version no. 1 of 25-06-2025
By means of this document (“Information Notice”), the Data Controller, as defined below, wishes to inform you about the purposes and methods of the processing of your personal data and your rights under Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on their free movement (“GDPR”). This
Information Notice may be supplemented by the Controller where any additional services you request involve further processing.
MISTER SHUT SRL with head office in Via Degli Elettricisti Zona Industriale 70026 Modugno (Bari), Italy; Email: info@mistershut.it; VAT/CF: 03696100720; Legal
representative: Antonio Granieri
The processing activities carried out are aimed at the acquisition of the following personal data:
• Cookies: Third-party Analytical Cookies with non-anonymized IP, Third-party Profiling Cookies, Technical Cookies, Third-party Analytical Cookies with anonymized IP, Profiling Cookies;
• Behavioural Data: Navigation Logs;
• Common Data: Master Data.
The processing activities carried out are addressed to the following categories of data subjects:: Natural persons, legal persons, public and private organisations.
Purposes of the processing and conditions that make the processing lawful
1. SITE – Navigation data
To obtain anonymous statistical information on use, check the correct functioning of the site, ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Owner.
Condition of lawful processing: Legitimate Interest – Art. 6, c.1, let. f. GDPR
Purposes of data processing: 1) Analysis of data to carry out the development and maintenance of the website; 2) Investigation of liability in the event of potential computer crimes to the detriment of the website and/or the Data Subjects; 3) Statistical, anonymous analysis of website use.
Nature of conferment:
Compulsory – Failure to provide data will make it impossible for the company to provide the web service provided.
Personal data retention period:
The data are kept for 30 days.
Type of data processed:
users, common data
Method of processing:
The processing is carried out using IT tools.
Information on minors:
there is no processing of personal data of minors
2. SITE – Requests from the Site
Requests made by data subjects via the Data Controller’s website. Condition of lawfulness of processing: Execution of Contract – Art. 6, c.1, let. b. GDPR Purposes of processing: 1) Sending requests via web platform tools.
Nature of conferment:
Optional – Failure to provide data will make it impossible for the Data Controller to respond to the data subject’s requests.
Personal data retention period:
Processing of the request.
Type of data processed:
common data
Method of Processing:
The processing is carried out using IT tools.
Information on minors:
there is no processing of personal data of minors
3. CKS – Cookies used with consent
With your consent, the Data Controller may use categories of cookies for profiling and/or remarketing purposes. In the absence of your consent, the Owner will not be able to propose advertising messages in line with your interests and/or preferences.
Condition of lawfulness: Consent – Art. 6, c.1, let. a. GDPR
Purposes of the processing: 1) Use of profiling/advertising cookies for the configuration and management of advertising campaigns carried out on the Facebook platform and Google display network; 2) Use of Statistical Technical Cookies with non-anonymised IP in order to produce statistics on the use of the site/application carried out by the user.
Nature of conferment:
Optional – Failure to provide consent will make it impossible for the Data Controller to promote its products/services on third party sites other than that of the Data Controller.
Personal data retention period:
The period of use of the remarketing cookie, employed by this site, is 30 days for google adwords and 30 days for social Facebook.
Type of data processed
common data
Method of Processing:
The processing is carried out, mainly, by computer tools.
Information on minors:
there is no processing of data on minors
4. CKS – Use of cookies necessary for statistical and technical analysis of site use
We use, without your consent, cookies necessary for statistical and technical analysis for the use of the site.
Condition of Lawfulness of Processing: Execution of Contract – Art. 6, c.1, let. b. GDPR
Purposes of the processing: 1) Use of Technical and Session Technical Cookies to ensure the proper functioning of the website/application, as well as to ensure the provision of the services offered by the Data Controller, requested by the contracting party or by the user (cf. art. 122, paragraph 1 of the Code); 2) Use of Statistical Technical Cookies with anonymized IP in order to produce aggregate statistics on the use of the website/application performed by the user.
Nature of conferment:
Mandatory – Technical cookies are necessary for the operation of the site. Blocking cookies by the user will make it impossible to use the site/application services.
Personal data retention period:
See type of each cookie used.
Method of Processing:
The processing is carried out, mainly, by computerised means.
Information on minors:
there is no processing of minors’ data
5. SOCIAL PAGE FACEBOOK
When a user uses the Page administered by the Owner, Facebook (“Social Media“) collects information such as the types of content viewed or interacted with, the actions performed as well as information about the devices used (IP addresses, operating system, browser type, language settings, cookie data).
Page Insights are aggregated statistics created from certain events recorded by Facebook’s servers when users interact with Pages and content on them.
