Manì Boutique
Privacy Policy

Manì Boutique respects users’ privacy and is committed to protecting their personal data. This Privacy Notice provides information regarding the processing of the personal data of users who visit our website (regardless of the country from which they connect) or who interact directly with Manì, as well as their privacy rights and the relevant legal remedies available to them.

Last updated: 10/04/2026

This notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and describes how Manì Boutique S.r.l., in its capacity as data controller, processes the personal data of users who visit the website www.mani.boutique, purchase products, request information, interact with online services or register for services offered through the website.

The data controller is: Manì Boutique S.r.l.
Registered office: Via Roma 28, Sassari 07100
VAT No. / Tax Code: IT01580850905
E-mail: amministrazione@mani.boutique
PEC: mani.boutique@pec.it
Telephone: +39 079 231093

This notice applies to processing activities carried out through:

• the e-commerce website and related pages;

• the customer account area;

• contact forms, information request forms, support forms and appointment booking forms;

• the management of orders, payments, shipments, returns and after-sales support;

• the sending of newsletters and marketing communications, where activated;

• interactions with customer service by e-mail, telephone, chat, WhatsApp or other available channels;

• any forms dedicated to specific brands, collections or requests relating to products of brands sold by the store.

Depending on the case, the processing may concern:

• website visitors;

• customers and prospective customers;

• registered users;

• individuals requesting information, quotations, product availability or boutique appointments;

• recipients of marketing communications;

• representatives of companies, professionals or business partners.

The data controller may process the following categories of personal data:

​

4.1 Identification and Contact Data

First name, last name, e-mail address, telephone number, billing and shipping address, city, ZIP/postal code, province/state, country, company name where applicable, tax code and VAT number.

​

4.2 Order and Purchase Data

Information on products viewed, requested or purchased, order history, purchase preferences, delivery methods, returns, exchanges, support requests, information relating to warranties, repairs or maintenance, where applicable.

​

4.3 Payment Data

Data relating to the selected payment method and transactions. The website does not directly process the full details of payment cards when payment is made through certified external providers; in such cases, the data controller only receives limited information on the transaction, to the extent necessary to manage the order, verify payment and prevent fraud.

​

4.4 Browsing and Technical Data

IP address, online identifiers, log data, data relating to the browser, device, operating system, date and time of access, pages visited, browsing path, technical events, system errors and other information automatically collected by IT systems and internet communication protocols.

​

4.5 Data Voluntarily Provided by the User

Data contained in messages sent via forms, e-mail, chat, WhatsApp, product availability requests, appointments, wish lists, customer support, unsolicited applications or other communications sent by the user.

​

4.6 Data Relating to Commercial Preferences

Marketing consents, newsletter subscriptions, preferences relating to product categories, brands, collections, price ranges, interests declared by the user and history of interactions with promotional campaigns, where such processing activities are actually activated and lawfully carried out.

​

4.7 Data Potentially Shared with Brand Partners

Where the user requests information, appointments, availability, pre-orders or services relating to specific brands distributed by the data controller, the data necessary to manage the request may also be processed in coordination with the relevant brand, within the limits and according to the methods described in this notice or in any dedicated notices.

Personal data may be collected:

• directly from the data subject, when filling in forms, creating an account, placing an order, contacting customer service or subscribing to information services;

• automatically during use of the website and related online services;

• from third parties involved in the transaction or service, such as payment providers, couriers, technology platforms, anti-fraud partners, marketplaces or brand partners, to the extent necessary for managing the relationship or as required by law;

• from registers, lists or publicly accessible sources, where permitted by law.

The data controller processes personal data for the following purposes.

​

6.1 Browsing, Technical Functioning of the Website and Security

Data is processed to enable use of the website, ensure the proper functioning of the pages, manage the technical infrastructure, carry out maintenance, prevent abuse, unauthorized access, cyberattacks and other activities harmful to the security of the website and services.

​

Legal basis: the data controller’s legitimate interest in the security, integrity and continuity of digital systems and, where applicable, the necessity to provide the requested service.

​

6.2 Creation and Management of the Customer Account

Data is processed to allow registration on the website, access to the reserved area, management of the user profile, order history, addresses, preferences and any services connected to the account.

​

Legal basis: performance of pre-contractual measures taken at the request of the data subject and performance of the contract relating to the use of services associated with the account.

​

6.3 Management of Orders, Payments, Shipments, Delivery, Returns and After-Sales

Data is processed to receive and process orders, confirm purchases, manage payments, issue tax documents, organize shipment, monitor delivery, manage returns, refunds, replacements, complaints, legal or commercial warranties and after-sales support.

Legal basis: performance of the sales contract or pre-contractual measures requested by the data subject; compliance with legal obligations in administrative, tax, accounting and consumer protection matters.

