Note on compliance with General Data Protectiontion Regulation (GDPR) and privacy protection
In accordance with art. 13 D.Lgs. 30.6.2003 n. 196 (subsequently “Privacy Code”) and art. 13 of EU Regulations n. 2016/679 (later “GDPR”), Associazione Mittelmoda International Lab, addressed in S.S. Via Gramsci 2/4 CORMONS, 34071 (GORIZIA) C.F./Social Security number 91022080310 (subsequently “Beneficial Owner”), as owner and holder of processing of personal data, would like to inform you that your personal data will be processed as in the following conditions and for the following purposes.
1. Subject matter of data processing
Owner will process the identifying data and not the sensitive data (in particular name, surname, social security number /fiscal code for Italians , V.AT. , email address, telephone number - subsequently “personal data -information or simple data” ) you provided when pre-registering online on the owner website and/or when subscribing to the owner email newsletter service.
2. Purposes of the data processing
Your personal data are processed:
A) without your express consent (art. 24 lett. a, b, c Privacy Code and art. 6 lett. b, and GDPR), for the following Service purposes and missions:
- letting you register to the website;
- managing and updating the website;
- permitting the subscription to the newsletter service offered by the owner and the subscription to further services you may request;
- fulfilling pre-contractual , contractual and fiscal obligations, fiscali arising from any kind of relationship with your person;
- fulfilling oblications under the law, a regulations, EU laws or an order of the Authority in place;
- preventing or finding out fraudulent activity or dangerous abuses on the website;
- exercising the rights of the Owner , for example the right of defense in legal action in Court.
B) Only prior your specific and agreement and consent (art. 23 and 130 Privacy Code and art. 7 of GDPR), for the following Marketing purposes:
- sending you newsletter emails, marketing communications and /or advertising material about products and services offered by the Owner. Subject to your personal consent , we would like to inform you that if you already subscribed and you are already one of our clients, we could send you further similar marketing communications for services and products from the Owner - unless you disagree with it - (art. 130 c. 4 Codice Privacy Code ).
3. Methods of data treatment and processing
Your personal data processing method is carried out following the operations listed in art. 4 Privacy Code and art. 4 n. 2 of GDPR and precisely:
data collection , data registration, data organization, data storage, data consultation, data-processing, data change and editing , data selection, data extraction, data comparison, data use, database interconnection, blocking of data, communication of data, erasure of data, deletion and destruction of data.
Your personal data will be proceeded both as electronic (and/or automated processing) and physical/paper data processing.
The Owner will proceed all personal data as long as he needs to fulfill the above mentioned purposes and not longer than 10 years from the termination of the agreement/contract for the Services Purposes and not longer than 2 years from the data collection for Marketing purposes.
4. Access to personal data
Your personal data could be acessable for the following purposes as stated in art. 2.A) and 2.B) to:
- System administrators/webmasters and employees, staff and collaborators of the Owner or of the Corporate Partners of Associazione Mittelmoda International Lab’s and Associazione Mittelmoda International Lab itself, as officially entitled and responsible for the data processing activity
- Societies of the Association Mittelmoda International Lab ‘s board (for example ,activity of support clients feasibility studies, or activities for technical management of the project etc etc ) or outsourcing companies , hired by the Owner, as qualified and responsible external staff for data processing.
5. Data Communication
With reference to the laws , ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), without your specific permission and consent , the Owner can communicate your data for art.2.A) purposes to Supervisory Authorities, Judicial Authorities, Law Enforcement Authorities and also to all the other entities who are reached by compulsory communication by Law when fulfilling the above mentioned purposes. Your data will not be released.
6. Data Transfer method
Personal data processing and storage will be carried out on EU based Owner’s servers and/or on EU based servers of other companies’ which are hired and entitle to be be responsible for the data processing activity.
At the very moment, the serves are located in Italy.
Personal Data will not be transferred outside the European Union.
