In the present Privacy Policy, the Data Controllers (as defined below) hereby inform you of the purposes and methods of the processing of your personal data and of your rights under the GDPR (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).
This Privacy Policy relates exclusively to the processing of personal data collected through the website www.mountfieldlawnmowers.co.uk (the "Site"). All third-party websites that the data subject may consult via links remain subject to the privacy policy of the operator of the relevant third-party site. Data subjects are advised to read those documents before browsing third-party websites.
Social media
The Site uses social media widgets (e.g. Facebook, Twitter, Instagram, Pinterest, LinkedIn). Pursuant to data protection legislation, you are hereby informed that the widgets only transmit data relating to your browsing on the Site to the respective social media when you activate them by clicking on the corresponding button: the corresponding provider receives information that you visited our website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the corresponding provider can attribute visits to our pages to your user account to offer you personalised advertising content. The Company and the social media outlet concerned in each case act as joint data controllers for these collection and communication operations involving the transmission of your personal data to the social media outlets concerned, and also for the subsequent social media marketing campaign (selection of targeting criteria, ad placement and campaign reporting). The term "joint data controllers" shall be construed as defined in art. 26 of the GDPR. The purpose of the processing carried out by Stiga is to optimise the promotion of its products and services through social networks. The legal basis for the processing carried out by Stiga is your consent, which can always be withdrawn by accessing the Cookie Policy, where you can get further information.
1. Data controllers
The Data Controllers, each within the limits of the specific processing operations carried out, and acting, as the case may be, as Joint or Independent Data Controllers, are:
-
Stiga Ltd with registered address in Unit 8 Bluewater Estate, Bell Close, Plympton, at Devon, PL7 4JH, email customerservices@stiga.com (“Stiga Ltd”);
-
Stiga S.p.A., with registered address in 31033 Castelfranco Veneto (TV), Italy, at Via del Lavoro 6 (“Stiga Italia”) email info@stiga.com;
Also jointly referred to hereinafter as the "Companies".
The Companies have appointed a Data Protection Officer (also referred to herein as the "DPO"), whom you may contact to exercise your rights listed in Article 7 below and also to request information, at the following addresses: Stiga S.p.A, DPO Office, Via del Lavoro 6, 31033 Castelfranco Veneto, Italy; e-mail: dpo@stiga.com.
2. We process the following personal data
Companies may process various types of personal data via the Site, depending on the specific purposes pursued at any given time (e.g. for creating a "My Mountfield" account, subscribing to the newsletter, the sale of Mountfield products, etc.).
Examples of the type of information collected through the Site are:
-
Personal Identifiable Information: first name, surname, address;
-
Contact details: residential address, e-mail address, telephone number;
-
Data on interests and preferences: data relating to your purchases (e.g. product code, value and type of purchase), products in your shopping cart;
-
Transactional data: credit card number, tax code.
2.1 Browsing data
The computer systems and programs used to operate the Site collect certain personal data, whose transmission are inherent when using Internet communication protocols [e.g. IP addresses or domain names of the computers used by users who connect to the Site, Uniform Resource Identifier (URI), addresses of requested resources, time of request, method used to submit the request to the server, size of the file obtained in response, numerical code regarding the status of the response from the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment). While this information is not collected for association with identified data subjects, its very nature it could nevertheless enable the identification of data subjects through processing and association with data held by third parties. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the Site: apart from this scenario, data on web contacts are currently stored for no longer than seven days.
2.2 Cookies
In some cases, Stiga collects personal data through the use of various technologies, including "cookies". Cookies are a set of data that a website sends to a 'browser' (which may be your browser). This information can then be stored on the computer (including your computer) by means of a tag that identifies the computer but not the user. Some pages of the Site use cookies, sent by Stiga or by third parties, and other technologies so that the Site can function technically, to improve the use of the Site and to carry out statistical analysis of the use of the Site. For further information, please refer to the Cookie Policy.
3. Purposes and legal bases of the processing
Handling your requests
Stiga Ltd and Stiga Italia, as Joint Data Controllers, will process the data you provide when filling in the "Contact Us" form so as to reply to your specific request (e.g. for technical information on Mountfield products, reports, etc.).
The processing is necessary to handle requests for information or reports but does not require your consent [as defined in article 6(1)(b) or (f) of the GDPR].
