MIXA S.R.L. | TIN / VAT 01951910221, registered office : 35020, Ponte San Nicolò (PD), Viale Svezia 4/2 (hereinafter, “Controller”), in the capacity of Data Controller, informs you that, in accordance with the referred art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”), your data will be processed as follows by means and objectives:
The Controller processes personal data, identifying and non-sensitive ( specifically name, surname, tax identification number, VAT number, email, telephone number -hereinafter, “personal data” or even “data”) provided by you upon registration on the Controller’s website and/ or subscription to the newsletter service offered by the Controller.
PURPOSE OF THE PROCESSING
Your personal data is processed:
A) without explicit consent (Article 6 letter b, and GDPR), for the following purposes:
- To allow subscription to the newsletter service provided by the Controller and any other service you may require.
- To fulfill pre-contractual, contractual and fiscal obligations deriving from existing relationships among the parties.
- To fulfill obligations established by law, regulation, community legislation or order of the Authority.
- To prevent or discover fraudulent activities or harmful abuses to the website.
- To exercise the rights of the Controller, for example the right to legal defense in court.
B) Only with your explicit consent (Article 7 of the GDPR), for the following Marketing Purposes:
To email newsletters, marketing communications and / or advertising material on products or services provided by the Controller. Please note that if you are already our client, you may receive marketing communications regarding the Controller’s services and products similar to those you have already received, unless you withdraw your consent already expressed (Article 4 of the Privacy Code).
The processing of your personal data is performed by means of the operations referred to in art. 4 n. 2) GDPR and specifically: collection, registration, organization, storage, consultation, processing, adaptation, selection, retrieval, alignment, use, combination, restriction, communication, erasure and destruction of data. Your personal data are processed both on paper and electronically and/or through automated means.
The Controller will process personal data for the time it takes to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for Marketing Purposes.
ACCESS TO DATA
The data might be accessed for the purposes referred to in art. 2.A) and 2.B):
- by employees and internal staff of the Controller, in their capacity of appointees and/or internal managers of the processing and / or system administrators;
- by external collaborators with whom the Controller collaborates ( e.g. for support activities in the study of project feasibility, for technical project management activities) or by third parties (e.g. providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc) performing outsourcing activities on behalf of the Controller, in their capacity of external data processors.
Without your express consent (Article 6 letter b) and c) GDPR), the Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. Your personal data will not be disclosed.
The management and storage of personal data will take place on servers located within the European Union of the Controller and / or third-party companies duly designated and appointed by Processors.
The data will not be transferred outside the European Union. It remains in any case understood that the Controller, if necessary, will have the right to move the location of the servers to Italy and / or the European Union and / or non-EU countries. In such a case, the Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements ensuring an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.
NATURE OF DATA PROVISION AND CONSEQUENCES OF DECLINE TO ANSWER
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we won’t be able to ensure you neither the registration on the site nor the services of art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing the data already provided: in such a case, you won’t be able to receive newsletters, marketing communications and advertising material regarding the Services offered by the Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
RIGHTS OF THE INTERESTED PARTY
As an interested party, you have the right, in accordance with art. 15 GDPR and namely the rights to:
- obtain confirmation of the existence (or lack thereof) of data regarding yourself, even if not yet registered, and their communication in an intelligible form.
- obtain information concerning: a) the origin of personal data; b) processing methods and purposes; c) the logic by which the process is performed with the aid of electronic tools; d) the identification details of the Controller, Processor and appointed representative in accordance with art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data might be communicated to or who can learn about them as appointed representative in the State, managers or agents.
- obtain: a) updating, rectification or, when interested, integration of data; b) erasure, anonymisation or restriction of data processed in breach of the law, including those which shouldn’t be stored in relation to the purposes for which the data were collected or subsequently processed; c) the certification that the operations referred to in letters a) and b) have been brought to the attention, also regarding their content, of those to whom the data have been communicated or disclosed, except in case of fulfillment proven impossible or involving the use of means that are clearly out of proportion with the protected right.
- objecting, in whole or in part: a) on legitimate grounds to the processing of your personal data, even if relevant to the purpose of the collection; b) to the processing of your personal data for the purpose of sending you advertising or direct sales material or to perform market researches or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail.
- Please note that the right of objection of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and without the prejudice to the faculty of the interested party to partially exercise the right of opposition. Therefore, the interested party can decide to receive communications only through traditional methods or only through automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in Articles. 16-21 GDPR (Right to rectification, right to be erasure “to be forgotten”, right to restriction of processing, right to data portability, right to object), as well as the right to lodge complaint to the Supervisory Authority.
HOW TO EXERCISE RIGHTS
At any time you can exercise your rights by sending:
- MIXA S.R.L. | TIN / VAT number 01951910221 with registered office Registered office: 35020, Ponte San Nicolò (PD), Viale Sweden 4/2.
- An e-mail to email@example.com
The Site and the Controller’s Services are not meant for minors under the age of 18 and the Controller does not intentionally collect personal information regarding minors. In the event that information on minors are unintentionally registered, the Controller will delete them in a timely manner, at request of users.
CONTROLLER , PR
The Data Controller MIXA S.R.L. | TIN / VAT number 01951910221 with registered office Registered office: 35020, Ponte San Nicolò (PD), Viale Svezia 4/2. The updated list of data processors and appointees to the processing is kept at the headquarters of the Data Controller.
The terms of this Private Policy Statement are subject to changes. It is therefore advisable to check this policy regularly and refer to the most updated version.
COOKIES AND MONITORING