PRIVACY POLICY

INFORMATION ON THE PROCESSING OF PERSONAL DATA

The company MAFRA International S.r.l. (hereinafter, for brevity, "MA-FRA", or the "Company") informs you that the personal data acquired through browsing this site will be processed in accordance with the law on the protection of personal data.

With reference to the methods of management and processing of personal data of users who consult this site, MA-FRA provides the following information, pursuant to Article 13 EU Regulation No. 679/2016 (so-called GDPR):

  1. Data of the data controller

MAFRA International S.r.l., P.IVA n. 09894580969, with registered office in Via Aquileia n. 44 - 20021 Baranzate (MI), is the Data Controller of the personal data of the users who consult this site.

The Society can be contacted at the e-mail address privacy@mafra.it

  1. Types of data collected

Through navigation on this web page, MA-FRA processes navigation data, personal data voluntarily provided by the user, and personal data collected through cookies, as identified below.

  1. Navigation data

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes:

  • IP addresses or domain names of users' terminals connecting to the site;
  • i MAC (Media Access Control) address;
  • The addresses in URI (Uniform Resource Identifier) notation of the requested resources;
  • The time of the request;
  • The method used in submitting the request to the server;
  • the size of the file obtained in response;
  • the numeric code indicating the status of the response given by the server (successful, error, etc.);
  • and other parameters related to the user's operating system and computing environment.

 

  1. Data voluntarily provided by the user

In case you contact MA-FRA through the channels (telephone, e-mail, social media etc.) made available on this site, you will transmit personal data that will be processed by the Company.

The Data Subject is requested not to provide personal data revealing his or her racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as his or her genetic data, biometric data, data concerning health or sexual life or sexual orientation (also referred to as "sensitive data"). Such data will be deleted immediately in the absence of an explicit declaration of consent to their processing.

  1. Cookie

The site uses technical cookies (session and navigation), to ensure normal navigation and enjoyment of the website (allowing, for example, authentication to access restricted areas), to allow the user to view content from external platforms (e.g., videos on YouTube).

The site also uses third-party analytical cookies to monitor users' use of the site and provide personalized commercial content. In addition, analytical cookies are used for the purpose of optimizing the web platform and performing statistics.

For all information regarding the processing of personal data by cookies, please refer to the extended cookie policy, which can be reached on every page of the site.

  1. Purpose and legal basis for processing

The browsing data specified in 2(a) is used for:

  1. provide the service and check its proper functioning, as well as to obtain anonymous statistical information and heat mapping on the use of the site. The legal basis that legitimizes the processing of personal data for this purpose is to be found in Art. 6(1)(b) GDPR, i.e. in that the processing is necessary to provide the user with the requested service;
  2. Fulfilling legal obligations, regulations or requests from judicial authorities. The legal basis legitimizing the processing of personal data for this purpose can be found in Article 6(1)(c) GDPR, i.e., in that the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
  3. To assert or defend in court a right of Ma-Fra. The legal basis legitimizing the processing of personal data for this purpose can be found in Article 6(1)(f) GDPR, i.e., in that the processing is necessary to establish, exercise or defend a right of the Company in court.

The data voluntarily provided by the user indicated in item 2(b) are processed for:

  1. respond to user requests (via e-mail, telephone or other contact channels). The legal basis that legitimizes the processing of personal data for this purpose can be found in Art. 6(1)(b) GDPR, i.e. in that the processing is necessary to provide the user with the requested service;
  2. Fulfilling legal obligations, regulations or requests from judicial authorities. The legal basis legitimizing the processing of personal data for this purpose can be found in Article 6(1)(c) GDPR, i.e., in that the processing is necessary to fulfill a legal obligation to which the Data Controller is subject.

 

  1. Period of data retention

Personal data collected and processed as a result of browsing this site will be retained for as long as the service is provided and in any case deleted or anonymized within 15 days.

