Pursuant to art. 13 EU Regulation 2016/679
Dear Data Subject,
The term “personal data” refers to the definition reported in art. 4, paragraph 1, of the Regulation, therefore “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (“Personal Data”).
DATA PROTECTION OFFICER
The Controller, in order to facilitate relations with the Data Subject, arranged to nominate his own Data Protection Officer (the “DPO”), identifying it with SAPG Legal Tech S.r.l. with registered office in Via Durini n.15, 20122 – Milan (MI).
PURPOSES AND LEGAL BASIS OF THE PROCESSING
While navigating the Site, some of your Personal Data might be acquired in the following ways:
- Navigation data
The informatic systems and software procedures in charge of the functioning of the Site acquire, in the course of their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data consists of, for example: IP addresses, the type of browser being used, the operating system, the domain name and the address of the websites from which the access or exit have been made, information over the pages visited by the users inside the Site, the time of the access, duration of the stay on a single page, the analysis of the intern route and other parameters related to the operating system and the user’s informatic environment.
Such technical/informatic data are harvested and used exclusively in an aggregated and non-identifying way and may be used to assess responsibilities in the case of hypothetical IT crimes against the Site.
- Data given willingly by the user
All those Personal Data that the user willingly gives to the Site, for example, writing to an email address in order to have a direct contact with the company (so to, for example, ask for assistance or further information over a good/service provided by the Controller).
Such processing will be legitimate pursuant to art. 6, paragraph 1, letter b) of the Regulation (performance of a contract of pre-contractual measures taken at the request of the Data Subject) and for the compliance to eventual legal obligations.
In order to allow the Controller to carry out the processing activities for the recalled ends, it will be necessary to hand out the requested Personal Data with the specific forms. Where even one of the required information has not been given, it may not be possible to proceed with the processing of your Personal Data and, therefore, to supply the requested information and services.
No special category of Personal Data will be processed, that includes information “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”, pursuant to art. 9 of the Regulation.
In addition to the above, Personal Data possessed by the Controller as an effect of a previous contract or willingly given by the user through the specific forms could be processed by the Controller for the following ends:
- Direct marketing – the term refers to the performance of promotional activities (by sending communications via email) for goods/services that interest you and are sold by the Controller. With respect to those direct marketing activities, it’s appropriate to clarify that, pursuant to art. 6, paragraph 1, letter f) of the Regulation and art. 130, paragraph 4 of the Privacy code (so called “soft spam exception”), the Controller will be able to carry out such activity on the basis of his legitimate interest, whether explicit consent has been given or not, pursuant to the 47th Whereas of the Regulation which specifies that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This will be possible following the Controller’s evaluations about the eventual and possible prevalence of your interests, rights, and fundamental freedoms that require Personal Data protection, over his own legitimate interest to send direct marketing communications. Moreover, every Data Subject can oppose anytime, in a free and easy way (even in a partially), to receiving promotional communications, without it affecting in any way the processing for other ends.
SUBJECTS YOUR PERSONAL DATA MAY BE SHARED WITH
As a mere example, we report some categories of subjects your Personal Data might be communicated to:
- Commercial partners of the Controller that provide services, as Data Processors or autonomous Controllers, for the purposes mentioned in art. 6, paragraph 1, letter b) of GDPR;
- Third-party providers of assistance and counsel services, as Data Processors or autonomous Controllers, for the purposes mentioned in art. 6, paragraph 1, letter b) of GDPR;
- Subjects and authorities whose right to access the Data is expressly recognized by law, regulations, or provisions by competent authorities;
- Subjects that are company or company branch transferees, societies resulting from possible mergers, split or other corporate transformations of the Controller’s company;
If you want to know which subjects came in possess of your Personal Data following your relationship with Meridiano Communication S.r.l., you can ask the Controller via the following email addresses, also reported on the website: email@example.com and Meridianosrl16@legalmail.it.
STORAGE DURATION FOR YOUR PERSONAL DATA
In particular, your Personal Data will be processed for the time strictly necessary, as indicated by the 39th Whereas of the Regulation, so until the end of the relationship between yourself and the Controller, as well as un ulterior period of storage that could be imposed by the law; on the matter, the 65th Whereas of the Regulation states that “the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims”.
Your personal Data will be processed and stored for the following periods:
- For the purposes stated in art. 6, paragraph 1, letter b) of GDPR, for the duration of the contract and the 10 years following its expiration;
- For the purposes stated in art. 6, paragraph 1, letter c) of GDPR, for the period prescribed by the law for every type of data;
- For the direct marketing purposes allowed by the legitimate interest of the Controller, pursuant to art. 6, paragraph 1, letter f) of GDPR, until 24 months after the harvest of the data.
In any case, your Personal Data will be the object of a periodical control, no longer than every 12 months, aimed at evaluating their pertinence with the Controller’s activities; if your Personal Data won’t be pertinent anymore, they will be erased.
LINK TO/FROM THIRD-PARTY WEBSITES
If you have already logged in on these platforms the link on the Side will redirect you on the Controller’s page with your account already logged.
Moreover, through the clients section of the Site it is possible to connect via link with the Controller’s partners companies’ websites.
Concerning the above, the Controller cannot be held responsible for the eventual processing of Personal Data by third-party websites and for the processing of authentication credentials provided by third-party subjects.
RIGHTS OF THE DATA SUBJECTS AND EXERCISE METHODS
You can exercise anytime your rights granted by articles 15 et seq. of the Regulation with respect to the Controller. In particular, you have the right to obtain:
- The confirmation whether your Personal Data is being processed or not and gain access to the data and the following information: purposes of the processing, categories of Personal Data, recipients or categories of recipients to whom the Data have been/will be communicated and the relative period of storage;
- The rectification of your incorrect Personal Data and/or the integration of incomplete Personal Data, also providing the supplementary declaration;
- The erasure of your Personal Data and the limitation to the processing in the cases defined by the GDPR and the current privacy regulation;
- Where applicable, the portability of your Personal Data and, in particular, the possibility to ask for the direct transmission of you Personal Data to another Data Controller;
- The opposition to the processing of your Personal Data at any time, for reasons connected with your particular situation, in full compliance with the current privacy regulations.
In any case, if you feel that the processing of your Personal Data is against the privacy regulation, you have always the right to fill a complaint to the competent Personal Data Protection Authority pursuant to art. 77 GDPR.
PLACE OF THE PROCESSING
Your Personal Data will be handled inside the territory of the European Union and could be (for technical or operative reasons) transferred and/or stored in Countries outside the territory of the EU.
In these cases, we inform you from now that the subjects located outside the territory of the European Union will be nominated (whenever the necessary criteria are met) Data Processors pursuant to art. 28 of the GDPR. Moreover, the transfer of your Personal Data to such subjects, for what concerns the carrying out of specific processing activities, will be regulated in compliance with the provisions of Chapter V of GDPR.
All the necessary cautions will be adopted in order to ensure the total protection of your Personal Data basing the transfer: a) on decisions of adequacy of the third-party countries made by the European Commission; b) on adequate warranties provided by the third-party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules; d) adopting standard contractual clauses approved by the European Commission.
In any case you can ask further details to the Controller if your Personal Data have been processed outside the European Union requesting evidence of the specific warranties adopted, writing to the following email addresses: firstname.lastname@example.org and Meridianosrl16@legalmail.it.