INFORMATION PURSUANT TO ART. 13 OF THE REGULATION (EU) 2016/679 ON THE PROTECTION OF PERSONAL DATA (GDPR)
1. DATA CONTROLLER
The Data Controller, that is who takes the relevant decisions on the data processing purposes, is MF GROUP S.r.l. – with registered office in Località Braine, 54/A – Frazione Rioveggio - 40036 Monzuno (BO) - (hereinafter referred to as “MF GROUP” or the “Company”).
2. CATEGORIES OF PERSONAL DATA
Web navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the navigation of the websites.
This information is not collected to be associated with identified interested parties; however, by their own nature, they could, through processing and association with data held by third parties, allow users to be identified.
These include the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and to the platform used by the user.
The above data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning; they are deleted after processing.
No personal user data is acquired by the site. Cookies are not used to transmit information of personal nature, nor are used so called persistent cookies of any kind, or systems for tracking users.
The use of so called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site.
The so called session cookies used on this site avoid the use of other technologies that could compromise the privacy of users' browsing and do not allow the acquisition of personal identification data.
Data voluntarily provided by the user
The optional, explicit and voluntary sending of e-mail to the e-mail addresses indicated on our website involves the acquisition and processing by MF GROUP of your personal data such as, for example, name and surname, e-mail, number of telephone, as well as any other personal data included in the message ("Personal Data").
Personal Data and any other information contained in such communications will be processed exclusively for the purposes indicated in the following Art. 3 of this information.
Updating of Personal Data
At any time you can verify that your Personal Data processed for the purposes set forth in the present notice are correct and, if violated, you can ask their update by writing to firstname.lastname@example.org.
3. PURPOSES AND MODALITIES OF THE PROCESSING OF PERSONAL DATA
The processing of your personal data by MF GROUP will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, in accordance with the principles expressed by the GDPR.
Your personal data will be processed for purposes connected and/or instrumental to the service requested by you and in particular:
a) performance of services requested by you included the eventual registration on our Website or performance of one or more operation requested by you;
b) carry out the internal operational and management needs of MF GROUP and related to the services and/or products offered to you;
With your consent (Art. 7, GDPR), which can be subsequently revoked at any time, MF GROUP will process your personal data for the following purposes:
c) marketing and market research including sending out (via e-mail, mail, telephone, fax and/or text and push messages) of newsletters and commercial communications relative to products marketed by the Company;
The data will be processed using appropriate tools in order to guarantee security and confidentiality and can be carried out by hard copy and/or automated tools to store, manage and transmit the data.
The processing of your Personal Data is carried out by means of the operations indicated in Art. 4, no. 2), GDPR and more precisely: collection, registration, organization, structuring, updating, preservation, adaptation or modification, extraction and analysis, consultation, use, communication by transmission, comparison, interconnection, limitation, cancellation or destruction.
MF GROUP guarantees the logical and physical security of the data and, in general, the confidentiality of the processed personal data, putting in place all the necessary technical and organizational measures to prevent the loss of personal data, illicit use or, in any case, incorrect of the same, as well as unauthorized access by third parties.
4. NATURE OF PROVISION OF PERSONAL DATA AND CONSEQUENCES OF THE EVENTUAL REFUSAL
Except for what specified for navigation data, the user is free to provide Personal Data to the Company.
For the purposes under letters a) and b) of Art. 3 set above, the collection of your personal data is necessary in order to access the services available on our web site, therefore, failure to provide them may cause the impossibility to obtain what by you requested.
For the purposes under Art. 3 letters c) above, the collection of your personal data is made on voluntary basis; consequently, you may decide not to provide us with any express consent, or to waive it in any moment. The lack of any express consent to process such data may cause the impossibility for MF GROUP to perform the abovementioned activities.
Therefore, the lack of express consent under Art. 3, letter c), will cause the impossibility for MF GROUP to perform marketing and/or commercial activities.
5. STORAGE OF DATA
Your personal data will be stored for the period of time strictly necessary for the purposes of the data processing as indicated in Art. 3 above.
We will retain your personal data only for the necessary period in order to provide your required services, unless the Company does not need to store your data for longer periods as a result of laws, regulations or, if necessary, in order to resolve any kind of litigations or judicial investigations.
If you are interested in receiving further information on the retention periods of your personal data, we invite you to contact us using the methods indicated in Art. 7 set below of this notice.
6. COMMUNICATION OF PERSONAL DATA
Your personal data cannot be transferred to third parties. For the purposes mentioned under Art.3 above, they could be transferred to:
employees and collaborators of Mf GROUP, who will act in their capacity as authorized data processing personnel (“Data Processor/s”) and/or to consultants appointed by the Data Controller who need to process Personal Data for the performance of their duties;
third parties who carry out outsourced activities on behalf of the Data Controller providing specific services as Data Processors pursuant to Art. 28 GDPR. For information on the names and relative references of the Processors, you can contact MF GROUP at the following address: email@example.com or by mail at the Company headquarter;
to judicial or supervisory authorities, public administrations, public (national and foreign) bodies, in compliance with the provisions of the law and conforming with a previous formal request from such subjects;
7. EXERCISABLE RIGHTS
With reference to your Personal Data you can exercise, at any time, the rights pursuant to the GDPR as indicated below:
Right of Access to Personal Data ex Art. 15: obtain confirmation whether your data are processed or not and, in such a case, obtain information related, in particular, to: the purposes of such processing, the categories of the processed Personal Data, the storage period, the recipients to whom such data can be transferred, the right to send a complaint to the supervisory authority, the right to request the correction or cancellation or limitation of the processing or to file an opposition to the processing itself as well as the existence of an automated decision-making process;
Right of Rectification ex Art. 16: Obtain, without undue delay, the rectification of inaccurate Personal Data and to have incomplete Personal Data duly completed;
Right of Erasure ex Art. 17: obtain, without undue delay, the erasure of your Personal Data, in the following cases:
personal data are no longer necessary for the purposes for which they were collected and processed;
the interested party opposes the processing and there is no further legitimate reason to proceed with the processing performed by the holder;
the pursuit of a legitimate own or third party interest and there is no legitimate overriding reason for the holder to proceed with the processing;
Right to Restriction ex Art. 18: “limitation” means the marking of the data stored with the aim of limiting the processing in the future. This will imply the burden on the part of IMA and IMA Group companies to suspend the processing of your Personal Data;
Right to Data Portability ex Art. 20: in case of automated processing carried out on the basis of consent or in execution of a contract, to receive your data in a structured format, commonly used and readable by automatic device
Right to object ex Art. 21: object to the processing of your personal data, unless there are reasons of legitimate interest for the Data Controller to continue processing such data. You also have the right to object to processing where your personal information are used for direct marketing purposes
Withdrawal of consent: in the event that you have given consent to the collection, processing and transfer of your Personal Data, you have the right to revoke it for such specific processing at any time. Once we receive the notice of withdrawal of consent, we will no longer process your Personal Data, unless these are not based upon other legitimate interest-basis;
File a complaint pursuant to Art. 77 to the competent supervisory authority based on your residence, workplace or place of violation of your rights; for Italy, is competent the Italian Guarantor for the protection of Personal Data, which can be contacted via its website: http://www.garanteprivacy.it/.
You may exercise your above listed rights by means of a request to be sent by e-mail to firstname.lastname@example.org indicating in the object: “Privacy – Rights Exercise”.
The Company reserves the right to modify or update this information also in order to comply with new obligations imposed by laws or for technical reasons.
P.P. EN REV. 01/18