As explained in Facebook’s Privacy Policy, Social Media also collects and uses information to provide statistical data collection services called
Page Insights to page administrators to enable them to understand how people interact with content on pages. Details on how this is processed by Facebook can be found at the following link:
https://www.facebook.com/privacy/explanation
Details on the personal data processed for Insights are available at the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data
Details on the cookies used by Facebook are available at the following link:
https://www.facebook.com/policies/cookies/
The Data Controller as administrator of the Page and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint data controllers in accordance with Article 26 of the GDPR for the processing of such personal data recorded for events delivered via Insights of the Page (“Insights Data”).
The co-ownership agreement, between the Controller and Facebook, covers the creation of such events and their aggregation into Insights in the Page provided to each administrator.
The legal basis for the processing is the legitimate interest of the Owner, Art. 6(1)(f) GDPR. Therefore, the acquisition of your prior consent to the processing is not necessary.
Condition of lawfulness of processing: Legitimate Interest – Art. 6, c.1, let. f. GDPR
Purpose of processing: 1) Statistical surveys relating to the use of elements contained within the Facebook page administered by the Data Controller.
Nature of conferment:
Mandatory – Failure to provide the requested data will make it impossible for the Data Controller to provide services via the Page published on Facebook.
Personal data retention period:
The data collected will be processed for the time strictly for the fulfilment of the purposes described above as specified in the Facebook policies described above.
Type of data processed:
common data
Method of Processing:
The processing is carried out by computerised means by the Facebook Controller
Information on minors:
there is no processing of personal data of minors
6. Google Fonts
Your personal data will be used to improve the usability of the Controller’s website contents by using the Google Fonts service. All Google fonts allow pages to load faster, they are automatically optimised for the web resulting in a reduction of the volume of data transmitted to the user’s clients and improving the quality of use of the Owner’s site content or applications. The use of Google fonts is safe and prevents distortion of the display of texts on the Owner’s site or application Google Fonts supports all the most popular browsers and works reliably on most modern mobile operating systems.
Condition of lawfulness of processing: Legitimate Interest – Art. 6, c.1, let. f. GDPR
Purpose of processing: 1) Use of CSS files, which determine the style and quality of the content of the site/app, provided by the Google Font service.
Nature of conferment:
Mandatory – Opposition to the processing may result in the Data Controller being unable to ensure the best consultation of the content on the site/app.
Personal data storage period:
The manner in which the data is collected and stored can be found at https://policies.google.com/privacy
Type of data processed:
common data: ip address, (url page visited)
Method of processing:
The Google Font service is provided by Google in its capacity as Autonomous Owner. The use of Google Fonts does not require registration or authentication with Google systems .
No cookies are stored in the browser. The files (CSS, fonts) are provided to the browser via Google’s domains fonts.googleapis.com and fonts.gstatic.com. The CSS and fonts provided are completely separate from all other Google services. For further information, please refer to Google’s privacy policy https://policies.google.com/privacy.
Information on minors:
Data processing of minors
7. Google reCAPTCHA
In order to ensure the highest level of security and protection of the site, for the benefit of the user and the organisation of the Owner, we use the Google reCAPTCHA service provided, for the European area, by Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland)
Condition of lawfulness of processing: Consent – Art. 6, c.1, let. a. GDPR
Purpose of processing: 1) Use of the Google reCAPTCHA service for the purpose of verifying that the user of the site corresponds to a person and consequently excluding potential automatic software visits such as bots.
Nature of conferment:
The provision of data is optional subject to the user’s consent – Refusal of consent may also result in the inability to register and/or access the services provided by the site.
Personal data retention period:
Consent to the use of the Google reCaptcha service entails the transfer of your personal data to Google.
Method of Processing:
The reCAPTCHA service saves an additional cookie in the user’s browser by also taking a snapshot of the browser window.
8. GA4 – Statistical processing of visitors using Google Analytics 4 (GA4)
The data processed by the Data Controller refers to the processing of statistical data of visits made to a specific website or mobile application through the use of Google Analytics 4 (GA4), which does not record or store IP addresses.
Condition of Lawfulness of Processing: Execution of Contract – Art. 6, c.1, let. b. GDPR
Purpose of the processing: 1) The purpose of the processing is to collect and process personal data of the user of the website and/or mobile applications in order to carry out statistical processing by means of the Google Analitycs 4 (GA4) tool.
Nature of conferment:
Mandatory – The provision of personal data is necessary for the provision of services through the Data Controller’s website. Statistical processing is strictly related to the technical cookies used to record the user’s visits. Blocking cookies by the user will make it impossible to use the services of the website/application.
