PERSONAL DATA PROCESSING NOTICE TO BE PROVIDED TO THE DATA SUBJECT
Articles 12 and following of Regulation (EU) 2016/679 (GDPR)
Below are provided the information concerning the processing of personal data carried out in relation to the use of our SaaS platforms and related services (hereinafter the "Services"), pursuant to Regulation (EU) No. 2016/679 and the Italian national legislation approved by the Italian legislator (hereinafter the "Regulation" or "GDPR"). The Data Controller is the company Mitric S.r.l., with registered office at: via Leone XIII, 14, 20145 Milan, (MI), reachable at the address gdpr@mitric.com (hereinafter, the "Data Controller," "MITRIC," the "Company," "we").
We provide this information not only to comply with the legal obligations regarding the protection of personal data provided by the GDPR but also because we believe that the protection of personal data is a fundamental value of our business and we want to provide you with all the information that can help you protect your privacy and control the use of your data.
Data Controller
The Data Controller can be contacted at the email address: gdpr@mitric.com.
Categories of Personal Data Processed
To allow the conclusion and establishment of the contractual relationship with MITRIC or when you visit, consult, request, or use the Services through MITRIC platforms, we collect and use your personal data (i.e., any information that can identify you directly or indirectly). We list below the categories of personal data concerning you:
Identifying, contact, and access data, such as name, surname, username, email address, postal address, phone number, MITRIC ID (if applicable) or username and password;
Product data, such as data related to the services you have used;
Billing information and payment data, such as any VAT number, tax code, address, and possibly the company name;
Navigation data, such as connection data; IP addresses, domain names, and other parameters related to the browser and operating system used by you; log data; configuration data; data related to registrations made, interaction and transaction processes, performance indicators; data related to browsing flows and page views; usage and counts of features;
Usage data of services provided by MITRIC. The usage data related to the different services used by you may be interconnected for lawful and transparent purposes, listed in the following paragraph.
Purposes of Processing
The processing of the above-mentioned categories of personal data is carried out by the Company, in the course of its economic and commercial activities, for specific purposes, as described below.
1. Contractual and Legal Purposes
Allow you to navigate the site and use the Services.
Registration and management of the account (including any account verifications and recovery of credentials, if applicable) and use of the functionalities connected to the account itself.
Execution of activities necessary for the conclusion and execution of the contract for the provision of the requested, purchased, or used service, also through the site and the Services.
Management of requests related to webinar and events registration, quotation preparation, order processing, provision of assistance and support.
Handling of any complaints and requests, sending service communications and updates, both through traditional communication tools such as postal mail and through remote communication tools, such as email, chat, phone, SMS, chatbot, banners, notification systems, and other remote communication tools.
Customer assistance activities, help desk, and support for the use of Services, Consulting, tutoring activities, and management of open tickets for assistance purposes, also through usage data.
Compliance with obligations arising from current law, regulations, or community legislation (e.g., tax and accounting obligations) or management and response to requests from competent administrative and tax authorities as well as the judiciary.
The purposes listed above are collectively referred to as "Contractual and Legal Purposes," and the express consent of the data subject is not required. The provision of your personal data for the aforementioned purposes is necessary and mandatory; therefore, in case of refusal, we will not be able to proceed with the contractual relationship with you and the provision of the requested services.
2. Legitimate Interest Purposes
For statistical and research analysis regarding the products purchased and the services provided to you and their use, also for the improvement and development of the same services, even through the interconnection of data between different Data Controllers and the Data Controller. In compliance with the principle of minimization, where possible, this activity will take place after anonymization and aggregation of the collected data.
For the evaluation of your satisfaction with the services provided by MITRIC, or the resolution of any difficulties and issues related to their use, e.g., "caring" initiatives to help you make the best use of the service and improve the customer experience.
To assert and defend the rights of the Company, also in the context of debt recovery procedures and assignment of credits to authorized companies, even through third parties, and to prevent and counter any fraud.
To carry out a potential merger, transfer of assets, business transfer, business unit transfer, or financial operations by communicating and transferring data to the involved third parties.
To send marketing communications via email, in accordance with Article 130, paragraph 4 of Legislative Decree 196/2003, as amended by the GDPR ("Privacy Code"), about services or products similar to those covered by the contract concluded with MITRIC, with the understanding that, at any time, you will have the opportunity to object to the sending of such communications;
To carry out customer segmentation activities, to which communications for Marketing Purposes can be sent based on what is indicated in this information, based on non-invasive membership categories, such as, among others, the professional category of membership, the city/province/region where it is based, the type of service purchased. This customer segmentation activity may also be carried out on third-party platforms, through interconnection activities with the data of the third-party platform. In this case, communications for Marketing Purposes will be sent in accordance with the consents expressed by you and in compliance with what is indicated in this information. In this context, data may also be used to detect profiles of similar customers.
The described "Legitimate Interest Purposes" do not require your specific consent, falling within the exception provided for in Article 6, paragraph 1, letter f) of the GDPR. In any case, in accordance with the GDPR and the Privacy Code, the Company has conducted a thorough balancing of interests aimed at protecting and ensuring the privacy and fundamental rights of data subjects.
3. Marketing Purposes
To send you updates on news and commercial offers of MITRIC Services, including by interconnecting usage data and analyzing your behavior both in relation to the use of Services and to invite you to participate in events, conduct market research, or other commercial and customer satisfaction initiatives, both through traditional communication channels such as postal mail or phone calls by an operator and through automated communication tools such as email, chat, messages (SMS), chatbots, and other remote communication tools;
To communicate your personal data to MITRIC, MITRIC SA, and its Affiliates and/or commercial partners belonging to its sales network, for the sending of marketing communications and other commercial initiatives.
