Legal information privacy
INFORMATION WITHIN THE MEANING OF ARTICLES 12, 13 AND, OCCURRING, 14 OF THE GDPR – REGULATION (EU) 2016/679 REGARDING THE PROTECTION OF PHYSICAL PERSONS, WITH REGARD TO THE PROCESSING OF PERSONAL DATA (BELOW THE GDPR)
The data controller reports, below, the Disclosure pursuant to art. 12, 13 and, if necessary, 14 of the GDPR related to the processing of personal data provided by the customer / interested by completing and signing the form to receive the products / services offered by the data controller, spontaneously uploading personal data on this website (in particular through the compilation of form) or simply browsing in it.
- Data controller and contact details:
Data controller is MEDIABOUT SRL, with registered office in Milan, Via Olmetto 5, C.F. 11213650960, e-mail: firstname.lastname@example.org, web: www.mediabout.it.
- Principles applicable to processing
In accordance with the provisions of the GDPR, the data controller constantly endeavors to ensure that personal data are:
a. treated in a lawful, correct and transparent manner;
b. collected for specified, explicit and legitimate purposes, and subsequently processed in ways that are not incompatible with those purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. exact and, if necessary, updated;
e. kept for a period of time not exceeding the achievement of the purposes for which they are processed;
f. treated, through appropriate technical and organizational measures, in order to guarantee their safety;
g. treated, if by consensus, by decision freely taken by the Customer / interested party, on the basis of a request presented in a manner clearly distinguishable from the rest, in an understandable and easily accessible form, using a simple and clear language.
The data controller shall take appropriate technical and organizational measures in order to ensure the protection of personal data from the design stage and to ensure that, by default, only the data necessary for each specific purpose are processed.
The data controller collects and holds in the utmost consideration indications, observations and opinions of the Customer / interested person transmitted to the above-mentioned addresses, in order to implement a dynamic privacy management system that ensures effective protection of people, with regard to the processing of their data.
- Methods of processing personal data
The processing of personal data is done manually and with electronic tools, with logic strictly related to the purposes indicated below and, however, in order to ensure the security and confidentiality of the data.
- Purposes of processing personal data
a. Purpose for which data processing is necessary
The personal data provided by the Customer / interested party are mainly processed for the performance of the provision and, more generally, the relationship arising from the reception itself.
In addition to this possibility, data may be processed for the distribution of products / services, supplier management and other cases arising from the request of the client / interested party or normal business administration.
The provision of data in the form or later, in the course of the report, for the purposes of processing in question is mandatory; therefore, the failure, partial or incorrect conferment of such data makes it impossible to perform the service and, for the customer / interested party, take advantage of the products / services offered by the data controller.
The personal data provided by the Customer / interested party may also be processed if this is necessary to fulfill a legal obligation to which the data controller is subject, to safeguard the vital interests of the Customer / interested party or another person physics,
for the execution of a task of public interest or connected to the exercise of public authority vested in the data controller, or for the pursuit of the legitimate interest of the data controller or third parties, provided they do not prevail the interests or the fundamental rights and freedoms of the Client / interested party; even in these cases, the provision of data is mandatory and, therefore, the failure, partial or incorrect disclosure of data can expose the customer / interested in any liability and penalties provided by the
b. Further processing purposes following specific and express consent of the Customer / interested party
In addition to the processing purposes referred to above, the personal data provided / acquired may be processed, subject to the consent of the Customer / interested party, to be expressed by checking the box “Grant consent” on the Contract or on the Website (or using other social or web of the data controller), also for conducting market surveys and for commercial and promotional communications, by telephone (also using the mobile phone number provided) and automated contact systems (e-mail, sms, mms, fax, etc.), on products / services of the data controller or Group companies to which the data controller may belong.
The consent for the processing purposes referred to in this point (4b) is optional; therefore, as a result of any refusal, the data will be processed only for the purposes indicated in the previous point (4a), except as specified below with reference to the legitimate interests of the data controller or third parties.
c. Sending dedicated newsletters.
Your personal data and contact details may be processed by the Data Controller for sending, via e-mail, communications and information on new contents of the Portal.
Your data will be kept for 1 year and will be deleted.
