Information for
the processing of personal data
art. 13 of EU Regulation no. 679/2016
This page describes how the site is managed in relation to the processing of personal data of users who consult it.
This information is also provided pursuant to art. 13 of EU Regulation no. 679/2016 Regulation on the protection of personal data for those who interact with the web services of M&B Srl accessible electronically from the address:
https://www.molluscobalena.it/
The information is provided only for the site indicated above and not for other websites that may be consulted by the user via links.
The information is also inspired by Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of directive no. 95/46/EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online, and, in particular, the methods, times and nature of the information that data controllers must provide to data subjects. users when they connect to web pages, regardless of the purpose of the connection.
THE “OWNER” OF THE TREATMENT
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The “owner” of their processing is M&B S.r.l. via Croce Coperta, 11 – 40128 – Bologna (BO) – VAT number: 03553041207 – Tel: 051 5871676 – E-mail: info@molluscobalena.it
PLACE OF DATA PROCESSING
The processing connected to the web services of this site takes place at the aforementioned headquarters of M&B Srl and is handled only by employees or collaborators authorized to process.
No data deriving from the web service is communicated or disseminated. However, Internet providers receive users’ browsing data as necessary to carry out their activities, while companies that provide assistance and maintenance services on IT systems may come into contact with user data in the event of maintenance work. on systems.
The personal data (personal data, e-mail address, contact details, CVs) provided by users via the contact form“Send us your request” or via contacts on the site are acquired and used to sole purpose of responding to requests sent to us. The legal basis identifiable in this case is the legitimate interest of the owner in following up on the requests received.
The personal data (email address, personal data) provided by the user via the newsletter subscription form are used by us to send promotional material to the email addresses of subscribers.
The treatments indicated above are based on the consent of the interested party, which can be revoked at any time via the link in each newsletter.
TYPES OF DATA PROCESSED
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters three relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, data on web contacts currently do not persist for more than seven days
Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.
Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
OPTIONAL PROVISION OF DATA
Apart from what is specified for navigation data, the user is free to provide personal data contained in the request forms or otherwise indicated in contacts with the Office to request the sending of informative material or other communications.
Failure to provide them may make it impossible to obtain what is requested.
Before releasing the data, reading of the information is proposed, with a request for consent to the processing of the released data.
METHOD OF TREATMENT AND STORAGE
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected.
The data are processed by specifically authorized and trained internal staff, in the event that we use external parties they will be appointed as data controllers as required by art. 28 of EU Regulation 2016/679
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
RIGHTS OF THE INTERESTED PARTY
In relation to the aforementioned treatments and the related data existing in our archives, the rights referred to in Chapter III, articles may be exercised. From 15 to 22 of EU Regulation 2016/679, specifically:
- Right of access (art.15);
- Right of rectification (art.16);
- Right to cancellation (so-called right to be forgotten, art.17);
- Right to limit processing (art.18);
- Right to data portability (art.20);
- Right to object (art.21).
In order to exercise your rights, you may contact the undersigned by telephone, post or e-mail using the contact details indicated at the head of this information.
RIGHT TO SUBMIT A COMPLAINT TO A SUPERVISORY AUTHORITY
Pursuant to art. 13, paragraph 2, letter. d) You are informed of the right to lodge a complaint with the Personal Data Protection Authority if you find a violation of your rights as an interested party or for issues relating to the processing of your personal data.
Requests relating to the above-mentioned articles of EU Regulation no. 679/2016, must be forwarded to the Data Controller using the contacts indicated at the head of this information.
Information for the processing of personal data
In implementation of the New EU Regulation no. 679/2016 we inform you that:
The data controller is M&B S.r.l. with registered office in via Croce Coperta, 11 – 40128 – Bologna (BO) – VAT number: 03553041207 – Tel: 051 5871676 – E-mail: info@molluscobalena.it – PEC: meb-srl@arubapec.it.com
The aforementioned Regulation provides for a series of obligations for those who carry out “processing” (i.e. collection, recording, processing, storage, communication and other processing listed in Article 4 of the Regulation) of personal data relating to natural persons.
Purpose of processing and legal basis
We process our customers’ data on the basis of a contract or pre-contractual measures in order to manage the contractual relationship and active invoicing, from an operational, technical and administrative point of view, the services purchased by the user, respond to requests for information, provide IT consultancy; on the basis of a legal obligation in order to fulfill tax and accounting obligations.
