Privacy Policy

Privacy Policy


MAST SRL , based in Via dell’Artigianato, 11 – 36064 Colceresa (VI) - Italy, C.F. and VAT registration number IT04318360247, in its capacity of controller, informs you that your personal data will be processed according to articles 13-14 of the European Regulation n. 679/2016 (EU Regulation), as follows:


The controller informs you that your personal data, also called simply “data” (for example name, surname, address, telephone number, email, bank details, etc.), that have been collected directly, verbally or through third parties, will be processed in compliance with the EU Regulation. The controller processes your data fairly and lawfully for the performance of contracts or the implementation of precontractual measures (for example an offer elaboration, etc.) that you may have requested (art.6 EU Regulation). “Data processing” means any activity regarding the collection, registration, organisation, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, transmission, spread, deletion, of data.


Legal basis: EU Regulation n. 679/2016, fulfillment of contractual obligations

Purposes of processing:

2A) without your express consent (art. 6, b), c), e) of EU Regulation), for the following purposes:

– fulfil the contractual, precontractual and fiscal obligations, under the deals between you and the company (example an order confirmed in our e-commerce);

– fulfil the obligations required by the law, regulations, Community legislation or by any order of the Authorities (as when it comes to anti-money-laundering);

– exercise the rights of the controller, as for the right to defence in court;

– keep the accounts;

– for electronic comunications (e-mail, sms, chat);

– management purposes (invoicing, document management, etc.);

– management of claims;

– statistical analysis and quality control;

– insurance management;

– technical assistance.

Given that you may have read this information even while browsing our site, on the HYFLY.IT web portal, In particular, your data will be processed to fulfil the following duties, according to legal or contractual obligations:

– technical and functional access to the site. No data will be kept after the closing the of Browser;

– Advanced navigation purposes or customized content management;

– Statistics and analysis purposes regarding navigation and users.

2B) Your personal data may also, prior your consent (art.7 EU Regulation), be used for the following marketing and Advertising purposes:

– sending advertisement or informative email, sms or mail about products or services offered by the controller and/or about the collection of data regarding the level of Customer’s satisfaction on the service provision.

– sending commercial communication and advertisement email, mail, sms or voice calls by third parties (for example, business partners).


The processing of your personal data is carried by following the procedures stated in art.4 n.2) of the EU Regulation, regarding: the collection, registration, organization, structure, storage, adaptation or modification, extraction, consultation, use, communication, spread or any other method of sharing, comparison or interconnection, limitation, deletion, block of data.

Your personal data are processed both manually and electronically/automatically (in any case in a way suitable to grant the safety and privacy of your personal data).



The Controller will process personal data for the time necessary to achieve the purposes mentioned above, and in any case, data won’t be processed beyond the legal bounds. The Personal data used for marketing and commercial purposes, will be kept respecting the principle of proportionality and until the achievement of the processing purposes or until the customer’s consent withdrawal. In particular, the data Controller will process data at the latest within 3 years from when they are collected. The Personal data you provide, will be processed lawfully, fairly and transparently, to guarantee your privacy and the respect of your rights.

The interested party undertakes, towards us, not to insert or transmit any material on or from any platform:

that is intimidating, defamatory, obscene, indecent, seditious, offensive, pornographic, abusive, such as to incite racial hatred, discriminatory, threatening, scandalous, inciting, blasphemous, violating the obligations of secrecy, violating privacy or that may in any way cause annoyance or damage; o that represents or encourages behavior that could be considered forms of crime, that could give rise to the responsibility of anyone, that are in any way contrary to the law, public order or morality or that harm the rights of third parties anywhere in the world ; or that cause damage (including, without limitation, computer viruses, logic bombs, Trojan horses, worms, defective components, corrupted data or other software with harmful content or capable of damaging). The User cannot abuse the Site (including, by way of example, carrying out hacking activities).



Your data can only be accessed to pursue the purposes mentioned above at 2.A) 2.B) by:

– partners, employees and people associated to the controller, both in Italy and abroad, in their capacity as people in charge of and/or responsible for the data processing or the system administration;

– third parties or other subjects who perform outsourcing operations on behalf of the Controller, in their capacity of external responsible of the processing (as for example law firms, lawyers, data elaboration societies, certified institutions, forensic accountants/tax advisor, and in general all the authorities in charge of verify and control the correct implementation of the above-mentioned commitments, credit institutions, consultants, insurance companies, financial offices, local authorities, consultants and societies interested in the safety at the workplace. They can, in their turn forward the data or allow their access to their partners, users and other successors in titles, for market research purposes. Furthermore, the processed and collected data can be forwarded, both in Italy and abroad, to subcontractors, suppliers, transport operators, customs agents and couriers).

