INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 - GDPR
A) General Information
- This policy contains information on how messagegroup.it handles the data of users registered on the site. It is provided only for messagegroup.it and not for other web sites that may be consulted by the user by following links contained therein.
- The purpose of this policy is to provide guidelines on the methods, times and nature of the information that the data controllers must provide to users when they access the messagegroup.it web pages, regardless of the purposes of the access itself, in accordance with Italian and European legislation.
- This policy may be subject to changes due to the introduction of new legislation in this regard. Therefore we encourage the users to check this page periodically.
- If a user is under 16 years of age, in compliance with Article 8, paragraph 1 of the Regulation (EU) 2016/679, he/she must legitimise his or her consent by means of the authorisation of his or her parents or legal guardian.
- This policy was updated on 05/11/2018 to comply with the relevant regulatory provisions, and in particular Regulation (EU) 2016/679.
B) Data processing
1 - Data Controller
- The Data Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. He also manages security profiles.
- As regards this website, the Data Controller is the company Message SPA and, for any clarification or exercise of users rights, please write an email to the address: firstname.lastname@example.org.
2 - Data Processor
- The Data Processor is the natural or legal person who processes personal data on behalf of the Data Controller.
- Pursuant to Article 28 of Regulation (EU) 2016/679, by appointment of the Controller, the Processor of the data of this site is Message SPA.
3 - Data processing location
- The processing of data generated by the use of messagegroup.it takes place at Message SPA, Via Monte Navale 1, Ivrea, 10015 Turin.
- If necessary, the data related to the newsletter service may be processed by the Data Controller or Data Processor and/or by the entities appointed by them for this purpose at the above-mentioned locations.
Please refer to the dedicated page.
D) Processed data
1 - Data Processing Methods
- Like all websites, this website makes use of log files that store information collected automatically during the user visits. The information collected may include the following (this list is intended as a guide only and is not exhaustive):
- internet protocol (IP) address;
- browser type and parameters of the device used to access the site;
- name of the internet service provider (ISP);
- date and time of access;
- the visitor's source (referrals) and exit web pages;
- clicks made by the user and URLs of the pages visited.
- The aforementioned information is processed automatically and exclusively collected in aggregate form in order to obtain statistical information on the use of the services (most visited pages, number of visitors per time or day slots, geographical areas of origin, etc.) or to check the correct functioning of the site/services offered, and for security reasons. Such information will be processed according to the legitimate interests of the controller.
- For security purposes (spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used, in accordance with applicable laws, to block attempts to damage the site or to harm other users, or in any case to block harmful or criminal activities. Such data is never used to identify or profile the user, but only for the purpose of protecting the site and its users.
- The information that users of the site decide to make public through the services and tools made available to them is knowingly and voluntarily provided by the user releasing this site from any liability resulting from a breach of the law. It is the user's responsibility to check that he or she has permission to enter personal data of third parties or content protected by national and international regulations.
2 - Purposes of data processing
- The data collected by the site during its operations are used for the above-described purposes and for sending the newsletters every two weeks.
- The data will be stored for the period strictly necessary to achieve the afore-mentioned purpose and in any case for a period no longer than 10 years.
- The data used for security purposes (blocking attempts to damage the site) are stored for the time strictly necessary to achieve the aforementioned purpose.
3 - Data provided by the user
- As indicated above, the optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, which is necessary in order to reply to requests, as well as any other personal data included in the message.
- Specific summary information will be gradually reported or displayed on the pages of the site set up for particular services on requests.
E) Security of the data provided
This site processes user data in a lawful and correct manner, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. The processing is carried out using computer and/or telematic tools, while adopting organisational methods and logics strictly related to the set out purposes.
In addition to the Controller, in some cases, some categories of people involved in the organisation of the site (administrative, commercial, marketing, legal, system administrators) or external entities (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
F) User Rights
- Article 13, paragraph 2 of Regulation (EU) 2016/679 lists the rights of the user.
- The messagegroup.it site therefore intends to inform the user of the existence of:
- the right of the data subject to request from the controller access to personal data (Article 15 of Regulation EU), their updating (Article 7, paragraph 3, letter a) of Italian Legislative Decree 196/2003), rectification (Article 16 of Regulation EU), supplement (Article 7, paragraph 3, letter a) of Italian Legislative Decree 196/2003) or restriction of processing (Article 18 Regulation EU), as well as to object to processing for legitimate reasons (Article 21 of Regulation EU), as well as the right to data portability (Article 20 of Regulation EU);
- the right to erasure (Article 17 of Regulation EU), transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which they were collected or subsequently processed (Article 7, paragraph 3, letter b) of Italian Legislative Decree no. 196/2003);
- the right to obtain certification that the operations of data updating, rectification, supplement, erasure, blocking and transformation have been brought to the attention, also as regards their content, of those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right protected (Article 7, paragraph 3, letter c) of Italian Legislative Decree no. 196/2003);
- Requests may be informally sent to the Controller or alternatively, using the template provided by the Data Protection Authority, or by sending an email to: email@example.com.
- If the processing is based on Article 6, paragraph 1, letter a) – express consent to use – or Article 9, paragraph 2, letter a) – express consent to use genetic, biometric, health-related data, data revealing religious or philosophical beliefs or trade-union membership or data revealing racial or ethnic origin, political opinions – the user has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.
- Similarly, in the event of a breach of the law, the user has the right to lodge a complaint with the Data Protection Authority, as the authority responsible for monitoring data processing in Italy.
- For a more in-depth analysis of the user's rights, see Articles 15 et seq. of Regulation (EU) 2016/679 and Article 7 of Italian Legislative Decree 196/2003.