Privacy policy

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA IN RELATION TO THE PRIVACY POLICY OF THE SITE This section contains the management methods of the site www.mcecchi.com with reference to the processing of the data of the users of M. CECCHI & CO. S.P.A. This information is also valid for the purposes of art. 13 of Regulation EU no. 2016/679 (hereinafter also referred to as GDPR), concerning the protection of individuals with regard to the processing of personal data as well as the free circulation of such data, for those who interact with M. CECCHI & CO. S.P.A. and can be reached at the web address corresponding to the initial page www.mcecchi.com. The information is provided only for the site www.mcecchi.com and not for other websites that may be consulted by the user via links contained therein. The purpose of this information notice is to provide information about the methods, timing and nature of the information that the Data Controller must provide to users when they connect to the web pages of M. CECCHI & CO. S.P.A., regardless of the purposes of the connection itself, according to Italian and European legislation. The information may be changed due to the introduction of new regulations in this regard; therefore the user is invited to periodically check this page. If the user is under 14, pursuant to art. 8 paragraph 1 of the GDPR and of the art. 2 quinquies of (It.) Legislative Decree 196/2003, as amended by (It.) Legislative Decree 181/2018, they will have to legitimise their consent through the authorisation of the parents or guardian. DATA PROCESSING The company M. CECCHI & CO. S.P.A., with headquarters in 52045 - Foiano della Chiana (AR), Frazione Zona Industriale Farniole, via Enzo Ferrari numbers 38-40 - VAT number 00935720524 is the Data Controller and, therefore, the legal person who determines the purposes and means of processing personal data. It also deals with security profiles. With regard to this website, therefore, the Data Controller is M. CECCHI & CO. S.P.A. and, for any clarification or to exercise the user's rights, you may contact it at the following e-mail address: info@mcecchi.com As the Data Controller, M. CECCHI & CO. S.P.A. informs you that, pursuant to article 13 of the GDPR, your data will be processed in the following manner and for the following purposes:
  1. Nature of the processed data:
For the establishment and management of the relationships with you in progress, the Data Controller processes your personal, identification, contact and tax data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references, etc).
  1. Purpose of processing and legal basis:
Your personal data are processed:
  1. Without your express consent (art. 6 of the GDPR) for the following purposes:
      • To conclude contracts with the Data Controller;
      • To discharge the pre-contractual, contractual, accounting and tax obligations deriving from existing relationships with you
      • To discharge the obligations provided for by the law, by a regulation, by EU legislation or by an order of the Authority
      • To exercise the rights of the data controller, for example the right to legal defence in court
  1. Only with your specific and separate consent (art. 7 of the GDPR), for the following marketing purposes:
      • To send you via mail,by post and/or SMS and/or telephone contacts newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and the degree of satisfaction with the quality of services;
      • To send you commercial and/or promotional communications from third parties (for example, business partners, or other companies of the group, or associated companies, etc.) via e-mail, by post and/or SMS and/or telephone contacts.
The information that the users of the site will deem to make public through the services and the tools made available to them are provided by the user knowingly and voluntarily, exempting this site from any responsibility for any violations of the laws. It is up to the user to verify that they have permission to enter personal data of third parties or content protected by national or international standards.
  1. Cookies Policy
In the section dedicated and identified as Cookies Policy, you can view the procedures followed for the collection, via cookies and/or other monitoring technologies, of the information provided by users when they visit this website at the address https://mcecchi.com/cookie-policy/ In general and to better clarify the concept please note that there are numerous technologies used for storing information in the user's computer, which are then collected by the sites. Among these, the most known and used is that of HTML cookies that are used for navigation and to facilitate access and use of the site by the user. They are necessary for the transmission of communications over the electronic network or for the supplier to provide the service requested by the Customer. The settings to manage or disable cookies may vary depending on the internet browser used and the user can manage or request the general deactivation or erasure of cookies by changing the settings of their internet browser. Such deactivation can slow down or even prevent access to some parts of the site, as explained in detail in the Cookies Policy.
  1. Data provided by the user.
As already underlined, the optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to his/her requests, as well as any other personal data included in the message/request.
  1. Support in the configuration of your browser.
The user can also manage cookies through the settings of his/her browser. However, as detailed in the Cookies Policy, by deleting the cookies from the browser, you may remove the preferences that you have set on the site. The Cookies Policy contains some of the links to specific help pages of major web browsers that the user could use.
  1. Social Network Plug-ins.
This site also incorporates plug-ins and/or buttons for social networks, in order to allow easy sharing of content on your favourite social networks. These plug-ins are programmed so as not to set any cookies when accessing the page, in order to safeguard users’ privacy. Cookies are set, if so foreseen by the social network, only when the user actually and willingly uses the plug-in. Keep in mind that the user browses as he/she is logged into the social network, therefore he/she has already consented to the use of cookies conveyed through this site during registration to the social network. The collection and use of information obtained by means of the plug-in are regulated by the respective privacy notices of the social networks; please refer to:
  1. Access to data
Your data may be made accessible for the purposes referred to in point 2.a - 2.b - 2c:
    • To the employees and collaborators of the Data Controller in their capacity as persons in charge of the processing and/or internal processors and/or system administrators and to the Data Protection Manager (DPO) where appointed;
    • To third-party companies or other persons who carry out professional activities for the Data Controller (by way of an example: credit institutions, professional firms, consultants, website management and maintenance providers, suppliers, etc.) in their capacity as external processors, the list of which is available at our offices.
