pursuant to artt. 13 and 14 of EU Regulation 2016/679 (GDPR)
Who decides the purposes and means of the processing?
Mosaico+ S.r.l. con socio unico is the data controller, which means that it is the subject who determines the purposes and means of the processing of personal data pursuant to art. 4 of the GDPR. Below you can find the contact details of Mosaico+ S.r.l. con socio unico:
Address: Viale Jenner 4 – 20159 Milan, Italy
Telephone and Fax: +39 0536 995811 e +39 0536 995899
In the present information notice, Mosaico+ S.r.l. con socio unico (M+) is also referred to as the “Company” or “Controller“.
What data do we collect?
In the course of browsing the website www.mplusdesign.it («Site») we collect various personal data to fulfill the processing purposes listed in the following paragraph. In particular, we process common data, including:
- technical navigation data, acquired by the information systems and software procedures relied upon to operate the Site itself, as part of their standard functioning. These personal data, whose transmission is an inherent feature of Internet communication protocols, are not collected in order to be associated with identified data subjects but, by their very nature, they could allow users to be identified through the processing and association with data held by third parties. This category of data includes IP addresses, domain names of the computers used by users connecting to the Site, URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code relating to server response status (successfully performed, error, etc.) and other parameters relating to the user’s operating system and IT environment. These data, necessary for the use of web services, are also used to obtain anonymous statistical information on the use of the Site as well as to check its correct functioning and are deleted immediately after processing. The data may also be used to ascertain liability, should criminal offences be committed or attempted against the Site.
- data provided voluntarily by the user, for the creation of a M+ATES profile, as well as for contact purposes (please refer respectively to the information notice for registration to the Site, to the information notice for candidates and to the “contact” information notice).
For what purpose do we process user data?
The processing of user data is carried out for various purposes:
- technical administration and management of the operation of the Site;
- fulfilment of legal obligations under applicable national and supranational regulations;
- ascertainment, exercise or defence of the Controller’s rights in court and/or out-of-court procedures.
What condition makes the processing lawful?
Processing, to be lawful, must be founded on an adequate legal basis:
- performance of the contract to which the data subject is a party, pursuant to Art. 6, par. 1, lett. b) GDPR (navigation on the Site);
- fulfilment of a legal obligation to which the Controller is subject, pursuant to Article 6, par. 1, lett. c) GDPR;
- pursuit of the legitimate interest of the Controller or third parties, pursuant to Art. 6, par. 1, lett. f) GDPR.
How long do we retain personal data?
We retain user’s data for a period that depends on the specific purpose of the processing:
1. for as long as you browse;
2. for as long as required by the applicable legislation;
3. for the entire duration of judicial or extrajudicial litigation, until the time limits for appeals are exhausted.
Once the aforementioned retention periods have expired, the data will be destroyed or rendered anonymous, compatibly with the technical procedures for deletion and backup and with the Controller’s accountability requirements.
Is the provision of personal data necessary?
Browsing data are necessary in order to carry out the IT and telematic protocols underlying the operation of the Site; therefore, failure to provide them would not allow the Site to function. As regards the data required within specific sections of the Site (e.g. registration), please refer to the appropriate information notice.
To whom could we communicate personal data?
The user’s data may be communicated to subjects acting as controllers, such as, by way of example, authorities and supervisory and control bodies, persons, companies, associations or professional firms providing assistance and consulting services, and in general by public and private subjects entitled to request the data.
The user’s data may be processed, on behalf of the Controller, by subjects appointed as Processors, who are given appropriate operating instructions, including, by way of example, companies that provide maintenance services for the website and information systems;
For a complete list of the responsible persons, please contact firstname.lastname@example.org
Who is authorised to process the data?
Personal data may be processed by the employees of the Company functions deputed to the pursuit of the aforementioned purposes, who have been expressly authorised to process the data and who have received adequate operating instructions pursuant to art. 29 of the GDPR and 2 quaterdecies of Legislative Decree 196/2003, as amended and adapted by Legislative Decree 101/2018
Can data be transferred to non-EU countries?
There will be no transfer of data outside the European Economic Area (EEA).
What are the data subject’s rights?
By contacting the Company by e-mail at email@example.com users may request access to the data concerning them, their rectification, integration or deletion, the restriction of processing in the cases provided for by Article 18 GDPR as well as opposition to processing in cases of legitimate interest of the data controller.
Data subjects also have the right, in the event that the processing is based on consent or contract and is carried out by automated means, to receive the data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance.
Data subjects have the right to withdraw their consent at any time, as well as to object – for reasons related to their particular situation – to processing carried out in pursuit of the legitimate interests of the data controller. Data subjects may withdraw and manage their consents via the channels indicated, or by contacting the Controller by e-mail at firstname.lastname@example.org. Such withdrawal shall not affect the lawfulness of the processing based on the consent given before the withdrawal.
Finally, data subjects have the right to lodge a complaint with the competent supervisory authority.