​

6.4 Management of Contact Requests, Information Requests, Product Availability and Appointments

Data is processed to respond to requests sent by the user, provide information on products, availability, delivery times, boutique services, bookings, appointments, waiting lists or requests relating to specific brands or collections.

Legal basis: performance of pre-contractual measures taken at the request of the data subject or the data controller’s legitimate interest in efficiently managing the requests received, depending on the content of the request.

​

6.5 Customer Support and Management of Operational Communications

Data is processed to manage communications relating to orders, technical issues, support, requests for clarification, documentary checks, shipment tracking, changes in availability, product recalls, service communications or other communications strictly connected with the customer relationship.

Legal basis: performance of the contract, pre-contractual measures or compliance with legal obligations, depending on the case.

​

6.6 Compliance with Legal Obligations and Requests from Authorities

Data is processed to comply with obligations laid down by laws, regulations, tax, accounting, anti-money laundering and consumer protection rules, as well as to respond to requests from competent authorities.

​

Legal basis: compliance with a legal obligation.

​

6.7 Fraud Prevention, Protection of Rights and Dispute Management

Data may be processed to prevent fraud, improper use of the website, fraudulent claims, chargebacks, unlawful activities, as well as to establish, exercise or defend a right of the data controller in judicial or extrajudicial proceedings.

​

Legal basis: the data controller’s legitimate interest in protecting its rights, company assets, transaction security and customers.

​

6.8 Sending Newsletters and Promotional Communications

Subject to the data subject’s consent, the data controller may use contact data to send newsletters, commercial offers, promotional initiatives, events, updates on products, brands sold, collections and store services, via e-mail, SMS, telephone, instant messaging or other authorized contact channels.

Legal basis: the data subject’s consent.

​

6.9 Soft Spam, Where Applicable

Where permitted by applicable law and where the relevant conditions are met, the data controller may use the e-mail address provided in the context of a previous purchase to send commercial communications relating to products or services similar to those already purchased, without prejudice to the data subject’s right to object at any time, free of charge and easily.

​

Legal basis: the data controller’s interest in promoting similar products or services to its own customers, within the limits permitted by applicable law.

​

6.10 Statistical Analysis and Service Improvement

The data controller may process data in aggregated form or, where applicable, data collected through analytical tools to analyze use of the website, improve content, user experience, product assortment, service quality and the efficiency of commercial and logistics processes.

​

Legal basis: the data controller’s legitimate interest, where processing is carried out using tools that do not require consent; the data subject’s consent when required by cookie and tracking tool regulations.

​

6.11 Commercial Profiling, Where Activated

Only with the data subject’s specific consent, the data controller may analyze preferences, interests, purchase history, newsletter interactions and website behavior in order to send personalized marketing communications, propose more relevant content or personalize the commercial experience.

​

Legal basis: the data subject’s consent.

​

6.12 Management of Relations with Brand Partners or Requests Relating to Specific Brands

Where the user requests services, information, appointments or availability relating to specific brands distributed by the data controller, data may be processed in order to handle the request also with the involvement of the relevant brand, authorized distribution structures, service centers, laboratories or other entities in the supply chain, within the limits strictly necessary and according to their respective privacy roles.

​

Legal basis: pre-contractual measures requested by the data subject, performance of the contract, legal obligations or consent, depending on the specific interaction.

Providing data marked as mandatory in forms, or necessary for order completion, payment management, shipping, invoicing or responding to the user’s request, is required. Failure to provide such data may prevent the data controller from supplying the requested service, processing the order or responding to the request.

​

Providing data for marketing, profiling or communication to partners for promotional purposes is instead optional. Failure to provide consent does not affect the purchase of products or the use of the website’s main services.

Data is processed using paper, IT and telematic tools, in accordance with the principles of lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity and confidentiality.

The data controller adopts appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, improper disclosure, alteration or unlawful use.

Data may be disclosed, within the limits relevant to the purposes indicated above, to the following categories of recipients:

• authorized personnel of the data controller;

• companies providing hosting, maintenance, development, platform management and IT security services;

• payment providers, banks, financial intermediaries and entities managing transactions;

• couriers, shippers, logistics operators and parties involved in delivery;

• administrative, tax, legal and accounting consultants, auditors and appointed professionals;

• companies supporting CRM, e-mail marketing, customer care, ticket management or messaging services;

• entities providing fraud prevention, transaction verification, auditing and credit protection services;

• brand partners, official distributors, service centers, laboratories, dealers or other entities in the supply chain, where necessary for handling specific requests, services or warranties relating to certain brands;

• public authorities, supervisory bodies, law enforcement authorities, judicial authorities or other parties to whom disclosure is required by law or by order of an authority.

​

Such parties act, depending on the case, as data processors, authorized persons or independent data controllers.

