Statement on Personal Data protection, in accordance with EU Regulation no. 679/2016

This information is provided in conformity with Article 13 of the EU General Data Protection Regulation (EU Regulation 679/2016, “GDPR”) and describes the methods of managing data for those who use the Data Controller’s internet services (hereafter also “Users”) accessible via the website info@mec-carp.com, and who may then request the Data Controller to provide products or services. The information concerns only the website indicated and not others that may be consulted using other links.
The Data Controller is Mec. Carp. srl, Vicolo Treviso 2, 31040 Trevignano (TV) ITALY, telephone +39 04 2381 8129, email: info@mec-carp.com, in the person of their authorised legal representative.

TYPES OF DATA PROCESSED

Navigation data

During normal operation the computer systems and software procedures used to operate the website acquire some personal data (so-called log files) whose transmission is inherent to Internet communication protocols. This information is not collected for purposes of association with specific users, however its nature could allow them to be identified during processing and associations with other data held by third parties. This category of data includes IP addresses and domain names for the users’ computers connecting to the site, the URIs (Uniform Resource Identifiers) of resources requested, the times and methods used to submit the requests to the server, the sizes of the files obtained in response, the numerical response status codes (successful, error, etc.) and other parameters relating to the operating system and computer environment. These data are used only to obtain anonymous statistical information and check the proper function of the site. The data could also be used to ascertain responsibility in the event of any computer crimes involving the site, and can therefore be provided to the Judicial Authority if it makes an explicit request.

Data voluntarily provided by the user

In the case that the user voluntarily sends specific messages or requests to the addresses indicated on this site, or fills in a contact form, this will result in the acquisition of the sender’s address and any other personal data included in the message and necessary to respond to the requests. Specific summary information will subsequently be reported or displayed on website pages designed for provision of specific requested services. After the first contact the Data Controller may ask for further personal data from the user, limited to what is necessary for the provision or supply of the requested services and products.

COOKIES

Apart from what has been described concerning navigation, the website does not acquire any personal data of users. The website does not use cookies for the transmission of personal information, nor are systems used for tracking and identifying users. The use of so-called cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server), necessary for secure and effective site exploration, and for purposes of detecting monthly statistical data concerning unique visitors. The user can delete the cookies using their browser functions.

Purposes of data processing

Mec. Carp. Srl will process the personal data provided and then acquired by the user filling out the contact form on the website, for the following purposes:

• for managing communications with the user, and any requests they make;
• for planning and carrying out activities related to the supply of requested products and services;
• for fulfilment of legal obligations concerning accounting and taxation;
• to send a periodic newsletter.

Please note that if the user is already a customer, Mec. Carp. Srl may send commercial communications relating to services and products similar to those they have already used or purchased, unless they request otherwise.

Processing methods

Personal data will be processed in keeping with the laws and regulations on correctness, relevance and avoidance of excessive inconvenience, using paper-based and computerised media and instruments, ensuring the confidentiality and integrity of the data. The data may be known by persons authorised to carry out the processing, and by personnel external to Mec. Carp. srl authorised to carry out activities necessary for the provision of the services requested and those of a complementary nature (i.e. as required by current legislation on administrative, legal and tax matters).

Legal basis for processing

The legal basis for the processing derives from the user’s request to the Data Controller for provision of products and services.
Possible recipients/categories of recipients of personal data:
Without the need for express consent (Article 6, letters b and c, GDPR), and following inspections or checks (if required) your data may be communicated to all inspection bodies responsible for checks and controls concerning compliance with the law. The user’s data may also be communicated to companies or professional agencies that provide assistance, advice or collaboration to the Data Controller concerning matters of accounting, administration, taxation, law or financial information; the data may also be communicated to public administrations for performance of their institutional functions, within the limits established by laws and regulations, and to third party service providers when this communication is necessary for the performance of the services covered by contracts. Your personal data will not otherwise be communicated or diffused.

Obligation to provide data

Apart from what has been described concerning navigation, the user can choose not to provide personal data. The provision of the data necessary for completion of any contractual relationship that already exists or is in preparation is required for proper management of the relationship, and of any related requests; their communication is necessary to achieve these purposes. The refusal to communicate the data, or the incorrect/incomplete communication of any of the necessary data, may make it impossible for the Data Controller to ensure the adequacy of the data processing.

Transferring data to third countries

Any processing of your personal data will be carried out within the European Union; your personal data will not be transferred to third countries.

Data retention period

Personal data will be held for the time necessary to comply with any contractual obligations and with other obligations under the laws and regulations applicable to the Data Controller’s activities. They will be kept for the time necessary to comply with what is described in this Statement, and in any case for not more than 10 years from the end of the relationship with the user.

Data subject’s rights

In accordance with Articles 15 to 22 of the GDPR, the data subject has the rights to:

• access, correct, delete their personal data, and to limit or oppose its processing;
• obtain the data, without hindrance from the Data Controller, in a structured format suitable to common use and readable by computer devices for transmission to another controller;
• revoke consent for processing, without prejudice to the lawfulness of processing based on consent obtained before the revocation;
• submit complaints to the Data Protection Authority.

The data subject can exercise their rights at any time, by sending:

• a registered letter with notice acknowledgement of receipt to Mec. Carp. srl, Vicolo Treviso 2, 31040 Trevignano (TV), Italy, or
• an e-mail message to: info@mec-carp.com.