The EU General Data Protection Regulation 2016/679 (GDPR) provides rules on the protection of individuals with regard to the processing of Personal Data and the free movement of such data. The purpose of the GDPR is to protect the fundamental rights and freedoms of natural persons, in particular the right to the protection of their personal data. The free movement of personal data within the EU shall not be restricted or forbidden for any reasons pertaining to the protection of natural persons in relation to the processing of personal data. According to the GDPR, the definition of ‘personal data’ encompasses any information regarding you, the data subject, directly or indirectly. The data consist in any information used to identify you, i.e.: your name, your ID number, your address, your online identification, physical, physiological, genetic, psychic, economic, cultural, social information. This document also provides details of how the site is managed as regards the processing of its users’ data, who may access its confidential area. Pursuant to Art. 13 of the GPDR this information document is also made available to all those interacting with METEDA SRL’s web services, which can be accessed online at the following addresses:
This information document is exclusively relevant to METASAIL websites, not to any other websites accessed by the user through links. After visiting or voluntarily logging onto this website, information relative to identified or identifiable persons may be processed.
The purpose of this information document is to determine certain minimum requirements for collecting personal data online and, in particular, methods, timing, the kind of information data Controllers have to provide users with when they connect with the web pages, regardless of the reason why they are visiting them.
1 – IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The identity and contact details of the data Controller, also shown in the header, are:
- METEDA Srl
- Address: Via Antonio Bosio, 2 Int.10 – 00161 Roma
- Administrative and Operative Office: Via Silvio Pellico, 4 – 63074 San Benedetto del Tronto (AP)
- contacts: e-mail firstname.lastname@example.org – Phone Number: +39 0735 783021 – Fax Number: +39 0735 83887
2 – PURPOSE OF THE PROCESSING
The data processing related to the web services of this website is carried out at the address of the data Controller, at the place identified by the internet site operator. The processing is dealt with only by authorized staff or by people tasked with occasional maintenance operations. No data derived from such web services shall be disclosed or disseminated. The personal data entered by users so that they can be sent material regarding a request for a service (or any information material) shall be used to meet such a request and may be disclosed to third parties only when strictly necessary, if relevant and useful to fulfill any such requests.
The collection and processing of the user’s personal data shall be carried out respecting the general principles of necessity, correctness, relevance and not exceeding the purpose for which the data was collected. In particular, data processing shall aim to:
- answer questions and provide any information requested by the user (the facultative, explicit and voluntary forwarding of e-mail messages to the addresses provided on this website implies the subsequent acquisition of the sender’s address, which will be needed to send a reply, as well as of any other personal data mentioned in the message) and contact the user with regard to the services supplied by METEDA Srl;
- a “NEWSLETTER” service which the user may subscribe to. Should users enter their personal data on registering for the newsletter service, such data shall only be used to the purpose of sending the newsletter and shall not be disclosed to third parties;
- the processing of essential operative, administrative, accounting and any other indispensable data. In particular, some data shall be used to the purpose of all registrations and communications required in law;
- surveys to assess customers’ satisfaction with regard to the service supplied as well as any other kind of request, by means of face-to-face or over-the-phone interviews;
- send advertising material, further to the “data subject’s consent1” to inform the recipient of functional issues, commercial/promotional events, e.g. communication regarding sales, advertising, or market research on the services provided (including, but not limited to: updates on initiatives, offers and promotions relating to the services and products pertaining to METEDA Srl business, or to any other authorized third parties which collaborate with METEDA Srl, programs and promotional activities, also online, aiming at rewarding existing customers and winning the loyalty of new ones);
The legal basis for data processing is laid down in the Civil Code and the Consumer Code.
3 – LAWFULNESS OF PERSONAL DATA PROCESSING
Data processing is considered lawful when at least one of the following requisites is met:
from Art. 6 co. 1 lett. a), b), c), f)
- the data subject has given explicit consent to the processing of his/her personal data for one or more specified purposes;
- the processing of personal data is essential for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into any such contract;
- the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject;
- the processing of personal data is necessary for the purposes of the legitimate interest pursued by the data controller (e.g.: prevention of any damages to our website due to frauds and misuse. Processing personal data for direct marketing falls within the above mentioned legitimate interest, as specified in recital 47 of the GDPR) or by third parties, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection, especially if the data subject is under age;
4 – RECIPIENTS OF YOUR PERSONAL DATA
Your data will be transferred exclusively to those recipients who are involved and have a role in the attainment of the purposes specified in point 2. Therefore, the collected, processed data:
- may be used in anonymous form for statistical purposes;
- may be made available to the Data Controller’s Collaborators, the data Processors, or to other persons authorized to handle the data;
- may be disclosed to third parties, either natural or legal persons, public administrations, professionals, forces of law and order, government bodies, regulatory authorities, law courts or other public authorities authorized by law;
- may be disclosed to trading partners, solely further to explicit consent by the User;
- if required, may be disclosed to another data Controller according to the provisions of the GDPR, also with reference to data portability;
a list of data Processors is available at the address of the data Controller.