- Categories of personal data processed
The data controller mainly deals with identification / contact data (name, surname, addresses, type and number of identification documents, telephone numbers, e-mail addresses, of a fiscal / billing nature, except for others) and, where provided commercial transactions, financial data (of a banking nature, in particular identifying current accounts, credit card numbers, except for others
connected to the aforementioned commercial transactions).
The treatment that the data controller performs, both for the execution of the Contract and for the express consent of the Client / interested party, does not concern particular categories of personal data, known as sensitive (revealing the racial or ethnic origin, the opinions policies, religious convictions, health status or sexual orientation, etc.), neither genetic and biometric data or socalled judicial data (relating to criminal convictions and crimes). The data controller treats, as the data controller with reference to the Site, and, potentially, as the person in charge of the processing assigned to it (in the terms above) by the Customer / interested person, also the so-called navigation data. The computer systems and software procedures used to operate the websites acquire, during their normal operation, some personal data, the transmission of which is implicit in the use of internet communication protocols. This is information that is not collected to be associated with identified subjects, but that, by their very nature, could allow the identification of the interested party. This category of information includes geolocation data, IP addresses, type of browser, operating system, domain name and website addresses from which access was made or output, information on pages visited by users within of the site, time of access, permanence on the single page, analysis of internal path and other parameters related to the operating system and to the user’s computer environment. It is, therefore, information that, by their very nature, allows users to be identified through processing and associations with data held by third parties.
- Source of personal data
The personal data that the data controller processes are collected directly by the data controller himself / herself at the customer / interested at the time of, and during, browsing this on the Website (or using other social or web applications of the data controller), or , also through its own commercial, on the occasion of or after the signing of the Contract, during the execution of the same, or from public sources. As specified above, the data controller, in charge of the processing assigned to it, in order to execute the obligations deriving from the Contract, may store and / or process data, in particular navigation, potentially sensitive, genetic and biometric or judicial, third parties, of which the customer / interested person has the capacity of data controller, acquired, with the prior consent of said third parties, at the time, and during the navigation of the same third parties on the Site (or using other social or web applications related to the owner of the treatment).
- Legitimate interests
The legitimate interests of the data controller or third parties may constitute a valid legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject do not prevail. In general, such legitimate interests may exist when there is a relevant and appropriate relationship between the data controller and the data subject concerned, for example
when the data subject is a customer of the data controller. In particular, it is the legitimate interest of the data controller to process personal data of the Client / interested party: for fraud prevention purposes, for direct marketing purposes, to ensure the free circulation of the same data within the business group to which the data controller processing, if any, belongs, or relating to traffic, in order to ensure network and information security, that is to say the ability of a network or a system to resist unforeseen events or illegal acts that could jeopardize the availability, authenticity, integrity and confidentiality of data.
- Circulation of personal data
a. Communication of personal data – categories of recipients In addition to the employees and collaborators in various capacities of the data controller (who are authorized by the data controller to process the data using appropriate written operating instructions, in order to guarantee the confidentiality and security of data), some processing operations they may also be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, which are functional to the purposes referred to in point (4a), thus both in execution of contractual and legal obligations, among which they deserve mention, to however, unavoidably, non-exhaustive title: commercial and / or technical partners; companies that provide banking and financial services; companies that perform document filing services; debt collection companies; accounting auditing and certification company; rating agency; subjects that carry out professional assistance and advice for the data controller; companies that carry out customer care activities; factoring companies, credit securitization or other assignee loans; Group companies to which the data controller may belong; subjects that provide commercial information; IT services company. The subjects belonging to the aforementioned categories process the personal data themselves as independent data controllers, or as data controllers, with reference to specific processing operations that are part of the contractual services that the same persons perform in favor / in the interest of of the data controller; to the controllers, the data controller provides adequate written operating instructions, with particular reference to the adoption of the minimum security measures, in order to guarantee the confidentiality and security of the data. Some processing operations may be carried out by third parties, to whom the data controller entrusts certain activities, or part of them, also functionally to the purposes referred to in point (4b), among which they deserve mention, however, inevitably, not exhaustive: commercial and / or technical partners; companies that provide institutional marketing services; advertising agencies; subjects that provide assistance and consultancy with reference to competitions and prize operations. The subjects belonging to the aforementioned categories process personal data as independent data controllers, or as data controllers, with reference to specific processing operations that are part of the contractual services that the same subjects perform for / in the interest of the data controller; to the controllers, the data controller provides adequate written operating instructions, with particular reference to the adoption of the minimum security measures, in order to guarantee the confidentiality and security of the data. It is available, upon written request to be sent to the headquarters of the data controller, the list, subject to periodic updating, of the data processors with whom the data controller has relations. Personal data can also be communicated, in case of request, to the competent authorities, in fulfillment of obligations deriving from mandatory laws.
