INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
for users who consult the www.mesgo.it
Pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter, the “Regulation”), this page describes the methods of processing the personal data of users who consult the website of MESGO S.p.A. (hereinafter, the “Company”), accessible at the following address: www.mesgo.it (hereinafter, the “Site”).This information does not apply to other websites, pages or online services that can be reached via hypertext links that may be published on the Website but refer to resources outside the Company’s domain.
- Essential definitions
1.1. Personal Data. For the purposes of the law, this is any information relating to an identified or identifiable natural person (referred to by law as a “data subject”).
1.2. Data Subject. As we have seen, according to the law, it is any natural person, identified or identifiable, whose personal data are processed. For the purposes of this policy, each user of the Site represents a data subject.
1.3. Processing. For the purposes of the law, any operation or set of operations carried out with or without the aid of automated means and applied to personal data or sets of personal data. - Data Controller
2.1. The data controller of personal data is the Company, in the person of its legal representative, with registered office in Via Virgilio 16, 24060 Gorlago (BG).
2.2. The contact details of the data controller are as follows: telephone +39 035 4252000; fax +39 035 4552001; email info@mesgo.it; PEC mesgo@legalmail.it. - Types of personal data processed
3.1. Browsing data. The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, successful, error, etc.) and any other parameters concerning the user’s operating system and IT environment. These data are not provided by users but acquired automatically by the technological systems of the Site.
3.2. Data communicated by users. The sending, on a voluntary basis, of messages by users of the Site, through the contact addresses of the owner, is completely optional. Such transmission involves the processing, by the data controller, of the personal data communicated by the users themselves, but only if and to the extent that the latter have included an express authorization for processing
of their personal data. All messages without the express authorization of users to process their personal data will be immediately deleted by the owner. - Purpose and legal basis of the processing
4.1. Browsing data. These data, necessary for the use of web services, are processed by the Data Controller for the sole purpose of obtaining statistical information on the use of the Site and to check its correct functioning, as well as to ascertain any liability of users to the detriment of the Site and/or the Data Controller. The legal basis of the processing, therefore, consists both in the need of the data controller to comply with legislative and/or regulatory requirements regarding the use of the Internet, and in the pursuit, by the same data controller, of a legitimate interest in self-protection.
4.2. Data communicated by users. These data, which are optional and communicated on a voluntary basis by users, are processed by the Data Controller for the sole purpose of responding to the requests of the users themselves, as well as to ascertain any liability to the detriment of the Website and/or the Data Controller. The legal basis of the processing, therefore, consists both in the express consent to the processing
rendered by users, as well as in the pursuit, by the owner, of a legitimate interest in self-protection. - Personal Data Retention Period
5.1. Principle of storage limitation. Users’ personal data are stored for times compatible with the processing purposes indicated above.
5.2. Maximum retention period. As a rule, unless specific regulatory provisions, or particular needs for business continuity or legal defense, or in the event of express consent to a longer retention period made by users, personal data will not be stored for more than one year. - Scope of communication of personal data
6.1. Recipients of personal data. Without prejudice to the communications made in compliance with legal or regulatory obligations and/or orders of public authorities, the personal data of users, referred to in § 3 of this policy, may be communicated, by the data controller, in Italy and/or within the European Union, to those bodies and/or subjects to whom the communication
is necessary within the scope of the purposes indicated in § 4 of this policy.
6.2. Possible categories of recipients. By way of example, users’ personal data may be communicated, for the purposes specified above, to the following categories of subjects: internal bodies of the data controller (including internal and external IT system administrators); bodies responsible for control and/or certification activities; postal police; labor consultants; private pension and/or assistance funds or funds; public bodies with competence in the workplace; insurance and financial companies; credit institutions; medical practices and/or consulting companies in the field of health and safety at work; Firms; accounting firms; auditing firms; temporary and temporary employment agencies. - User Rights
7.1. Exercisable rights. At any time, users may exercise any of the following rights:-
<>access to personal data (pursuant to Article 15 of the Regulation), consisting of the right to access one’s own data and request information on the purposes of the processing, categories of data processed, recipients or categories of recipients of the data and, when possible, the envisaged retention period or, if not possible, the criteria used to determine it;
- rectification of inaccurate personal data, as well as the integration of incomplete personal data (pursuant to Article 16 of the Regulation);
- erasure of personal data (pursuant to Article 17 of the Regulation), consisting of the right to request, in the presence of justified reasons, the permanent removal of one’s data from the Data Controller’s databases;
- limitation of the processing of personal data (pursuant to Article 18 of the Regulation);
- portability of personal data (pursuant to Article 20 of the Regulation), consisting of the right to obtain one’s own data in a structured, commonly used and machine-readable format, as well as their transfer to another controller;
- opposition (pursuant to Articles 21, 22 of the Regulation), consisting of the right to object to the processing of your personal data.
- Cookies and other tracking systems
8.1. Technical cookies. Technical session cookies (not persistent) are used, in a strictly limited manner to what is necessary for safe and efficient navigation of the Site.
8.2. Statistical cookies. The only processing carried out concerns the production of statistics, with pseudonymized data.
8.3. Absence of profiling cookies. Cookies are not used for user profiling.
8.4. Information Collected. The configuration adopted, in order to exclude the processing of identification data, collects the following information:- the IP address, which is masked by zeroing out the last 2 bytes;
- the operating system used;
- the type of browser;
- the type of device (PC, smartphone, etc.).
7.2. Right to withdraw consent. Furthermore, if each user has given consent, including to the processing of special categories of personal data and/or in relation to the processing of personal data of minors and/or the transfer of personal data to countries outside the European Union, may at any time revoke such consent, without prejudice to this
the lawfulness of the processing based on the consent given before the revocation.
7.3. Methods of exercising rights. Each of the rights referred to in §§ 7.1 and 7.2 of this policy may be exercised by users by written communication sent to the Data Controller, at the addresses indicated above in § 2.2, or by using the appropriate request form in .pdf format at the following link: www.mesgo.it/privacy/diritti.
7.4. Right to Lodge a Complaint. If any user believes that the processing of his or her data violates current legislation, he or she may lodge a complaint at any time with the Guarantor for the protection of personal data (pursuant to Article 77 of the Regulation), without prejudice to any other administrative or judicial remedy><.