PRIVACY INFORMATION PURSUANT TO THE GENERAL EU REGULATION ON DATA PROTECTION N. 2016/679 (“GDPR”)
Made to Measure srl (hereinafter also referred to as “Dimorecentrale“), P.IV.A./C.F. 06248890961, based in 20121 Milan, Via Solferino 11, as Data Controller, wishes to provide you with clear and simple indications about the processing of your personal data. In case of any doubt or clarification regarding the following, we invite you to contact us at the addresses indicated below: email@example.com.
1. Main definitions
“Personal data” is any information concerning an identified or identifiable natural person (“Data Subject“); the natural person who can be identified, directly or indirectly, with particular reference such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered identifiable, physiological, genetic, psychic, economic, cultural or social.
« Data Processing » is any operation or set of operations, carried out with or without the aid of automated processes applied to Personal Data, such as the collection, registration, organization, structuring, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination, making available, comparison, interconnection, limitation, cancellation, destruction.
“Data Controller” is the natural or legal person who, individually or together with others, determines the purposes and means of the processing of Personal Data. When the purposes and means of such processing are determined by the law of the Union or of the Member States, the Data controller or the specific criteria applicable to its designation may be established by the law of the Union or of the Member States;
“Joint owner” is the natural or legal person who jointly determines, with one or more Data Controllers, the purposes and means of the processing of the personal data of the interested party, the responsibilities for compliance with the obligations deriving from applicable legislation. “Data Processor” is the natural or legal person who processes Personal Data on behalf of the Data Controller.
“Consent” of the interested party is the manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses its consent, through unequivocal declaration or positive action, so that the personal data concerning him are subject to treatment.
“Marketing” means the carrying out of commercial, advertising and promotional activities, such as, for example, non-exhaustive sending of advertising material, direct sales, carrying out market research or commercial communication, or promotional activities carried out in the context of events and prize promotions promoted by the Owner.
“Profiling” is the treatment with IT and automated means consisting of the use of personal data to evaluate certain personal aspects or related to professional performance, the economic situation, personal preferences, interests, reliability in payments, behavior, l location or movement of the natural person.
2. In relation to the individual service requested, the Data Controller may process your Personal Data for the following purposes and legal bases:
A) without express consent for the following purposes:
a. to conclude the contract to be able to use the services of the owner;
b. request specific information regarding the owner’s products;
c. fulfill the obligations established by law, by a regulation, by EU legislation or by an order of the Authority (such as for example in the matter of anti-money laundering);
d. processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.
The information transmitted will be processed directly by the Data Controller and / or by third parties who provide data processing services or who carry out activities strictly related to the provision of services. In particular, the IT systems acquire some data such as IP addresses, access times and other reference parameters of the Data Subject, with the sole purpose of verifying the correct functioning of the system and possibly, of detecting anomalies or ascertaining responsibility in case of crimes computer. Once collected, the data is archived for one year.
B) Only subject to specific and distinct consent for the following marketing purposes, market research and profiling of the Owner.
What are cookies and what are they for?
Cookies are small text files that the sites visited by the user send directly to his terminal (usually to the browser), where they are stored and then retransmitted to the same sites on the next visit by the same user (so-called first-party cookies). While browsing a site, the user can also receive cookies from different sites or web servers on his terminal (so-called third-party cookies); this happens because on the visited website there may be elements such as, for example, images, maps, sounds, specific links to web pages of other domains that reside on servers other than that on which the requested page is located. In other words, they are those cookies that are set by a website other than the one you are currently visiting.
Cookies can have a duration limited to a single browsing session on the browser (so-called session cookies), and in this case they are automatically deactivated when the user closes the browser; or they can have a predetermined expiration and, in this case, they will remain stored and active on your hard disk until that expiration date, continuing to collect information during different browsing sessions on the browser (so-called permanent cookies).
Purpose of the processing and purposes of the technical session cookies.
Cookies are used for various functions. Some are necessary to allow you to browse the site and take advantage of its features (so-called technical cookies). Others are used to obtain statistical information, in aggregate or non-aggregate form, on the number of users who access the site and on how the site is used (so-called monitoring or analytics cookies). Finally, others are used to track your consumer profile and display advertisements on the Site that may be interesting to you, as they are consistent with your tastes and your consumption habits (so-called profiling cookies).
Monitoring or “analytics” cookies
Analytics cookies are used on the site to collect statistical information, in aggregate or non-aggregate form, on the number of users who access the site and how they visit the site.
The analytics cookies on this Site are third-party cookies, since they are not directly conveyed by us but third parties are not installed directly by the Company but by third parties.
The following third-party analytics cookies are less invasive as they are anonymized, since third parties cannot access disaggregated analytics data at the IP address level (in other words, by using these cookies, third parties cannot trace your identity), are blocked before consent.
