With the entry into force of law no. 675/96, and subsequently, of the d. lgs. 196/2003 "Code regarding the protection of personal data", pursuant to Law 2016/679 modifying the previous rules, Mectronica srl, as "owner" of the treatment, is required to provide information regarding the use of personal data.
In compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 GDPR concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46 / EC (General Data Protection Regulation).
The data that the Customer communicates to Mectronica srl will be treated in full compliance with these laws and in particular:
• the collection or in any case the processing of personal data has the sole purpose of being able to adequately carry out one's own economic activity;
• personal data are and will be processed lawfully and fairly and in any case in compliance with the law.
• personal data will not be disclosed to third parties for any reason, with the exclusion of the bodies delegated to the Public Order, Public Security, Judiciary.
• The data of the individual buyers are classified in: Name, Surname, Address, City, telephone number, email, tax code and any VAT number. These data will be used to identify the person entitled to the product warranty and will not be treated in any way different from the primary purpose.
• The protected access to the data and their possible modification takes place on the purchase platform https://store.mectronica.it or in the respective affiliated marketplaces in the event that the purchase order comes from them and the data for accessing the menu are those that the customer entered at the time of his registration.
• The data will be stored only in electronic format (contained in the protected server of Mectronica srl) in SSL mode for a period equal to the duration of the product warranty, or its possible extension. This is in order to simplify remote assistance interventions by Mectronica srl or authorized operators.
• The private purchaser or with a VAT number can at any time request the cancellation of his data from the electronic customer list (e-commerce), aware of the fact that in this case the time for assistance on the products could be greatly extended.
• A copy of the tax data will in any case always be kept for at least 10 years in compliance with the mandatory regulations in force on tax and accounting matters.
• Mectronica srl may contact members from time to time by telephone or email in order to obtain product evaluations and degree of satisfaction with the service. Subscribers can at any time obtain to be excluded from this practice.
USER RIGHTS (Data Subject)
The legislation assigns specific rights to the interested party, who, for the exercise of these rights, can directly contact the data controller. The interested party can also exercise his rights at a later time than the one in which he gave consent, thus being able to revoke a consent already given.
The rights exercisable by the interested party are the following:
• exercise the opposition to the treatment in whole or in part;
• obtain the cancellation (oblivion) of the data held by the owner;
• obtain the updating or correction of the data provided;
• request and obtain the data held by the owner in an intelligible form (right of access);
• request and obtain transformation of the data into anonymous form;
• request and obtain the blocking or Limitation of data processed in violation of the law and those whose conservation is no longer necessary in relation to the purposes of the processing.
Right to object
The interested party has the right to object, at any time, to the processing of data concerning him (Article 21 GDPR).
The interested party can also oppose the treatments connected to direct and profiling reasons.
The opposition to the treatment is a different operation from the cancellation of the data. Based on it, the interested party can prevent processing that is not compatible with the purposes of the consent.
It is the data controller who must respond to the data subject's request within one month of exercising the right. In particularly complex cases, the answer can be provided within 3 months. The answer must be in writing, also in electronic format, except in the case where the interested party requests it orally. The answer must be concise, accessible and intelligible. The only obligation for the interested party is to provide the data for his identification. The answer should generally be free of charge, except for reimbursement of the cost of the media used.
Right to information
The data subject has first of all the right to receive correct information in relation to the data collected and processed, the purposes of the processing, the legal basis of the
treatment and the rights attributed to it, as well as the methods for exercising them. All this happens by means of the information, the purpose of which is to inform the interested party so that he can make a valid consent.
In the event that automated processing including profiling is applied to the data, the owner must inform the data subject, explaining the methods and purposes of profiling, as well as the logic inherent in the processing and the consequences envisaged for the data subject as a result of this type. of treatment.
