Privacy Policy

(Privacy Policy”)

(Version “00”, March 2017)

INDICE

    1. General provisions

    2. Scope of application

    3. Types and source of processed Personal Data

    4. Purposes of the processing. Consequences in case of failure to provide

    5. Persons in charge of the processing and processors

    6. Processing of the hidden Personal Data (of Website navigation)

    7. Methods of processing, storage of Personal Data and security measures

    8. Data Subjects’ rights

1. General provisions

    1. 1. Definitions. In this document, the following terms generally indicated with a capital letter (whether they are singular or plural), save as otherwise specified herein, shall have the meaning set out in the General Conditions.

    1. 2. Data Controller. In accordance with section 13 of the Legislative Decree June 30, 2003, n. 196 (“Personal Data Protection Code”), Mailcoding, in its capacity as personal data controller (“Controller”), provides information relating to the processing of personal data (“Personal Data”) supplied by navigators (“Navigators”), Customers, Users and Guests (hereinafter defined “Data Subjects”) or collected by the Controller through the use of the Website and/or the Service.

    1. 3. Extended applicability. This Privacy Policy – as far as compatible – shall also be applicable to accounts activated and managed by Controller on Channels (such as, for example, Facebook™, Twitter™, Linkedin™).

    1. 4. Amendments. The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and E.U. laws and regulations on Personal Data protection. The Privacy Policy shall be published on the Website and marked with progressive identification numbers and month of publication. Any new release of the Privacy Policy shall be published on the Website as a replacement of the previous version and shall be valid and enforceable from the publication date, unless otherwise specified.

    1. 5. Applicable rules. The Controller processes Personal Data in accordance with the principles of legitimacy, fairness, proportionality and the principles requiring that processing of Personal Data be relevant and not excessive to achieve the purposes for which said data are collected. Processing of Personal Data shall be made in accordance with provisions of the Personal Data Protection Code, guidelines issued by the Italian Data Protection Authority (“Data Protection Authority”) and the E.U. Directive 2002/58/CE, as updated by E.U. Directive 2009/136/CE on Cookies.

    1. 6. Cookies. For Personal Data collected automatically/electronically through the Website and, in general, for the information stored in terminal equipment of Data Subjects (“Cookies”) and the subsequent access to such information, all persons concerned are invited to read the Cookies Policy, published on the Website.

2. Scope of application

    2. 1.Scope of application. The Privacy Policy shall be applicable to Data Subjects, natural persons and – as far as compatible – legal persons, who navigate through the Website and use the Service.

    2. 2.Validity and enforceability. Mailcoding, in its capacity as Controller, is only liable for the processing of Personal Data, which are under its own powers, duties and liabilities. The Privacy Policy shall not be deemed valid and enforceable for any processing made by third parties whose websites may be reached by the Website.

3. Types and source of processed Personal Data

    3. 1. Source. The Controller may process Personal Data – as hereinafter specified – which are voluntarily provided by Data Subjects according to the instructions published on the Website.

    3. 2. Identification data. The Controller processes common identification Personal Data provided by Data Subjects to Mailcoding to use the Service. These data may include, without limitation, the following Personal Data: name, surname, social network and e-mail accounts, domain names, images consisting of personal portraits (where uploaded by Data Subjects) as well as data required for invoicing purposes (tax code and/or V.A.T. code, residence for tax purposes),where an invoice is required. Bank account details and data referred to payments shall be processed exclusively by Financial Intermediaries through which payments are made; as a consequence, Data Subjects are invited to refer to Privacy Policies of such Financial Intermediaries for the relevant type of payment choosen.

    3. 3. Sensitive data. The use of the Website and the enjoyment of the Service do not include any processing of sensitive data, that is personal data allowing the disclosure of racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life. Data Subjects are consequently invited not to provide, forward or disclose sensitive Personal Data through the Website and/or Channels. Unless Data Subjects have given their express consent to the processing, the sensitive Personal Data possibly received shall be erased and/or destroyed or otherwise transformed into anonymous form by the Controller.

4. Purpose of the processing. Consequences in case of failure to provide

    4. 1.Purposes. The Controller processes Personal Data for the following purposes, as specified in the table hereinbelow, in which is furthermore highlighted if an express consent to the processing of Personal Data is needed (or not):

    Purposes

    Consent

    allow accomplishment of all formalities required by law,
    including transmission of tax documents

    not required

    reply to e-mails or communications sent to Mailcoding by Data
    Subjects through contact details published on the Website
    (email account)

    not required

    perform obligations arising from the Agreement and, in general,
    the Rules (such as, for example, collecting Personal Data,
    uploaded by any Data Subject on the Dashboard; publishing
    Personal Data whose publication has been chosen by the Data
    Subject concerned, with the sole exception of personal data to be
    mandatory provided according to General Conditions sending
    communications regarding the Service pursuant to General
    Conditions)

    not required

    send newsletters of a general informational, promotional and
    advertising nature, for example, in relation to the Website’s
    functionalities, to Mailcoding and third parties, also for
    statistical analysis purposes

    required

    erase Personal Data associated with a Mailcode at the end of the
    Period of Inactivity, as provided by the General Conditions

    not required

    4. 2. Mandatory or optional supply of Personal Data. The mandatory or optional nature of provision of Personal Data is specified in the on line registration form to be filled in. In all other cases, Personal Data provision shall be considered as optional.