Of course, you are free to block the installation of analytics cookies at any time, without the possibility of visiting the Site and enjoying its contents being compromised in any way. To know how to do it, carefully read the information on third-party cookies by following the links in the table above.
3. Methods and period of data retention
The processing of your personal data will be carried out in order to guarantee adequate security and confidentiality and to prevent unauthorized access or use of Personal Data. Therefore, your Personal Data will be processed and stored in full compliance with the principles of necessity, data minimization and limitation of the retention period, through the adoption of technical and organizational measures appropriate to the level of risk of the treatments and for a period of time. not exceeding the achievement of the purposes for which they are processed, in any case for the period required by law.
4. Right of access to data, recipients and categories of recipients of the data
a. Your data may be made accessible for the aforementioned purposes:
to employees and collaborators of the Data Controller, authorized by the Data Controller, directly or through the delegates, subjects to whom communication is necessary, functional and instrumental for the execution of the activities envisaged for the execution of the commercial relationship, subjects who are given the right to access by law or secondary legislation, or to parent companies, subsidiaries or associates, or in any case assignees of services on behalf of the Data Controller in their capacity as delegates and / or appointed employees and / or system administrators;
b. to third-party companies or other subjects (as an indication Companies specializing in credit soliciting and recovery activities, consultants and freelancers, including associates, Marketing and market research companies, credit institutions, insurance companies for the provision of services insurance companies, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors;
c. to third-party companies that collaborate in any capacity with Made to Measure for the purpose of carrying out contractual services, for example, by way of example and not limited to: couriers, software companies; the Data Controller uses appropriate security programs on all its information systems in order to guarantee the confidentiality of the information. Our security programs are periodically adapted to technological developments.
For the performance of some activities instrumental to the execution of the requested service, or in relation to legal obligations and in any case in compliance with the legislation on the protection of personal data, the Data Controller may appoint the external Data Processors (third parties who carry out the processing of the personal data on behalf of the Owner).
5. Data communication
Without the need for express consent, the Data Controller may communicate your data for the aforementioned purposes to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law. These subjects will process the Data in their capacity as independent Data Controllers.
Your information will not be disseminated.
6. Transfer of Personal Data to a Third Country
The transfer of Personal Data from EU countries to non-EU “third” countries is prohibited, in principle, unless the Data Controller or Data Processor guarantees an “adequate” level of protection. No data will be transferred to third countries, except for the services expressly requested by the Data Subject or the specific cases for which the Data Controller will adopt adequate guarantees and will inform the Data Subject.
7. Rights of the interested party
The Data Subject has the right of access, pursuant to art. 15 GDPR, that is, to obtain from the Data Controller the confirmation that a Personal Data Processing is being carried out concerning him and, in this case, to obtain access to the Personal Data and the information listed therein.
The Data Subject has the right to obtain from the Data Controller the rectification of the Personal Data concerning him, or the integration of the same, pursuant to art. 16 GDPR.
That is, when interested, the integration of data.
The Data Subject has the so-called right to be forgotten, i.e. the cancellation of personal data concerning him, in addition to the limitation of processing, if one of the hypotheses referred to in Articles 17 and 18 GDPR.
The Data Subject has the right to object to the treatment, in whole or in part, pursuant to art. 21 GDPR:
a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him for the purpose of sending advertising material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. The interested party may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
The Data Subject has the right to data portability, pursuant to art. 20 GDPR, i.e. the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him, provided by a Data Controller and has the right to transmit such Data to another holder, without impediments of the owner.
Furthermore, the Data Subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way, pursuant to art. 22 GDPR. Finally, the Data Subject has the right to complain to the Control Authority, if he believes that the treatment that concerns him violates the GDPR.
Please refer to the full reading of the articles of the GDPR relating to the rights of the Data Subject (articles 15, 16, 17, 18, 19, 20, 21, 22) and to the means of appeal to the Control or judicial Authority (articles 77, 78 and 79) to the official links.
8. Methods of exercising rights pursuant to art 12 of the GDPR
You can exercise the rights identified in art. At any time 15 and, where applicable, by articles 16-21, by sending a registered letter with return receipt at the registered office of the company located in 20121 Milan, Via Solferino 11, or by writing to the email address firstname.lastname@example.org
9. Protection of minors
Minors may be less aware of the risks, of the consequences, as well as of their rights in relation to the processing of personal data, therefore the Data Controller gives them specific protection, with particular regard to the use of personal data for marketing or creation purposes. individual profiles and the collection of personal data in the context of services provided directly to the minor. With regard to the direct offer of information society services (i.e. any service provided electronically), the processing of personal data requires the explicit consent of the minor and is lawful where the minor has reached the minimum age required by law applicable.
10. Identity and contact details of the Data Controller, Delegates and agents in charge
The Data Controller is Made to Measure srl, with registered office as specified above. The updated list of data processors is kept at the registered office of the data controller.