When necessary the Owner can change the location of the servers in Italy and/or in EU and/or in non EU Countries. In this case the owner will have to guarantee that data transfer operations will be carried out in accordance with the applicable laws.
When needed, the owner will have to draw agreements to guarantee an efficient data protection level and/or the owner will have to follow the standard contract terms, clauses and regulations as stated by the European Community Jurisprudence on this specific matter.
7. Nature of data inputting / processing and consequences in refusal to reply an/or answer
Data processing is compulsory as of art. 2.A) listed purposes.
If missing, we could not provide you with either the registration to the website or the services listed in art. 2.A). Data Processing as of purposes listed in art. 2.B) is optional.
Therefore, you can decide whether to provide NO DATA or in the near future to process already provided data: in this case you will not be able to receive newsletter emails, communications, marketing communication and advertising material about all services offered by the owner. In this case , you will be provided with the services mentioned above in 2.A).
8. Rights of the applicant and data provider
As a personal data provider, you will have all the rights listed in art. 7 of Privacy Code and art. 15 of GDPR , such as the following rights:
1. you have the right to know if there are any personal data which refer to you even when not registered and you have the right to receive this information and these data in a intelligible and comprehensible way.
2. you have the right to enquire about details about:
a) origin of the personal data;
b) purposes and methods of data processing;
c) system and methods applied in data processing when electronic means are in use;
d) identifying means and tools of the Owner’s , of staff’s in charge of the data processing, of the designated responsible’s according to art. 5, 2 Privacy Code and art. 3, 1, GDPR;
e) entities and categories of entities who can receive the personal data or may come in possess of them, following being nominated designated representative in the State territory.
3. you have the right to have and receive:
a) update, rectification and when needed also the integration of data;
b) cancellation and deleting request , anonymous transformation, block of all all those data which have not been processed according to the law, including those data which are not necessarily kept in accordance to the purposes they have been stored up and processed for.
c) confirmation that all listed in points a) and b) operations and also their details are known by the persons to whom personal data were communicated or send to. This will not happen when this operation is not possible or requests a massive effort and the use of means and procedures way bigger than the so above mentioned rights.
4. you have the right to fully or partially object and oppose.
a) for personal data processing related reasons and also for the purposes and aims of the data collection;
b) to the personal data processing such as personal data used for sending advertising material or for direct sale or for marketing surveys or commercial and marketing communication by using telephone automatic calling devices and softwares without the use of an operator or emails and /or by common marketing strategies such as telephone calls and regular mail.
We would like to point out that the right to object listed in point b) for marketing purposes using automated and electronic devices and means along with traditional marketing methods is still valid, regardless the new technology. A person can therefore still object , fully or partially.
As a matter of fact the person in question, can choose whether to receive updates and communication by traditional methods such as automated communication or none of the two methods of communication.
Where possible, the person in question, has still the rights listed in art. 16-21 GDPR (Right of Rectification , Right of Forgetting, Right of limited data processing, Right of Data Portability , Right to object), along with the right to complain to the Competition Authority.
9. Way to exercise your rights
The person in question, can in every moment , exercise his rights by sending :
- a registered letter to Associazione Mittelmoda International Lab, S.S. Via Gramsci 2/4 CORMONS, 34071 (GORIZIA).
- an email to firstname.lastname@example.org
10. Under Age applicants and website guests
This website and the related services are not for the use of people under 16 years and the website owner will not intentionally collect collect personal data and information from underage people. In case information and personal data from under 16 year people were collected and stored, the website owner will delete them upon request.
11. Owner, Responsible and staff
The Owner of the data processing is Matteo Marzotto
The Responsible person for the data processing is Maurizio Tripani
The updated list of the staff and responsible for the data processing employees is kept in possess of the owner and the responsible person at International Lab of Mittelmoda offices.
12. Change to this informative nove
This specific note can change. We advise to check this note now and then and to refer to the latest update and version.