pursuant to Regulation (EU) 2016/679
(European General Data Protection Regulation)
MakeItalia S.r.l. (hereinafter Data controller) gives serious consideration to the protection of users’ personal data and undertakes to ensure it.
2. Data controller’s identification
Via Vittorio Veneto 2
41100 Modena (MO), Italy
VAT No. 03213690369
3. Type of data processed
In general, visiting and consulting the Website does not imply the collection and processing of users’ personal data except for navigation data and cookies as specified below. In addition to “navigation data” (see below), personal data contributed voluntarily by users when they interact with the Website’s functions or ask to use services offered on the Website may also be processed. In accordance with the Italian Data Protection Law, the data controller may also collect users’ personal data from third parties during the conduct of its business.
5. Storage of personal data
Personal data are stored and processed using IT systems owned by the data controller and managed by the data controller or third-party technical service providers; for further details, kindly refer to the “Context of accessibility of personal data” below. Data are only processed by specifically authorised personnel, including personnel assigned to perform extraordinary maintenance work.
6. Purposes of the processing
The data controller may process users’ ordinary and sensitive personal data for the following purposes:
- a) use by users of services and functions provided on the website, for consultation of the website itself.
- b) management of requests and reports by users, management of job applications received through the website, and in general all requests received through the contact forms.
- c) with users’ further, specific consent, the data controller may process personal data for marketing purposes, meaning in order to send users promotional material and/or sales communications relating to the Company’s services, to the contacts provided, both via traditional contact procedures and/or media (e.g. paper mail, telephone calls with a human operator, etc.) and by automated means (e.g. Internet, fax, email and text message communications, and applications for mobile devices such as smartphones and tablets (“apps”), social network accounts – e.g. Facebook or Twitter -, automated telephone calls, etc.).
This consent may be optional or compulsory depending on the type of request; specifically, it is necessary when users ask to subscribe to the promotional newsletter service.
d) with users’ further, specific consent, the data controller may process personal data in order to measure the degree of customer satisfaction and for marketing surveys relating to the Company’s services, through the contacts provided, both via traditional contact procedures and/or media (e.g. paper mail, telephone calls with a human operator, etc.) and by automated means (e.g. Internet, fax, email and text message communications, applications for mobile devices such as smartphones and tablets (“apps”), social network accounts – e.g. Facebook or Twitter -, automated telephone calls, etc.).
7. Processing and storage of personal data
Personal data are processed in both paper and electronic form and entered in the company’s IT system in full compliance with Reg. (EU) 2016/679, including security and confidentiality profiles and grounded on the principles of fair, lawful processing. In accordance with Reg. (EU) 2016/679 data are conserved and stored for a time which varies depending on the purpose. Specifically, with regard to point 6:
comma a) : period necessary for the provision of website services and functions, with any minimal storage times if enforced by law.
comma b): 24 months.
comma c): until withdrawal of the user’s consent.
comma d): until withdrawal of the user’s consent.
8. Security and quality of personal data
The data controller undertakes to protect the security of users’ personal data and to comply with the security provisions enforced by the relevant legal framework, in order to avoid loss of data, unlawful or unauthorised processing of data, or unauthorised access to them, with particular reference to the Technical Rules regarding minimum security measures. Moreover, the IT systems and programs used by the data controller are configured to minimise the processing of personal and identifying data; these data are only used for the achievement of the specific purposes pursued on each occasion.
The data controller uses multiple state-of-the-art security technologies and procedures to facilitate the protection of users’ personal data; for example, personal data are stored on secure servers located in places with protected, controlled access. Users may help the data controller to keep their personal data updated and correct by communicating any changes in their address, professional standing, contact information, etc.
9. Context of disclosure and access to data
Users’ personal data may be disclosed to:
- all parties granted access to the data under regulatory measures;
- our associates and employees, within the performance of their duties;
- all public and/or private natural and/or legal persons when the disclosure is necessary or useful for the conduct of our business and by the procedures and for the purposes set out above;
10. Nature of the contribution of personal data
Users’ contribution of some personal data is compulsory to enable the Company to manage communications and requests received from users, or for return contacts with users for the fulfilment of their requests. Data of this kind are marked with an asterisk [*] and in this case contribution is compulsory to enable the Company to fulfil the request, which it will otherwise be unable to fulfil. Conversely, the collection of other data, not marked with an asterisk, is optional; failure to contribute them will not have any consequences for users.
Users’ contribution of personal data for customer satisfaction monitoring and market surveys, as specified in section 6. “Purposes of processing”, is optional, and refusal to contribute them will have no consequences. Contribution for marketing purposes is optional or compulsory depending on the type of request. Consent granted for these purposes is understood to include the dispatch of communications through different contact procedures and/or media, both automated and traditional, in accordance with the examples provided above.
11. Rights of the data subject
11.1 Art. 15 (access right) , 16 (rectification right) of Reg. (EU) 2016/679
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- a) the purposes of the processing;
- b) the categories of personal data concerned;
- c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organisations;
- d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- f) the right to lodge a complaint with a supervisory authority;
- g) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
11.2 Rights under art. 17 of Reg. (EU) 2016/679 – right to erasure (“right to be forgotten”)
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary with regard to the purposes for which they were collected or otherwise processed;
- b) the data subject withdraws consent on which the processing is based according to point (a) of article 6(1), or point (a) of article 9(2), and where there is no other legal ground for the processing;
- c) the data subject objects to the processing pursuant to article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21(2);
- d) the personal data have been unlawfully processed;
- e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- f) the personal data have been collected in relation to the offer of information society services referred to in article 8(1) of Reg. (EU) 2016/679.
11.3 Right covered by art. 18 Right to restriction of processing
The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
- a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- d) the data subject has objected to processing pursuant to Article 21(1) of Reg. (EU) 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
11.4 Right covered by art. 20 Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller.
12. Withdrawal of consent to data processing
Data subjects may withdraw consent to the processing of their personal data by sending a communication to the data controller, accompanied by a photocopy of their ID card or other form of ID, with the text: “I withdraw consent to the processing of my personal data“. After this, your personal data will be deleted from the databases in the shortest possible time.
13. Requests for information concerning data processing
If you wish to receive more information concerning the processing of your personal data, or to exercise the rights set out in point 10 above, you may do so by sending a communication to the data controller. Before we are able to provide you with or change any information, it might be necessary for us to verify your identity and for you to answer some questions.
14. Procedures for submitting requests
The requests referred to above can be sent by the following means:
– mail: privacy[at]makeitalia.com
– Registered letter with return receipt to the address: MakeItalia S.r.l. Via Vittorio Veneto 2 – 41100 Modena (MO), Italy
Requests will be complied with in the shortest possible time, depending on the type of request.
Uptadet to 22/05/2018