Mesotech S.r.l. (“Mesotech“) acting as Data Controller with respect to the processing of personal data would like to inform the Users (“Users“) of the website https://www.mesotech.it (“Site“) about the ways and the manners in which we process the data that we obtain from our Users, according to the new European Regulation n. 679/2016 on the processing of personal data (“European Privacy Regulation“), applicable from May 25th 2018.
1. Data Controller and Data Processors
Mesotech S.r.l. with registered office in Via A. Scarlatti 8 – 80100 Napoli, is the Data controller, which can be contacted at the following email address: email@example.com. A complete list of the Data Processors can be requested through the above-mentioned email address.
2. Personal Data Collected
According to this Policy, Mesotech will process personal data obtained from its Users; these data may include:
a) Personal data and contact details provided by the User upon the creation of the Account online;
b) Data related to purchases through the Site;
d) Data provided when requesting information or assistance;
e) Data provided when taking part in surveys, competitions or contests organized by Mesotech, provided that in this case, this Policy will be integrated by the specific Policies that deal with the processing of personal data during each contest;
Mesotech will not process health data or in general other special categories of data defined in article 9 of the European Privacy Regulation. Personal Data of minors will be processed in the ways and manners explained in paragraph 8 of this Policy.
The above-mentioned categories of data will be processed only to the extentnecessary to the purposes described in paragraph 4 of this Policy.
3. Processing of Personal Data
Personal data of the Users will be processed using automated or other means and will be protected with the implementation of adequate security measures to ensure safety and confidentiality of the personal data. Specifically, Mesotech implements technical and organizational measures necessary to ensure that personal data are protected against loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
When it is no longer necessary to process the personal data for the purpose for which they were collected, or at the end of the retention period (as further explained in paragraph 10), Mesotech will anonymize personal data and will remove identifiers.
4. Purposes of the Processing
Mesotech will require its Users to provide their personal data for the following purposes:
b) To comply with legal and regulatory obligations (defined as: “Legal Purposes“)
c) When Users give their consent, to be sent newsletters, marketing communications trough traditional and other means, including email, SMS, MMS, social network, instant messages, mobile applications, banner, fax, mail and phone, to promote and/or sell products and/or services offered by Mesotech and to conduct other surveys to evaluate the Users’ satisfaction with the Services (defined as “Marketing Purposes“);
d) When Users give their consent, to be sent marketing communication from other commercial partners in ways and manners already explained in the previous paragraph; a list of these subjects can be requested by the Users (defined as: “Marketing Purposes of Third Parties“);
e) When Users give their consent, to be sent commercial communications in the ways and manners defined at points c) and d) based on preferences, characteristics and habits of the User or to conduct analysis on this basis (defined as: “Profiling Purposes“);
f) When Users give their consent to the processing of his personal data for Marketing Purposes of Mesotech, to send no more than 3 monthly newsletters and communications related to Mesotech product/services to Users identified solely on the basis of general categories such as age range, the fact that they opened a newsletter previously sent, or how they make their purchases, (defines as: “Legitimate Interest for Marketing purposes“); and
g) To carry out activities which are functional to the transfer of branches, acquisitions, mergers, divisions or other changes and to perform such operations (defined as: “Legitimate Interest for Business Purposes“).
5. Legal Basis for the Processing
Processing of personal data for Contractual Purposes is mandatory since it is necessary for the registration on the Site, for the performance of all activities related to the Terms and Conditions of the Site, for the purchase of products online, and to enjoy specific services offered on the Site.
Processing of personal data for the Purposes of the Law is mandatory since it is required by the applicable laws. If User do not wish their personal data to be processed for these purposes, he will not be able to register to the Site, nor to enjoy the services offered through the Site by Mesotech.
Processing of personal data for Purposes of Marketing of Mesotech, for Purposes of Marketing of Third Parties and for Profiling Purposes is not mandatory, and subject to prior consent of the User. If the User does not give his consent however, Mesotech, other companies of the group and/or other selected commercial partners will not be able to inform the User about new product/services, promotions, personalized offers, or to carry out market surveys, or to send other communications and materials in line with their interests.
Processing of Purposes of Legitimate Interest of Marketing is functional to the pursuit of a legitimate interest of Mesotech, properly balanced with the interests of the Users and, considering the limitation to this form of processing explained in paragraph 4. f), will be carried out starting from May 25th 2018, when the European Privacy Regulation becomes applicable.
Processing for Purposes of Legitimate Interests of Business is carried out according to art. 24 par. 1. d) of the Privacy Code and in order to pursue the legitimate interest of Mesotech and his counterparts to carry out economic operations indicated therein, according to art. 6. f) of the European Privacy Regulation, and properly balanced with the interests of the Users, since the Processing will only be limited to the extent necessary to perform such operations.
