1. To whom is this document addressed?
1.1 This Policy made pursuant to Articles 13 and 14 of Regulation (EU) April 27, 2016 No. 679, is intended to illustrate how the company Mixo Consulting srl with VAT No. IT02336610908 (hereinafter also the "Company" or simply "MIXO"), processes personal data collected in the context of the use by the user, applications and services offered through this website “mixo.it”.
1.2 MIXO as the Data Controller, is primarily responsible to the user for any questions, concerns or complaints regarding the present Policy or the processing of the user personal data. In case you, as a User and "data subject" need any clarification regarding the processing of your personal data, please contact us at the following contact details:
Address: Via Tetti dell’Oleo 17/2110071 Borgaro T.se (TO) - ITALY
E-mail: mixo@mixo.it
Phone: +39 011 4407838
Data Protection Officer (DPO): NOT APPOINTED
2. What personal data do we process?
2.1 Data provided by the user. As a user you may provide us with data, including data that allows your identification "personal data," when you use our Web site, contact us, request or purchase our goods or services. Where such data is requested by us, we will collect the data indicated in the relevant forms or pages. As a user, you can choose to provide us with additional information when you contact us or otherwise interact with us.
2.2 We collect your personal data when you communicate with us in person, through our website, e-mail, by phone, or through any other means. For example, we collect your contact details and the details of the messages we exchange (including details of when you sent them, when we received them, and in some cases even where you sent them from).
2.3 If you purchase services from us, such as our consultancy solutions or other services, we will also collect billing address and payment information, as well as details of the goods or services purchased.
2.4 If you sign up for our newsletter or other forms of direct communication with us, you may need to provide your name, e-mail address, or other specific data from time to time stated.
2.5 As a user, you can also provide us, including through the appropriate Acquisition Forms available on the pages of the website, with personal data (such as the content of communications exchanged with us and contact details) in order to receive further information and/or services. The data will be processed by us exclusively for the purposes strictly related to your request. Any refusal to provide such data may affect your ability to benefit from the service or to receive the requested information.
2.6 The data we collect automatically. When you visit our website, we may automatically collect the following data: your IP address, login data, browser type and version, browser plug-in types and versions, operating system and platform, visit-related data, including URL clickstream through and from our website, products viewed or searched, download errors, timing and duration of visits to certain pages, and page interaction. We collect data automatically through the use of various technologies, including through "cookies" (see Section 8 of this Policy).
2.7 We also collect data through our security systems (e.g. Antivirus and Firewall) as you browse our web pages or use our cloud applications.
2.8 Dati che riceviamo da altre fonti. Possiamo ricevere dati relativi alla tua persona da altre fonti se utilizzi uno qualsiasi degli altri servizi che forniamo su questo sito web. Lavoriamo anche a stretto contatto con terzi (inclusi, ad esempio, partner commerciali, subappaltatori di servizi tecnici, fornitori di analisi) e potremmo ricevere da loro dati concernenti la tua persona (inclusi i dati che sono pubblicamente disponibili).
2.9 Data we receive from other sources. We may receive data about you from other sources if you use any of the other services we provide on this website. We also work closely with third parties (including, for example, business partners, technical service subcontractors, analytics providers) and may receive data about you from them (including publicly available data).
3. How do we process your data
3.1 We process the data we collect to give you the best possible experience when you access our website and interact with us, including by purchasing or using our services and products. This includes processing your data, as a user, for the following purposes: (a) Providing and improving our products and services for you or your company: we process your data in order to provide and improve products and services requested by you or your organization. This also includes processing your data to make payment to you or your organization or to receive payment from you or your organization. We process your data to improve our products and services to better meet the technical needs of all our customers;
(b) Website administration: we process your data to manage our website for internal operations, including problem solving and to understand any errors encountered while using our website;
(c) Security: we process data collected on our website to keep it secure and to manage our IT systems;
(d) Marketing: we process your information to communicate with you and to keep you updated about our activities and about those of Companies in which you may be interested and to provide you, and other users, of our site with suggestions and recommendations about products or services that may be of your interest. We will provide this information to you by e-mail or telephone. Please see Section 6 of this Policy for more details;
(e) Online advertising: we use your data to measure or understand the effectiveness of the advertising we offer to you and other users, and to offer you relevant advertising. See section 7 of this Policy for more details. We also use your data to communicate with you through social media in order to develop our brand on social medias as well. We specify that the information you voluntarily release to us on socials will be used only for the purposes set forth in this Policy;
(f) Examining any complaints and provide customer service: data processing may also be done in order to examine any complaints you may have made and to provide more efficient customer service. We may also process your data to ensure the quality and effectiveness of our complaints handling or customer service requests;
(g) Recruitment: in order to work in our company, we accept online applications sent through e-mail; our company, to whom you freely chose to forward your application, will receive the data in the application itself and in the documentation attached to it (including, if necessary, resume and cover letter). We will process your personal data only for the purpose of advancing the selection process, evaluating and making a decision about your suitability for the role, communicating with you, and conducting any screening. We will also process your data to comply with legal obligations;
(h) Necessary communications: we may process your data in order to make necessary communications in response to requests we are legally required to fulfill, to law enforcement or judicial authorities, or in defense of a right.
