Information pursuant to art. 13 of Regulation (EU) no. 679/2016 (“GDPR”)
MIKAND WAY s.r.l. protects the confidentiality of personal data and guarantees them the necessary protection from any event that could put them at risk of violation. As required by the European Union Regulation n. 679/2016 ( “GDPR”), and in particular to art. 13, the information required by law relating to the processing of personal data is provided below to the user (”Interested”).
Who we are and what data we process (art. 13, 1st paragraph, letter a, art. 15, letter b GDPR)
MIKAND WAY s.r.l., in the person of its legal representative on a temporary basis, with registered office in Varedo (MB), Via Pavia n. 23, operates as Data Controller and is who can be contacted at email@example.com and collects and/or receives information concerning the interested party, such as:
EXAMPLE OF DATA TYPES
|Name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, fax, tax code, e-mail address(es)|
|IBAN and bank/postal data (except credit card number)|
Telematic traffic data
|Log, source IP address|
MIKAND WAY s.r.l. does not require the interested party to provide data c.d. “particulars”, that is, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sex life or sexual orientation of the person. In the event that the service requested from MIKAND WAY s.r.l. imposes the processing of such data, the interested party will receive specific information in advance and will be; He is asked to give specific consent.
The Data Controller and Personal Data Protection Officer can be contacted for any information and request: e-mail: firstname.lastname@example.org Telephone: +39 0362.58.09.32.
For what purposes? we need the data of the interested party (art. 13, 1st paragraph GDPR)
The data are used by the Data Controller to process the registration request and the contract for the supply of the selected Service and/or the purchased Product, manage and execute the contact requests sent by the interested party, provide assistance, fulfill legal and regulatory obligations which the Owner is; held according to the activity; exercised. In no case MIKAND WAY s.r.l. resells the personal data of the interested party to third parties nor uses them for purposes; undeclared.
In particular, the data of the interested party will be processed for:
a) registration and requests for contact and/or information material
The processing of personal data of the interested party takes place to carry out the activities of the interested party. preliminary and consequent to the request for personal data registration, the management of requests for information and contact and/or the sending of informative material, as well as for the fulfillment of any other obligation arising.
The legal basis of these treatments is the fulfillment of the services inherent in the request for registration, information and contact and/or sending of informative material and compliance with legal obligations.
b) the management of the contractual relationship
The processing of personal data of the interested party takes place to carry out the activities of the interested party. preliminary and consequent to the purchase of a Service and/or a Product, the management of the relative order, the provision of the Service itself and/or the production and/or shipment of the purchased Product, the relative invoicing and payment management, the handling of complaints and/or reports to the assistance service and the provision of the assistance itself, the prevention of fraud as well as the fulfillment of any other obligation deriving from the contract.
The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
c) the activities promotions on Services/Products similar to those purchased by the Data Subject (Recital 47 GDPR)
The data controller, even without your explicit consent, will be able to use the contact details communicated by the interested party, for the purpose of direct sale of their own Services/Products, limited to the case in which they are Services/Products similar to those being sold, unless the interested party explicitly objects.
d) the activities of commercial promotion on Services/Products different from those purchased by the interested party
The personal data of the interested party may also be processed for legal purposes. of commercial promotion, for surveys and market research with regard to Services/Products that the Data Controller offers only if the interested party has authorized the treatment and does not oppose it.
Such treatment can take place, in an automated way, with the following methods:
and can be played:
1. if the interested party has not revoked his consent for the use of the data;
2. if, in the event that the processing takes place through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in Presidential Decree no. 178/2010;
The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which is revocable by the interested party freely and at any time (see Section III).
e) information security
The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and/or recipients), the personal data of the interested party relating to traffic to a strictly necessary and proportionate extent to guarantee the security of networks and information, i.e. the ability to of a network or an information system to resist, at a given level of security, unforeseen events or illicit or malicious acts that compromise the availability, authenticity, integrity and and the confidentiality of personal data stored or transmitted.
The Owner will inform the promptly the interested parties, if there is a particular risk of violation of their data without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to personal data breach notifications.