Right of access
The art. 15 of the European general regulation provides for the right of access, i.e. the right to know which personal data relating to the data subject the owner is processing, for what purposes (not the methods instead), and to receive a (free) copy of the data. If necessary, the owners can also allow direct access to the data remotely.
The interested party has the right to know:
• the purposes of the processing;
• the categories of personal data processed;
• the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations, and the guarantees applied in case of data transfer to third countries.
• when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
• the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
• the existence of the right to lodge a complaint with a supervisory authority;
• if the data are not collected from the interested party, all available information on their origin;
• the existence of an automated decision-making process, including profiling, and significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
Right to limit the processing
The right of limitation (Article 18 of the Regulation) allows the interested party to obtain the blocking of the processing in case of violation of the conditions of lawfulness (as an alternative to the cancellation of the data), but also if the interested party requests the correction of the data (pending rectification) or opposes their treatment (pending the decision of the owner). In case of exercise of this right, any treatment, except storage, is prohibited.
The data must be marked pending further evaluations.
Right to erasure (oblivion)
The right of cancellation (also known as the right "to be forgotten") is the right to obtain the cancellation of one's personal data in particular cases. It can also be exercised after the withdrawal of consent.
Right to portability
The right to data portability is a new right provided for by the European regulation. It applies only to automated processing, and specific conditions are envisaged for its exercise.
Exercise of rights
The interested party can contact the data controller directly to exercise his rights (ruling). Even if it is only the owner who is obliged to give feedback, the data controller is required to collaborate with the owner for the purpose of exercising the rights. In case of non-response, or inadequate response, you can contact the administrative (Guarantor) or judicial authority for the protection of your rights.
The deadline for replying is 1 month for all rights. This term can be extended to 3 months in particularly complex cases. In this case, the data controller must in any case notify the data subject within the month.
The exercise of the rights is in principle free of charge. In any case, it is up to the owner to assess whether the answer is complex to the point of having to ask for a contribution from the interested party, and to establish it
the amount, but only if the requests are manifestly unfounded or excessive or repetitive (on this point the Italian Guarantor should publish guidelines, for the moment we can refer to the 2004 resolution Contribution to expenses in case of exercise of the rights of the interested).
The answer must usually be provided in writing, including by electronic means. It can be oral only if specifically requested to do so by the interested party. The answer must be clear, concise, and easily accessible and understandable.
The owner can request information from the interested party in order to identify him, and the interested party is obliged to provide such information.
Derogations from the exercise of rights
The European regulation allows for exceptions to the rights recognized to the interested party, to be established on the basis of national provisions. In this perspective, it is believed that the exceptions established by the article of the Italian Personal Data Protection Code may still be applied (pending the assessment of the Guarantor on compliance with the GDPR), i.e. in cases where the data processing is carried out:
• based on the provisions of the decree-law of 31 December 1991, no. 419, converted, with modifications, by the law 18 February 1992, n. 172, and subsequent amendments, regarding support for victims of extortion requests;
• by parliamentary committees of inquiry set up pursuant to article 82 of the Constitution;
• by a public entity, other than public economic entities, on the basis of an express provision of the law, for exclusive purposes relating to monetary and currency policy, the payment system, the control of intermediaries and credit and financial markets, as well as the protection of their stability;
• pursuant to article 24, paragraph 1, letter f), limited to the period during which an effective and concrete prejudice could arise for the carrying out of defensive investigations or for the exercise of the right in court;
• from suppliers of electronic communications services accessible to the public in relation to incoming telephone communications, unless an actual and concrete prejudice may arise for the carrying out of defensive investigations pursuant to law no. 397;
• for reasons of justice, in judicial offices of all levels or the Higher Council of the Judiciary or other self-governing bodies or the Ministry of Justice;
• pursuant to article 53 (treatment by police forces), without prejudice to the provisions of law no. 121 of 1 April 1981.
The owner of the data identifies himself as the pro tempore Administrator of Mectronica srl. based in Bentivoglio in via Monari Sardè, 8.