According to the law of the articles 13 of the European “Privacy” Regulation (GDPR)
Meniflex srl, with registered office in S. Maria di Zevio (VR) in via Apollo XI, 25/27 – 37059 (followed by the "company" or the "owner"), owner of the treatment of personal data, here provide the privacy information according to the article 13 of the (EU) regulation 2016/679 (from now on "GDPR"), to those concerned (from now on "those concerned").
The Company, as data controller, undertakes to protect the confidentiality and rights of Data Subjects and, according to the principles laid down by the mentioned legislation, processing of the data provided will be based on the principles of integrity, lawfulness and transparency.
1. PROCESSING PURPOSES
The policy only applies to the website of the Company and not to any other websites that may be accessed by Data Subjects via links. Data Subjects may voluntarily provide their personal data that will be processed and used by the Company in order to respond to contact requests.
Such data may also be processed by electronic means and recorded in specific databases.
Failure to compile the fields with an asterisk will not allow the request to be sent.
2. PROCESSING METHODS
Data processing is carried out electronically and/or on paper, by means of recording, processing, archiving and transmission of data, also with the aid of IT tools.
The tools and media used in carrying out the processing activities are suitable to guarantee the security and confidentiality of the data.
In carrying out processing activities, the Company undertakes to:
- ensure the accuracy and updating of the data processed, promptly incorporate any corrections and/or additions requested by Data Subjects;
- adopt appropriate security measures to ensure adequate data protection, in view of the potential impact of processing on the fundamental rights and freedoms of Data Subjects;
- notify Data Subjects, within the deadlines and in the cases provided for by binding legislation, of any data breaches;
- ensure that processing operations comply with applicable legal provisions.
3. DATA COMMUNICATION AND DISSEMINATION
Without prejudice to communications made in compliance with legal obligations, in addition to the Data Controller, the personal data of Data Subjects may be known to:
- employees and collaborators of the Data Controller in their capacity as persons authorised for data processing;
- companies belonging to the same group to which the Data Controller belongs;
- authorities in general, administrations, public bodies and agencies, both domestic and foreign;
- third party service providers;
exclusively for the purposes listed above in accordance with any consent provided by Data Subjects. Personal data will not be disseminated.
4. TRANSFER ABROAD
Personal data is stored and processed in the European Union.
In the event of any processing of personal data outside the European Union, such processing will be carried out only after the adoption of adequate guarantees, as required by binding legislation.
5. DATA RETENTION POLICY
The Company retains personal data in its systems in a form that allows the identification of data subjects according to the following criteria:
- for a period of time not exceeding achievement of the purposes for which it is processed, unless otherwise provided for by regulatory or contractual obligations;
- to comply with specific regulatory or contractual obligations;
- where applicable and legitimate, until such time as the data subject requests cancellation.
6. LEGAL BASIS OF PROCESSING
The Data Controller processes Personal Data relating to the User if one of the following conditions is met:
- the User has provided consent for one or more specific purposes;
- the processing is required for executing a contract with the Userand/or for executing pre-contractual measures;
- the processing is required to fulfil a legal obligation to which the Data Controller is subjected;
- the processing is required for executing a task in the public interest or for the exercise of public powers vested in the Data Controller;
- the processing is required for the pursuit of the legitimate interest of the Data Controller or of third parties.
It is nevertheless always possible to ask the Data Controller to clarify the concrete legal basis of any processing and in particular to specify whether the processing is based on the law, provided for by a contract or required to conclude a contract.
7. RIGHTS OF DATA SUBJECTS
Data Subjects may assert their rights, recognised by binding legislation and in particular by Articles 15 to 22 of the GDPR, namely:
- Right of access: right to obtain confirmation from the Data Controller whether or not personal data is being processed and, if so, to obtain access to personal data and further information on the source, purpose, categories of data processed, recipients of communication and/or transfer of data, etc.
- Right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, also by providing a supplementary declaration.
- Right to erasure: right to obtain from the Data Controller the erasure of personal data without undue delay if:
- the personal data is no longer necessary with respect to the processing purposes;
- the consent on which the processing is based has been withdrawn and there is no other legal basis for processing;
- the personal data has been unlawfully processed;
- personal data must be erased in order to fulfil a legal obligation.
- Right to object to processing: right at any time to object to the processing of personal data that has a legitimate interest of the Data Controller as the legalbasis.
- Right of restriction of processing: right to obtain from the Data Controller the restriction of processing, in cases where the accuracy of the personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and the Data Subject has objected to the processing, if the personal data is necessary for the Data Subject to ascertain, assertor defend a right in court or if, following objection to processing, the Data Subject is awaiting verification as to whether or not the legitimate interest of the Data Controller prevails.
- Right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only in cases where the processing is based on consent or on a contract and only for data processed by electronic means.
- Right not to be subjected to automated decisions: right to obtain from the Data Controller not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning Data Subjects or which significantly affect them, unless such decisions are necessary for the conclusion or execution of a contract or are based on the consent provided by Data Subjects.
- Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or legal remedy, Data Subjects who believe that processing that concerns them violates the GDPR have the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided for by the GDPR, Data Subjects may contact the Data Controller at the following address:
Meniflex srl, with headquarters in S. Maria di Zevio (VR) in via Apollo XI, 25/27 – 37059 Tel.045 6050132, email