Personal data submitted independently by users through the tools on the site will be deleted after providing the requested service or responding to them and in any case within a maximum period of 15 days after the exhaustion of such activity, with the exception of those necessary for compliance with tax, accounting and administrative regulations or to fulfill other legal obligations and to document the activities carried out.

  1. Method of treatment

The personal data collected will be handled, stored and processed by electronic means and will be stored both on computer media and on paper media, organized in databases, and on any other type of suitable media.

Specific security measures are observed to prevent data loss, illegal or incorrect use, and unauthorized access.

The processing of personal data carried out by MA-FRA does not involve automated decision-making processes.

  1. Disclosure of personal data

The communication of navigation data is a necessary requirement for the provision of the requested service (navigation on the site) and therefore obligatory for this purpose: the failure of the Data Subject to provide personal data will result in the impossibility for MA-FRA to allow navigation on this site.

The communication of the data provided voluntarily by the user is a necessary requirement for the provision of the requested service (request for contact with the Company) and therefore mandatory for that purpose: failure to provide personal data by the Interested Party will result in MA-FRA being unable to respond to contact requests received from the user.

  1. Persons to whom personal data may be disclosed

Personal data collected will not be disseminated and may be disclosed to:

  • Authorized personnel internal to the Owner,
  • Subjects who are granted the right and interest to access users' personal data by law or secondary and/or EU regulations,
  • companies, associations or professional firms that provide services and activities on behalf of the Controller as Data Processor, in particular for the provision of ICT services (e.g. web hosting services, cloud providers, etc.), for the fulfillment of legal obligations, as well as for any organizational and administrative requirements necessary for the activities carried out by the Controller.

The names of the individuals who, in their capacity as "Data Processors", may come to know the personal data of the users are listed in an updated list available from MA-FRA (to be requested from the contact details indicated in point 1).

  1. Transfer of data outside the European Economic Area or to international organizations

As part of the processing operations described in this policy, MA-FRA does not transfer personal data outside the European Economic Area or to international organizations.

  1. Rights of the data subject

In relation to the data processing regulated by this notice, the Data Subject is entitled to exercise at any time the rights provided for in EU Regulation No. 679/2016 (GDPR).

  • Right to be informed of any processing of your personal data (pursuant to Art. 13 GDPR). The Data Subject has the right to obtain confirmation as to whether or not any processing of his or her personal data is taking place and, if so, he or she should be informed about any aspect of the processing operations, including, for example, information about:
  • The Data Processors (who process the data on behalf of the Data Controller),
  • Any other data recipients (to whom your personal data may be disclosed),
  • The purpose and legal basis,
  • The types of data processed,
  • The data retention period,
  • The transfer of personal data to third countries or international organizations.
  • Right of access to your personal data, as well as the right to rectification of inaccurate data and the right to supplement incomplete data.
  • Right to erasure (so-called right to be forgotten) under the conditions set forth in Article 17 GDPR, for example, when your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • Right to limitation of processing to the purposes and/or manner for which your personal data were collected, under the conditions of Article 18 GDPR.
  • Right to data portability, i.e., the right to receive a copy of all personal data you have provided to the Data Controller or to transmit such data to another Data Controller without hindrance.
  • Right to withdraw consent when given to legitimize the processing of your personal data. This right may be exercised at any time, without affecting the lawfulness of the processing based on the consent given before its revocation.
  • Right to lodge a complaint with a Supervisory Authority, if he believes that the processing concerning him violates the legislation in force. In this case, he/she should address the Authority of the Member State where he/she normally resides, works or of the place where the alleged violation occurred. The contact details of the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali) can be found on its website.

In addition, the Data Subject has the right to object to the processing of his or her personal data when the processing:

  • Is necessary for the performance of a task in the public interest,
  • Is necessary for the pursuit of a legitimate interest of the owner,
  • Has direct marketing purposes, including profiling.

In order to exercise the rights, listed above, the Interested Party may submit a request via email to privacy@mafra.it

The Company will respond to the User's requests within a maximum period of 30 days.