1. Data Controller
2. Legal basis of the processing
M Stretch S.p.A. carries out the processing of personal data:
– on the basis of the consent given by the user for requesting information, pursuant to art. 6, par. 1, lett. a) GDPR;
– to enforce the contractual obligations of the interested party, pursuant to art. 6, par. 1, lett. b) GDPR;
– to fulfill a legal obligation to which the Data Controller is subject, pursuant to art. 6, par. 1, lett. c) GDPR.
3. Personal data collected
- Browsing data
The computer systems and software procedures used to operate this website regularly acquire some personal data that are then transmitted by means of Internet communication protocols. We are dealing with information that, by its nature, could allow users and visitors to be identified through associations and processing with data held by third parties.
This category of data includes, for example, the IP address, the domain names of the computers used by the users/visitors that connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the date and time of the request and the method used in submitting it, the size of the response file, the numeric code indicating the status of the response given by the server and other parameters relating to the operating system and the computing environment of the user.
These data are collected automatically and exclusively in order to allow browsing on the website, and they can also be used for statistical surveys in a completely anonymous manner. The data could be used by the Judicial Authority to check the responsibility in the event of hypothetical computer crimes against the website.
- Data provided voluntarily and directly by users
The user is free to provide the personal data requested in the forms or indicated in specific sections of the website in order to obtain information or other communications. Their absence does not involve the impossibility of obtaining what is required also anonymously.
By way of example, the name, surname and contact details are covered by this category of data. Any request for information or service from the user/visitor will entail the acquisition by M Stretch S.p.A. of the sender’s address and/or any other personal data that will be processed exclusively in order to respond to the request, or to provide the related service.
4. Purpose of processing
The purpose of data processing is to:
- provide services offered through the website;
- perform instrumental activities for the Company in order to improve services and/or guarantee its functionality.
For security purposes, the data automatically registered may also include personal data such as, for example, the IP address. This could be used in compliance with the laws in force on the matter, to block attempts that could damage the website, to cause damage to other users or, in any case, harmful activities or activities representing a crime. These data are never used for user’s identification or profiling, but only for protecting the website and its users. The data used for website security purposes (blocking attempts that could damage the website) is stored for 7 days.
5. Nature of data provision
- No consent is required for processing the personal data collected for the purposes referred to in point 4 of the previous paragraph, as they are used for the fulfillment of legal and contractual obligations connected to the provision of the services offered.
- The compilation of the forms and the consequent provision of data are optional and are necessary to respond to the requests included in the message by the Customer/User. Failure to provide the aforementioned data will make it impossible to process the request received.
6. Processing method
The processing of data for the aforementioned purposes is carried out using both automated methods, electronic or magnetic, and non-automated, on paper, in compliance with the privacy and security rules provided for by the Law, the Guidelines and internal regulations.
7. Storage time and security of the processing
Personal data are processed for the time strictly necessary to fulfill the purposes referred to in point 4) and for which they were collected. Specific security measures are followed in order to prevent the loss of data, illegal or incorrect use.
8. Communication recipients
The processing operations related to the web services of this website are only carried out by the internal staff of the Data Controller, specifically identified as “personnel authorized for processing”, and occasionally, by subjects involved in the maintenance/management of this website, assigned as External data processors.
9. Rights of the interested party
According to articles 15-22 of the GDPRT, the user has the right to access at any time the data concerning him/her. In particular, the user may request the correction, deletion or processing limitation of the data in the cases provided for by art. 18 of the GDPR, the revocation of the consent according to art. 7 of the GDPR, and to obtain the portability of data concerning him/her in the cases provided for by art. 20 of the GDPR.
As an interested party, where applicable, the user also has the right to lodge a complaint with the Guarantor for the Protection of Personal Data in the capacity of the Supervisory Authority (Reg. No. 679/2016, art. 77), according to the procedures provided for by art. 142 of Legislative Decree no. 196/2003, amended by Legislative Decree no. 101/2018.
The user may also make a request to oppose the processing of the data according to Article 21 of the GDPR; the request must include evidence of the reasons justifying the opposition: the Data Controller reserves the right to assess the request, which cannot be accepted in the event of binding legitimate reasons that justify the processing and prevail over the interests, rights and freedoms of the individual.
Requests should be addressed in writing to the Data Controller at the aforementioned contact details, specifying the subject of the request and the right to be exercised.