PRIVACY POLICY
STATEMENT ON THE PROCESSING OF PERSONAL DATA
MA-FRA S.p.A. (hereinafter, for the sake of brevity, “MA-FRA”, or the “Company”) informs you that the personal data acquired when you browse this website will be processed in compliance with the law on the protection of personal data.
With reference to the methods of management and processing of the personal data of users who browse this site, MA-FRA provides the following information pursuant to Article 13 of EU Regulation no. 679/2016 (so called GDPR):
- Data Controller
MA-FRA S.p.A., VAT no. 02916980960, with registered office in Via Aquileia n. 44 – 20021 Baranzate (MI), is the Data Controller of the personal data of users who browse this site.
The Company can be contacted at the e-mail address privacy@mafra.it
- Types of Data collected
By browsing this website, MA-FRA processes personal data, consisting in browsing data, personal data voluntarily provided by the user and personal data collected through cookies, as identified below.
- Browising data
The information technology systems and software procedures that enable the functionality of this site acquire, during their normal utilisation, certain personal data that is implicitly transmitted to the Company because of the use of internet communication protocols.
This category of data includes:
- the IP addresses or domain names of the computers used to access the site,
- the MAC (Media Access Control) addresses,
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources,
- the time of the request,
- the method used to submit the request to the server,
- the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and
- other parameters relating to the operating system and the user’s information technology environment.
- Data provided voluntarily by the user
Should the user contact MA-FRA through the channels (telephone and e-mail) made available on this site, he or she will transmit personal data that will be processed by the Company.
The Data Subject is invited not to provide personal data revealing his/her racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data, data concerning health or sex life or sexual orientation (i.e. “sensitive data”). Such data will be deleted immediately in the absence of an explicit declaration of consent to its processing by the Data Subject.
- Cookies
The site uses technical cookies (session and navigation) to ensure normal navigation, use of the website (allowing, for example, to view content from external platforms such as videos on YouTube).
The site also uses third-party analytical cookies to monitor the use of the site by users and provide personalized commercial content. In addition, analytical cookies are used to optimize the web platform and to create statistics.
For all information relating to the processing of personal data carried out through cookies, please refer to the extended cookie policy, which can be reached on every page of the site.
- Purpose and legal basis of the processing
Browsing data referred to in point 2, letter a) are used:
- to provide the service and check its correct functioning, as well as to obtain anonymous statistical information and heat mapping on the use of the site. The legal basis that legitimizes the processing of personal data for this purpose is set out in art. 6 par. 1, lett. b), GDPR, i.e. because the processing is necessary to provide the user with the requested service;
- to comply with legal obligations, regulations or requests from judicial authorities. The legal basis that legitimizes the processing of personal data for this purpose is set out in art. 6 par. 1, lett. c), GDPR, i.e. because the processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- to assert or defend in court a right of Ma-Fra. The legal basis that legitimizes the processing of personal data for this purpose is set out in art. 6 par. 1, lett. f), GDPR, i.e. because the processing is necessary to establish, exercise or defend a right of the Company in court.
The data provided voluntarily by the user indicated in point 2, letter b) are processed to:
- respond to your requests (by email, telephone or other contact channels). The legal basis that legitimizes the processing of personal data for this purpose is set out in art. 6 par. 1, lett. b), GDPR, i.e. insofar as the processing is carried out to provide the user with the requested service;
- comply with legal obligations, regulations or requests from judicial authorities. The legal basis that legitimizes the processing of personal data for this purpose is to be found in art. 6 par. 1, letter c), GDPR, i.e. because the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
- Data retention period
The personal data collected and processed from browsing this site will be stored for the entire period of provision of the service and in any case deleted or made anonymous within 15 days.
The personal data sent voluntarily by users through the channels indicated on the site will be deleted after having provided the requested service or responded to them and in any case within a maximum period of 15 days from the end of this activity, with the exception of those necessary for compliance with fiscal, accounting and administrative regulations or to comply with other legal obligations and to document the activities carried out.
- Processing methods
The personal data collected will be processed, stored and analysed with electronic tools and will be stored both on computer and paper supports, organized in databases, and on any other type of suitable support.
Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorised access to data.
The processing of personal data carried out by MA-FRA does not involve automated decision-making processes.
- Disclosure of personal data
The disclosure of browsing data is a necessary requirement for the provision of the requested service (website browsing) and therefore mandatory for this purpose: failure to communicate personal data by the Data Subject will make it impossible for MA-FRA to allow you browsing on this site.
The communication of the data provided voluntarily by the user is a necessary requirement for the provision of the requested service (request for contact with the Company) and therefore mandatory for this purpose: failure to communicate personal data by the Data Subject will make it impossible for MA-FRA to respond to the contact requests received from the user.
- Subjects to whom personal data may be communicated
The personal data collected will not be disclosed indiscriminately and may be communicated to:
- authorized personnel within the Data Controller,
- subjects who have the right and interest to access your personal data by provision of law or secondary and/or EU regulations,
- companies, associations or professional firms that provide services and activities on behalf of the Data Controller, as Data Processor, in particular for the supply of ICT services (e.g. web hosting services, cloud providers, etc.), for the fulfilment of legal obligations, as well as for any organisational and administrative need necessary for the activities carried out by the Data Controller.
The names of the subjects who may become aware of your personal data in their capacity as “Data Processors” are shown in an updated list available at MA-FRA (to be requested at the addresses indicated in point 1).
- Transfer of data outside the European Economic Area or to international organisations
Within the scope of the processing operations described in this policy, MA-FRA does not transfer personal data outside the European Economic Area or to international organizations.
- Data subject’s rights
In relation to the processing of data regulated by this policy, the Data Subject has the right to exercise at any time the rights provided for by EU Regulation no. 679/2016 (GDPR).
- Right to be informed of any processing of your personal data (pursuant to Art. 13 GDPR). The Data Subject has the right to obtain confirmation as to whether or not his or her personal data is being processed and, if so, must be informed about any aspect relating to the processing operations, including, for example, information about:
- the Data Processors (who process the data on behalf of the Data Controller),
- any other recipient of the data (to whom your personal data may be disclosed),
- the purposes and legal basis of processing,
- the types of data processed,
- the period for which the data will be stored,
- the transfer of personal data to third countries or international organisations.
- Right of access to your personal data, as well as the right to rectification of inaccurate data and the right to have incomplete data completed.
- Right to erasure (so-called right to be forgotten) under the conditions established by art. 17 GDPR, for example, when your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- Right to restriction of processing for the purposes and/or methods for which your personal data were collected, under the conditions set out in Article 18 GDPR.
- Right to data portability, i.e. the right to receive a copy of all personal data that you have provided to the Data Controller or to have your personal data transmitted directly from one Controller to another.
- Right to withdraw consent, when expressed to legitimize the processing of your personal data. This right may be exercised at any time, without prejudice to the lawfulness of the processing based on consent given before its withdrawal.
- Right to lodge a complaint with a Supervisory Authority, should you believe that the processing of your personal data violates the regulations in force. In such a case, you will have to contact the Supervisory Authority of the Member State of your habitual residence, place of work or place of the alleged infringement. The contact details of the Italian Supervisory Authority (Garante per la Protezione dei Dati Personali) can be found on the Its website.
In addition, the Data Subject has the right to object to the processing of his or her personal data when the processing:
- is necessary for the performance of a task carried out in the public interest,
- it is necessary for the pursuit of a legitimate interest of the Data Controller,
- it has direct marketing purposes, including profiling.
To exercise the rights listed above, the Data Subject may send a request by email to privacy@mafra.it
The Company will respond to such requests within a maximum period of 30 days.