Pursuant to Legislative Decree 30 June 2003 no. 196 and subsequent amendments and additions (“Privacy Code”) and European Regulation no. 679 of 2016 (the “Privacy Regulation”), MDF Italia srl società unipersonale wishes to inform you and all users and/visitors of the websites www.mdfitalia.com and www.acerbisdesign.com, the “Users” and “Websites”, respectively) about the use of personal data, log files and cookies collected with such Websites.
This information does not concern other websites, pages or online services that can be reached via hypertext links that may be published on the websites but which refer to resources outside the Controller’s domain, as defined below.
1. Data Controller and Data Processors
The Data Controller is MDF ITALIA SRL SOCIETA’ UNIPERSONALE – Tax code and VAT IT 09683280961, Operating headquarters: via Fratelli Cervi, 4/A, 22066 Mariano Comense (CO) Registered office at Via della Posta 10, 20123 Milan, e-mail info@mdfitalia.it (hereinafter the “Controller”).
The updated list of designated Data Processors may be supplied at the request of the data subjects and/or Users.
If a Data Protection Officer is appointed, the latter’s identification details will be made known by being published, supplementing this policy.
2. Information collected automatically by other Websites
Like all websites, our Websites also make use of log files in which information collected in an automated manner is stored during your visits. In fact, the computer systems and software procedures used to operate these Websites automatically acquire some information during their use, whose transmission is implicit in the use of internet communication protocols.
The information collected is the following:
. Internet Protocol (IP) address or the domain name of the device you are using;
. type of browser and parameters of the device used to connect to the Website;
. the URI (Uniform Resource Identifier) addresses of the resources requested or the method used to send the request to the server;
. name of the Internet Service Provider (ISP);
. date and time of visit;
. source (referral) and exit web pages of the User;
. possibly the number of clicks;
. the size of the file obtained in response;
. the numerical code indicating the status of the response given by the server (successful, error, etc.);
. other parameters relating to the operating system and computing environment of your device;
This information is processed automatically and collected solely in aggregate form to verify the proper operation of the Website.
3. Personal data provided using the Websites: purposes of processing
We need your data so that you can:
. access and browse the Websites;
. register and access the services offered therein (e.g. contacts, newsletters, downloading of catalogues or data sheets, requests for product information, sending of applications, etc.) as requested by you.
Specifically, your data are processed for the following purposes:
(i) to fulfil all legal obligations;
(ii) to provide for the technical management of the Websites;
(iii) to register in the Reserved Area and thus take advantage of the relative services, as set out in the specific privacy policy published at the following link;
(iv) to use the communication services with the Controller so as to send commercial or technical requests, proposals for collaboration or your own application, make an appointment, etc., for which the corresponding policy is published at the following link;
(v) to request specific information about single products, for which the corresponding policy is published at the following link;
(vi) to download product catalogues, for which the corresponding policy is published at the following link;
(vi) to receive the newsletter, whose contents are not promotional, for which the corresponding policy is published at the following link;
(vii) for the product configuration service at the following link.
In accordance with the “Guidelines on promotional activities and combating spam” of 4 July 2013, please note that your potential consent to the sending of commercial, promotional and marketing communications by automated means will also extend to traditional methods of contact.
The data you provide will be processed mainly on computer under the authority of the Controller, by persons specifically appointed, designated and trained to process data under Articles 28 and 29 of the Privacy Regulation. Please note that suitable security measures have been taken, also in accordance with Articles 5 and 32 of the Privacy Regulation, to prevent any data loss, unlawful or incorrect use and unauthorised access.
4. Nature of data supply and legal basis of data processing
With respect to the purposes referred to in Article 4 (iii), (iv), (v), (vi) and (vii), please refer to what is expressly set out in the specific policy referred to in this Privacy Policy.
For the purposes referred to in points (i) and (ii) of Article 4 above, the supply of your personal data is required since, without such data, you will not be able to use the services offered by the Website. Therefore, for the purpose referred to in point (i) above, the legal basis of data processing is the fulfilment of legal obligations, pursuant to Article 6(1) c) of the Privacy Regulation, while for the purposes referred to in point (ii), the legal basis of data processing is the supply of the services provided by the Website as requested by you, pursuant to Article 6(1) b) of the Privacy Regulation.
Further details on the above are contained in the specific privacy policies contained in or displayed on the Website and prepared for the relevant services available at request.
5. To whom and in what context we may communicate your data
Your data may be communicated, within the EU, to external structures, entities and companies (including consultants and service providers) used by the Controller to manage the Website and to perform activities connected with, instrumental to or ensuing from performance of the services offered by the Websites.
Further details on the above are contained in the specific privacy policies contained in or displayed on the Websites and prepared for the relevant services available at request.
6. Your rights
You may enforce your rights under Article 15 et seq. of the Privacy Regulation at any time, to access, rectify, transform, block, erase and restrict processing, at the conditions and within the limits set out in Article 12 of the Privacy Regulation.
Should the Company fail to provide a timely reply or should it provide an inadequate response, or should you believe there has been a breach of the Privacy Code and/or the Privacy Regulation, you may lodge a compliant with the Personal Data Authority, using the following details: www.gpdp.it – www.garanteprivacy.it, Email: garante@gpdp.it, Fax: (+39) 06.69677.3785, Switchboard: (+39) 06.69677.1.
7. Duration of data processing
Without prejudice to legal obligations, your personal data will be stored for a fixed period of time, according to criteria based on the nature of the services provided.
In particular, navigation data are stored for no more than seven days (except in the case of criminal investigations by judicial authorities). Further details on data retention relating to further processing purposes are contained in the specific privacy policies contained in or displayed on the Website and prepared for the relevant services available at request.
8. Security measures
Your data are processed with the Website in compliance with the applicable law and taking appropriate security measures in accordance with the law in force, also pursuant to Articles 5 and 32 of the Privacy Regulation.
In this respect, it is confirmed, inter alia, that appropriate security measures have been taken to prevent any unauthorised access, theft, disclosure, modification or destruction of your data
9. Changes to the Privacy Policy
The Controller reserves the right to bring changes to this Privacy Policy. In this case you will be promptly informed when you use the Website again.