PRIVACY POLICY

ON THE PROCESSING OF PERSONAL DATA

MAFRA S.p.A. (hereinafter, for the sake of brevity, “MA-FRA”, or the “Company”) informs you that the personal data acquired when you browse this website will be processed in compliance with the law on the protection of digital personal data.

With reference to the methods of management and processing of the personal data of users who browse this site, MA-FRA provides the following information pursuant to the Digital Personal Data Protection Act (so called DPDPA):

  1. Data Fiduciary

MA-FRA S.p.A., VAT no. 02916980960, with registered office in Via Aquileia n. 44 – 20021 Baranzate (MI), is the Data Fiduciary of the personal data of users who browse this site.

The Company can be contacted at the e-mail address privacy@mafra.it

  1. Types of Data collected

By browsing this website, MA-FRA processes personal data, consisting in browsing data, personal data voluntarily provided by the user and personal data collected through cookies, as identified below.

  1. Browising data

The information technology systems and software procedures that enable the functionality of this site acquire, during their normal utilisation, certain personal data that is implicitly transmitted to the Company because of the use of internet communication protocols.

This category of data includes:

  • the IP addresses or domain names of the computers used to access the site,
  • the MAC (Media Access Control) addresses,
  • the addresses in URI (Uniform Resource Identifier) notation of the requested resources,
  • the time of the request,
  • the method used to submit the request to the server,
  • the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and
  • other parameters relating to the operating system and the user’s information technology environment.

 

  1. Data provided voluntarily by the user

Should the user contact MA-FRA through the channels (telephone, web form and e-mail) made available on this site, he or she will transmit personal data that will be processed by the Company.

  1. Cookies

The site uses technical cookies (session and navigation) to ensure normal navigation, use of the website (allowing, for example, authentication to access restricted areas) or to allow you to view content from external platforms (e.g., videos on YouTube).

The site also uses third-party analytical cookies to monitor the use of the site by users and provide personalized commercial content. In addition, analytical cookies are used to optimize the web platform and to create statistics.

For all information relating to the processing of personal data carried out through cookies, please refer to the extended cookie policy, which can be reached on every page of the site.

  1. Purpose and legal basis of the processing

Browsing data referred to in point 2, letter a) are used:

  1. to provide the service and check its correct functioning, as well as to obtain anonymous statistical information and heat mapping on the use of the site. Ma-Fra processes data for legitimate use, i.e. for a purpose for which the Data Principal has voluntarily provided her personal data to the Data Fiduciary;
  2. to comply with legal obligations, regulations or requests from judicial authorities. Ma-Fra processes data for legitimate use, i.e. because the processing is necessary to comply with a legal obligation to which the Data Fiduciary is subject.

The data provided voluntarily by the user indicated in point 2, letter b) are processed to:

  1. respond to your requests (by email, web form, telephone or other contact channels). Ma-Fra processes data for legitimate use, i.e. for a purpose for which the Data Principal has voluntarily provided her personal data to the Data Fiduciary;
  2. marketing activity. Ma-Fra processes personal data based on consent, which can be revoked at any time without consequences.
  3. comply with legal obligations, regulations or requests from judicial authorities Ma-Fra processes data for legitimate use, i.e. because the processing is necessary to comply with a legal obligation to which the Data Fiduciary is subject.

 

  1. Data retention period

The personal data collected and processed from browsing this site will be stored for the entire period of provision of the service and in any case deleted or made anonymous within 15 days.

The personal data sent voluntarily by users through the channels indicated on the site will be deleted after having provided the requested service or responded to them and in any case within a maximum period of 15 days from the end of this activity, with the exception of those necessary for compliance with fiscal, accounting and administrative regulations or to comply with other legal obligations and to document the activities carried out. Personal data collected for marketing purposes will be stored for 24 months.

  1. Processing methods

The personal data collected will be processed, stored and analysed with electronic tools and will be stored both on computer and paper supports, organized in databases, and on any other type of suitable support.

Specific security measures are implemented to prevent the loss, illegal or unfair use of the data, or unauthorised access to data.

The processing of personal data carried out by MA-FRA does not involve automated decision-making processes.

  1. Disclosure of personal data

The disclosure of browsing data is a necessary requirement for the provision of the requested service (website browsing) and therefore mandatory for this purpose. Failure to disclose such personal data by the Data Principal will make it impossible for MA-FRA to allow browsing on this site.

The communication of the data provided voluntarily by the user is a necessary requirement for the provision of the requested service (request for contact with the Company) and therefore mandatory for this purpose. Failure to disclose such personal data by the Data Principal will make it impossible for MA-FRA to respond to the contact requests received from the user.

  1. Subjects to whom personal data may be communicated

The personal data collected will not be disclosed indiscriminately and may be communicated to:

  • authorized personnel within the Data Fiduciary,
  • subjects who have the right and interest to access your personal data by provision of law and/or regulations,
  • companies, associations or professional firms that provide services and activities on behalf of the Data Fiduciary, as Data Processor, in particular for the supply of ICT services (e.g. web hosting services, cloud providers, etc.), for the fulfilment of legal obligations, as well as for any organisational and administrative need necessary for the activities carried out by the Data Fiduciary.

The names of the subjects who may become aware of your personal data in their capacity as “Data Processors” are shown in an updated list available at MA-FRA (to be requested at the addresses indicated in point 1).

  1. Transfer of data outside India or to international organisations

Within the scope of the processing operations described in this policy, MA-FRA may transfer personal data outside the India to the European Economic Area (Italy).

  1. Data Principal’s rights

In relation to the processing of data regulated by this policy, the Data Principal has the right to exercise at any time the rights provided for by the Digital Personal Data Protection Act (DPDPA).

  • Right to be informed of any processing of your personal data. The Data Principal has the right to obtain confirmation as to whether or not his or her personal data is being processed and, if so, must be informed about any aspect relating to the processing operations, including, for example, information about:
  • the Data Processors (who process the data on behalf of the Data Fiduciary),
  • any other recipient of the data (to whom your personal data may be disclosed),
  • the purposes and legal basis of processing,
  • the types of data processed,
  • the period for which the data will be stored,
  • the transfer of personal data to third countries or international organisations.
  • Right of access to your personal data, as well as the right to rectification of inaccurate data and the right to have incomplete data completed.
  • Right to erasure under the conditions established by the DPDPA.
  • Right to withdraw consent, at any time.
  • Right to lodge a complaint with the Data Protection Board, should you believe that the processing of your personal data violates the laws in force. In such a case, you will have to contact the Data Protection Board.

To exercise the rights listed above, the Data Principal may send a request by email to privacy@mafra.it

The Company will respond to such requests within a maximum period of 30 days.

Since 1965, at the heart of our customers.

Socialise

Contact

Thanks for visiting. – Privacy Policy

Mafra International S.r.L. – Via Aquileia 44/46 – 20021 Baranzate – Milano – Italy – P.iva 09894580969 © 2019 All rights reserved.

Privacy Preference Center

Privacy Preferences