MECC-TRE S.r.l., with headquarters in Via Pieriboni, 24 – 36030 Valli del Pasubio (VI), Tax Code and Vat Number 03045030248 incapacity as “Data controller” informs you, pursuant to articles 13 and 14 European Regulation no. 679/2016 (from here on “EU Regulation”), that your data will be processed as indicated below:

What we process
The Data controller informs you that the personal, identification data (for example, name, surname, business name, address, phone number, email address, bank and/or payment references, etc.), from here on called “personal data” or even simply “data”, relating to you, even acquired verbally directly or through third parties in the past, like those that will be collected in the future, may make up the object of what is processed in compliance with the EU Regulation. The Data controller performs processing lawfully, specifically for the performance of a contract to which you are party or in order to take steps prior to entering into a contract (e.g., preparation of an offer, etc.) at your request (article no. 6 of EU Regulation). Data processing means any operation or group of operations regarding the collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, alignment, use, combination, blockage, communication, dissemination, destruction of the data themselves.

Legal Basis and Purpose of the Processing
Legal basis: EU Regulation no. 679/2016 2A) without your express consent (art. 6 lett. b), c), e) of EU Regulation), for the following Purposes: – fulfil the pre-contractual, contractual and tax obligations resulting from current relations with you; – fulfil the obligations intended by law, by a regulation, by a community standard or by an order of the Authority (as, for example regarding money laundering); – exercising the rights of the Data Controller for example the right of legal defence; – to keep the general accounting system; – for managerial purposes (invoicing, document management, etc.); – for credit management; – for statistical and quality control analyses; – for insurance managements; – for technical assistance. In particular, your data will be processed for purposes related to the implementation of the following fulfilments, relative to legislative or contractual obligations:- Technical and Functional access to the website, no data is held after closure of the Browser; - Advanced browsing purposes or customised management of the contents; - Statistical and Analytical purposes of browsing and of the users. 2B) Only with your specific and distinct consent (art. 7 of EU Regulation), for the following commercial and/or marketing Purposes – sending newsletters, commercial communications and/or advertisement material on products and services offered by the Data controller and/or measurement of the degree of satisfaction on the quality of that performed at your request, sent by email, post and/or SMS and/or phone contracts - commercial and/or promotional communications of third parties (for example, business partners) sent by email, post and/or SMS and/or phone contracts.

How we process data
Your personal data are processed through the operations indicated in art. 4 no. 2) of the EU Regulation and specifically: the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, blockage. Your personal data are subject to processing both on paper and digital and/or automated (nonetheless suitable to guarantee the security and confidentiality of the data).

Storage time of data and other information
The Data processor will process the personal data for the time required to fulfil the above purposes and in any case for not beyond the terms of law from the termination of the relationship for the Purposes of the existing relationship. With reference to the personal data object of Processing for Marketing and commercial Purposes, these are stored in compliance with the principle of proportionality and anyhow until the purposes of the processing have been achieved, or until the data subject has withdrawn their specific consent. In particular, the Data controller will process the data for no more than 3 years from collection of such data. The personal data you provided will be processed “in lawfulness, fairness and transparency” protecting your confidentiality and your rights.

Data access
Your data can be made accessible for the purposes referred to it in the previous points 2.A) and 2.B): – to associates, employees and collaborators of the Data controller in Italy and abroad, as in-house persons appointed and responsible for the processing and/or system administrators; - to third-party companies or other parties that perform outsourcing tasks for the Data controller, as external persons responsible for processing (as for example: associated studies, law firms, data processing companies, certification bodies, accounting/tax consultants and, in general, all Bodies in charge of the inspections and checks on the correct fulfilment of the above indicated purposes, credit institutes, professional studies, consultants, insurance companies in the performance of insurance services, financial offices, City Institutions and/or City Offices, consultants and companies for services and occupational safety, who may in turn report the data, or grant access to them to shareholders, users and those with a specific market research cause. The data collected and processed can also be communicated, in Italy and abroad, to subcontractors, suppliers, for management of computer systems, carriers, forwarders and customs officials). For sake of briefness, the detailed list of these figures is available at our facility and is at your disposal.

Data transmission
Without the need for express consent (art. 6 lett. b), and c) of EU Regulation), the Controller may transmit your data for the purposes referred to in the previous point 2.A) to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to parties to whom communication is mandatory by law to fulfil said purposes. Said parties will process the data in their capacity as independent data controllers.

Data transfer
The personal data are stored on devices located at the site of the Data controller or at the provider’s site, within the European Union. It remains in any case intended that the Data controller is entitled to move the data even to countries outside the European Union should it be necessary. In that case, the Data controller assures as of now that the data will be transferred to countries outside of the European Union in compliance with applicable legal provisions, after stipulating the contractual clauses and after the standard inspections envisaged by the European Commission. Both regarding the data on the Controller’s devices and any data at the provider’s premises, the Data controller has implemented technical and organisational measures fit to guarantee a suitable degree of safety, in full compliance with that indicated in art. 32 of EU Regulation.

Nature of the provision of data and consequences on refusal to reply
The provision of data for the purposes referred to in the previous point 2.A) is mandatory. In their absence, we cannot guarantee the Services indicated in 2.A). Whereas the provision of data for the purposes referred to in the previous point 2.B) is optional. You may therefore decide not to submit any data or subsequently deny the possibility of processing data already supplied: in that case, you may not receive newsletters, commercial communications and advertising material and/or anything else regarding the Services offered by the Data controller. You will however continue to be entitled to the Services referred to in point 2.A).

Data subject rights
In your capacity as the data subject, you have the rights referred to in art. 15 of the EU Regulation shown below, and specifically: have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: 2.a) the purposes of the processing; 3.b) the categories of personal data concerned: 4.c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; 5.(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; 6.(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 7.(f) the right to lodge a complaint with a supervisory authority (Data Protection Supervisor); 8.(g) where the personal data are not collected from the data subject, any available information as to their source; 9(h) the existence of automated decision-making, including profiling, referred to in art. 22(1) and (4) of EU Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. 10.Where your personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to art. 46 of the EU Regulation relating to the transfer. 11.The controller shall provide a copy of your personal data undergoing processing if you so request. For any further copies requested by you, the controller may charge a reasonable fee based on administrative costs. Where the you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form. 4.The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others. Furthermore, where applicable, you may take advantage of the rights referred to in articles 16 to 21 of the EU Regulation, and specifically you have: – the right to rectification of the personal data; – the right to erasure (‘right to be forgotten’); – the right to the restriction of processing; – the right to data portability; – the right to object; – the right to lodge a complaint with the Data Protection Supervisor. You also have the right to withdraw at any time the consent already given without prejudice to the lawfulness of the processing based on the consent given prior to withdrawal.

Personal data not obtained from the data subject
It could happen that the writer is not the Data controller to whom you have given your personal data, but is a joint data controller or external processor and therefore your data reached the writer secondarily due to a contract regulating the parties. In this case, we specify that the writer will do all that is possible to make sure that you have been informed and given your consent for processing. You may ask the writer at any time the source of acquisition of your data.

Controller and Appointed personnel
Below we give you some information that you should be knowledgeable of, not only to fulfil legal obligations, but also because transparency and fairness with regards to the people visiting our website is a central part of our activity. Data controller. The Controller of your personal data is MECC-TRE S.r.l. who you may contact for any information or requests at the following addresses: e-mail: Appointed personnel. The updated list of appointed data processing personnel is held at the headquarters of the Data controller.