This disclosure does not apply to other websites that may be consulted through links available on the websites of the data controller, who shall not be considered in any way liable for the websites of third parties.
- The “DATA CONTROLLER” Mexedia Public limited company Benefit Company – Via Affogalasino 105 00148 Rome
- For the purposes expressed in this policy, only non-particular personal data shall be processed.
- Purposes of processing, data, provision, basis for lawfulness of communication to third parties and storage times, transfers outside the European Economic Area (EEA)
For further processing, please refer to the specific information that will be presented before carrying out the same and, where necessary, consent will be obtained.
For information on cookies, please refer to the same found on the website www.mexediaon.com
|A – Allow navigation on the website|
|What data do we process? Technical information to allow connection protocols with the website.|
|With what legal basis: Legitimate interest of the data controller Article 6 letter f GDPR|
|For how long? We process the data only to allow the user to log in to the site and for the logged in session time It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same.|
|B – Reception and management of contact requests received by contact area, email or telephone|
|More details Personal data are processed in connection with the request for information and to manage the same. Please be advised that only common personal data must be provided. If you do not provide your data: it will not be possible to follow up on requests.|
|What data do we process? The name and surname of the person making the request, any reference company and the contact details and content provided by the data subject.|
|With what legal basis: Pre-contractual or contractual activities Article 6 letter B GDPR|
|For how long? The time that is strictly necessary to follow up on the request. The data will be kept for the management of the rule request for a maximum period of 6 months. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same.|
|C – Management of data subjects’ rights|
|More details The purpose is linked to the reception, analysis and management of requests to exercise the rights of data subjects, including interaction with the data subject and providing the appropriate answers and clarifications. The data subject shall receive a response as soon as possible and, in any case, within the legal deadline. The data subject shall receive a response, with the appropriate reasons, even if the request cannot be accepted If you do not provide the data: it will not be possible to manage requests|
|What data do we process? According to the type of request, we process all the necessary data to guarantee the correct exercise of the rights of the data subjects.|
|With what legal prerequisite: Guaranteeing the exercise of rights is a precise legal obligation Article 6 letter C GDPR|
|For how long? The data are processed for the time necessary to manage the requests and to verify the same. Storage, as a rule, is for 5 years. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same.|
- Disclosure to third parties
|Your data will not be disclosed. They will be processed with technological, IT and consulting service providers who, as a rule, operate as data processors. These parties may also include group companies that offer services to the data controller. It is understood that the data will be processed in accordance with the principle of minimisation, favouring, where possible, anonymous or anonymised data. In particular, the categories of subjects can be the following: Parties, including Group companies, who carry out/provide technical and organisational tasks/services on behalf of the data controller, including the organisational and technological support necessary for the provision of the service or the management of the activity subject to processing Firms and companies in the field of support and consulting relationships The data may also be communicated to independent third parties with particular reference to public authorities, perhaps including law enforcement authorities, when the legal conditions are met and in the exercise of their functions.|
- Transfers outside the European Economic Area (EEA)
|The data are processed in the European Union. If the transfer is necessary, the guarantee instruments provided for by the GDPR shall be used: adequacy decisions of the EU commission or the standard contractual clauses as promoted by the EU commission itself to regulate transfer relationships outside the European Economic Area and with any supplementary measures as also provided for by the EDPB indications.|
- Rights of the data subject Articles 15, 16, 17, 18, 19 20, 21 and 77 of the GDPR Rights of the data subject Articles 15, 16, 17, 18, 19, 20, 21, and 77 of the GDPR.
We inform you of the existence of the right to know the recipients of the possible communication, access to personal data, rectification, deletion and possibly complete deletion, limitation of processing, data portability and opposition at any time to the processing of personal data concerning you.
We also inform you that, if the basis of lawfulness is consent, you have the right to revoke it at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (Article 7, paragraph 3, of the GDPR).
Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the member state where you usually reside, work or in the place where the alleged violation occurred, which in Italy corresponds to the Guarantor Authority for the Protection of Personal Data, whose references can be found on www.garanteprivacy.it or you can activate your protection actions also by contacting the judicial authority. You can exercise these rights simply by contacting the data controller through the contacts indicated in this policy or on the company websites.
It is understood that the exercise of rights will be promptly assessed and guaranteed, where possible, as in certain cases, requests must be weighted in conjunction with other regulatory impositions that could limit the exercise.
It is understood that even in cases where the requests to exercise the rights cannot have been followed, the data subject shall be promptly informed of the circumstance and the reasons for it.
- Contact details of the DPO: either at the registered office of the data controller or DPO@MEXEDIA.COM
This information was prepared on _180723