PERSONAL DATA PROCESSING POLICY
MISTRAL ITALIA SRL with registered office in Sassuolo, Via Racchetta n. 2 int. 20 41049 Sassuolo (Mo) and V.A.T. 03854670365 (hereinafter “Data Controller”), as Data Controller, informs you, pursuant to art. 13 D.Lgs. 196/2003 (hereinafter “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter “GDPR”) that your data will be handled in the following way and for the following purposes:
- Undergoing Processing
The Data Controller, in order to establish and manage the current business relation with you, handles your personal, identification, contact and tax data (such as name, surname, company name, address, phone number, e-mail address, bank and payment details, etc.).
- Purpose of the processing and legal basis
Your personal data are processed:
- Without your explicit consent (Article 24 of the Privacy Code and Article 6 of the GDPR) for the following service purposes:
- Perform the contracts for the Data Controller’s service
- Fulfill the pre-contractual, contractual and tax obligations arising from the relation
- Fulfill the obligations required by law, by regulation, by the Community legislation or by order of the Authorities
- Exercise the rights of the Data Controller, such as the right of defense in court;
Only with your specific and distinct consent (Article 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following marketing purposes:
- To send you – by e-mail, mail and/or text messages and/or telephone contacts, newsletters – commercial communications and/or advertising materials on products or services provided by the Data Controller and for the collection of the satisfaction level on the service quality;
- To send you – by e-mail, mail and/or text messages and/or telephone contacts – commercial and/or promotional communications of third parties (such as business partners, other group companies, etc.)
3. Nature of the Data provision and refusal consequences
Data provision for the purposes mentioned in point 2.a is mandatory. Without their provision, services cannot be guaranteed. Data provision for purposes mentioned in point 2.b is optional. You can therefore decide not to provide any data or subsequently deny the possibility of processing the data already provided for these purposes; in this case you won’t be entitled to receive newsletters, commercial communication and advertising material about the services and the products offered by the Data Controller. However, you will still be entitled to the services mentioned in point 2.a
- Data Processing
The processing of your personal data is carried out through the operations as indicated in art. 4 of the Privacy Code and art. 4 n.2 of GDPR, namely: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Your personal data are processed both on paper and by electronic and/or automated means. The data will be processed by appointed personnel and employees within their specific functions and according with the received instructions, always just to meet the specific purposes and thoroughly observing the principles of confidentiality and security required by the applicable rules.
5.Acces to Data
Your data can be accessed for the purposes as per point 2:
- By Data Controller’s employees and contractors, as data supervisors and/or system administrator;
- By third-parties companies or other entities (such as credit institutions, professional practices, consultants, insurance companies, etc.) who perform outsourced activities on behalf of the Data Controller, in their capacity as external processing managers.
6. Disclosure of Data
Without the need for an explicit consent (Article 24 of the Privacy Code and Article 6 of the GDPR), the Data Controller may communicate your data for the purposes, referred to in point 2.a, to Supervisory Bodies, Judicial Authorities and all the other subjects to whom the communication is mandatory by law for the accomplishment of the aforementioned purposes. Your data won’t be disseminated.
- Transfer Of Data
Your data won’t be transferred outside the EU. In any case it is understood that the Data Controller, if necessary, has the right to transfer data in the European Union and/or in non-EU countries. In this case, the Data Controller right now ensures that the data transfer outside EU will take place in accordance with local requirements and by making agreements, if necessary, to guarantee an adequate level of protection and/or implementing the standard contractual clauses provided by the European Commission and/or binding corporate rules.
All personal data provided will be processed according to the principles of lawfulness, correctness, relevance and proportionality, and only with the methods, including computer-based and telematic, strictly necessary to pursue the purposes above mentioned. In any case, personal data will be kept for a period not exceeding what is strictly necessary to achieve the purposes indicated. Personal data that do not need to be retained for the indicated purposes, will be deleted or converted into an anonymous form. Please note that the information systems, which are used to manage the collected information, are set up to minimize the use of personal data.