 
  1. Data disclosure
Without the need for express consent (art. 6 of the GDPR) the Data Controller may disclose your data for the purposes referred to in point 2.a to Supervisory Bodies, Judicial Authorities and all other persons to whom the disclosure is required by law for the discharge of the aforementioned purposes. Your data will not be disseminated to unknown persons by making them available for consultation.
  1. Data transfer
Your data are not transferred outside the European Union. The Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from those who provide adequate guarantees, as provided for by art. 45 and 46 of the GDPR. However, it is understood that the Data Controller, if necessary, will be able to transfer the data to the European Union and/or to countries outside the EU. In this case, the Data Controller hereby guarantees that the transfer of data to non-EU countries will be in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses envisaged by the European Commission.
  1. Data retention
All personal data provided will be processed in accordance with the principles of lawfulness, fairness, relevance and proportionality and only with the methods, including computerised and online, strictly necessary to pursue the purposes described above. However, the personal data collected for the Purposes referred to in point 2.a will be retained for a period of time not exceeding that strictly necessary to achieve the purposes indicated and/or in accordance with the law (10 years) and/or for any judicial and extrajudicial dispute (10 years). The data collected for the Purposes referred to in point 2.b. will be retained for a period equal to the entire duration of the service used, as well as for 2 years after collection. The personal data referred to in point 2.c. will be erased or transformed into anonymous form after 12 months. Note that the information systems used for the management of the information collected are configured, from the beginning, so as to minimise the use of personal data using the most modern technologies.
  1. Rights of the data subject
As a data subject, you have the rights set forth in art. 15 of the GDPR, namely the rights to:
    • Obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
    • Obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of processing carried out with the aid of electronic instruments; d) of the identification data of the Data Controller, data processors and the representative designated pursuant to art. 3, paragraph 1 of the GDPR; e) of the subjects or categories of subjects to whom the personal data may be disclosed or who can learn about them as appointed representative in the State, processors or persons in charge of the processing;
    • Obtain: a) updating, rectification, restriction or, when necessary, completion of data; b) the erasure, transformation into anonymous form or blocking of data processed in breach of the law, including data which do not need to be retained for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been disclosed or disseminated, except in the event that such fulfilment proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right;
    • object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales materials or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by phone and/or post. Please note that the data subject's right of objection, set out in point b) above, for direct marketing purposes by automated means, extends to the traditional ones and that the possibility for the data subject to exercise the right to objection also remains valid even if only partially. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
    • The data subject has the right to receive in a structured, commonly used, machine-readable format the personal data concerning him/her provided to the Data Controller and has the right to transmit such data to another data controller without impediment by the data controller to whom they were supplied if: a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a) of the GDPR or on a contract pursuant to Article 6, paragraph 1, letter b) of the GDPR; and b) the processing is carried out by automated means.  In exercising their rights with respect to data portability, the data subjects have the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
Where applicable, you also have the rights set forth in Articles 16-22 of the GDPR (Right of rectification, right to be forgotten, right to restriction of the processing, notification in the event of rectification or erasure of personal data or restriction of processing, right to data portability, right to object, automated process relating to natural persons including profiling).
  1. Withdrawal of consent
You can withdraw your consent at any time without jeopardising the lawfulness of the processing based on consent before the withdrawal.
  1. Modalities for exercising the rights
You may at any time exercise your rights free of charge, without formalities or, alternatively, by using the form provided by the Italian Data Protection Authority, by sending an e-mail to the dedicated and constantly monitored e-mail address: info@mcecchi.com Complaint The data subject who considers that the processing concerning him/her breaches Regulation EU 679/2016 has the right to lodge a complaint with a supervisory authority, particularly in the Member State in which he/she habitually resides, works or where the alleged breach took place.
  1. Data controller, external processors and persons in charge of the processing
The Data Controller is the company M. CECCHI & CO. S.P.A. , S.P.A., with headquarters in 52045 - Foiano della Chiana (AR), Frazione Zona Industriale Farniole, via Enzo Ferrari numbers 38-40 – VAT NO. 00935720524. The updated list of external processors and persons in charge of the processing is kept at the registered office of the Data Controller and is available to the data subject upon simple written request.
  1. Consent
Consent to data processing must be, in all cases, free, specific, informed and unequivocal; implied or presumed consent is NOT allowed and MUST be expressed through “unequivocal positive declaration or action”.
  1. Security of the Data Provided.
This site processes users’ data in a lawful and fair manner, taking appropriate security measures to prevent unauthorised access, divulgation, modification or unauthorised destruction of the data. Processing is carried out with IT and/or telematic tools, using organisational methods and logic strictly related to the purposes specified. In addition to the controller, in some cases, the data may be accessed by the categories of persons tasked with processing and involved in the organisation of the site (administrative, commercial, marketing, legal personnel, system administrators) or external parties (third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies).
  1. Amendments to this document.
This document is published at the address: www.mcecchi.com and constitutes the privacy policy of this site. It may be subject to amendments or updates which will gradually replace the previous version. The document was updated at the time of publication of the website, 04/04/2019 to comply with the relevant regulatory provisions, and in particular in compliance with Regulation EU 2016/679.       Point 2.b I, the undersigned identified below declare to have received the complete information notice pursuant to Regulation EU 679/2016 (GDPR) and current legislation and express my consent to the processing and communication of my personal data for marketing purposes within the limits, with the procedures and for the duration specified in the information notice.     Item 2.c I, the undersigned identified below declare to have received complete information notice pursuant to Regulation EU 679/2016 (GDPR) and the current legislation and express my consent to the processing and communication of my personal data to receive commercial communications based on my interests, by any means that take into account my preferences, characteristics and consumption habits or to perform analyses based on such information