MSA – MULTI SERASS PRIVACY POLICY

pursuant to Article 13 of the GDPR relating to the processing of personal data

MSA – Multi Serass S.r.l., with registered office in Via Sangro, 15, Milano (MI), fiscal code/VAT n. 10116240960, Registration Number MI - 2506361 (“Company”), is committed to protecting the personal data of the users (“Users”) of this internet page (“Page”) and, as data controller, is required, pursuant to Article 13 of EU Regulation No. 679/2016 (General Data Protection Regulation, “GDPR”), to provide the Users with certain information regarding the processing of personal data.
This Privacy Policy does not apply to different websites (owned by other companies of the same group or by third parties) which can be reached through the Page.
If Users provide personal data on behalf of someone else, they must ensure, in advance, that the data subjects have read this Privacy Policy.
The Company asks Users to help it in keeping their personal data updated, informing it of any relevant changes.

1. WHAT DATA CAN BE PROCESSED

Through the Page, the following categories of Users’ data (hereinafter jointly also “Personal Data”) can be processed:
Personal Data provided to receive a specific service (e.g. name and contact details);
browsing data (e.g. approximate geolocation, browser and device information, session statistics, number of users).

2. PURPOSES FOR WHICH PERSONAL DATA CAN BE PROCESSED

A) Operating the Page, providing the Service and managing information requests.
The Company will process Data for operating the Page (“Service”).
Legal Basis: performance of a contractual obligation or execution of pre-contractual measures (pursuant to Article 6, paragraph 1, letter b) of the GDPR). The provision of Personal Data is necessary; otherwise, the Company will not be able to operate the Page and provide the Service.

B) Compliance with a legal obligation to which the Company is subject or with provisions/requests of authorities legitimized by law and/or by supervisory and control bodies..
The Company may process the Users’ Personal Data to comply with a legal obligation to which the Company is subject.
Legal Basis: compliance with a legal obligation (pursuant to Article 6, paragraph 1, letter c) of the GDPR). The provision of Personal Data for this purpose is necessary, otherwise the Company will not be able to comply with specific obligations.

C) Defence of rights during judicial, administrative or extra-judicial proceedings, and in the context of dispute arising in relation to the services/activities offered..
The Company may process Personal Data in order to defend its rights or to act or even to make claims against the Users or third parties.
Legal Basis: legitimate interest of the Company in protecting its rights (pursuant to Article 6, paragraph 1, letter f) of the GDPR). In this case, a new and specific provision of data is not required, since the Company will pursue this further purpose, where necessary, by processing the data collected for the aforementioned purposes, deemed compatible with this (also due to the context in which the data have been collected, the nature of the data and the adequate guarantees for their processing, as well as the link between the aforementioned purposes and this additional purpose).

3. HOW WE KEEP PERSONAL DATA SECURE AND WHERE

The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ Personal Data. Personal Data, processed in hardcopy, by automated or electronic means, are held on our secure computer systems (or appropriately stored hard copies) or those of our suppliers, in accordance with our standards and security policies (or equivalent standards for our suppliers).
The Personal Data are stored in Italy.
When the Company transfers Personal Data in countries that do not belong to the European Union (EU) or the European Economic Area (EEA) (“Third Countries”), it uses any appropriate measure to guarantee an adequate protection of the Personal Data including also the adoption of standard contractual clauses (SCC) issued by the EU Commission, possibly supplemented by additional technical/organizational/legal measures so that the safeguards contained in the transfer tool can ensure an essentially equivalent level of protection for Personal Data transferred in the Third Country.
The Users can write to the Company at any time to receive a copy of the safeguards adopted for the transfer.

4. HOW LONG WE RETAIN PERSONAL DATA

The Company retains Personal Data only for as long as it is necessary for the purposes for which they were collected or for any other related legitimate purpose. If the Personal Data are processed for two different purposes, we will keep such data until the purpose with the longer-term ceases.
In any case, we will no longer process Personal Data for that purpose whose retention period has expired. If Personal Data are no longer needed or if there is no longer a legal basis for their retention, they will be irreversibly anonymized or destroyed.
With particular reference to the judicial protection of our rights or in the event of requests by the authorities, Personal Data will be kept for the time required to process the requests or to pursue the protection of the rights involved.

5. LINK TO THIRD PARTY WEBSITES

Third party websites accessible from this Page are under the third-party responsibility. The Company declines all responsibility concerning requests and/or provision of Personal Data to third party’s websites. The Company declines all responsibility concerning requests and/or provision of Data to third party websites. This privacy notice refers only to the processing of Personal Data carried by the Company on the Page.

6. WITH WHOM WE MAY SHARE PERSONAL DATA

The Users’ Personal Data may be accessed by duly authorised employees of the Company, as well as by external suppliers (including consultants), appointed, if necessary, as data processors pursuant to Article 28 of the GDPR. You can always contact us using the details provided in the “Contacts” section below, if you would like to see the list of data processors and other subjects with whom we share Personal Data.

7. PERSONAL DATA PROTECTION RIGHTS

Users, subject to the existence of the legal basis for the request, have the right to obtain from the Company:
• the access to and the rectification of Personal Data;
• the erasure of Personal Data;
• the rectification of Personal Data;
• the limitation of the processing of Personal Data;
• the copy of Personal Data provided to the Company, in a structured, commonly used and machine-readable format (portability) and the transmission of such personal data to another data controller.

In addition, Users have the right to object, in whole or in part, to the use of their personal data processed by the Company, under the conditions provided for by the GDPR, for example if the legal basis for processing is the legitimate interest.
In the event that the Users exercise any of the above-mentioned rights, it will be the responsibility of the Company to verify that the Users are entitled to exercise such rights, and a feedback will normally be provided within one month. Users have the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data is in breach of the provisions of the GDPR.

8. CONTACTS

The contact details of the Company, as data controller, are as follows: MSA – Multi Serass S.r.l., with registered office in Via Sangro, 15, Milano (MI).
If Users have any questions regarding the Company's processing of their Personal Data or wish to exercise the aforementioned rights, they may write an email to federica@ziglioassociati.it and info@ziglioassociati.it.

9. AMENDMENTS

The Company reserves the right to partly or fully amend the Privacy Policy, or simply to update its content (e.g. as a result of changes in applicable law). The Company will publish any update on this Page.

Last update: 03.03.2023