9.Rights of the Data Subject
As Data Subject, you have the rights as per art. 7 of the Privacy Code and art. 15 and ss. GDPR, and precisely the rights of:
- Obtaining from the Data Controller the confirmation as to whether or not your personal are being processed, and, where that is the case, obtaining the access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients of third countries or international organizations; where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; where the personal data are not collected from you, any available information as to their source; the existence of an automated decision-making process, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Obtaining from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Obtaining from the Data Controller the erasure of your personal data without undue delay, where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw consent, on which the processing is based, according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; (c) you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; (f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
- Obtaining from the Data Controller restriction of processing where one of the following applies: a) you contest the accuracy of the personal data, for a period enabling the controller to verify their accuracy; b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the assessment, exercise or defense of legal claims; d) you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override yours.
- Receiving, in a format that is structured, of common use and machine-readable, your personal data which were provided to a data controller and transmitting this data to another data controller without impediments by the data controller who which they were provided when: a) the processing is based on a contract b) the processing is carried out by automated means. In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- Opposing at any time, for reasons relating to their particular circumstances, to the processing of your personal data pursuant to Article 6 (1) (e) or (f), including profiling on the basis of these provisions. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Having the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Having the right to lodge a complaint with a supervisory authority.
10.Procedure for the exercise of any right
11.Data Controller responsible and in charge
The controller is MISTRAL ITALIA SRL with registered office in Sassuolo,Via Racchetta n. 2 int. 20 and V.A.T. 03854670365. The updated list of data controllers and data processors is kept at the registered office of the Data Controller.
This page illustrates how we manage the website in relation to the processing of personal data of the users who visit it.
Mistral SPA with registered office in Sassuolo, Via Via Regina Pacis, 84. and V.A.T. 02775870369 as the data controller in accordance with leg. decree 196/2003 and subsequent amendments – Personal data production code and EU Regulation 679/2016 applicable from 25 May 2018 – General Data Protection Measures (“GDPM”)
Your personal data will be processed according on the principles of lawfulness, honesty, transparency, purpose limitation and retention, data minimisation, accuracy, integrity and confidentiality. Your personal data will therefore be processed in accordance with the legislative provisions of applicable Regulations and their confidentiality requirements.
As defined earlier, the Data Controller of the Website is Mistral SPA . The data controller is at your service to provide you with any information concerning the processing of personal data, including the list of data processors.
THE PERSONAL DATA PROCESSED
Here is the personal data collected by the Website:
a. Navigation data
The computer-based systems of the Website collect some Personal Data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with you, but by its very nature it might, through processing and association with data held by third parties, allow for your identification.
These include the IP addresses or domain names of the devices used to connect to the Website, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the file size obtained as a reply, the numerical code indicating the status of the reply provided by the server (success, error, etc.) and other parameters related to its operating system and IT environment. The navigation data is collected anonymously and managed by Google Analytics.
b. Data provided voluntarily
Through the website, you can voluntarily provide personal data such as your name and the e-mail address to contact us. We will process this data in compliance with current legislation. Please see the specific information in the respective areas of the website.
c. Cookies and similar technologies
PURPOSE, LEGISLATIVE BASIS AND MANDATORY OR OPTIONAL PROCESSING OF DATA
The Personal Data you provide through the Website will be processed by MISTRAL S.p.A. for the following purposes:
a) reply to a specific request for information;
b) statistical analysis/research on aggregate or anonymous data, without the possibility of identifying the user, aimed at assessing the operation of the Website, measuring traffic and evaluating usability and interest;
c) purposes related to the fulfilment of a legal obligation the Data Controller is subject to.
The provision of your Personal Data for the above purposes is optional, but failure to do so might prevent us from replying to the request for contact or information.
Your Personal Data will be processed by personnel appointed by the Data Controller or by third parties to whom technical services are assigned for the management of the website. In any case, the data will not be disclosed.
Your personal data is not transferred to recipients outside the European economic area.
STORAGE OF DATA
The personal data provided will be kept for the necessary period of time to comply with the request for information or as required by current regulations.
You have the right, at any time, to obtain confirmation of the existence or non-existence of personal data and to know its content and origin, verify its accuracy or request its integration or update, or correction.
You have the right to request the cancellation, transformation into anonymous form or block of data processed in violation of the law, and to oppose yourself in any case, for legitimate reasons, to its processing.
Last updated on:24/05/2018
Last Update: 01/01/2021