6. Communication of Personal Data
For the Purposes explained in paragraph 4, Mesotech might communicate Users’ personal data, only where strictly necessary to each type of processing, in the following categories of subjects:
a) Employees, collaborators and suppliers of Mesotech, within the performance of their tasks and/or contractual obligation and in relation to the commercial relations with the Users;
b) Sub suppliers and/or subcontractors within the activities connected to the performance of services and products offered by Mesotech;
c) Other companies of the Mesotech Group in Italy or abroad, nationals and internationals, as explained in the following paragraph 7;
d) To Postal Offices and couriers to send and deliver products purchased by the Users and/or other materials related to the services offered by Mesotech;
e) To legal, administrative and fiscal consultants, within the limits of what is necessary or functional to the activities of Mesotech, in the ways and manners explained above;
f) To financial institutions for the management of revenues and payments deriving from the performance of the contract with the User.
Personal data of the Users will not be disclosed.
7. Overseas Transfer of Personal Data
Personal Data of the Users can be freely transferred outside the national territory to other European Countries, but they may also be transferred outside the European Union, and in particular in Russia, Japan and US.
Whenever Mesotech transfers personal data outside the European Union, it will take reasonable steps and appropriate safeguards to keep the personal data safe, according to art. 44 of the Privacy Code and articles 45 and 46 of the European Privacy Regulation.
Users will have the right to obtain a copy of the Data held abroad and to receive information on the place where the Data are kept, by asking directly to the Controller, through the contact details provided in paragraph 9 of this document.
8. Data of Subjects under 18
The services offered by the Site can be enjoyed also by subjects under 18, therefore minors. In this case, Mesotech collects and processes personal data of minors only for the purposes, and in the ways and manners explained in this Policy, in compliance with the provisions of the European Privacy Regulation for processing of personal data of minors (art. 8) and with the prior consent of a parent or another legal guardian, whose data will be collected only for the purpose of obtaining such consent.
9. Rights of the Users
In relation to their personal data, the User will be able to exercise, with no additional charge and at any time, the following rights:
a) To obtain confirmation as to whether or not personal data concerning the user is being processed, and, where that is the case, access to the personal data;
b) To know the origin of the data, the purposes and the way in which they are processed and the logic applied to processing by automated means;
c) To ask for the update, rectification or – if the user is interested – the integration of the data; d) To ask for the erasure, the anonymization or the blocking of data unlawfully processed or to object to the processing for legitimate reasons;
e) To object, fully or partially, to the processing of data for purposes of direct marketing carried out either through automated or more traditional ways;
f) To withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Together with the above-mentioned rights, starting from May 25th 2018, Users will also enjoy the rights enshrined in the following paragraph 10 b).
Users will be able, at any time, to exercise their right, to modify their contact details, to notify Mesotech of changes and updates regarding their data, to obtain further information on the processing of their personal data carried out by Mesotech, by writing an email to the following address: firstname.lastname@example.org or by calling the following number: +39 0815736072.
10. Further provisions applicable after May 25th 2018
The following provisions will become fully effective starting from May 25th 2018, when the European Privacy Regulation will be applicable
➢ Personal data collected for Contractual Purposes (par. 4.a) will be retained for the duration of the contract and for 10 years after its termination to exercise/defend a right of Mesotech, both in court and outside, where a claim should arise in relation to the contract;
➢ Personal data collected for Purposes of Law (par. 4.b) shall be retained in accordance with the specific limitation periods defined by law;
➢ Personal data collected for Marketing Purposes of Mesotech (per 4.c) shall be retained for the duration of the service provided, the participation to the contest and/or the collection; and for 2 years after the collection and/or the termination of the service offered;
➢ Personal data collected for Purposes of Marketing of Others and Profiling Purposes (par 4.d-e) shall be retained for 12 months after the collection;
➢ Personal data collected for Purposes of Legitimate Interest of Marketing (par 4.f) should be retained for all the duration of the registration of the User on the Site through his Account end/or the participation to an online contest end/or the collection and for 2 years after the cancellation/deactivation of the Account;
➢ Personal data collected for Purposes of Legitimate Interest of business (par. 4.g) will be retained for 10 years from the moment of their collection.
Once these terms have expired, Users’ personal data will be deleted/anonymized and/or aggregated.
b) Additional rights: the User, at any time and in the ways and manners explained in the previous paragraph will have the right to:
➢ Ask for a restriction of the processing when: (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (iii) Mesotech no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21.1 of the European Privacy Regulation, pending the verification whether the legitimate grounds of the controller override those of the data subject;
➢ Ask for the erasure of personal data without undue delay;
➢ Ask for the portability of his personal data.
c) Bring a claim before the National Authorities for the processing of personal data.
This document will be effective from the date indicated in the heading.
Mesotech might change and/or integrate this document, also as a consequence of further modifications and/or integration of the European Privacy Regulation. Updates and modifications will be notified in advance and Users will always be able to view the update Policy at the following link https://www.mesotech.it.
If you have doubts, questions or complaints with regard to the collection and processing of your personal data, you may contact Mesotech through the section “Contact us” of the Site or or calling the following number +39 0815736072.