Privacy Policy

Dear user,

On 25 May 2018, Regulation (EU) 2016/679 on the protection of personal data (GDPR) became applicable.

This Privacy Policy applies to this website and to the Facebook page of Mecad s.r.l., accessible at https://www.facebook.com/mecadshop.

We are committed to collecting and processing your data in compliance with the GDPR and therefore wish to inform you of the following.

Data Controller

The Data Controller is Mecad s.r.l., Colli al Metauro (PU) 61036, loc. Calcinelli, via Camillo Olivetti 19, VAT IT02503000412.

The Controller may be contacted by email at info@mecad.eu.

Joint controllership regarding the Facebook page

Facebook makes Page Insights available to page administrators — aggregated statistics created from certain events recorded by Facebook servers when people interact with pages and their associated content, for example by liking or unliking, or commenting on a post.

The categories of recorded events are established solely by Facebook and cannot be configured or modified by Page administrators. Page administrators do not have access to users’ personal data, but only to statistical data.

Page Insights are processed by the Page administrator in order to obtain information about how people interact with the Page and its associated content, and to assess the suitability of published content (legal basis: legitimate interest).

With regard to Page Insights, the joint controllers are:

Mecad s.r.l., Colli al Metauro (PU) 61036, loc. Calcinelli, via Camillo Olivetti 19, VAT IT02503000412

and

Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For further information, please refer to the Addendum on the Data Controller for Page Insights at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

Categories of data collected

We collect and process data in accordance with the data minimisation principle and therefore ask you to provide only the data strictly necessary for the purposes of the processing.

The data you provide voluntarily includes:

– data entered in the contact form (name and email address)

– data visible when a user interacts with the Facebook Page (name, surname, etc.) or provided voluntarily by the user through messages posted or sent privately

We automatically collect your IP address and browsing data via cookies and similar technologies in order to analyse the use and effectiveness of our services, keep our website secure, improve your browsing experience on our site, and provide additional services upon your request.

For further information please refer to our Cookie Policy.

Purposes and legal basis of processing

Data collected via the contact form is processed in order to respond to users’ information requests (legal basis: legitimate interest).

Data provided via the Facebook page is processed in order to communicate with users, respond to requests, carry out page moderation, analyse the page audience, assess the suitability of published content, and prevent unlawful activities (legal basis: legitimate interest).

Data will be processed in order to comply with any legal obligations (including tax, accounting and administrative obligations), national and EU regulations, and orders issued by judicial or administrative authorities (legal basis: compliance with a legal obligation to which the Controller is subject).

We may also process your data in order to assert or defend a right of the Controller in legal proceedings and to handle any complaints or disputes (legal basis: legitimate interest).

Processing methods

Data will be processed by manual or electronic means by the Data Controller or by authorised personnel (processors) acting in accordance with this Privacy Policy.

Consequences of failing to provide personal data

The provision of your personal data is optional; however, in the absence of data marked as “mandatory” in the forms on the site, it will not be possible to provide the requested service.

Data disclosure

Data is not subject to disclosure to unspecified recipients and may be communicated to natural or legal persons engaged by the Controller to carry out activities related to the provision of the service, such as the company or professional managing the website (limited to technical access for maintenance and web server management purposes) and companies or professionals providing administrative, accounting, tax or legal services.

Data may also be communicated to Public Authorities and credit institutions where disclosure is required by law or other regulations.

Any transfers of data outside the European Union will be carried out on the condition that the recipient complies with the provisions of the GDPR, on the basis of an adequacy decision or the execution of standard contractual clauses for the protection of personal data approved by the European Commission.

Data retention

Data will be retained at the Controller’s premises and at the external provider’s premises for the period strictly necessary to achieve the purposes indicated above; once this period has elapsed, data will be deleted or rendered anonymous.

The data retention period is determined with reference to the purposes of the processing, and therefore:

data collected for the purpose of responding to users’ information requests will be retained for the time necessary to fulfil those requests;

data collected for the purpose of complying with legal obligations, EU regulations or orders issued by judicial or administrative authorities will be retained for the period established by the specific laws, EU regulations or orders to which the Controller is subject. With regard to processing for tax, accounting and administrative purposes, the law requires a retention period of ten years;

data collected for the purpose of preventing or prosecuting unlawful conduct and protecting our rights will be retained for the entire duration of the dispute and any judicial proceedings, and until the expiry of limitation periods.

Rights of the data subject

As a data subject, you are guaranteed all the rights set out in Articles 15–22 of the GDPR, including:

– the right to obtain from the Controller confirmation as to whether or not personal data concerning you is being processed and to access such data (right of access);

– the right to obtain from the Controller the rectification of inaccurate personal data and the completion of incomplete data (right to rectification);

– the right to obtain from the Controller the erasure of data concerning you, where one of the conditions set out in Article 17(1) of the GDPR applies and subject to the exceptions provided for in paragraph 3 of that Article (right to erasure / right to be forgotten);

– the right to obtain from the Controller restriction of processing where one of the circumstances referred to in Article 18(1) of the GDPR applies;

– the right to receive from the Controller the data concerning you in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another controller (right to data portability);

– the right to object to the processing of personal data concerning you and, in particular, the right to object to processing carried out for direct marketing purposes;

– the right to withdraw consent to processing, limited to cases where the processing is based on your consent. Processing based on consent carried out prior to the withdrawal of consent remains lawful;

– the right to lodge a complaint with the Data Protection Authority, without prejudice to any other administrative or judicial remedy.

You may at any time exercise your rights by contacting the Controller at the contact details provided above.