4. Why do we process your data?
4.1 Your personal data is processed according the following legal bases:
(a) the necessity of processing for the pursuit of our legitimate interests: this includes, for example:
(1) providing our products and services to our users;
(2) ensuring that our website, network, and IT infrastructure are secure and are used appropriately;
(3) better understand how our products, services and website are used and being able to make improvements;
(4) research and analyze desired products and services;
(5) adapt more relevant content and offerings to our users;
(6) ensure our business and our partners safety; and
(7) develop and maintain relationships with suppliers, partners, other companies, and the people who work for them;
(b) the need to fulfill a legal obligation: for example, we may need to disclose your information at the request of a competent governmental or judicial authority;
(c) where you have provided your consent: for example, we may require your consent when using technologies such as cookies.
4.2 For more information about our legitimate interests in processing personal data, please contact us via the information that are provided in Section 1.
4.3 If, as a user, you are unable or unwilling to provide personal data that we need for the performance of a contract or to fulfill a legal obligation, this may result in our inability to fulfill your request. For example, if you do not provide us with your full business name, we will not be able to process your order.
5. How we share and disclose your data
5.1 We may share your data with third parties when:
(1) it is necessary to engage a third party service provider in order to facilitate or extend our services;
(2) when explicitly requested by you;
(3) when required by a court order or any legal or regulatory obbligations;
(4) in connection with the sale, transfer, or reorganization of a business;
(5) in order to enforce our contracts and, in the event of a legal claim, if requested, data may be transferred to defend against such a claim,
(6) to ensure the safety of our users, customers and third parties; and
(7) to protect our rights and property and the rights and property of our customers and third parties.
5.2 Third parties are considered to be entities that provide a service to us or act as our representatives, such as, without limitation, subcontractors (including their representatives), professional consultants, IT vendors, database providers, backup and disaster recovery specialists, email providers, and other service providers necessary to improve our products and services.
5.3 Our suppliers and service providers will be required to comply with our data processing and security standards. The data we disclose, including your personal data, will be provided only in connection with and to the extent strictly necessary for the performance of their function. They will not be permitted to use your personal data for purposes other than those set out in this policy.
6. How to enable or disable direct marketing
6.1 We may use the data you provide for direct marketing purposes in order to send you updates, newsletters or other communications that we believe may be of your interest.
6.2 Where required by law, the sending of commercial e-mail messages will only take place after your consent has been obtained. In any case, we offer you the opportunity to unsubscribe from any communication sent.
6.3 As a user, you may object at any time to receiving marketing-related information from us by contacting us through the information we have provided in section 1 or by selecting the unsubscribe option in our communications.
7. Cookies and other technologies
7.1 We automatically collect data through the use of "cookies." Cookie are text files containing small amounts of data that a website can send to your browser, which can then be stored on your computer as a tag that distinguishes your computer but does not identify you. Some of our Web site pages use cookies to provide you with better service during subsequent uses of the website. You can set your browser to notify you before you receive cookies so that you have a chance to decide whether or not to accept it. You can also set your browser to disable cookies; however, if you do so, some of our Web sites may not function properly. We also use pixel tracking technologies in our emails to verify clicks on embedded links or images and the opening of newsletter emails. This data is collected in order to obtain statistical data about our website and emails, as well as to identify each user's favorite features and content in order to send personalized information.
7.2 For information about the specific cookies used on this website, please see our Cookie Policy on the website.
8 Links to other websites and social medias
8.1 We provide links to other websites for informational purposes only. Other websites are beyond our control and this Policy does not apply to them. If you access other websites using the links we have provided, the operators of those websites may collect your information and use it in accordance with their Privacy Policy, which may differ from this Policy.
9. Data Retention
9.1 We will not retain your data for longer than necessary for our business purposes or to fulfill our legal obligations.
9.2 We will retain a copy of your contact details in case you object or refuse to receive direct marketing communications from us. We will add your data to our deletion list to ensure that you no longer receive any marketing communications from us. In addition, we will not delete personal data if it is relevant to an investigation or litigation. The data will continue to be retained until such issues have been fully resolved.
10. User’s Rights
10.1 In accordance with the applicable law, under certain circumstances and in relation to the user personal data they may exercise the following rights. Before responding to any request, we reserve the right to verify the identity of the requestor and to obtain further details regarding the request.
(a) Right of access to personal data. The user has the right to obtain confirmation as to whether or not we are processing personal data about you and if so, to obtain access to the personal data processed. You have the right to obtain a copy of the data being processed. This right is applicable only if it does not lead to infringement of the rights and freedoms of others. On this point, we point out that in the case of your request for additional copies, you may be charged a fee by us based on our administrative costs.
(b) Right to rectify, erase or restrict the processing of personal data. If you wish to rectify, erase or restrict the processing of your personal data, please contact us using the information we have provided in Section 1. It is your responsibility to ensure that you provide data that is true, accurate, complete, and kept up-to-date.
