PRIVACY POLICY
Privacy information draw up pursuant to: European Privacy Law EU. REG 2016/679 GDPR, ART.13
Introduction
For the undersigned company, personal data is a valuable asset and must be protected, adopting procedures and practices designed to ensure its protection. Transparency towards data subjects is therefore a primary objective, pursued through effective communication tools aimed at providing stakeholders with basic information on the processing of their data. This privacy policy is therefore intended to provide data subjects with all the information required by current privacy regulations, as well as specific guarantees of reliability for stakeholders.
General Information
The interested parties (pursuant to Article 4, paragraph 1 of the GDPR) are informed of the following general profiles, valid for all areas of processing:
- in compliance with current privacy regulations (EU Reg. 2016/679 and Legislative Decree 196/2003, as amended and supplemented by Legislative Decree 101/2018);
- all data are processed in a lawful, correct and transparent manner towards the data subject, in compliance with the general principles set out in Article 5 of the GDPR;
- specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access (GDPR, Article 32).
Data Controller
The Data Controller is the undersigned Company (in the person of the pro-tempore Legal Representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses
| DATA CONTROLLER | DATA PROTECTION OFFICER |
|---|---|
| Name: Menta Edoardo & C Srl Email: info@mentaedoardo.com |
Name: Galli Data Service Srl Email: dpo@gallidataservice.com |
Data Subject’s Rights
- Right to request the presence and access to personal data concerning him (Art.15 “Right of access”)diritto di ottenere la rettifica/integrazione di dati inesatti o incompleti (Art.16 “Diritto di rettifica”)
- Right to obtein the correction/integration of inaccurate or incomplete data (Art.16 “Right to rectification”)
- Right to obtain, if justified reasons exist, the cancellation of data (Art.17 “Right of erasure”)
- Right to obtain the limitation of treatment (Art.18 “Right to restriction of processing”)
- Right to receive data concerning him in a structured format (Art.20 “Right of Data Portability”)
- Right to object to processing and automated decision-making, including profiling (Art.21, 22)
- Right to revoke a previously given consent;
- Right to file a complaint with the Data Protection Authority in the event of non-response
The following specific information is provided below, referring to:
1) data processing related to the operation of the site
2) data processing of the Data Controller’s customers / Data Controller’s suppliers
1) DATA PROCESSING CONNECTED TO THE OPERATION OF THIS SITE
1.1 Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT system.
| Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c) |
These data are used for the only purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site (legitimate interests of the owner). |
| Communication scope
(GDPR-Art.13, paragraph 1, letter e, f) |
The data can be processed exclusively by internal personnel, duly authorized and trained in the processing (GDPR-Art.29) or by any subjects in charge of the maintenance of the web platform (appointed in this case external managers) and will not be disclosed to other subjects, disseminated or transferred to non-EU countries (unless subject to compliance with the requirements set out in Chapter V of the GDPR). Only in the event of an investigation can they be made available to the competent authorities. |
| Data retention period
(GDPR-Art.13, paragraph 2, letter a) |
The data are usually kept for short periods of time, with the exception of any extensions connected to investigation activities. |
| Conferment
(GDPR-Art.13, comma 2, lett.f) |
The data is not provided by the interested party but automatically acquired by the site’s technological systems. |
1.2 Cookies
Cookie management is in accordance with the relevant regulatory requirements:
- “Guidelines for cookies and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
- Guidelines 5/2020 on consent pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.
- Transnational agreements on extra-EU data flows, stipulated pursuant to Title V of the GDPR.
Users can analytically verify the types of cookies and set their preferences via the appropriate banner (if provided; if not provided, this means the site uses exclusively technical cookies). Below is some general information regarding cookies and similar technologies.
What are cookies
Cookies are short fragments of text (letters and / or numbers) that allow the web server to store information on the client (the browser) to be reused during the same visit to the site (session cookies) or later, even after some days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies, such as, for example, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behavior and on the use of services. In the remainder of this information we will refer to cookies and all similar technologies by simply using the term “cookie”.