The processing of your data for "Marketing Purposes" is not mandatory. Therefore, your prior consent is necessary, which the Customer will request from time to time in the most appropriate forms for each of the activities described above. The expressed consent can be revoked by you at any time without any consequences regarding the contractual relationships with
the Company. The Customer undertakes to identify the data subjects involved from time to time to ask for their prior consent and consequently undertakes to keep such consent, in full compliance with the GDPR and the Privacy Code.
Communication, Dissemination, and Transfer of Data
In accordance with the principles of purpose and minimization, your personal data may be communicated to the following third parties who perform activities functional to those related to the product or service purchased, such as: (a) third-party service providers for assistance and consultancy services for the Company with reference to activities in sectors (by way of example only) technological, accounting, administrative, legal, insurance, (b) MITRIC, MITRIC SA, and its Affiliates, (c) in cases where the contractual relationship involves the intervention of commercial partners, the Company may share some of your personal data with its distributors, resellers, and partners in the MITRIC service distribution chain; (d) banks and credit institutions; (e) debt recovery companies; (f) public bodies and authorities whose right of access to your personal data is expressly recognized by law, regulations, or provisions issued by competent authorities; (g) potential buyers of the Company and entities resulting from the merger or any other form of transformation concerning the Company; (h) public databases and credit information systems.
For Marketing Purposes, and subject to your specific consent, your personal data may also be communicated to third parties and commercial partners responsible for marketing campaigns carried out on behalf of MITRIC, MITRIC SA, and its Affiliates.
These recipients, depending on the cases, process your data as independent data controllers, data processors, or authorized data processors. The complete and updated list of subjects processing data as data processors is available on request from MITRIC, according to the contact methods indicated in this notice.
Transfer of your personal data outside the European Union
Subject to the above, your personal data may be freely transferred within the European Union. However, where, for the purposes indicated, the Company needs to transfer your personal data outside the European Union to countries not considered adequate by the European Commission (e.g., United States), the Company will adopt the necessary measures to protect your personal data, in compliance with the legal guarantees under the applicable regulations and in particular Articles 45 and 46 of the GDPR.
If you wish to receive further information on the guarantees in place and request a copy of them, you can contact the Data Protection Officer as indicated in this notice.
Data processing methods
Your personal data is processed by the Company with electronic and manual systems according to the principles of fairness, loyalty, and transparency provided by the applicable legislation on the protection of personal data and protecting your confidentiality through technical and organizational security measures to ensure an adequate level of security, as also described in the ISO IEC 27001 manual of MITRIC.
These treatments take place at the Company's headquarters and/or at external data processors who process the data on behalf of the company. With reference to usage data, in compliance with the purposes described and, if necessary, with your express consent, analysis activities can be carried out, also by interconnecting your data related to the different services purchased from MITRIC, during the online use of the services themselves. For usage statistics, the Company uses tools that allow the collection of usage data. The Company uses analytical tools such as:
Web and customer analytics;
Analytics and document search;
Querying and Dashboarding.
Data retention
The data will be stored for the period of time necessary to achieve the purposes for which the data was collected, as stated in this notice. In any case, the following retention terms will apply with reference to the processing of data for the purposes listed below:
for Contractual and Legitimate Interest Purposes, the data is kept for a period equal to the duration of the provision of the services used by you and for the subsequent 10 years (period in which the prescription for any contractual liability that may be asserted by the Customer against MITRIC matures), except in cases where storage for a subsequent period is required for any disputes, requests from competent authorities, or in accordance with applicable law;
for Marketing Purposes, the data is kept for a period of 24 months from the date on which the consent is given or renewed on the occasion of the purchase of a new MITRIC service or its renewal, or the date of the last contact with you, including, among others, the termination of the contractual relationship, participation in a Company event, the use of a service provided by the Company, or the opening of a newsletter (collectively defined as the "Last Contact").
Change of choices and withdrawal of consent
If you change your mind, you can change the consent given for marketing purposes at any time by contacting us according to the methods provided in this notice. The possible non-release or withdrawal of consent does not in any way affect the use of our services.
Rights of the data subjects
In relation to the processing of data described in this notice, you can exercise at any time the rights provided by the GDPR (Articles 15-21), including:
receive confirmation of the existence of your personal data and access its content (right of access);
update, modify, and/or correct your personal data (right of rectification);
request the deletion or limitation of the processing of your personal data processed unlawfully, including those for which storage is not necessary in relation to the purposes for which the data was collected or otherwise processed (right to be forgotten and right to limitation), subject to an overriding public interest or a legal obligation of the Company to retain them;
oppose the processing, including profiling (right of opposition), except for the existence of an overriding legitimate interest of the Company in continuing the processing;
withdraw consent, if given, for marketing activities;
submit a complaint to the supervisory authority (Italian Data Protection Authority www.garanteprivacy.it) in the event of a violation of the discipline on the protection of personal data;
receive an electronic copy of the personal data concerning you, in order to transfer it to yourself or to a different service provider, in cases where the Company processes such data based on your consent or on the basis that the processing is necessary for the provision of the services requested by you, and the data is processed through automated tools (right to data portability).
To exercise the rights relating to the protection of personal data at any time and free of charge, you can contact the Data Controller, who can be contacted by sending a request to gdpr@mitric.com, or by sending the communication by mail to:
Mitric S.r.l.
Registered office: via Leone XIII, 14
20145 Milan
Attn: Data Controller
When contacting the Company, make sure to include your name, email/postal address, and/or phone number(s) to ensure that your request can be handled correctly.
Changes and updates
This information may be subject to changes also as a result of any changes and/or regulatory integrations. Changes will be notified to the data subjects, and the constantly updated text of the information will be available on the Platform.
This text has been translated using automated systems.