- Articles 13-14, European Regulation 679/2016 and, as applicable, art. 13, Legislative Decree 196/2003
The company MPC Sas, based in Venice-Mestre, Via R. Zandonai 6, P. Iva 04464390279, the data controller in accordance with European Regulation 679/2016 and, as far as applicable, of Legislative Decree 196/2003, ( below, for brevity, Owner)
the users who connect to the website https://www.mpcsas.it, registered and unregistered, that the personal data collected by the company, acquired by third parties or spontaneously provided by the interested parties through the various options present on the site (works with we, newsletters, competitions and events, etc.), will be treated in a lawful and correct manner, in compliance with the principles enshrined in the EU and Italian regulations.
- Data subject to processing
Navigation data: IP address, operating system and browser used for navigation, date and time of connection and disconnection, time spent on the site, pages visited, activity performed, location (if the relevant service is active) and anything else made available by your computer, based on security settings.
- Purpose and legal basis of the processing
The collection and any other data processing activities of the interested parties acquired through the website are carried out by the Data Controller at the company's offices, in compliance with the security measures and prescriptions imposed by the European Regulation 679/2016 and, as far as applicable, by the decree law 196/2003, or by subjects delegated by it (specially selected and equipped with the necessary professionalism), with manual and computerized procedures, to allow the user a simple and gratifying browsing experience, to collect useful elements to improve the offer of products and services via the web, to carry out specific requests of the interested party, for pre-contractual and contractual obligations, for ordinary administrative, financial and accounting activities, to ensure the correct management of customers during marketing and sales of products, for post-sales assistance, for the fulfillment of legal obligations is.
The treatment is also aimed at the production of statistics in anonymized or pseudonymised form.
The treatment, upon request of the interested party or prior acquisition of specific consent, may also be carried out via CRM and customer care, for the detection of the degree of satisfaction, tastes, preferences and habits of the interested party, for sending commercial information or advertising material, for direct marketing campaigns, for participation in games, competitions or prize operations, for involvement in events and shows, for the provision of services, for market research and other operations directly or indirectly attributable to marketing activities.
products and services through the website, the express consent of the parties concerned and the obligations relating to the pre-contractual and contractual phases of the relationship. In any case is always possible to ask the Owner to clarify the concrete legal basis of each treatment and in particular to specify if the treatment is based on the law, provided for by a contract or necessary to conclude a contract.
- Sources and nature of the data
Data collection can take place through the company website, through navigation analysis or spontaneous insertion by the interested party, using the modules specifically created.
With respect to the registered user, the Data Controller carries out the processing of personal data, telephone and telematic contact details and any bank data communicated for payments, as well as other data essential to satisfy the requests of the interested parties or to fulfill the commitments undertaken. Conferment is therefore obligatory, not able to, since in the event of failure to obtain consent or revocation of the same, the processing will take place.
It is necessary to highlight that any incorrect or insufficient communication of the requested data may lead to the total or partial impossibility of executing the requests of the interested party or to the fulfillments connected to the commitments undertaken, with consequent possible mismatch of the results of the processing with the agreements taken or the obligations imposed by rules and regulations.
- Child data
Children under 16 cannot provide data without the consent of the parent or guardian. The owner will not be in any way responsible for any false declarations that may be provided by minors and, if he should ascertain the falsity of the declaration, he will immediately cancel any personal data and any information acquired. In any case, consent to the processing of data by children under the age of sixteen is authorized for those who are over-aged only for access to information society services. However, minors under the age of 18 cannot approve and sign terms and conditions of service.
- Navigation data
This information is not stored to identify the interested parties but, due to their nature, they can allow the identification of the user through the processing and association with other data managed by third parties.
This category of data concerns the IP addresses and domain names of the computer used by the user to connect to the site, the URL (Uniform Resource Locator) addresses of the requested resource, the time of the request, the method used to send the request to the server, the size of the file received, the numeric code used to indicate the status of the response given by the server (executed or error, etc.) and other parameters relating to the operating system and the user's computer.
This data is used only to carry out anonymous statistics on the use of the site and to check its correct functioning. They are normally deleted immediately after processing. They can be used and provided to the police and the judiciary to ascertain responsibility in case of damage to the site or offenses perpetrated through the network.
- Data transferred by the user
The compilation of any forms present on the site pages involves the acquisition of data in the system memory. The information is protected by an authentication system and can be used only by those in possession of the credentials. They are also updated and adequately protected, based on the best practices available.
The Owner suggests to its customers, during their requests for services and information, not to transmit the data or personal information of third parties, unless it is absolutely necessary.
- Newsletter management service
The newsletter is managed by a software that uses a database of email addresses to send communication to registered users (through the appropriate section of the site) and which provides for an automatic cancellation procedure that the interested party can use independently, recalled by each communication sent through this application.
- Interaction with external social networks and platforms
- Comunication and diffusion
The data processed through the website are exclusively of a common nature and are not intended for diffusion. The Owner does not require and has no interest in detecting and processing data classified by the Regulation as "particulars" (health, genetic, biometric, etc.) or "penalties", without prejudice to legal obligations.
· Subjects who need to access the data of the interested party for purposes concerning the relationship with the Owner (Credit Institutes, Financial Intermediaries, Electronic Money Institutions and payment management, credit recovery company, customer verification company, carriers, etc.);
· Consultants, collaborators, service companies, within the limits necessary to carry out the task conferred by the Owner;
· Subsidiaries and / or associated companies that can access the data, within the limits strictly necessary to perform tasks entrusted by the Owner
The data may be communicated to subjects operating in the European Union, or in countries that guarantee the same level of protection provided by European Regulation 679/2016 and by Legislative Decree 196/2003 where applicable. The updated list of data processors is available at the owner's offices.
The data of the interested party may be communicated to subjects operating in non-EU countries where expressly permitted by the interested party. In any case, the data processing carried out in the various countries will be adapted to the more restrictive rules, in order to ensure the maximum level of protection. They may be transferred to third parties, also for consideration, if the interested party has released express consent, for purposes directly or indirectly connected to the activity of the Owner.
- Data time storage
The data processed by the Data Controller, without prejudice to legal obligations, are stored up to the express request for cancellation by
- Rights of the interested party
Interested parties are recognized the rights set forth in articles from 15 to 22 of the GDPR 679/2016 and, for how much still applicable, those of which to the art. 7 of Legislative Decree 196/2003. In particular, the interested party has the right to revoke the consent to the processing of data at any time, request its correction, updating, transformation into anonymous form, even partially limit its use, request its portability and possible cancellation.
If the data subject is not satisfied with the response provided to his requests by the Data Controller or Data Protection Officer, he may lodge a complaint with the Italian Data Protection Authority, based in Rome, Piazza di Monte Citorio n. . 121, https://www.garanteprivacy.it.
A non-Italian citizen may lodge a complaint with the supervisory authority of his country or with the supervisory authority of the country where the violation took place.