b. Transfer of personal data to third countries The personal data of the Customer / interested party may also be transferred abroad, both in European Union countries and in countries outside the European Union and, in the latter case, or on the basis of an adequacy decision, or within the framework and with the appropriate guarantees provided by the GDPR (therefore, in particular, in the presence of contractual clauses of data protection approved by the European Commission), or, outside the aforementioned hypotheses, using one or more of the envisaged derogations from the GDPR (in particular, by virtue of explicit consent of the Customer / interested party, or for the execution of the Contract concluded by the Customer / interested party, or for the execution of a contract stipulated between the data controller and another physical person or legal status in favor of the Customer / interested party, in particular for the execution of activities requested by the data controller for the execution of the Contract concluded with
the Customer / interest to). For the possibility of transfers of data to countries outside the European Union, the customer / interested party is allowed, upon written request to be sent to the headquarters of the data controller, to know the appropriate guarantees, or the derogations, which legitimize cross-border treatment. It is understood, in case of transfer of data to countries outside the EU.
- Criteria for determining the retention period of personal data For the purposes referred to in paragraph (4a) above, the retention period of personal data issued by the Customer / interested party, and their consequent potential treatment, coincides with the period of limitation of the rights / duties (legal, fiscal, etc.). ) descendants from the Contract: basically 10 years, therefore, except for the occurrence of interruptive events of the prescription that could prolong, in fact, this period. For the purposes referred to in point (4b) above, the retention period of the data released by the Customer / interested party, and their consequent potential treatment, ends with the revocation of the consent previously issued by the Customer / interested party or, in the absence of this, however, passed a year from the termination of any relationship between the data controller and the customer / interested party.
- Customer / interested rights
The data controller acknowledges – and facilitates the exercise, by the Customer / interested party, of – all the rights provided by the GDPR, in particular the right to request access to their personal data and to extract a copy (Article 15 GDPR ), to the rectification (Article 16 of the GDPR) and the cancellation of the same (Article 17 of the GDPR), to the limitation of the processing that concerns it (Article 18 GDPR), to the portability of data (Article 20 of the GDPR, where the assumptions) and to oppose the processing that concerns it (Articles 21 and 22 GDPR, for the hypotheses mentioned therein and, in particular, to the treatment for marketing purposes or which results in an automated decision-making process, including profiling, which produces legal effects concerning him, where the conditions are met). The data controller also recognizes the Customer / interested party, if the processing is based on
consent, the right to revoke that consent at any time, without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation. To do so, the Customer / interested party may unsubscribe at any time on the Website (or other social or web applications of the data controller) or by using the appropriate link at the bottom of any commercial communication received, or by contacting the Data Controller at the addresses above. The data controller also informs the Customer / interested party of the right to propose a complaint to the Authority for the Protection of Personal Data, as the supervisory authority operating in Italy, and to propose a judicial appeal, against a decision of the Guarantor Authority as against the data controller and / or a controller. The customer / interested, in case he wants to modify or cancel the data he has given through the site, can directly request the owner. In the event that the customer / interested person has registered within the site, he can use his reserved area to exercise all the rights provided for by the information.
In case of request for cancellation of your data, we inform you that it may no longer be possible to continue to provide the requested service.
- Security of systems and personal data Taking into account the state of the art and implementation costs, as well as the nature, object, context and purpose of the processing, as well as the risk, in terms of probability and seriousness, for the rights and freedoms of individuals , the data controller adopts technical and organizational measures deemed appropriate to guarantee a level of security appropriate to the risk, in particular by ensuring, on a permanent basis, the confidentiality, integrity, availability and resilience of the
processing systems and services ( also through the encryption of personal data, where necessary) and the ability to promptly restore the availability of data in the event of a physical or technical accident, and by adopting internal procedures aimed at testing, verifying and regularly assessing the effectiveness of the technical and organizational measures used . When assessing the appropriate level of security, account shall be taken of the risks presented by the processing resulting, in particular, from destruction, loss, modification, unauthorized disclosure or access, in an accidental or illegal manner, to personal data transmitted, stored or otherwise processed.