For the sake of brevity, he full list of all the professional figures is available at your disposal in our headquarter. 



Without the necessity of an expressed consent, (art. 6, b)-c) of the EU regulation), the controller can, for the purposes mentioned in point 2.A), forward your data to supervisory bodies, legal authorities, insurance companies, as well as to those, to who the sharing of data is legally mandatory, for the completion of the above-mentioned purposes. 

Those subjects will process your data in quality of independent controllers. 

During, and after browsing, your data may be forwarded to third parties, and specifically to:

– Google: Advertising Service, Advertising Coverage, Analytics / Measurement, Content Customization, Optimization;

– Google AdWords: Advertising Service, Advertising Coverage, Analytics / Measurement, Content Customization, Optimization;

– Google Analytics: Advertising Coverage, Analytics / Measurement, Optimization.

– Shopify: data feed of our online store.

- Facebook: showcase account management and collection of preferences, communication data.

- Twitter: showcase account management and collection of preferences, communication data.

- Pinterest: showcase account management and collection of preferences, communication data.  

 Your personal data won’t be disclosed in any way.


Personal data are kept on devices located in the Controller headquarters or at providers within the European Union. Anyway, when necessary the Controller can move the data even in extra-EU countries, in accordance with legal requirements, after the contract terms approval and standard verifications provided for by the European Commission.

The controller has implemented adequate technical and organisational measures to grant an appropriate security level with due regard for what is stated in art. 32 of the EU Regulation, both for the data stored in its devices and for data that may be collected by providers. 

Navigation: your navigation data might be transferred, with regard to the abovementioned purposes, in the following states: -EU countries, -The United States.

Cookie management: if you have any doubt about Cookies and their use, you can always block them by modifying your browser privacy settings.

Since every browser, or different versions of the same browser, differ from each other, you will find detailed information on the necessary procedure in your browser guide.



The provision of data for the purposes in 2.A) is mandatory. Without those data, we couldn’t grant you the services stated in 2.A).

The provision of data for the purposes in 2.B) is optional. You can therefore decide, whether to provide your data or not, or to block the access to your data at a later stage. In this case, you won’t receive newsletter, commercial communications and advertisement from the Controller anymore.

Anyway, you will still have access to the services mentioned in 2.A).


In your role of data subject, you have the right under art.15 of the EU Regulation below, namely:

1. You have the right to request information about the personal data the Controller holds on you at any time, particularly about:

a) the purposes of the data processing;

b) the categories of personal data registered:

c) the subjects to which your personal data will be forwarded, especially if the addressee is in third-counties or international organizations;

d) when possible, the period of time in which your personal data will be kept or, if not possible, the criteria used to determine that period;

e) the existence of the right to request rectification of your personal data if the information is incorrect, including the right to have your personal data erased. You also have the right to object to the processing of your personal data or to limit it;

f) the right to file a complaint to any authority (Personal Data Protection Authority);

g) all the information about the source of data, if they have not been provided by the user himself:

h) the existence of an automatic decision-making system, including profiling under art. 22, paragraphs 1-4 of the EU Regulation and, at least in those situations, significant information about the logistic methods, as well as the importance and the consequences of the processing for the user.

2.if your personal data should be sent to a third country or an international organisation, you have the right to be informed about the existence of adequate warranties under art.46 of the EU Regulation concerning the transfer. 

3.On your request, the Controller will provide you with a copy of your personal data processed.

In case you asked additional copies, the controller might charge you with a reasonable fee based on administrative costs. If you make your request by electronic means, unless otherwise specified, you will receive the information in electronic form.

4. the right to obtain a copy under paragraph 3, don’t have to adversely affect the rights or freedoms of others.

Besides, where applicable, you can benefit from the rights under art. From 16 to 21 of the EU Regulation, and you have:

– the right to correct your personal data;

– the right to erase your personal data;

– the right to restrict the data processing;

– the right of data portability;

– the right of opposition;

– the right to complain with the Competition authority.

In addition, you have the right to withdraw at any time your consent, without any prejudice to the lawfulness of processing based on the consent you gave before the withdrawal.



It may happen that the person writing is not the Controller to who you gave your personal data, but is a controller’s partner or the external responsible for the processing, and that your data have been transmitted to the writing person in a later moment, due to a contract that regulates parties. In this case, the writing person will do everything in its power to make sure that you have been informed and have given your consent to the processing. You can at any time ask the source of your data acquisition.


Here you will find some information you should be aware of, not only to comply with legal obligations, but also because transparency and fairness towards whoever visits this website, is an important aspect of our activity.

Controller. The controller of your personal data is MAST SRL. You can get in touch with MAST SRL to ask any information or make your requests, at the following email address:

People in charge. The updated list of people in charge for the processing of your data, is kept in the Controller’s headquarters.