Possible types of first-party cookies and methods of managing preferences
| CATEGORIES | PURPOSE | CODING CRITERIA |
|---|---|---|
| Navigation technical, of session, of functionality | Guarantee the normal navigation and use of the site | Using major browsers, you can: •Block all (or some) types of cookies by default •View the detailed list of cookies used •Remove all or some installed cookies For information on individual browser settings, see the specific section. Please note that blocking or deleting cookies may affect the site’s navigation |
| Technical analytical | Collect information on the number of visitors and pages viewed | |
| Functional technicians | Allow navigation based on a series of selected criteria | |
| Profiling | Create user profiles in order to send advertising messages in line with preferences |
Managing preferences through the main navigation browsers
Users can decide whether or not to accept cookies using their browser settings (please note that, by default, almost all web browsers are set to automatically accept cookies). This setting can be changed and customized for different websites and web applications. Furthermore, the best browsers allow you to define different settings for first-party and third-party cookies. Cookies are typically configured from the “Preferences,” “Tools,” or “Options” menus. Below are links to the cookie management guides for the main browsers:
- Microsoft Edge – https://support.microsoft.com/it-it/microsoft-edge/eliminare-i-cookie-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- Internet Explorer – http://support.microsoft.com/kb/278835
- Chrome – http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
- Safari – https://www.apple.com/legal/privacy/it/cookies/
- Firefox – http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
- Opera – https://help.opera.com/en/latest/web-preferences/
More information
- www.garanteprivacy.it/cookie (collection of the main regulatory interventions on the matter by the Italian Guarantor Authority)
- www.allaboutcookies.org (for more information on cookie technologies and how they work)
- www.youronlinechoices.com/it/a-proposito (allows users to oppose the installation of the main profiling cookies)
1.3 Contacts and request for information
The page allows the interested party to request information. Identification and contact data are requested.
| Purpose and legal basis of the processing
(GDPR-Art.13, paragraph 1, letter c) |
The identification and contact data necessary to be able to respond to contact requests from interested parties are requested. The sending of the request is subject to specific, free and informed consent (GDPR-Art.6, paragraph 1, letter a), documented via a specific check-box (GDPR-Art.7, paragraph 1) |
| Communication scope
(GDPR-Art.13, paragraph 1, letter e,f) |
The data are processed exclusively by personnel regularly authorized and trained in processing (GDPR-Art.29). The data may be accessed only for site maintenance purposes by the company that provides the technological platform and its representatives. The data will not be disclosed or transferred to non-EU countries.. |
| Data retention period
(GDPR-Art.13, paragraph 2, letter a) |
The data is stored for times compatible with the purpose of the collection |
| Contribution
(GDPR-Art.13, paragraph 2, letter f) |
The provision of data relating to the mandatory fields is necessary in order to obtain a response, while the optional fields are aimed at providing the staff with further useful elements to facilitate contact. |
1.4 Data provided voluntarily by the user
The optional, explicit, and voluntary sending of messages to contact addresses, private messages sent by users to institutional profiles/pages on social media (where available), and the completion and submission of any forms/modules present entail the acquisition of the sender’s contact information, which is necessary to respond, as well as all personal data included in the communications. The sender therefore remains personally responsible for the accuracy of the data provided, as well as its relevance and non-excessiveness with respect to the requests in question.
2) PROCESSING OF DATA CONNECTED TO RELATIONSHIPS WITH CUSTOMERS AND SUPPLIERS (current and potential)
2.1 Object of the treatment
The company processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of their possible operational contacts (name, surname and contact data) acquired and used in the supply of the products / services provided.
2.2 Purpose and legal basis of the processing
Data are processed for:
- conclude contractual / professional relationships and supply services;
- fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
- fulfill the obligations established by law, by a regulation, by Community Legislation or by an order of the Authority;
- exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; the ordinary internal needs of an operational, managerial and accounting nature).
Failure to provide the aforementioned data will make it impossible to establish a relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for different purposes (eg: marketing communications, photo / video content production, etc.), specific consent will be requested from the interested parties.
2.3 Processing methods and storage time
Personal data is processed using the operations indicated in Art. 4, no. 2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Personal data is processed both on paper and electronically. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations (generally coinciding with the relationship with the data subject, except for extensions in relation to obligations to retain administrative documentation and business correspondence).
2.4 Scope of treatment
The data is processed by internal subjects duly authorized and trained pursuant to Art. 29 of the GDPR. You can also request the scope of disclosure of personal data, obtaining precise information on any external subjects acting as independent Data Processors or Controllers (e.g., consultants, technicians, banks, carriers, etc.). The data may be disclosed to any subsidiaries or affiliates. The data is not disseminated or transferred outside the EU (it may be transferred outside the EU only in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of data subjects is not compromised (Article 45 Transfers based on an adequacy decision, Article 46 Transfers subject to adequate safeguards, Article 47 Binding corporate rules, Article 49 Specific derogations). The data is not subject to automated processes that produce significant consequences for the data subject.
3) PROCESSING CONNECTED TO ELECTRONIC MAIL COMMUNICATIONS
All email communications sent to @mentaedoardo.com domain addresses are of a strictly business nature and purpose and may therefore be disclosed within the organization. All text and attachments to emails sent by this company are intended to be confidential to the recipients and to be used for purposes strictly related to the existing relationship. If emails are sent/received in error, they must not be disclosed, copied, or distributed for any reason. All personal data will be processed in accordance with applicable privacy regulations and the general principles outlined in this policy.
4) POLICY UPDATE
Please note that this policy may be subject to periodic revision, including in light of applicable legislation and case law. In the event of significant changes, appropriate notice will be provided on the website’s homepage for an appropriate period of time. However, we encourage you to periodically review this policy.