5 – PERSONAL DATA CATEGORIES
No specific personal data shall be processed (i.e., any data revealing your racial or ethnic origin, your political opinions, religious or phylsophic beliefs, trade union membership, your health, sex life and sexual orientation) nor any data relating to under-age individuals. Personal data processing is strictly limited to those data that are essential and required to the proper attainment of the purposes specified in point 2.
6 – DATA RETENTION
The data you provided for the purposes specified in point 2 shall be retained:
- For administrative/accounting purposes, for as long as laid down in civil and fiscal law;
- For marketing purpose and for forwarding newsletters until the data subject’s consent is revoked, until the right to object is exercised and, in any case, not over fifteen years from data collection;
Your personal data shall not be disseminated and shall be destroyed as soon as they are no longer necessary or we are no longer obliged to retain them.
7 – DATA PROCESSING METHOD
The information systems and software procedures relied upon to operate the platform of this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of internet communication protocols. They include: IP addresses (for user verification and security reasons) and/or the domain names of computers used by any user logging onto this website, the URI (Uniform Resource Identifier) of the requested resources, the timestamp of the request, the method used in formulating requests to the server, the size of the files obtained in reply, the numerical code that shows the server’s given reply (successful completion, error and so on) and other parameters relating to the operating system and to the user’s ITC environment.
The use of such data is strictly limited to the purpose of ensuring the proper functioning of the site and deriving anonymous statistical information concerning its use. The data are erased immediately after being processed. They may be used to ascertain liability in the event of computer crimes to the detriment of our website. Subject to this event, currently the data on web contacts are not held for longer than seven days.
Your personal data shall be processed:
- manually and/or by electronic, automated systems. They shall be stored in special traditional and/or computer archives. Both paper and electronic files and documents shall be properly stored and protected for as long as it is required to perform the data processing. Suitable security measures are adopted to minimize the risk of loss, destruction, unauthorized access or inappropriate handling for purposes other than those for which the data were provided and collected;
- There is no automated decision process, nor profiling
8 – COOKIES
This website uses c.d. cookies, small files stored on your computer hard disk, to provide services and/or information. Most of them are “session cookies”, i.e. temporary cookies that remain in the user’s browser cookie file only until the end of the browsing session. They may be present on some of our website pages. By using session cookies we can monitor which parts of the website you have viewed during a visit. This helps us to best adjust content, ads and our services to your benefit, assess the effectiveness of our promotions, guarantee trustworthiness and security.
The c.d. session cookies used on this site avoid using other information technologies that may potentially affect the confidentiality of your surfing activities. They do not allow the acquisition of any personal data that may identify you .
9 – PROVIDING PERSONAL DATA
Apart from what specified regarding navigation data, users are free to decide whether or not to enter their personal data, when required, in the special windows of the website regarding services, products and any other items that the site manager, or its trading partners, are able to offer.
Your decision not to enter your data when required may make it impossible for the website manager or its trading partners to supply you with their services and products.
10 – RIGHTS OF THE DATA SUBJECT
As the Data Subject, you are entitled to all the rights specified in Art. 15-16-17-18-20-21-22 of the GDPR, among which:
- The right to obtain from the data Controller confirmation of whether or not your personal data are being processed and, should they be undergoing processing, obtain to access your personal data involved and the following information: a) the purpose of the processing; b) the kind of personal data being processed, c) the addressees of such data or the categories of recipients to which such data will be, or have been, disclosed and in particular if they are in foreign countries or if they are international organizations; d) where possible, the period of data retention or, if that is not possible, the criteria used to determine such period; e) the existence of your right to have your personal data rectified or erased and to limit, or object to, their processing; f ) the right to file a complaint with control authorities: g) your right to obtain all available information about the source of your personal data, in case they were not provided by you; h) the existence of an automated decisional process, including profiling, in accordance with Art.22 sections 1 and 4 and, at least in these cases, of the right to ask the data Controller to provide significant information on the adopted rationale, the effects and consequences such processing has regarding you;
- the existence of your right to ask the data Controller to access your personal data, to rectify, erase them, limit their processing or object to it and their portability, and to access all available information about their sourcing; moreover, the existane of your right to obtain that your personal data be timely erased, without undue delay as provided for in Art.17 (“right to be forgotten”);
- should the data processing be based on Art.6, section 1, item a), or on Art.9, section 2, item a), the existence of your right to withdraw your consent at any time , without thereby affecting the lawfulness of the data processing performed further to your consent given before your withdrawal;
- the right to file a claim with a control authority
- to obtain from the data Controller a copy of your personal data being processed, as long as that does not affect the rights and freedoms of others; should more than one copy be requested, the data Controller may charge an administrative fee. If the request is made via electronic means, the requested information shall be forwarded in a common electronic format;
The above mentioned information shall be sent:
- within a reasonable time from collection of your personal data, a month at the latest, having regard to the specific circumstances in which the data are processed;
- in case your personal data are collected in order to communicate with you, at the latest at the time of the first communication contact; or, if collected for disclosure to a third party, no later than the time when the data are first disclosed;
All the rights provided for in the GDPR to which you, as the data subject, are entitled to may be exercised without formal obligations, by direct request to the data Controller. Such request may also be made through a person nominated by you and the data Controller shall deal with it timely, with no undue delay.
(Document updated on 15/05/2018)