Personal data storage period:
The data collected for statistical processing is stored for 14 months and deleted after the period from the date of collection of personal information
Type of data processed
personal data user id (anonymised ip) possible approximate geographical location
Method of processing:
The processing is done using IT tools: during data collection, Google Analytics 4 does not record or store IP addresses. When Analytics collects measurement data, all IP searches are performed on servers located in the EU before forwarding the traffic to Analytics’ servers for processing. Analytics deletes any IP addresses collected on EU users before recording this data via domains and servers located in the EU. Analytics provides approximate geographic location data by deriving the following metadata from IP addresses: city (plus city- derived latitude and longitude), continent, country, geographic area, subcontinent (and ID-based equivalents). In addition, Analytics provides controls to: – disable the collection of Google Signals data based on geographic area; – disable the collection of granular data on location and device based on geographic area. Google Analytics uses geographic area data centres to ensure that measurements of web users and mobile app users are sent to Google Analytics as quickly and securely as possible. When Analytics establishes a connection to the nearest available Google data centre, measurement data is sent to Analytics via an encrypted HTTPS connection. At the collection centres, the data is further encrypted before being forwarded to the Analytics processing servers and made available in the Analytics platform. IP addresses are used to determine the optimal local data centre. In Google Analytics 4, IP addresses are used at the time of collection to determine location information (country, city, latitude and longitude of the city) and then deleted before the data is recorded in any data centre or server. Area-wide data collection improves the performance of mobile sites and apps as it minimises the distance and total time required to send data through a secure connection to Google’s data centres. Google’s wide area data collection and data centre infrastructure also enables redundancy so that in the unlikely event that a local data centre is no longer available, another in that geographic area can continue to provide full service and support users. The Data Controller has excluded, from GA4’s collection of information, the functions relating to user profiling, the functions relating to personal advertisements; the Data Controller also does not cross-reference data between the statistical processing of analitycs and the subscribers to the services offered by the website.
Information on minors:
no processing of children’s data
Personal data are processed exclusively within the European Union
• Data Processors: Hosting service providers; ICT system maintenance services; Website management, social pages;
• Designated Person Responsible for Processing: Personnel employed by the Data Controller;
In relation to the processing described in this Information Notice, as a data subject you may, under the conditions provided for by the GDPR, exercise the rights set out in Articles 15 to 22 of the GDPR and, in particular, the following rights
• right of access – Article 15 GDPR: right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access t o your personal data;
• right of rectification – Article 16 GDPR: right to obtain, without undue delay, rectification of inaccurate personal data concerning you and/or supplementation of incomplete personal data
• right to erasure (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning you. The right t o erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
• Right to restriction of processing – Article 18 GDPR: right to obtain restriction of processing, when: (a) the data subject disputes the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted ; (c) the personal data are necessary for the establishment, exercise or defence of a legal claim; (d) the data subject has objected to the processing pending verification as to whether the legitimate grounds of the data controller prevail over those of the data subject.
• Right to data portability – Article 20 GDPR: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is carried out by automated means. Furthermore, the right to have your personal data transmitted directly from this controller to another controller if this is technically feasible;
• Right to object – Article 21 GDPR: the right to object, at any time, to the processing of personal data relating to you based on the condition of legitimate interest, including profiling, unless there are legitimate grounds for the Controller to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
• Right not to be subjected to an automated decision-making process – Article 22 GDPR: you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects y o u in a similar way, unless this is necessary for the conclusion or performance of a contract or you have given your consent. In any case, an automated decision-making process may not affect your personal data and you may at any time obtain human intervention by the controller, express your opinion and contest the decision.
In addition to the rights described above, you may also
• lodge a complaint with the Data Protection Authority: http://www.garanteprivacy.it;
• revoke the consent given on any occasion and as easily as it was given without affecting the lawfulness of the processing based on the consent given before revocation.
The above-mentioned rights may be exercised vis-à-vis the Controller by contacting the above-mentioned references.
The exercise of your rights as a data subject is free of charge pursuant to Article 12 GDPR. However, in the case of requests that are manifestly unfounded or excessive, including due to their repetitiveness, the Data Controller may charge you a reasonable expense contribution, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request.
Finally, we inform you that the Controller may request further information necessary to confirm the identity of the data subject.
• Right of revocation:
revoke consent – at any time, as easily as it was given, without affecting the lawfulness of the processing based on the consent given before revocation;
• Right to complain:
The data subject also has the right to lodge a complaint with the Data Protection Authority www.garanteprivacy.it .