The legal basis of these treatments is compliance with legal obligations and the legitimate interest of the Data Controller to carry out processing related to purposes; protection of corporate assets and security of MIKAND WAY s.r.l. offices and systems
The personal data of the interested party may also be processed for legal purposes. profiling (such as analysis of the data transmitted and of the selected Services/Products, proposing advertising messages and/or commercial proposals in line with the choices expressed by the users themselves) exclusively in the event that the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which is revocable by the interested party freely and at any time (see Section III).
g) fraud prevention (recital 47 and art. 22 GDPR)
h) the protection of minors
The Services/Products offered by the Data Controller are reserved for subjects who are legally able, on the basis of the relevant national legislation, to conclude contractual obligations.
The Data Controller, in order to prevent illegitimate access to its services, implements prevention measures to protect its legitimate interest, such as checking the tax code and/or other checks, when necessary for specific Services/Products, the correctness of the data identity document identifiers; issued by the authorities – competent.
Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)
The communication of the personal data of the interested party takes place mainly towards third parties and/or recipients whose activity is involved. it is necessary for the completion of the activities; inherent to the relationship established and to respond to certain legal obligations, such as:
|CATEGORIES OF RECIPIENTS||PURPOSE|
Company of the corporate group of MIKAND WAY s.r.l.
Administrative, accounting and performance related to the contractual performance,
Third party suppliers and companies of MIKAND WAY s.r.l.
|Provision of services (assistance, maintenance, delivery/shipping of products, provision of additional services, network providers and electronic communication services) related to the requested service|
Credit and digital payment institutions, banking / postal institutions
|Management of receipts, payments, refunds connected to the contractual performance|
External professionals/consultants and companies of advice
|Fulfillment of legal obligations, exercise of rights, protection of contractual rights, credit recovery|
Financial Administration, Public Bodies, Public Authorities Judicial, Authorities of supervision and control
|Fulfillment of legal obligations, defense of rights; lists and registers kept by public Authorities; or similar bodies on the basis of specific legislation, in relation to the contractual performance|
Subjects formally delegated or with recognized legal title
|Legal representatives, trustees, guardians, etc.|
* The Data Controller requires its third-party suppliers and Data Processors to comply with security measures equal to those adopted in relation to the Data Subject, restricting the scope of action of the Data Processor to processing connected to the requested service.
The Data Controller does not transfer your personal data to countries in which it is not registered. the GDPR is applied (non-EU countries) unless otherwise specified, for which you will be informed in advance and, if necessary, you will be notified. Your consent is required.
The legal basis of these treatments is the fulfillment of the services inherent to the established relationship, compliance with legal obligations and the legitimate interest of MIKAND WAY s.r.l. to carry out the treatments necessary for these purposes.
What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (Article 13, 2nd paragraph, letter e GDPR)
The collection and processing of personal data is necessary to follow up on the requested services as well as; the provision of the Service and/or the supply of the requested Product. If the interested party does not provide the personal data expressly provided for as necessary within the order form or the registration form, the Data Controller will not be able to provide it. follow up on the treatments related to the management of the services requested and/or the contract and the Services/Products connected to it, nor; to the obligations that depend on them.
What happens in the event that the interested party does not provide consent to the processing of personal data for commercial activities? of commercial promotion on Services/Products different from those purchased?
In the event that the interested party does not give his consent to the processing of personal data for these purposes, said treatment will not take place. for the purposes same, without this have effects on the provision of the requested services, nor for those for which He has already given their consent, if requested.
In the event that the interested party has given his consent and should subsequently revoke it or oppose the processing for non-lawful activities; of commercial promotion, your data will no longer be processed; for such activities, without this; involves consequences or effects that are detrimental to the interested party and to the services requested.
How we process the data of the interested party (art. 32 GDPR)
The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and and the availability of of personal data of the interested party and imposes similar security measures on third party suppliers and managers.
Where we process the data of the interested party
The personal data of the interested party are stored in paper, computerized and telematic archives located in countries in which the data subject is located. GDPR applied (EU countries).
