Information on the processing of email marketing data
- The “DATA CONTROLLER“ Mexedia S.p.A. SB Via Affogalasino 105, 00148 Rome
- For the purposes expressed in this policy, only non-particular personal data will be processed.
- Purposes of processing, data, provision, basis for lawfulness of communication to third parties and storage times, transfers outside the European Economic Area (EEA)
A – Purpose of sending email marketing |
More details Forwarding of commercial communications by automated mailing to the email address provided by the data subject. You can object at any time, either through automated procedures managed with links placed at the bottom of each communication you will receive or by contacting the data controller without formalities. Opposition to the processing is easy and free. If you do not provide your data: it will not be possible to forward communications without any other prejudice. |
What data do we process? Name, surname, any company to which the user may belong if provided, email address |
With what legal basis: art.6 Letter A) |
For how long? We process the data for this purpose until the data subject objects. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same. |
B – Management of data subjects’ rights |
More details The purpose is linked to the reception, analysis and management of requests to exercise the rights of data subjects, including interaction with the data subject and providing the appropriate answers and clarifications. The data subject shall receive a response as soon as possible and, in any case, within the legal deadline. The data subject shall receive a response, with the appropriate reasons, even if the request cannot be accepted If you do not provide the data: it will not be possible to manage requests |
What data do we process? According to the type of request, we process all the necessary data to guarantee the correct exercise of the rights of the data subjects. |
With what legal prerequisite: Guaranteeing the exercise of rights is a precise legal obligation Article 6 letter C GDPR |
For how long? The data are processed for the time necessary to manage the requests and to verify the same. Storage, as a rule, is for 5 years. It should be borne in mind that the data can be processed, according to the principle of minimisation (therefore using only the data strictly necessary for the specific case) for the defence of the data controller (in court or before authorities), or for any disputes until the conclusion of the same. |
- Disclosure to third parties
Your data will not be disclosed. They will be processed with technological, IT and consulting service providers who, as a rule, operate as data processors. These parties may also include group companies that offer services to the data controller. It is understood that the data will be processed in accordance with the principle of minimisation, favouring, where possible, anonymous or anonymised data. In particular, the categories of subjects can be the following: Parties, including Group companies, who carry out/provide technical and organisational tasks/services on behalf of the data controller, including the organisational and technological support necessary for the provision of the service or the management of the activity subject to processing Firms and companies in the field of support and consulting relationships The data may also be communicated to independent third parties with particular reference to public authorities, perhaps including law enforcement authorities, when the legal conditions are met and in the exercise of their functions. |
- Transfers outside the European Economic Area (EEA)
The data are processed in the European Union. If the transfer is necessary, the guarantee instruments provided for by the GDPR shall be used: adequacy decisions of the EU commission or the standard contractual clauses as promoted by the EU commission itself to regulate transfer relationships outside the European Economic Area and with any supplementary measures as also provided for by the EDPB indications. |
- Rights of the data subject Articles 15, 16, 17, 18, 19 20, 21 and 77 of the GDPR Rights of the data subject Articles 15, 16, 17, 18, 19, 20, 21, and 77 of the GDPR.
We inform you of the existence of the right to know the recipients of the possible communication, access to personal data, rectification, deletion and possibly complete deletion, limitation of processing, data portability and opposition at any time to the processing of personal data concerning you.
We also inform you that, if the basis of lawfulness is consent, you have the right to revoke it at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (Article 7, paragraph 3, of the GDPR).
Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the member state where you usually reside, work or in the place where the alleged violation occurred, which in Italy corresponds to the Guarantor Authority for the Protection of Personal Data, whose references can be found on www.garanteprivacy.it or you can activate your protection actions also by contacting the judicial authority. You can exercise these rights simply by contacting the data controller through the contacts indicated in this policy or on the company websites.
It is understood that the exercise of rights will be promptly assessed and guaranteed, where possible, as in certain cases, requests must be weighted in conjunction with other regulatory impositions that could limit the exercise.
It is understood that even in cases where the requests to exercise the rights cannot have been followed, the data subject shall be promptly informed of the circumstance and the reasons for it.
- Contact details of the DPO: either at the registered office of the data controller or DPO@MEXEDIA.COM
This information was prepared on _180723