Website Privacy Policy
Privacy Policy
pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR")
Dear User,
Below are the methods of processing personal data provided by you or collected automatically through browsing the website https://www.mela.work ("Website").
1. DATA CONTROLLER
The data controller is Mela Works S.r.l., with registered office at Piazza Castello n. 26, 20121 Milan (MI) ("Controller" or "Company").
2. TYPES OF DATA PROCESSED
To enable navigation of the Website and allow you to use its services, the Controller will need to process certain personal data.
Data voluntarily communicated by the user
To be contacted if you wish to consult with an expert or to have a demonstration, the Controller will ask you for the following personal data:
first and last name
email address
telephone number
The optional, explicit and voluntary sending of messages to contact addresses, as well as the completion and submission of forms on the sites, involve the acquisition of the sender's contact data, necessary to respond, as well as all personal data included in the communications.
Navigation data
The computer systems and software procedures used to operate this Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users; addresses in URI/URL notation (Uniform Resource Identifier/Locator); the time of the request; the method used to submit the request to the server, the size of the file obtained in response; the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Such data, necessary for the use of services through the Website, are also processed for the purpose of:
obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);
checking the correct functioning of the services offered.
Navigation data do not persist for longer than necessary to ensure the functioning of the site and are deleted immediately after their aggregation (except for any need to ascertain crimes by the Judicial Authority).
Cookie policy
For further details on the cookies we use, you can consult our cookie policy HERE.
3. PURPOSE, LEGAL BASIS AND NATURE OF DATA PROVISION
Purpose of processing | Legal basis | Nature of provision | |
A | Use of content and services of the Website and guarantee of network and information security. This purpose includes the possibility of using the Website, as well as the processing of personal data relating to traffic carried out by the Controller, to the extent strictly necessary and proportionate to guarantee network and information security. | - Performance of a contract (Art. 6.1 (b) of the GDPR). - Legitimate interest (Art. 6.1 (f) of the GDPR). | Mandatory. Failure to provide data would result in the impossibility (i) to use the content and Services of the Website and (ii) to guarantee network security. |
B | Contacting the Controller. This purpose includes the possibility of contacting the Controller to have a demonstration, to obtain advice from an expert or to have support for error resolution. | Performance of a contract to which the data subject is party (Art. 6.1 (b) of the GDPR). | Mandatory. Failure to provide data would result in the Controller's inability to support you in case of requests. |
D | Where applicable, to ascertain, exercise or defend the rights of the Controller in out-of-court and/or judicial proceedings. | Legitimate interest (Art. 6.1 (f) of the GDPR). | Mandatory. Failure to provide data may preclude the exercise of the controller's rights. |
4. RETENTION OF PERSONAL DATA
Information relating to malfunction reports will be kept for 6 months from their resolution. This is without prejudice to the case where it is necessary to retain such information to exercise or defend a right in court.
In case of processing of personal data for the exercise of a right in court, personal data will be retained for the entire duration of the dispute and until the expiry of the terms for filing appeals.
5. RECIPIENTS OF PERSONAL DATA
Personal data may be communicated to the following subjects:
those who can access the data by virtue of provisions of law provided for by European Union law or that of the Member State to which the Controller is subject;
subjects who carry out activities auxiliary to the purposes indicated in the appropriate paragraph and, specifically, companies offering hosting services, instant messaging, IT infrastructure and IT assistance and consultancy services as well as design and implementation of software and websites, companies offering data analysis and development services (including those relating to user interactions with our services).
Furthermore, employee personnel, designated as subjects acting under the authority of the Data Controller pursuant to Art. 29 of the GDPR or as System Administrator, may also become aware of your personal data.
6. TRANSFERS TO THIRD COUNTRIES
The Controller may transfer your personal data to third countries and, specifically, to the United States, for example in the case of payments. The safeguards adopted are the supplier's adherence to the Data Privacy Framework. For more information on what the Data Privacy Framework is, you can visit the site at this address: https://www.dataprivacyframework.gov/.
Where suppliers do not adhere to the Data Privacy Framework, pursuant to Art. 46 of the GDPR, the Controller has signed the standard contractual clauses approved by the EU Commission.
To obtain the complete list of third countries of destination and the indication of the specific safeguards adopted, you can contact the Controller using the contacts indicated in the following paragraph 8.
7. AUTOMATED DECISION-MAKING PROCESSES
The Controller does not intend to use automated decision-making processes.
8. RIGHTS OF THE DATA SUBJECT
As a data subject, you have the right to withdraw consent given at any time and to obtain access to personal data from the Company. You may also request their rectification or erasure from the Company. Furthermore, you have the right to obtain restriction of processing of personal data concerning you, as well as the right to data portability.
In addition to the above, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data carried out pursuant to Art. 6, paragraph 1, letters e) or f), including profiling based on those provisions, as provided for by Art. 21 of the GDPR.
Finally, you have the right to lodge a complaint with a supervisory authority or to take appropriate legal action if you believe that the processing concerning you violates the GDPR.
To exercise each of your rights, you can contact the Controller by sending a communication to the registered office of Mela Works S.r.l., with registered office at Piazza Castello n. 26, 20121 Milan (MI), or by sending an email to privacy@mela.work.