- Data Controller
- Types of Processed Data
- Legal Basis for the Processing and Consequences in the case of Failure to Provide the Consent
- Methods of Data Processing
- Data Retention and Transfer
- Transmission of Data
- Rights of Data Subjects
EU Regulation 2016/679 (GDPR – General Data Protection Regulation) requires users to be informed with regard to the processing of the provided Personal Data. According to the regulation, this processing shall be based on the principles of lawfulness, fairness, transparency, and protection of your privacy and rights. In accordance with Art. 13 GDPR (EU/2016/679), we provide you the following information:
MERCURIO S.r.l., with registered office in Via Mauro Macchi 8, 20124 Milan (MI), VAT No. 02425450034 (hereinafter, MERCURIO), as Controller, will process the personal data provided through the www.mercurio-group.com website in accordance with the applicable legislation on privacy and personal data protection.
The Data object of processing are Personal Data, such as:
- User’s contact details – name, surname, e-mail address, telephone number, the content of the message and other personal data that the user might have provided when filing the contact form.
- Browsing data – log, source IP address and visited pages.
MERCURIO, in accordance with Art. 9 of the GDPR (EU/2016/679), does not require users to provide so-called “particular” data, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor does it process genetic data, biometric data which allow the unique identification of a natural person, data concerning health or a natural person’s sex life or sexual orientation.
Personal Data shall be processed for the purposes indicated below:
1) Processing of requests received based on the voluntary filing by the user of the contact form
2) Promotional, commercial and marketing activities (where the user gives separate and explicit consent to that purpose).
The processing of user’s data is lawful and is based on:
- To the aims of preceding point 3 nr 1), on the implementation of pre-contractual and contractual measures with regard to transmitted personal data;
- To the aims of preceding point 3 nr 2), on the consent as expressed by the user.
The provision of personal data is strictly necessary for the performance of the activities referred to under point 3 nr. 1), and the refusal of the user to provide and process such data prevents MERCURIO from processing requests for information or services offered by the Controller.
With reference to the purposes of the processing referred to under point 3, nr. 2), the consent to data processing is merely optional and may be expressed by ticking a specific box at the bottom of the form to be filled in. Failure to give consent will exclusively imply the impossibility to receive informative and promotional communications (including the “newsletter”) from MERCURIO.
The user may, in any case, revoke any consent given for the purposes described in point 3, nr. 2), by contacting MERCURIO at the e-mail address specified at the end of this information notice or also through a link at the bottom of any e-mail with a promotional content by MERCURIO.
Data will be processed both by computer and/or electronically and on paper support, in any case by means of instruments suitable to guarantee data’s security, confidentiality, and integrity.
Data relating to the IP address will be processed exclusively in anonymous form and for the sole purpose of obtaining anonymous statistical information on the use of the Site and to monitor its correct functioning.
Personal Data subject to processing shall be stored for the time necessary to carry out the existing business relationship and for the ten (10) years following the acquisition of the data.
IP address data shall be deleted immediately after processing.
Data will be processed and stored on servers within the EU belonging to the Controller and/or third-party companies appointed and duly appointed as data processors. Currently, the servers are located in Italy.
Personal Data shall not be disclosed but shall be made accessible for the above-mentioned purposes to the following subjects:
- to employees or collaborators of the company in their capacity as authorized persons and/or internal processors and/or system administrators
- third parties that perform outsourcing activities on behalf of MERCURIO, in their capacity as external processors.
Pursuant to Articles 15-22 of the GDPR (EU/2016/679), with reference to the transmitted Personal Data, Data Subjects have the right to:
a) Request access to the Data
b) Request Data correction
c) Request Data erasure (‘right to be forgotten’)
d) Obtain restriction in Data processing
e) Oppose the processing of Data
f) Revoke the previously expressed consent to the processing of data
g) Complain to the Supervisory Authority
Data Subjects may exercise their rights by means of communication to firstname.lastname@example.org
Updated in October 2020