INFORMATION ON THE PROCESSING OF PERSONAL DATA
(Article 13 of Legislative Decree 196/2003 – Privacy Code – Article 13 of the EU General Regulation on the protection of personal data no. 679/2016)
MDR2 Srl, based in Ornavasso (VB), Strada Romana di Sotto, 24 VAT number 01803440039, owner of the processing of personal data pursuant to articles 4 and 28 of the legislative decree 30 June 2003, n. 196 – Code of privacy and articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, pursuant to art. 13 of the Code and 13 of the Regulation which will proceed with the processing of personal data referring to the Company and to the natural persons who have the legal representation for the purposes and with the methods indicated below.
What are personal data?
Personal data refers to any information relating to a natural person, which can make him identifiable and which may include (but is not limited to):
- Names and contact information, such as email and phone numbers
- National insurance numbers
- Work history
- Number of employees
- Credit position
- Accounting data
What are sensitive personal data?
Sensitive personal data may refer to what is listed above but also includes genetic data and biometric data. For example:
- Medical conditions
- Religious or philosophical beliefs and political views
- Racial or ethnic origin
- Biometric data (e.g. photo in an e-passport)
What is the DPO?
For the purposes of compliance with the GDPR legislation, the “data processor” indicates the person or organization that decides the purposes for which and the way in which personal data are processed.
MDR2 Srl based on current legislation, is not required to appoint a DPO.
What is data processing?
Data processing is any operation or set of operations performed on personal data, or set of it, whether by automated systems or not.
Examples of data processing explicitly listed in the text of the GDPR are: collection, registration, organization, structuring, archiving, adaptation, modification, recovery, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, limitation, cancellation or destruction.
What information do we collect about you and how?
The data controller is bound by the requirements of the general data protection rules (GDPR).
When you decide to use our services, you accept that we have the right to obtain, use and process the information you provide to allow us to provide you with the best possible use experience and for other related purposes, including;
- Updating and improving customer records
- Analysis for management purposes
- Analysis for statistical purposes
- Legal and regulatory compliance
- Crime prevention.
How will we use information about you and why?
We at MDR2 Srl take your privacy seriously and will use your personal information only to provide the services you have requested from us. We will only use this information according to your instructions, data protection law and our duty of confidentiality.
Our work for you may require that we pass your information on to our third party service providers, agents, subcontractors and other associated organizations for the purpose of completing business and providing services to you on our behalf. However, if we need third party suppliers to provide you with a service, we only disclose the personal information necessary to provide our services and require them to keep your information secure and not to use it for their own direct marketing purposes.
We collect information on our website to process your inquiries, manage event registration, provide help based on the data collected and improve our services. If you agree, we will also use this information to share updates with you about our services that we think may be of interest to you.
We will not in any way share your information for marketing purposes with companies so that they can offer you their products and services.
Transfer of information outside of Europe
Within the limits strictly necessary for the execution of the services, your personal data may be disclosed to third parties, such as, by way of example, suppliers of products and / or services, located both within the European Union and outside it.
Any transfer outside the EU will in any case be subject to compliance with current legislation.
Security precautions in place on collected data
When you provide us with personal information, we take all necessary security measures to ensure that it is treated securely.
Non-sensitive details (your email address, etc.) are sent normally over the internet and this can never be guaranteed to be 100% secure. Consequently, while we strive to protect your personal information, we cannot guarantee the security of the information you transmit to us. Once we receive your information, we do our best to ensure its security on our systems. Where we have provided (or where you have chosen) a password that allows you to access certain parts of our websites or services, you are responsible for keeping this password confidential and for changing it once it has been communicated to you. We ask you not to share your password with anyone.
We would like to send you information about our services that may be of interest to you. If you have consented to receive advertising and marketing information, you can choose to opt out at any time as set out below.
You have the right at any time to prevent us from contacting you for marketing purposes. To opt out, send an e-mail to the address: email@example.com
How long will we keep your data?
In line with our regulatory requirements, we will keep your data for the minimum time required by current tax legislation. In case you need it, you will have the possibility to give up or update or delete the data at any time and details on how to do this are indicated in this statement.
ACCESS TO INFORMATION, CORRECTION, PORTABILITY AND CANCELLATION
What is a subject access request?
This is your right to request a copy of the information we have in our possession. If you would like a copy of some or all of your personal information, send us an e-mail to: firstname.lastname@example.org. We will respond within one month of receiving the request.
We want to make sure your personal information is accurate and up to date. You can ask us to correct or remove any information that you believe is inaccurate by contacting us using the procedures outlined above.
Objections to the processing of personal data
It is your right to file an objection to the processing of your personal data. The only reason we may refuse to process your request is if we are able to demonstrate valid and legitimate reasons that outweigh your interest, rights and freedoms in the specific case, or when the data processing is aimed at establishment, exercise or defense of legal claims.
It is also your right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format and to have the right to transmit such data.
Your right to be forgotten
If you want us to completely delete all information concerning you, you can notify us by sending an e-mail to email@example.com.
If you believe that your personal data has been processed in a way that does not comply with the GDPR, you have a specific right to lodge a complaint with the supervisory authority in charge. The supervisory authority will inform you of the progress and results of your complaint.
How to reach us