    4. 3. Refusal for processing. Any refusal to provide mandatory Personal Data, other than tax data, or any objection, on legitimate grounds, to the processing of Personal Data already supplied shall prevent Mailcoding from providing the Service.

5. Persons in charge of the processing and processors

    5. 1.Persons in charge of the processing. Directors, shareholders, employees and independent collaborators of the Controller (independently from the contractual relationship concerned) may process Personal Data in their capacity as designated persons in charge of the processing, according to section 30 of the Personal Data Protection Code.

    5. 2.Joint controllers and processors. The Controller may designate as processors internal and external entities/individuals, including but not limited to (legal and tax) advisors and third companies (in particular, internet service providers and service providers). The complete list of all processors may be required by Data Subjects to the Controller. In some cases, a third entity may act as joint controller.

    5. 3.Limitations. Persons in charge of the processing and processors – if appointed – shall be appropriately trained and duly empowered to allow access to Personal Data according to the specific duties and tasks assigned and in compliance with the Privacy Policy.

6. Processing of hidden Personal Data (of Website navigation)

    7. Navigation data. The Controller processes hidden Personal Data collected during navigation in accordance with the Cookie Policy.

    8. Link. The Website may include hypertextual links to other websites that are not managed or otherwise associated to Mailcoding. The Controller hasn’t any kind of access to or control of such websites. Data Subjects are requested by Controller to read the privacy policies of such third parties websites to which Data Subjects may access from the Website, in order to know the personal data collection and processing methods.

    9. Access data to the newsletter. The analysis of the newsletter opening and consultation Personal Data is carried out for statistical analysis purposes in order to provide Mailcoding with information on the use of the same, which may be useful to amend its contents and formats.

7. Methods of processing, storage of Personal Data and security measures

    7. 1. Methods of processing. The Personal Data of Data Subjects are processed almost exclusively through automated procedures, by using computerized systems and softwares which govern the Website and Service management and functionalities, or, in a limited number of cases, through manual means (e.g. on paper), provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to guarantee their security, in accordance with section 11 of the Personal Data Protection Code.

    7. 2. Uploading of Data. Mailcoding through the Service allow Customers and Guests to upload some common identification Personal Data on the Dashboard and to make them visible or not to Navigators. Such activities shall be regarded as an explicit consent to the processing.

    7. 3. Luogo del trattamento e della conservazione dei Dati. Processing of Personal Data is made in the head offices of the Controller and/or – if appointed – of the processors and/or of the joint controllers. Personal Data are stored in the head offices of the Controller where the physical servers are and in some cases on servers of third parties, which provide cloud services to allow storage of Personal Data. Personal Data processed are stored until the Data Subjects’ withdrawal of consent (e.g. for the Mailcoding’s newsletter transmission) and shall not be kept for longer than is necessary for the purposes for which said data are collected and/or in any case once the contractual relation has ended, with the sole exception of mandatory personal data as required by law. Following the cancellation of Personal Data associated with a Mailcode and the Mailcode itself at the end of the Period of Inactivity, the Customer Personal Data are stored on back up copies for a period of 30 days, at the end of which such data shall be erased, also as a result of overwriting of Personal Data of the new Customer to which the Mailcode is granted.

    7. 4.Dissemination of Data. Through the Dashboard, Data Subjects may identify Personal Data to be made visible by third parties on the Website. Said option may be exercised according to the instructions, on the Dashboard and shall be regarded as a given express consent to the dissemination of Personal Data, provided however that such a consent may be revoked by Data Subjects at any time and at their discretion/autonomously.

8. Data Subjectsrights

    8. 1. Rights. Data Subjects may directly address to the Controller or the processor/s designated by the same Controller in order to enforce their rights according to Personal Data Protection Code (section 7, as fully set forth hereinbelow); in particular, Data Subjects shall have the right to access their own Personal Data, obtain updating and rectification of their own Personal Data, object on legitimate grounds to the processing of their Personal Data (with the effects provided for in article 4.3 hereof), by sending an e-mail to the following address: privacy@mailcoding.com or, with specific regard to the newsletter, by clicking the “unsubscribe” button or following the instructions published on the Website.

***

Legislative Decree June 30, 2003, n. 196

Section 7 (Right to Access Personal Data and Other Rights)

1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.

2. A data subject shall have the right to be informed

a) of the source of the personal data;

b) of the purposes and methods of the processing;

c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;

d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); and

e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.

3. A data subject shall have the following rights:

a) to obtain updating, rectification or, where interested therein, integration of the data;

b) to obtain erasure, anonymization or blocking of data that have been processed unlawfully,

including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;

c) to obtain certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

4. A data subject shall have the right to object, in whole or in part,

a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;

a) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

Terms of Service