We process the data of our suppliers on the basis of a contract or measure pre-contractual ures in order to manage the commercial relationship, passive invoicing and deliveries of supply materials; on the basis of legal obligations in order to fulfill tax and accounting obligations.
When the processing is based on a legal or contractual obligation or is necessary for the conclusion of a contract you are obliged to provide the personal data; In case of your refusal to provide the data or to consent to their processing or communication, the following may result:
- the impossibility of establishing or continuing the relationship, or carrying out certain operations, if the data are necessary for the execution of the relationship or operation;
- the impossibility of carrying out certain operations which require the communication of data to subjects functionally connected to the execution of the same;
In the provision of management services for domains, web spaces, e-mails, websites, e-commerce, web marketing and training we may come into contact (as Data Controller appointed by individual Data Controller customers) with data, as well as that of our customers and suppliers, including customers, suppliers and employees of our customers. This data can be stored on our cloud-hosted servers (in the event that the customer has purchased a web hosting service) or can be viewed by us in the event of system maintenance interventions and are in no way disclosed or disclosed by us. communicated to third parties, unless a legitimate request is made by the judicial authority or the judicial police aimed at the prevention and prosecution of crimes. M&B Srl has implemented and implements adequate security measures aimed at ensuring the integrity and resilience of the systems and the confidentiality of the data, as required by art.32 of EU Regulation 2016/679.
Type of data collected
We collect the identification data of suppliers and customers and process them for the sole purposes set out above. The third-party data stored on our servers or viewed by us includes both identifying data and data indirectly attributable to natural persons; their processing is necessary for the provision of our services and they are treated by us as Data Controllers.
Treatment methods
The processing will be carried out using paper, IT and telematic tools and supports in compliance with the provisions of law, regulation and company policy aimed at guaranteeing security, confidentiality, availability and integrity, as well as accuracy, updating and the relevance of the data to the purposes declared below. The processing will take place in compliance with the principles of correctness, lawfulness and transparency.
The data will be processed by specifically authorized and trained internal staff, and in the event that an external party is used for the processing of some data, the subject in question will be appointed as Data Controller through a regular contract as required by art. 28 of the Regulation.
Recipients of the data
Customer data can be communicated:
- to the following public and private bodies, also following inspections or checks: Financial Administration, Tax Police bodies, Postal Police, Judicial Authorities, Judicial Police bodies, Chamber of Commerce, professional firms that provide accounting data processing services and tax, credit institutions, recognized certification authorities for issuing website certificates, Internet service providers, software maintenance companies;
- to subjects who can access your data pursuant to legal provisions or secondary or community legislation.
Supplier data may be communicated to:
- to the following public and private bodies, also following inspections or checks: Financial Administration, Tax Police bodies, Postal Police, Judicial Authorities, Chamber of Commerce, professional firms that provide accounting and tax data processing services, institutes of credit, software maintenance companies.
No personal data is transferred to a third country or to an international organisation.
Data retention time
Customer and supplier data relating to invoicing and accounting obligations are retained no later than 10 years from the closing of the last financial statement or from the expiry of the contract, unless further legal obligations are met.
The data stored in our server farm are stored no longer than the duration of the service contract and in any case no longer than the cancellation request by the customer.
In case of data display following maintenance work systems engineering we do not save or store such data, except for the time strictly necessary to fulfill the request for assistance.
Rights of the interested party
In relation to the aforementioned treatments and the related data existing in our archives, the rights referred to in Chapter III, articles may be exercised. From 15 to 22 of EU Regulation 2016/679, specifically:
- right of access (art.15);
- right of rectification (art.16);
- right to cancellation (so-called right to be forgotten, art.17);
- right to limit processing (art.18);
- right to data portability (art.20);
- right of opposition (art.21);
In order to exercise your rights, you may contact the undersigned by telephone, post or e-mail using the contact details indicated at the head of this information.
Right to lodge a complaint with a supervisory authority
Pursuant to art. 13, paragraph 2, letter. d) You are informed of the right to lodge a complaint with the Personal Data Protection Authority if you find a violation of your rights as an interested party or for issues relating to the processing of your personal data.
Requests relating to the above-mentioned articles of EU Regulation no. 679/2016 can be addressed directly to the Data Controller or to the Guarantor Authority for the Protection of Personal Data.