Personal data may also be processed or stored through providers located outside the European Economic Area or by means of tools involving access from third countries.

In such cases, the data controller ensures that the transfer takes place in compliance with Articles 44 et seq. of the GDPR, adopting, depending on the case, an adequacy decision of the European Commission, standard contractual clauses, supplementary measures, binding corporate rules or other safeguards provided for by applicable law.

The data subject may request further information on the transfers carried out and on the safeguards adopted by writing to the contact details of the data controller indicated in this notice.

Personal data is retained for no longer than is necessary to achieve the purposes for which it was collected and, subsequently, for the period required by law or necessary to protect the data controller’s rights.

In particular, unless specific needs must be assessed on a case-by-case basis:

• data relating to contact and information requests is retained for the time necessary to handle the request and, thereafter, for 2 years;

• customer account data is retained until the account is deleted or for the different period necessary to manage the relationship and any related obligations;

• data relating to orders, invoices, payments, shipments and administrative documentation is retained for the period required by applicable civil, tax and accounting laws;

• data collected for after-sales support, warranties and complaints is retained for the time necessary to manage the service and protect the data controller in the event of disputes;

• data processed for marketing purposes is retained until consent is withdrawn or, if earlier, until the end of the retention period defined by the data controller according to proportionality and updating criteria;

• data processed for profiling, where activated, is retained until consent is withdrawn or for the period defined in the data controller’s internal rules;

• technical and log data is retained for periods proportionate to security, maintenance and incident assessment needs.

Once the retention period has expired, the data will be deleted, anonymized or retained in restricted form only in cases permitted by law.

The website uses cookies and other tracking tools. Detailed information on the categories of tools used, their purposes, retention periods, involved third parties and the methods for giving, managing and withdrawing consent is set out in the Cookie Policy, available at the following link: Cookie Policy.

Where required by applicable law, the installation of non-technical cookies or tracking tools takes place only after the user’s consent has been collected through a specific banner or preference center.

The website may contain links to social networks, external platforms, messaging services, maps, videos or other embedded content provided by third parties. Interaction with such services may entail the processing of personal data by the respective providers, in accordance with their privacy notices.

The data controller invites users to consult the notices of the individual providers before using the relevant services.

In the case of requests relating to specific brands distributed by the data controller, the website or the boutique may make available dedicated forms, services or information flows. In such cases:

• the data controller may act as an independent data controller for the initial collection and management of the request;

• the brand partner may receive data as an independent data controller, where necessary to manage the request, the appointment, product availability, support or other services relating to the brand;

• in some specific cases, dedicated privacy notices or additional contextual privacy notices may apply.

Users are invited to carefully read any specific notices included in forms dedicated to individual brands.

The data subject may exercise at any time the rights provided for by Articles 15 et seq. of the GDPR, including the right to:

• obtain confirmation as to whether or not personal data concerning them is being processed;

• access their personal data and obtain a copy thereof;

• request rectification or updating of their personal data;

• request erasure, in the cases provided for by law;

• obtain restriction of processing;

• object to processing, in the cases provided for by law;

• receive the data in a structured, commonly used and machine-readable format, where applicable, and request its transmission to another controller;

• withdraw consent at any time, without affecting the lawfulness of processing carried out before the withdrawal;

• object at any time to the sending of promotional communications, including by using the unsubscribe link contained in e-mails or by contacting the data controller.

To exercise their rights, the data subject may write to:

privacy@mani.boutique
or to: mani.boutique@pec.it

The data controller shall respond within the time limits provided by applicable law.

Any data subject who believes that the processing of their personal data is carried out in breach of the applicable legislation has the right to lodge a complaint with the competent supervisory authority and, in particular in Italy, with the Italian Data Protection Authority (Garante per la protezione dei dati personali), as well as to bring proceedings before the competent courts.

Except as may be indicated in specific notices or in systems strictly necessary for fraud prevention and transaction security, the data controller does not adopt fully automated decision-making processes producing legal effects concerning the data subject or similarly significantly affecting them.

The website and its related services are not directed to persons under 18 years of age, and the data controller does not knowingly collect personal data relating to minors in the absence of the legal conditions required by law. Should the data controller become aware of the unintentional collection of data relating to minors in breach of applicable law, it shall proceed with deletion or any other action required by law.

When browsing within the Rolex section of our website, the user may interact with an embedded website of www.rolex.com. In such case, only the Terms of Use, Privacy Notice and Cookie Notice of www.rolex.com shall apply.

The data controller reserves the right to amend or update this notice, also in consideration of legislative changes, developments in the services offered, organizational changes or the implementation of new website features.

Any changes will be published on this page, indicating the date of the latest update. In the event of material changes, the data controller may also inform users by additional means, where appropriate.