Privacy Policy

INFORMATION ON THE PROTECTION OF PERSONAL DATA PURSUANT TO EUROPEAN REGULATION (EU) 2016/679 AND AS AMENDED BY LEGISLATIVE DECREE 101/2018

As provided by European Union Regulation No. 679/2016 (hereinafter “GDPR”) and in particular Article 13, we hereby provide the information required by law regarding the processing of personal data.

This notice is addressed to users who interact with the web services of the Website (hereinafter “Data Subjects”) not only to comply with legal obligations but also because transparency and fairness towards the data subjects are core values of our activity.

Roles in Data Processing

The Data Controller pursuant to Article 4, paragraph 7 of the GDPR is:

AF Trading Group EOOD
Registered office: Ul. Prof Milko Bichev, 3 – 1504 Sofia (BG)
Phone: +39 379 148 46 36
Email: info@machegusto.com

(hereinafter referred to as “AF Trading Group EOOD”), which defines the basis on which we collect, process, and protect your personal data on the website www.machegusto.com, owned by the Controller.

The processing of personal data will be based on principles of fairness, lawfulness, and transparency and will be carried out with respect for the rights and fundamental freedoms of the data subjects, in compliance with the current legislation on data security and protection (GDPR).

Categories of Data

According to Article 4 of the GDPR, personal data means any information relating to an identified or identifiable natural person (data subject), in particular by reference to an identifier such as a name, identification number, contact details (phone number, email, etc.), CV.

In this case, it concerns personal data of users who access this Website and are collected through the registration form to participate in Events (such as name, surname, email address), (hereinafter “Personal Data”) which are voluntarily provided by the user.

Provision of Data

Personal data will be collected directly from the data subject by: direct provision of the data.

Browsing Data

The IT systems and software procedures used for the operation of this Website acquire, during their normal operation, some personal data (such as IP addresses or domain names of users’ computers, pages visited, and the date/time of visit) whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This data, recorded anonymously, is used only to obtain anonymous statistical information on the use of the Website and to check its correct operation.

The data may be used to ascertain responsibility in case of hypothetical computer crimes to the detriment of the Website.

Methods and Purposes of Processing

The processing of Personal Data will take place using manual or electronic means suitable to guarantee their security and confidentiality in relation to the purposes for which they were communicated and collected, and to prevent unauthorized access, for the time strictly necessary to achieve the purposes for which they were collected.

Personal Data provided by users are processed for the following purposes:

• To process an “Associate Membership Application” voluntarily submitted by Data Subjects in order to request membership with the Cooperative.

Legal Bases

• Sending advertising materials (e.g., about new services via email): the legal basis is consent (Art. 6.1, lett. a, GDPR).
• Activities related to contract execution: the legal basis is the contract or pre-contractual measures (Art. 6.1, lett. b, GDPR), or legitimate interest (Art. 6.1, lett. f, GDPR), or legal obligations (Art. 6.1, lett. c, GDPR).
• IT systems maintenance: the legal basis is legitimate interest (Art. 6.1, lett. f, GDPR).

Categories of Recipients of Personal Data

AF Trading Group EOOD undertakes to ensure that Personal Data is processed securely and confidentially. Data may be disclosed to:

• Employees of the Data Controller, as data processing appointees;
• Service providers appointed as Data Processors (Art. 28 – GDPR);
• Competent public authorities (e.g., Ministries, Police Forces, Chambers of Commerce, etc.).

Transfer of Your Personal Data Abroad

We may share your Personal Data with entities located in Switzerland or countries outside the European Economic Area (EEA), including the United States, in accordance with the new “EU-US Data Privacy Framework” (DPF), officially approved on July 10, 2023.

When we transfer data outside the EEA, we enter into agreements based on Standard Contractual Clauses (Art. 46.2 GDPR) or other equivalent legal tools. The Data Processor:

• Acts only on the Controller’s instructions;
• Adopts appropriate technical and organizational measures;
• Complies with conditions for any onward transfers;
• Cooperates with the Controller in the exercise of Data Subjects’ rights.

Retention of Your Personal Data

Data are processed by authorized personnel, for the time strictly necessary to achieve the purposes for which they were collected, and for any additional period required by legal obligations.

Purpose Data Lifecycle End-of-Process Handling
a) 7 days deletion

Rights of Data Subjects

At any time, the Data Subject has the right to:

• Withdraw consent;
• Access their data;
• Request rectification or erasure;
• Restrict or object to processing;
• Object to automated decision-making and profiling;
• Obtain data portability;
• Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

To exercise these rights or send requests, you may contact the Data Controller:

info@machegusto.com
AF Trading Group EOOD, Ul. Prof Milko Bichev, 3 – 1504 Sofia (BG)

Sofia (BG)