- ISEP S.r.l., based in Via Lucrezio Caro, 38 - 00193 Rome (RM) Italy, TAX Code and VAT n. IT01483541007 (hereinafter, “Minimegaprint”), the “Data Controller”, intends to inform the users visiting “www.minimegaprint.com/en” (the “Website”) about the policy established with regard to Personal Data Protection, emphasizing its own commitment and care concerning protection of the privacy of visitors of the Website.
- Below the indication of the purposes and methods used by Minimegaprint in the usage of all our users’ data, in full compliance to Regulation (EU) 2016/679 “General Data Protection Regulation” (“GDPR”).
- 1. Scope
Minimegaprint will process users' personal data (i.e. name, surname, Business Name, address, phone number, email, bank coordinates, payment methods – hereinafter “personal data” or “data”) collected during the navigation and/or the usage of the Website, during account registration and online products purchases activities, through electronic and automated tools (for full information please consult our Cookie Section).
- 2. Purpose
Users data will be collected and processed as follow:
- A) without Users Express Consent, art. 6 (b), (e) GDPR, for the following Service Purpose:
- to execute all the obligations strictly associated with the use of the Website and its services, for account registration and access to reserved area, to process purchase orders and the execution and conclusion of all the contractual obligations between parts;
- to manage specific users requests;
- to fulfill obligations inherit from Law, Regulations, EU Legislation and Authority (such as for anti-money laundering);
- to exercise the right of the Data Controller, for example the right to defense in court.
- B) only with Users Express and Specific Consent (artt. 23 and 130 Privacy Code and art. 7 GDPR), for the following marketing purposes:
- to send email, postal mail, sms, phone calls, newsletters, commercial communications and/or advertising material on products and services offered by Minimegaprint, and for customer satisfaction analysis;
- 3. Method
- Users personal data processing is carried out strictly according to the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data;
- Users personal data will be processed either in paper form and/or via electronic and / or automated tools. The Data Controller will process users’ personal data for the time necessary to fulfill the aforementioned purposes. Specific security measures are observed in order to prevent data loss, illicit or incorrect use of the data and unauthorized access. All the information collected are recorded in a secure environment.
- 4. Data Access
For the purposes referred to in art. 2. (A) and 2. (B), users data may be made accessible to:
- employees and collaborators of Minimegaprint, and/or belonging to one of the Group companies in Italy and abroad, in their capacity of Data Processor and / or system administrators;
- third-party companies or other entities acting on behalf of or in the name of Minimegaprint, such as those responsible for the delivery of products, credit institutions, legal and tax consultants who perform outsourcing activities on behalf of the Data Controller, in their capacity as external Data Processor.
- 5. Data Comunication
- Without express consent, ex art, 24 (a)(b)(d) Privacy Code and art. 6 (b)(c) (GDPR), the Data Controller may communicate users’ data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent Data Controllers. Your data will not be shared.
- 6. Data Transfer
- Users’ personal data are stored on servers located within the European Union. In any case, the Data Controller, if necessary, will have the right to move the servers outside EU. The Data Controller ensures that the transfer of the data to extra-EU server will take place in accordance with the applicable legal provisions, subject to previous stipulation of the standard contractual clauses provided by the European Commission.
- 7. Data Provision
- The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee the services of the art. 2.A).
- The provision of data for the purposes referred to in art. 2.B) is optional. Users can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, users will not be able to receive newsletters, commercial communications and advertising material concerning Product and Services offered by Minimegaprint. However, users will continue to be entitled to the Services referred to in art. 2.A).
- 8. Rights of the Interested Party
Users in their capacity of interested party, have the rights set forth in the art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights:
- i. to obtain confirmation of the existence, or not, of their personal data, even if they are not yet registered, and the communication of these data in an intelligible form;
- ii. to obtain information about: a) the origin of personal data; b) the purposes and methods of the data processing; c) the logic applied when the treatment is carried out with the aid of electronic tools; d) the identification details of the Data Controller and the Data Processor pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it in their capacity as designated Data Processor in the territory of the State;
- iii. to obtain: a) the update, the rectification or, the integration of the data; b) the cancellation, the transformation into anonymous form or the block of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in previous letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves to be impossible or involves a use of means manifestly disproportionate to the protected right;
- iv. to object in whole or in part: a) for legitimate reasons, to the processing of personal data concerning the user himself, even if it is pertinent to the purpose of the collection; b) to the processing of personal data of the user for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by e-mail and / or through traditional marketing methods, by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in the above point b) for direct marketing purposes through automated methods, extends also to traditional ones and that, in any case, the possibility remains for the user to exercise the right to object even partially. Therefore, the interested party can decide to receive communications only through traditional methods or only through automated communications or none of the two types of communication;
- Where applicable, also users have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
- 9. How to exercise rights
Users can exercise their rights at any time by sending:
- an email to firstname.lastname@example.org;
- a PEC to email@example.com .
- 10. Data Controller, Data Processor
The Data Controller is ISEP S.r.l., with registered office in Via Lucrezio Caro, 38 - 00193 Rome (RM) Italy, and operating office at DB Ingegneria dell'Immagine - Via di Saponara, 588 - 00125 Rome (RM) Italy. The updated list of Data Processors is kept at the registered office of the Data Controller.