privacy policy

Information provided pursuant to Art.13 of Reg. EU 2016/679 (hereinafter GDPR)

General information

Users (data subjects, as GDPR, Art.4, c1) are informed of the following general profiles, valid for all areas of processing:

  • all personal data are processed in compliance with the applicable privacy regulations in force (EU Reg. 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018);
  • all User data are processed in a lawful, correct and transparent manner, in compliance with the general principles set out in Article 5 of the GDPR;
  • specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the GDPR.

Data Controller

The Data Controller is the undersigned Company (in the person of its pro-tempore legal representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses:
MCM Spa – Email:info@mcm-group.com – Tel: +39.0523.879811 Indirizzo: Via Celaschi, 19 – 29020 Vigolzone (PC)

Data subject’s rights

  • right to request the presence and access to personal data concerning him (Article 15 „Right of access“);
  • right to obtain the rectification / integration of inaccurate or incomplete data (Article 16 „Right to rectification“);
  • the right to obtain, if there are justified reasons, the cancellation of data (Article 17 “Right to erasure”);
  • right to obtain the limitation of processing (Article 18 „Right to restriction“);
  • right to receive the data concerning him in a structured format (Article 20 “Right to portability”);
  • right to object to the processing and to automated decision-making processes, including profiling (Articles 21, 22 “Right to object”);
  • right to revoke a previously given consent;
  • the right to submit, in the event of non-response, a complaint to the Data Protection Authority.

The following specific information is provided below, referring to:

  1. data processing connected to the functioning of this website
  2. data processing of customers / suppliers

1) DATA PROCESSING CONNECTED TO THE FUNCTIONING OF THIS WEBSITE

1.1 Navigation Data

The IT systems and the software procedures used in the operation of this web site acquire, in the course of their normal processing, some personal data, the transmission of which is necessary in the use of the Internet communication protocols. These deal with information that is not gathered to be associated to identified parties, but which by their nature could, through processing and associations with data held by third parties, allow the identification of the users. Under this category of data we find the IP addresses or the computer domain names used by the users that connect to the site, the addresses in URI (Uniform Resource Identifier), notation of the resources requested,the time of the request, the method used in submitting the server request, the dimension of the file received, the numeric code indicating the status of the answer given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.

Purpose and legal basis of the processing(GDPR-Art.13, paragraph 1, letter c) This data is used only for the purpose of receiving anonymous statistical information on the use of the site and to control its correct functioning. The data could moreover be used to ascertain the responsibility in case of presumed IT crimes to the damage of the site (legitimate interests of the owner).
Scope of knowledge(GDPR-Art.13, paragraph 1, letter e,f) The data is processed exclusively by in-house staff, duly authorised and trained in data processing (GDPR-Art.29) and shall not be disclosed to external parties, diffused, or transferred to countries outside the EU. Only in cases of investigation, this data may be placed at the disposal of the competent authorities.
Data retention (GDPR-Art.13, paragraph 2, letter a) This data is usually kept for brief periods, with the exception of possible prolonged connections related to investigation activities.
Data provision(GDPR-Art.13, paragraph 2, letter f) The data is not submitted by the party involved but acquired automatically by the site’s technological systems.

1.2 Cookies

The management of cookies is aligned with the relevant regulatory requirements:

  • “Guidelines for cookies and other tracking tools” of 10 June 2021 (Published in the Official Gazette no. 163 of 9 July 2021);
  • “Guidelines 5/2020 on consent” pursuant to regulation (EU) 2016/679, adopted by the European Data Protection Board.

Users can check the types of cookies and set their preferences through the appropriate banner (if provided), as well as through the appropriate tools provided by the main navigation browsers. Some general information about cookies and similar technologies is provided below.

What cookies are Cookies are brief fragments of texts (letters and/or numbers) that allow the web server to memorise on the client browser information to be reused in the course of the same visit to the site (session cookies) or subsequently, also after days (persistent cookies). The cookies are memories, according to the user’s preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies like for example, web beacons, transparent GIFs and all the types of local storage introduced with HTML5, can be used to gather information on the user’s behavior and the use of the services. After this circular letter we shall refer to the cookies and all the similar technologies by using only the term “cookie.”

The following table shows the main types of cookies.