Marketing and soft spam
With your consent, Stiga Ltd and Stiga Italia, as Joint Data Controllers, may process your personal data to provide you with promotional information on the products and services offered by the Companies, through newsletters, mailings, e-mails, telephone calls, text messages, instant messages, post, communications and posts on social networks, etc., or to conduct market surveys and analyses on the offered products and services.
Upon your consent to the analysis of your preferences and purchasing habits, communications may be personalised to match your interests (e.g. by indicating active promotions for products in line with your tastes and purchasing tendencies).
Your consent constitutes the legal basis for the processing [as defined in Article 6(1)(a) of the GDPR].
You may withdraw your consent at any time and also ask us to stop processing for promotional purposes by sending an e-mail to the following address: unsubscribe@stiga.com, or, with reference to the Newsletter, by clicking on the link contained in each promotional email.
Independent of any consent given, in compliance with the pertinent data protection legislation currently in force, and on the basis of the legitimate interests of Stiga Ltd and Stiga Italia, if you have purchased any of our products/services, you may receive communications via email intended to promote products/services similar to the ones you purchased, notwithstanding your right to object to such processing by clicking on the specific link contained in each promotional email.
Preference analysis
If you have given us your consent, Stiga Ltd and Stiga Italia, as Joint Data Controllers, may analyse your data (e.g. data provided via forms on the Site or data relating to your purchases) to learn about your purchasing preferences and tastes, improve commercial offerings and personalise communications.
Your consent is the legal basis for the processing and you may withdraw it at any time, as provided for under Article 6(1)(a) of the GDPR.
Statistical analysis for improving products and services
Stiga Ltd and Stiga Italia, as Joint Data Controllers, will also process the data collected through the Site for statistical analysis purposes to improve the products and services offered by Stiga.
Data processing for such analytical purposes requires no consent from you, as it is necessary for the pursuit of the Controller's legitimate interest in improving the products and services offered [pursuant to Article 6(1)(f) of the GDPR].
Creating a "My Mountfield" account and Product registration
Stiga Ltd and Stiga Italia, as Joint Data Controllers, will process your personal data so that you can create a personal "MyMountfield" account and have access to the related services, including registration of purchased products (providing date and proof of purchase and product serial number) to activate the Mountfield warranty.
Data processing for these purposes does not require your consent, since it is necessary to provide you with the requested services (including activating the warranty), pursuant to Article 6(1)(b) of the GDPR.
E-commerce
Whenever the Website has an online shopping facility and you make a purchase on the Website, your personal data will be processed by Stiga Ltd as the data controller to:
-
complete the sales process and execute the existing contract between the parties (e.g. managing and processing payment, completing the delivery and/or return process, etc.);
-
fulfil legal obligations (e.g. tax, accounting for invoicing, bookkeeping and accounting entries) relating to the contract;
-
manage any services strictly related to the sale (e.g. requesting information on products, using customer service, sending order confirmation, etc.);
-
safeguard rights arising from the contract concluded with you in or out of court.
Data processing for this purpose does not require your consent, since it is necessary for the performance of the sales contract concluded with you and to properly fulfil the legal obligations to which Stiga Ltd is subject under letters b) and c) of article 6.1 of the GDPR and, in the event of disputes, for the furtherance of the legitimate interest of Stiga Ltd to defend its rights as provided for under letter f) of article 6.1 of the GDPR.
Personal data retention period
Your personal data will be kept for the time strictly necessary to pursue the purposes indicated in point 3 of this Privacy Policy and in compliance with any consent you may have given. The data will be destroyed or rendered anonymous upon expiry of the retention period.
Your personal data will be stored according to the criteria set out in the following table.
Purpose |
Retention |
3.1 |
The data will be stored for as long as is necessary to properly handle your request and/or report. However, your personal data will not be stored for more than 5 years after your request. |
3.2 |
Data processed to provide you with promotional information, including personalised information, on the products and services offered by Stiga, and also to conduct market surveys and analyses, will be processed for a period not exceeding the subscription to the update and/or newsletter service. |
3.3 |
|
3.4 |
Data processed for the purpose of statistical analysis to improve Stiga products and services will be stored for a maximum period of 5 years. |
3.5 |
The data will be kept for the duration of the registration on the Site. Data will be erased after a period of 5 years of total inactivity of the account. The data processed to enable you to exercise your rights under the warranty will be kept for the time strictly necessary for the management and operation of the Mountfield warranty. |
3.6 |
The data will be kept for the time necessary to manage and complete the sales process, and thereafter in compliance with legal obligations related to the contractual relationship or for the management of any disputes. |
Procedures for processing your personal data
Your personal data shall be processed in accordance with the GDPR, by means of paper, computer and telematic tools, for the purposes indicated and, in any event, in such a way as to guarantee their security and confidentiality in accordance with article 32 of the GDPR.
