INFORMATION FOR THE PROCESSING OF PERSONAL DATA

pursuant to and for the purposes of art. 13 of the EU Regulation 2016/679 (hereafter “GDPR”) concerning the protection of natural persons with regard to the processing of personal data.

Mixer S.p.A. established in via Chiara, 6/C – 48012 Villa Prati di Bagnacavallo (RA) – P.IVA: 01254160391 – C.F.: 04371460728, (hereafter “The Holder”), as the data holder, informs you that the personal data acquired, with reference to the established relationships, shall be processed in compliance with the aforementioned law. In relation to the aforementioned treatments, the following information is also provided:

DATA CONTROLLER: Mixer S.p.A. in the person of its legal pro-tempore representative, established in via Chiara, 6/C – 48012 Villa Prati di Bagnacavallo (RA) – P.IVA: 01254160391 – C.F.: 04371460728 – tel. +39 0545 47125 – e-mail privacy@mixercompounds.com

EXTERNAL DATA CONTROLLERS: the data controllers list is available, upon request, at data holder headquarter.

1. Object of the processing

The holder treats personal data, identification (in particular: name, surname, tax code, VAT number, email address, telephone number – hereafter, “personal data” or even “data”) you have provided during the acceptance of this information.

2. Purpose of the processing

Your personal data are processed:

• without your express consent pursuant to art. 6 letters b), e) GDPR 2016/679, for the following purposes:
  • to fulfil the obligations established by law, by community legislation, by a regulation or by an order of the authority;
  • execution of the contract you have signed.
• Only upon your specific and distinct consent, pursuant to art. 7 GDPR 2016/679, for the following purposes:
  • carrying out direct marketing activities, such as sending – also by e-mail, text message – advertising material and communications with information and/or promotional content in relation to products or services provided and/or promoted by the holder or by his business partners;
  • carrying out individual or aggregate profiling activities and market research aimed, for example, on the analysis of consumption habits and choices, on the elaboration of statistics or on the assessment of the degree of satisfaction with respect to products and to the proposed services.

3. Nature of the data

The conferment of your personal data referred to in point 2 lett. A is mandatory, therefore, any refusal could result in a failure and/or in a partial execution of the contract and/or continuation of the relationship. The conferment of your data referred to in point 2 lett. B is optional, therefore, may at any time exercise the rights referred to in point 9 letter. a), b), c), d), e), f), g), h), i).

4. Modalities of the processing

The processing of your personal data is carried out by the operations indicated in the art. 4, n. 2 GDPR 2016/679 and more precisely: collection and registration, organization, conservation, consultation, cancellation and destruction of data. The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be carried out through automated procedures designed to store, manage and transmit them and will take place through appropriate tools, as far as reason and state of the art, to ensure safety and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination. Your personal data are subjected to both paper and electronic processing.

5. Data retention period

The data controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for the performance of the contract. After this deadline, the data will be destroyed or made anonymous.

6. Data access

The personal data processed by the data controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to workers working for the data controller and to some individuals who work with them. Finally, it may be communicated to the persons entitled to access it by virtue of legal requirements, regulations and community regulations.
In particular, based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the holder. The access to the data and/or the portability request will be fulfilled within the maximum term of 30 days, except for impediments and/or complexity in the execution. For the release of further copies of the personal data being processed, a fee will be charged based on the administrative costs incurred.

7. Recipients of the data

Even without your express consent pursuant to art. ex art. 6 lett. b) – c) and art. 13 lett. e) GDPR 679/2016, the data controller may communicate your data for the purposes indicated to supervisory bodies, judicial authorities, as well as to all other subjects, to whom communication is mandatory by law.

8. Data transfer

The management and storage of personal data will be carried out on servers located within the European Union belonging to the holder and/or to third-party companies commissioned and duly appointed as data controller. The data will not be transferred outside the European Union. In any case, it is understood that the data controller, where necessary, will have the right to move the server location to Italy and/or the European Union and/or non-EU countries. In this case, the data controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions.

9. Rights of the interested party

As an interested party, you are the owner of the rights referred to in art. 15 and ss. of the GDPR 2016/679 and precisely the right:

• to request the data controller, to have access to personal data (article 15), i.e. confirmation of whether the processing of your personal data is being processed and, in this case, have access to the data;
• to demand, to the data controller, a correction (article 16), that is to obtain the correction and/or integration of the incorrect personal data concerning you;
• to ask the data controller to delete them (art. 17) or to obtain the cancellation of data concerning them without undue delay;
• to ask the data controller to limit the processing that concerns it (Article 18), i.e. to obtain a confirmation that the processing of your personal data is limited to what is necessary for the storage purpose;
• to have the data portability (article 20) that is to obtain, in a structured common and legible format, your personal data;
• to object to their processing (article 21) or, at any time, to oppose, for any reason connected with your particular situation, the processing of your data;
• rights concerning the automated decision-making processes (article 22), i.e. the right not to be subjected to a decision based uniquely on automated data processing without your explicit consent;
• to cancel (Article 17), i.e. the right to obtain, in the cases provided for by the regulations, the cancellation of your personal data; furthermore, at any time, you may revoke the consent on which the treatment carried out is based, on the achievement of the consent to the processing;
• to lodge a complaint with the supervisory authority (Article 77), i.e. the right to appeal to the authority in the event that it considers that the treatment concerning you is infringing the Regulation.

10. Data breach and notification to the Privacy Guarantor and/or communication of the violation to the interested party

In case of violation of personal data – to be understood as a breach of security that involves accidentally or in an unlawful manner the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed – in which the risk for the rights and freedoms of persons is to be considered probable and/or high, the data controller will notify the Privacy Guarantor without delay and in any case no later than 72 hours, giving a description of the nature of the data breach, including the number of data subjects and the categories of data concerned. The name and address of the DPO will also be indicated.

Procedure for the exercise of any right

You may exercise, at any time, the above rights by sending:

• a registered letter to: Mixer S.p.A. via Chiara, 6/C – 48012 Villa Prati di Bagnacavallo (RA)
• an email PEC to mixerspa@pec.it
• an email to a privacy@mixercompounds.com