 Complianz

• Purpose: Managing cookie consent
• Data collected: consent preferences, no personal data
• Privacy policy: https://complianz.io/privacy-statement/

12. Data Security

The Controller takes appropriate technical and organisational security measures to protect personal data against destruction, loss, modification, unauthorised disclosure or accidental access, in particular:

• TLS/SSL encryption for Site pages
• Firewalls and intrusion detection systems
• Access to data limited to authorised and necessary personnel
• Regular data backups

However, no data transmission via the Internet can be guaranteed as completely secure. Users undertake to keep their access credentials secret.

13. Links to other websites

The Site may contain hypertext links to other websites not controlled by the Owner. The Owner is not responsible for the privacy practices adopted by such sites. The user is invited to read their privacy policies carefully.

14. Amendments to this policy

The Controller reserves the right to amend or update this Policy at any time to adapt it to new processing purposes, regulatory changes or new integrated services.

The changes will be effective from the moment they are published on the Site. The user is invited to consult this page periodically to be informed of the most up-to-date version.

The date of the last update is indicated in the header.

15. Cookies

For detailed information on the use of cookies and how to manage or disable them, please consult the Cookie Policy of the Site.

16. Contacts

For any questions, clarifications or to exercise the above-mentioned rights, please contact the Controller:

• Email: service@mb-industry.it
• Telephone: 3405745425
• Registered mail: MB-Industry di Bolognesi Manuel, Via Vincenzo Zanasi 7, 44034 Copparo (FE)

---

MB-Industry of Bolognesi Manuel
Via Vincenzo Zanasi 7, 44034 Copparo (FE)
VAT: IT01948540388
REA: FE-212546