By consenting to data processing for profiling purposes, the Companies will use the data collected (e.g. purchase details and biographical data) to examine your interests and preferences with a view to improving their offering and personalising their communications. All data and preference analysis activities will not be carried out in an exclusively automated manner, but will always involve the intervention and assessment of duly authorised natural persons.
These individuals may receive and therefore be aware of your personal data.
In pursuit of the purposes described in point 3 above, your personal data will be disclosed (within the limits of their respective spheres of competence) to the employees of the Companies (within the limits of the processing actually carried out) who will operate in their capacity as persons authorised to process personal data, specifically appointed as data processors.
Your personal data may also be processed by third parties falling into the following categories:
-
companies in charge of managing the company's information systems;
-
companies entrusted with the management of services functional to the payment of purchases;
-
legal, tax and accounting consultants;
-
companies in charge of shipping and delivering products;
-
companies providing services instrumental to the management of the contractual relationship (e.g. e-commerce platform providers).
The entities falling into the above categories will operate either as autonomous data controllers or as data processors specifically appointed by the Companies (within the limits of the processing actually carried out) pursuant to article 28 of the GDPR.
You may request a list of the data processors at any time by writing to unsubscribe@stiga.com. Your personal data will not be disclosed.
Your rights as a data subject
As provided for under articles 15 to 21 of the GDPR, you may exercise the rights listed herein regarding the processing operations described in this Privacy Policy by contacting the Companies at the following e-mail address unsubscribe@stiga.com. Particularly:
-
Managing your data – Right of access – Article 15 of the GDPR: right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
-
the purposes of the processing;
-
categories of personal data concerned
-
recipients or categories of recipient to whom the personal data have been or will be disclosed;
-
period for which the personal data will be stored or criteria used to determine that period;
-
existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
-
right to lodge a complaint with the supervisory authority;
-
source of the personal data whenever not collected directly;
-
existence of automated decision-making, including profiling;
-
Rectification of inaccurate or incomplete information – Right to rectification – Article 16 of the GDPR: right to obtain from the controller without undue delay, the rectification of inaccurate personal data concerning the data subject, and to have incomplete personal data completed;
-
Erasure – Right to be forgotten – Article 17 of the GDPR: right to obtain the erasure of personal data concerning you without undue delay when:
-
the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
-
you withdraw consent and there is no other legal ground for the processing;
-
you object to the processing of your personal data;
-
the data have been unlawfully processed;
-
the data must be erased for compliance with a legal obligation;
-
the personal data were collected in relation to the offer of information society services referred to in article 8(1) of the GDPR.
-
You may always ask us to erase your personal data whenever you do not want us to use your information. Please note that if you ask us to erase your personal data, we may retain and use your personal data only insofar as this is necessary to comply with legal obligations or for the performance of a task carried out in the public interest or for the exercise of a public authority vested in the Controller, or for the establishment, exercise or defence of legal claims. For example, we may retain some of your personal data for tax, legal and audit purposes.
-
Restriction of processing – Right to restriction of processing – Article 18 of the GDPR: right to obtain the restriction of processing from the controller when:
-
you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the concerned personal data;
-
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
-
the controller no longer needs the personal data for the purposes of the processing but is required by you for the establishment, exercise or defence of legal claims;
-
you have objected to processing pursuant to article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.
-
Access to data and portability– Right to data portability – Article 20 of the GDPR: right to receive personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: You also have the right to have your personal data transmitted directly from one controller to another, where technically feasible;
-
Complaints – submit a complaint to the pertinent personal data protection authority, sending it to the Italian Data Protection Authority at Piazza di Monte Citorio No. 121 - 00186 Rome; e-mail: protocollo@pec.gpdp.it, or to the supervisory authority of your place of regular residence, work, or the place where the alleged infringement occurred.
Revision clause
The Companies reserve the right to revise, amend or simply update this Privacy Policy, in whole or in part, at their sole discretion, in any manner and/or at any time, without prior notice, also in consideration of developments in data protection laws or regulations. Users will be notified of changes and updates to the Privacy Policy as soon as they are adopted and posted on the Site, after they will become binding. We therefore advise you to regularly check the "Privacy Policy" section of the Website for the most recent and up-to-date information in this regard.