PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
MCZ GROUP S.p.A., as the data controller of your personal data, issues this information notice in compliance with European and Italian regulations on the protection of personal data, with the aim of informing you of the purposes and methods of processing of personal data that you may communicate when browsing this website (hereinafter the "Site").
It should be noted that this notice refers only to the Site and not to websites of third parties that may be reached via links therein.
1. Data controller
MCZ GROUP S.p.A., with registered office in Vigonovo di Fontanafredda (PN), Via La Croce, 8, e-mail: contact@mcz.it, is the data controller (hereinafter referred to as "Data Controller").
2. Data protection officer
The Controller has appointed a Data Protection Officer (DPO), who may be contacted by the Data Subject in writing at the following email address: dpo@mcz.it.
3. Categories of processed data
Navigation data
The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This concerns information that is not collected in order to be associated with specific identified data subjects, but, by their own very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or computer domain names used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method utilised to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (success, error, etc.) and other parameters related to the user's operating system and computing environment.
Data provided voluntarily by the User
The Controller processes personal data that you voluntarily provide when you send e-mails to the e-mail addresses indicated on the Site, access the relevant services and interact with the support service, such as, for example, personal data, contact data, purchase data.
Cookies
The Site uses cookies, pixels and other tracking tools. For more information on these tools and their use on the Site, please consult the cookie page.
4. Purpose, legal basis and retention period
Your personal data will be processed by the Controller for:
A) Site Navigation
PURPOSES: Browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and are deleted immediately after processing. For operation and maintenance purposes, the Site and any third-party services used by it may collect System Logs, i.e. files that record interactions and which may also contain Personal Data, such as the User's IP address.
LEGAL BASIS: Performance of the contract or pre-contractual measures requested by you - Legitimate interest of the Controller and third parties.
RETENTION PERIOD: For the period necessary for processing.
B) Support
PURPOSES: In order to respond to your requests sent to us via e-mail or the contact forms on the Site, e.g. to obtain information on the Controller's products and services, such as brochures, catalogues, guides and/or other corporate information material, or to receive assistance, quotes, inspections and/or advice on the Controller's products and services and/or information on our dealers.
For the fulfilment of certain types of requests you send us (e.g., formulation of quotations, inspections, consultations), we may use our local partners who will provide you directly with the products, services and/or information you request. In this case, we will pass on the personal data you have sent us to our local partners, if necessary to fulfil your request.
LEGAL BASIS: Performance of the contract or pre-contractual measures requested by you - Legitimate interest of the Controller.
RETENTION PERIOD: Personal data are stored for 12 months after your request has been processed.
C) Disputes and crime prevention
PURPOSES: To defend or enforce a right of the Controller and/or for the detection and prevention of fraud and other crimes or offences.
LEGAL BASIS: Legitimate interest of the Controller and/or third parties.
RETENTION PERIOD: For the period of time provided for by the statute of limitations and/or necessary for the ascertainment of offences by the judicial authorities.
5. Nature of the provision of data and consequences in case of refusal
The provision of data in the fields marked with an asterisk (*) for the above purposes is necessary in order to browse the Site and use its services, and failure to provide such data will make it impossible to obtain the services requested. On the other hand, the release of data in the fields not marked with an asterisk, while it may be useful to facilitate relations with the Controller, is optional and failure to provide such data will not affect the provision of the services requested.
6. Categories of recipients
The Data Controller will not disseminate the data, but intends to communicate them to internal figures authorised to process them on the basis of their respective duties, as well as to commercial agents, credit institutes, credit insurance companies, credit recovery companies, business information companies, consultants, business associations and/or organisations, professionals or service companies, as well as to public and private bodies, also following inspections and audits. Such recipients, where they process data on behalf of the Data Controller, will be appointed as data processors by virtue of a specific contract or other legal deed.
Where necessary for the purpose of responding to your requests, the data may also be passed on to the Controller's local partners, who will process them, as autonomous data controllers, in accordance with the relevant data processing notice.
7. Transfer of data to a third country and/or an international organisation
Your personal data may be transferred, for the purposes for which they are collected, to the United States of America, which is a country outside the European Union. The transfer of personal data will take place on the basis of standard contractual clauses adopted or approved by the Commission of the European Union (Art. 46, para. II, letters c and d of the Regulation) or binding company rules (Art. 47 of the Regulation). To obtain a copy of this data, you may contact the Data Controller, as stated in Section 10.
8. Social buttons and widgets
There are also social buttons/widgets on the site. These are, in particular, social network icons, such as, for example, Facebook, Twitter, Pinterest, Google+, YouTube, Linkedin and Instagram, which allow you to reach - by means of a 'click' on the icon - the relevant social networks. With the support of these tools you can, for instance, share content or recommend products from the Site in social networks.
Following clicks on social buttons/widgets, the social network may collect data relating to your visit to the Site. As mentioned in the introduction, this privacy policy does not cover the processing of your data by the social network, for which you should refer exclusively to the privacy policy provided by the social network.
9. Facebook page
The owner uses the 'Page Insights' function for its Facebook page, which offers aggregated data on user interaction with the Facebook page. In connection with this processing, the Controller acts as joint controller jointly with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find the co-ownership agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can read Facebook's privacy policy at the following link: https://www.facebook.com/privacy/explanation.
10. Rights of the data subjects
The Data Subject has the right to ask the Data Controller to grant access to his/her personal data and to rectify them, if they are incorrect, to erase them or to restrict their processing, provided that the requirements are met, to object to their processing for legitimate interests pursued by the Data Controller, and to obtain the portability of the data personally provided only if they are subject to automated processing based on consent or on the contract. The Data Subject has the right to withdraw the consent given for the processing purposes which require it, without prejudice to the lawfulness of the processing until the time of withdrawal.
To exercise your rights, you may use the form available here and forward it to the Data Controller at the following address: contact@mcz.it. The Data Subject also has the right to lodge a complaint with the competent supervisory body, the Data Protection Authority (www.garanteprivacy.it).