(c) Right to withdraw consent. If you have provided us with consent to process your data, you may revoke it at any time
(d) Right to data portability. If the processing is based on your consent or contract and is carried out by electronic means, you have the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you that you have provided to us and you have the right to transmit such data to another data controller without hindrance from us.
(e) Right to object. As a user, you have the right to object to the processing of your data under certain circumstances. For example, you may benefit from this right if the processing is based on our legitimate interests (or those of third parties). You can challenge the merits of our legitimate interests. However, we may have the right to continue to process such personal data on the basis of our legitimate interests or when this is relevant in connection with legal actions, or the data is necessary for the establishment, exercise or defense of a right in court. You also have the right to object to the processing of your personal data for direct marketing purposes.
(f) Right not to be subjected to automated decision-making.
(g) Compensation. We also remind you that anyone who suffers a material or immaterial damage caused by a violation of Regulation (EU) 2016/679 has the right to obtain a compensation from the data controller or processor.
(h) Right to lodge a complaint with the supervisory authority. Without prejudice to the possibility of approaching our Company to exercise your rights related to the processing operations, you may lodge a complaint before the competent independent administrative authority in the Member State of the European Union where you normally live, where you work, or where an alleged violation of the law on the protection of your personal data has occurred. In the Italian territory you can lodge a complaint with the Supervisory Authority
Guarantor for the Protection of Personal Data
Switchboard: +39 06 69977
E-mail address: garante@gpdp.it
Electronic Certified Mail address: protocollo@pec.gpdp.it
Website: https://www.garanteprivacy.it
Forms for exercising your rights
To exercise your rights towards the owner, you must use the following form:
https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924
Remember: in order for you to exercise your rights, your identification is required.
10.2 If you have an Account, you may access your personal data we hold about you through your Account in order to obtain a copy of it as well as correct, edit or delete inaccurate information. You also have the option to close your Account at any time.
11. Data Security
11.1 We apply physical, technical and administrative measures to protect personal data under our control from unauthorized access, collection, use, disclosure, reproduction, modification or deletion. All data you provide is stored and archived on secure servers.
11.2 If you have a password that allows you to access our services or Websites, it is your responsibility to keep it secure and confidential..
12. International Transfers
12.1 Since the Internet is meant for public use, using it to collect and process personal data necessarily involves international data transfers. We generally store all of your personal data that we collect through our website in your country (e.g. for European visitors, in the European Economic Area). However, it is possible that your personal data may be transferred to third countries (where data protection laws may be different, e.g. in the United States).
12.2 In the case of data transfer to third countries, we have implemented appropriate security measures and protections to ensure that your data is adequately protected in those third countries (for example, using standard contractual clauses). If you would like more information about the security measures we have implemented, you can contact us using the information we have provided in session 1.
13. Changes to the Policy
13.1 This Policy was last updated on 01/12/2020. A notice will be posted on our website home page for 30 days whenever this Policy is substantially changed.
14. Questions regarding this Policy
14.1 This website is managed by MIXO. If you have any questions, concerns, or complaints about this Policy or the handling of your information, you may contact us by e-mail at: mixo@mixo.it
Definitions:
Processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4.2 GDPR).
personal data: any information concerning an identified or identifiable natural person;
special data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data relating to a person's health or sexual orientation (art. 9 GDPR)
judicial data: personal data relating to criminal convictions and offences (Art. 10 GDPR);
data subject: the identified or identifiable natural person to whom the personal data relate;
GDPR or Regulation: the EU Regulation 2016/679 (General Data Protection Regulation) on personal data protection;
risk: a descriptive scenario of an event and its consequences, which are estimated in terms of severity and likelihood for rights and freedoms.
restriction of processing: the marking of personal data stored with the aim of limiting their processing in the future;
profiling: any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that person's professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
pseudonymization: the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that such personal data is not attributed to an identified or identifiable natural person;
Archives: any structured set of personal data accessible according to specified criteria, regardless of whether such set is centralized, decentralized or functionally or geographically distributed;
Data controller: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to its designation may be established by Union or Member State law
Data processor: the natural or legal person, public authority, service or other body which processes personal data on behalf of the controller
Recipient: the natural or legal person, public authority, service or other body receiving communication of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by these public authorities is in accordance with the applicable data protection rules according to the purpose of the processing;
Third party: the natural or legal person, public authority, service or other body other than the data subject, the data controller, the data processor and persons authorized to process personal data under the direct authority of the data controller or processor;
Consent of the data subject: any manifestation of the data subject’s free, specific, informed and unambiguous will by which the data subject indicates his or her assent, by way of a statement or unambiguous affirmative action, that personal data concerning him or her be processed.
Personal data breach: a security breach that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed
Supervisory authority: the independent public authority established by a member state;International organization: an organization and the public international law bodies subordinate to it or any other body established by or on the basis of an agreement between two or more states.
FORM: in data processing this term is used to refer to the interface of an application that allows the client user to enter and send to the web server one or more data freely typed by the client; the metaphor of a "form to fill in" for data entry may be useful in describing it.
Clickstream URL: Clickstream is the analysis of users' browsing flow. It allows us to monitor the ways in which users navigate, purchase processes, reaction to advertising messages, etc. etc.