The data controller shall ensure that anyone acting under his / her authority and having access to personal data does not process such data if he / she is not instructed to do so by the data controller.
That said, the Customer / interested person acknowledges and accepts that no security system guarantees, in terms of certainty, absolute protection; therefore, the data controller is not liable for acts or facts of third parties that, despite the appropriate precautions taken, should have access to the systems without proper authorization.
- Automated decision-making processes, including profiling The data controller may perform automated processing, including profiling, in relation to the purposes referred to in paragraph (4b) above, to optimize the navigability of the Site (or the usability of other social or web applications of the data controller) and for improve the purchasing experience, except as specified above with respect to the rights of opposition and withdrawal of consent by the Customer / interested party.
By profiling is meant any form of automated processing of personal data aimed at evaluating certain aspects relating to a natural person, in particular to analyze or predict aspects concerning, for example, the personal preferences, interests or location of that person, also in order to create profiles, i.e. homogeneous groups of subjects by characteristics, interests or behavior.
The data controller does not carry out any automated processing that produces legal effects that affect the Customer / concerned or that significantly affect his person, unless this is necessary for the conclusion or execution of the Contract, be it authorized by law or based on the explicit consent of the Client / interested party, in any case always recognizing the latter the right to obtain human intervention, to express their opinion and to contest the decision.EXTENDED INFORMATION ON COOKIES
a. What are cookies
Cookies are small text files that are automatically placed on the browser’s PC in the browser. They contain basic information on browsing the Internet and thanks to the browser are recognized every time the user visits the site.
Within our website we have provided a system to allow you to express a preference at the first access, consenting or not to the installation of some cookies.
The preference can be modified at any time when the tool allows, while the cookies on your computer can be deleted at any time through a procedure provided by the browser used to navigate the internet (for instructions, please see the guide of the its specific software).
Below you will find all the cookie settings installed by this site and the necessary instructions on how to manage your preferences.
b. Cookies used by this site
The cookies used on this site fall into the categories described below.
i. Technical cookies
The technical cookies described below do not require consent so they are installed automatically as a result of access to the web site.
Cookies necessary for operation: cookies that allow the site to work properly, also allowing the user to have a functional browsing experience. For example, they keep the user connected while browsing, preventing the site from requesting to log in multiple times to access the next pages.
Cookies for saving preferences: cookies that allow you to remember the preferences selected by the user while browsing, for example, allow you to set the language.
Cookie for Statistics and Audience Measurement: cookies that help to understand, through data collected anonymously and in aggregate, how users interact with the website providing information on the sections visited, the time spent on the site, any malfunctions.
ii. Third-party cookies
Through this site are also installed cookies managed by third parties, with various utilities and functions. Statistical Cookies and Third Party Audience Measurement: these cookies provide anonymous / aggregate information on how visitors navigate the site. Below is a list of cookies of this type, with: company name, service offered, type of cookies and links to the cookies policy of the service.
• Google Analytics: system of statistics
• Analytical cookies
Social media sharing cookies: These third-party cookies – if there are links on the site – are used to integrate some widespread functionality of the main social media and provide them within the site. In particular, they allow registration and authentication on the site through facebook and google connect, sharing and commenting on social media pages, enabling the “like” features on Facebook and
the “+1” on G +.
• G +
These third-party cookies allow you to send advertisements to users who have visited the site both while browsing the websites on the Google Display Network and / or using the apps on the Google Display Network and while browsing on
c. Management of preferences on cookies through the browser Any browser used by the user, through a special procedure, to manage the preferences on
Generally, to activate this procedure, simply click on “Help” in the browser window at the top, from which you can access all the necessary information.
Alternatively, you can refer to the help of your navigation browser.
VALIDITY OF THE INFORMATION
This information can be modified, in line with the evolution of the reference legislation and of the technical and organizational measures gradually adopted by the data controller; the Customer / interested party is, therefore, asked to periodically visit this section of the Site, to view updates and information in the text from time to time.