How long are the data of the interested party kept? (art. 13, 2nd paragraph, letter a GDPR)
Unless the latter explicitly expresses his will; to remove them, the personal data of the interested party will be kept for as long as they are necessary with respect to the legitimate purposes; for which they were collected.
In particular, they will be kept for the entire duration of your personal registration and in any case no later than a maximum period of 12 (twelve) months of your inactivity, or if, within this term, you are not associated with the Services and/or purchased Products through the registry itself.
In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already available; acquired by the interested party, for which he initially gave his consent, these will be kept for 24 months, unless the consent given is revoked. In the case of data provided to the Data Controller for the purposes of of profiling, these will be kept for 12 months, always subject to revocation of the consent given.
It should also be added that, in case in which a user forwards to MIKAND WAY s.r.l. unsolicited or unnecessary personal data for the purpose of carrying out the requested service or for the provision of a service closely connected to it, MIKAND WAY s.r.l. will not be able to; be considered the owner of this data, and will to their cancellation as soon as possible; shortest possible time.
Regardless of the interested party's determination to remove them, personal data will in any case be stored according to the terms established by current legislation and/or national regulations, for the exclusive purpose of guaranteeing the specific obligations, proper to some Services (by way of example but not limited to, Certified Electronic Mail, Digital Signature, Substitutive storage - in this regard, see the relevant section).
Furthermore, personal data will in any case be kept for the fulfillment of obligations (e.g. tax and accounting) which remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will keep the only the data necessary for its prosecution.
Without prejudice to the cases in which the rights deriving from the contract and/or from the registration in the registry office have to be asserted, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the indispensable time. to their pursuit.
What are the rights of the interested party? (articles 15 – 20 GDPR)
The interested party has the right to obtain from the data controller the following:
a) confirmation that personal data concerning him or her is being processed and, if so, to obtain access to personal data and the following information:
b) the right to obtain a copy of the personal data being processed, provided that; this right does not affect the rights and freedoms of the applicant. others; In case of further copies requested by the interested party, the data controller can charge a reasonable fee based on administrative costs.
c) the right to obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay
d) the right to obtain from the data controller the cancellation of personal data concerning him without unjustified delay, if the reasons provided for by the GDPR in art. 17, among which, for example, in the event that they are no longer necessary for the purposes; of the treatment or if this is assumed to be unlawful, and always if the conditions established by law exist; and in any case if the processing is not justified by another equally legitimate reason;
e) the right to obtain from the data controller the limitation of the treatment, in the cases provided for by art. 18 of the GDPR, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in a reasonable time, also of when the period of suspension has been completed or the cause of the limitation of the treatment has ceased, and therefore the limitation itself revoked;
f) the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the treatment carried out have been sent, unless this is done; proves to be impossible or involves a disproportionate effort.
g) the right to receive personal data concerning him in a structured, commonly used and automatically readable format and the right to transmit such data to another data controller without impediments by the data controller to whom they have been provided, in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible. For any further information and in any case to send your request, you must contact the Data Controller at the email address email@example.com. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any further information necessary for the purpose.
How and when the interested party can object to the processing of your personal data? (Article 21 GDPR)
For reasons relating to the particular situation of the interested party, the same can oppose the processing of your personal data at any time if it is; based on legitimate interest or if it takes place for commercial activities. of commercial promotion, by sending the request to the Data Controller at the email address firstname.lastname@example.org.
The interested party has the right to have their personal data deleted if there is no legitimate reason prevailing on the part of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for legal activities; of commercial promotion.
To whom can; propose a complaint to the interested party? (Article 15 GDPR)
Without prejudice to any other administrative or judicial action, the interested party can lodge a complaint with the authority supervisory body competent on the Italian territory (Authority for the protection of personal data) or to the one that carries out its duties and exercises its powers in the Member State where it is located. the violation of the GDPR occurred.
Any update of this Policy will be communicated to you. communicated in a timely manner and by appropriate means and also will be communicated if the Data Controller processes the data of the interested party for legal purposes; additional to those referred to in this Information before proceeding and following the manifestation of the relative consent of the interested party if necessary.