TYPE PURPOSE PREFERENCE MANAGEMENT
Technical session cookies Ensure normal navigation and use of the site

Through the main browsers it is possible to:

– Block the reception of all (or some) types of cookies by default

– View the analytical list of cookies used

– Remove all or some of the cookies installed

– For information on the settings of individual browsers, see the specific paragraph. It should be noted that blocking or deleting cookies could compromise the navigability of the site.

Analytical cookies Collect information on the number of visitors and pages viewed
Functional technical cookies Allow navigation according to a series of selected criteria
Profiling cookies Create user profiles in order to send advertising messages in line with preferences

Management of the preferences through the main navigation browsers The user may declare whether or not he accepts the cookies by using the settings of his own browser (note that as a default, almost all the web browsers are set to automatically accept the cookies). The settings may be modified and defined in a specific way for the various web sites and applications. Furthermore the best browser allows different settings to be defined for the “proprietor” cookies and for those of “third parties.” Usually the configuration of the cookies is done by the menus, “Preferences,” “Instruments” or “Options.”

Here below is a list of links to the guides for the management of cookies of the main browsers:

Further information

1.3 Web-Site specific features

Some pages of the site could involve a request for information from the navigator in relation to specific services (eg: request information, user registration, work with us, etc.).

Purpose and legal basis of the processing(GDPR-Art.13, paragraph 1, letter c) Only the data necessary for the correct provision of the service and necessary to give a correct and exhaustive response to the interested parties will be requested. The treatment is subject to the acceptance of specific, free and informed consent (GDPR-Art.6, comma1, lett.a)
Scope of knowledge (GDPR-Art.13, paragraph 1, letter e,f) The data is processed exclusively by duly authorized and trained personnel (GDPR-Art.29) or by any persons in charge of maintaining the web platform (appointed in this case as external managers). The data will not be disclosed or transferred to non-EU countries (unless subject to compliance with the provisions of chapter V of the GDPR).
Data retention(GDPR-Art.13, paragraph 2, letter a) The data is kept for times compatible with the purpose of the collection
Data provision(GDPR-Art.13, paragraph 2, letter f) The provision of data referring to the mandatory fields is necessary in order to obtain an answer, while the optional fields are aimed at providing the staff with further elements useful for facilitating contact.

1.4 Data provided voluntarily by User

The optional, explicit and voluntary sending of messages to contact addresses, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), as well as the compilation and forwarding of any forms/modules present , involve the acquisition of the sender’s contact details, necessary to reply, as well as all personal data included in the communications. The sender therefore remains personally responsible for the accuracy of the data provided, as well as their pertinence and non-excess with respect to the requests in question.

2) DATA PROCESSING OF CUSTOMERS / SUPPLIERS

2.1 Object of the processing

The company processes personal identification data of customers/suppliers (for example, name, surname, company name, personal/fiscal data, address, telephone, e-mail, bank and payment references) and their operational contacts (name, surname and data contact details) acquired and used in the context of the provision of the services supplied.

2.2 Purpose and legal basis of the processing

The data is processed for:

  • conclude contractual/professional relationships and provide related services;
  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  • fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority;
  • exercise a legitimate interest as well as a right of the Data Controller (for example: the right of defense in court, the protection of credit positions; ordinary internal operational, managerial and accounting needs).

Failure to provide the aforementioned data will make it impossible to establish the relationship with the Data Controller. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If you intend to carry out treatments for different purposes (eg: marketing communications, production of photo/video content, etc.) a specific consent will be requested from the interested parties.

2.3 Processing methods and storage time

The processing of personal data is carried out by means of the operations indicated in the Art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is subjected to both paper and electronic processing. The Data Controller will process the personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations (usually coinciding with the relationship with the interested party, without prejudice to the extension with reference to the obligations to keep administrative documentation and of business correspondence).

2.4 Scope of processing

The data is processed by duly authorized and trained internal subjects pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects who operate as independent data processors or data controllers (eg: consultants, technicians, banks, carriers, etc.). The data may be communicated to any subsidiary/associated company for various reasons. The data are not subject to dissemination or transfer outside the EU (they may be transferred outside the EU only in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of the data subjects is not compromised „Art.45 Transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate guarantees, Art.47 Binding corporate rules, Art.49 Specific exceptions”). The data are not subject to automated processes that produce significant consequences for the data subject.

3) POLICY UPDATE

It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a reasonable time. In any case, the interested party is invited to periodically consult this policy.