Information on the treatment of personal data
Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data (in short “GDPR”) Mye Srl (hereinafter referred to as “Mye”), in the person of its legal representative pro-tempore, in his capacity as Data Controller of the personal data collected directly from the person concerned, provides you with this information notice in accordance with Article 13, GDPR (in short “Information notice”).
In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be ensured by taking all the necessary suitable technical and organizational measures to ensure their security.
(A) Data Controller’s identity and contact details
Sede legale: Via Cinque Martiri, 1
24029 Vertova (BG)
C.F. e P.Iva 03822880161
Sede operativa: Via Aldo Moro, 18
24023 Clusone (BG)
Tel. 034628100 – mail: firstname.lastname@example.org
(B) Purposes of personal data processing and legal basis
Your personal data will be processed:
(i) without your mandatory consent for the following purposes:
- online account registration on the Mye website, order management, purchases, sales and delivery of products and monitoring, customer service management, payment management, management of returns and repairs, management of contacts with customers, voucher and discount management;
- administrative-accounting management and related obligations (issuance of receipts, invoices, preparation of payments), possible protection of credit positions, and defence before the courts;
- internal statistics, business analysis and economic management, as well as sending advertising of similar products based on the contact data provided upon signing the contract, with the right to immediate erasure on request;
The above processing modes comply respectively with the following legal bases:
- fulfilment of a contract or pre-contractual measures, meeting a request by the interested party –condition of lawfulness of Article 6, letter b) GDPR;
- legal obligation to which the Data Controller is subject – condition of lawfulness Article 6, letter c) GDPR – or for the assessment, the exercise or the defence of a right in judicial proceedings;
- pursuit of a legitimate interest of the Data Controller – condition of lawfulness of Article 6, letter f) GDPR – related to the improvement of business operations and market surveys, to the improvement of the services provided to its customers, direct marketing and customer loyalty.
The provision of the data marked in the form with (*), for the purposes referred to in the previous section (i), is mandatory and the lack of data and/or any express refusal to process the data will make it impossible for the Data Controller to implement the contract or the pre-contractual measures, and it will make it impossible for the interested party to fulfil the obligation, which might even result in the penalties provided for by the legal system.
(ii) with your prior consent (Article 7, GDPR) for the following purposes:
- various types of marketing activities, including the promotion of products and services, the distribution of posters and information and promotional material, the sending of newsletters and commercial communications by e-mail, invitations, vouchers;
- profiling activities of various kinds, including behavioural analysis for promotional purposes, the creation of lists for promotional purposes, commercial communication, and the sending of newsletters, the creation of profiles for the provision of targeted and customized services for customers’ needs.
The provision of data for the purposes referred to in the previous section (ii) is optional, with the result that you may decide not to give your consent or to revoke it at any time. For these processing modes automated processes are used through the use of software that require in any case the human decision-making intervention aimed at avoiding unwanted consequences for the interested party, always and in any case limited to receiving communications from the Data Controller.
(C) Categories of recipients of personal data
For the purposes referred to in the previous paragraph, the personal data you have provided may be transferred or made accessible to:
- employees and collaborators of the Data Controller, in their capacity as authorized data processing staff (or the so called “individuals in charge of processing”);
- third parties who carry out outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors, including:
- providers of services to manage the information system and telecommunications networks, as well as the company in charge of the e-commerce management, providers of services to manage the filing of paper and/or computerized documentation, providers of services to manage customer assistance activities, including websites (e.g. call centres, help desks, etc.), providers of services to manage commercial communication activities;
- freelancers, offices or companies in the field of assistance and consultancy relationships, also for the control of the company organizational management;
- banks and credit and insurance institutions to carry out economic activities (payments/collections), and insurance activities;
- persons who carry out checks, audits and the certification of the activities carried out by Mye, also in the interest of customers;
- judicial or supervisory authorities, administrations, public bodies and authorities (both national and foreign ones);
The complete updated list of the Data Processors is available upon written request to the address email@example.com
D) Storage and transfer of personal data abroad
The management and storage of personal data occur on Cloud and on servers located inside and outside the European Union owned by and/or available for the Data Controller and/or third-party companies in charge of that, duly appointed as Data Processors.
Your personal data will not be disclosed.
(E) Storage period for personal data
Personal data collected for the purposes indicated in the previous paragraph (B), will be processed and stored for the entire duration of any contractual relationship established, and in some cases, kept for the time necessary to fulfill these purposes and in any case for a period not exceeding 12 months.
After this storage period, the data will be destroyed or anonymised.
F) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein, and more specifically:
- Right of access – To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following information: the purposes of the processing, the categories of personal data concerned and the storage period, the recipients to whom these can be disclosed (Article 15, GDPR).
- Right to rectification – To obtain, without undue delay, the rectification of inaccurate personal data concerning you and have incomplete personal data completed (Article 16, GDPR).
- Right to erasure – To obtain, without undue delay, the erasure of the personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR).
- Right to restriction of processing – To obtain restriction of processing in the cases provided for by the GDPR (Article 18, GDPR).
- Right to data portability – To receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Article 18, GDPR).
- Right to object – To object to processing of personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing (Article 21, GDPR)
- Right to lodge a complaint with a supervisory authority – To lodge a complaint with the Authority for the protection of personal data, Piazza di Montecitorio 121, 00186, Rome (RM).
COPYRIGHT AND IMAGE EXPLOITATION
The author of the publication (the registered user) is solely responsible for the images and texts he uses and to do so must have full rights. By uploading a text, a graphic file or an image file, you implicitly confirm that you own it and that you have received the authorization of use from the legitimate owner, relieving Mye of any responsibility.
You may exercise these rights by simply sending a request per e-mail to the Data Controller’s address firstname.lastname@example.org