Privacy Policy for the Processing of Personal Data of Users Accessing the Company's Website Pursuant to Article 13 of Regulation (EU) 2016/679

Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation"), this page describes the methods of processing:

– of the personal data of users who visit the website (hereinafter "Site") of MAP S.r.l. (hereinafter "Company") accessible online at the following address: https://www.mirap.it/;

– of the personal data entered or collected through the Company's social media pages.

This information does not concern other websites, pages, or online services accessible through hyperlinks that may be published on the site but refer to resources external to the Company's domain.

LEGAL BASIS FOR PROCESSING
The Company will process personal data only if there is a legal basis to do so.

The regulations regarding personal data protection establish that the processing of personal data is lawful only if and to the extent that at least one of the following conditions applies (as per Article 6 of the Regulation):

  1. a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
  2. b) the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;
  3. c) the processing is necessary to comply with a legal obligation to which the data controller is subject;
  4. d) the processing is necessary to protect the vital interests of the data subject or another person;
  5. e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  6. f) the processing is necessary for the pursuit of the legitimate interests of the data controller or a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, especially if the data subject is a minor.

The legal basis for processing will therefore depend on the reasons for which the Company has collected and uses the data.

These reasons include, in some cases (such as for requests received through the contact section), the need to provide the appropriate response to the requests received (in this case, the legal basis is the performance of a contract and/or pre-contractual measures), in other instances, the obligation to comply with legal and/or regulatory requirements, or, in still other cases, the ability to pursue the legitimate interests of the Company, which will be identified from time to time. Where the consent of the data subject is required, such consent will be requested in accordance with the law.

TYPES OF DATA PROCESSED AND PURPOSES OF PROCESSING
Personal data refers to all information related to the user that can be used to identify them. Examples of personal data include name, surname, contact details, phone number, email address, IP address, and information regarding the user's access to the Site.

Following the consultation of the Site, as well as the use of services made available through it, the Company may collect personal data from users as a result of phone communications to the contact numbers listed on the Site, via emails sent to the addresses listed on the Site, or through the completion of forms in the contact section, or even through the use of social media plugins integrated on the Site.

Specifically, the types of data processed can be classified as follows:

BROWSING DATA
The information systems and software procedures responsible for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

These are information that is not collected to be associated with identified individuals, but that, by their nature, could, through processing and associations with data held by third parties, allow the identification of users.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), and other parameters regarding the user's operating system and computing environment.

Such data, necessary for the use of web services, are also processed for the purpose of:

  • gathering statistical information on the use of services (most visited pages, number of visitors by time slots or daily, geographic areas of origin, etc.);
  • ensuring the proper functioning of the services provided;
  • identifying anomalies and/or abuses.

Browsing data do not persist for more than seven days (unless required for the investigation of crimes by the judicial authority).

PERSONAL DATA VOLUNTARILY PROVIDED BY USERS
The optional, explicit, and voluntary submission of messages to the Company's contact addresses, private messages sent by users to institutional profiles/pages on social media (where such a possibility is provided), as well as the completion and submission of forms on the Company's website, result in the acquisition of the sender's contact details, necessary to respond, as well as all personal data included in the communications.

Specific privacy notices will be published on the pages of the Site designed for the provision of certain services.

COOKIES AND OTHER TRACKING SYSTEMS
Session cookies (non-persistent) are used instead, strictly limited to what is necessary for the secure and efficient navigation of the Site. The storage of session cookies on devices or browsers is under the control of the user, while on the servers, at the end of HTTPS sessions, information related to cookies remains recorded in the service logs, with retention times not exceeding seven days, in line with other browsing data.

CONSEQUENCES IN CASE OF FAILURE TO PROVIDE DATA
The failure to provide the necessary data to address requests may result in the Company's inability to provide a comprehensive response or the available services. When necessary, the Company will inform the user, from time to time, about the mandatory or optional nature of providing personal data (e.g., to make a specific request).

In particular, the mandatory or optional nature of providing data will be highlighted through a notice or a specific character applied to the mandatory information.

RECIPIENTS OF THE DATA
The recipients of the data are the Company's staff, who act based on specific instructions provided regarding the purposes and methods of processing.

In particular, the mandatory or optional nature of providing data will be highlighted through a notice or a specific character applied to the mandatory information. The data collected following the consultation of the Site will also be shared with individuals designated by the Company, in accordance with Article 28 of the Regulation, as data processors.

If social media plugins present on the Site are used, the data will be shared with the social media service and possibly with the user's profile on those social media platforms. In such cases, please refer to the Privacy Policy published by the social media platforms themselves. In any case, the personal data processed will not be disclosed.

Subject to legal provisions, the communication or dissemination of data requested by law enforcement, the judiciary, information and security agencies, or other public authorities for purposes of national defense or security, or for the prevention, investigation, or prosecution of crimes, is allowed.

METHODS AND SECURITY OF PROCESSING
The data will be processed:

  • using manual, computer-based, and telematic tools, in a way that ensures the availability, integrity, and confidentiality of the data;
  • with organizational methods and logic strictly related to the stated purposes, in compliance with the principle of data minimization;
  • by specifically designated, identified, and authorized individuals, who are appropriately trained and informed of the constraints imposed by the applicable regulations;
  • with the use of technical and organizational security measures aimed at preventing and/or reducing the risks of unauthorized access, destruction, or loss of the data.

LOCATION OF PROCESSING
The management and storage of personal data will take place in Italy and, in any case, within the European Union.

Currently, the servers used by the Company are located within the European territory. The data will not be transferred outside the European Union.

It remains understood that, if deemed necessary and/or appropriate, the Company will have the right to change the location of the servers within Italy and/or the European Union and/or non-EU countries. In such cases, the Company will ensure that the transfer of data outside the EU is carried out in accordance with applicable legal provisions, entering into agreements if necessary to ensure an adequate level of protection, and/or adopting the standard contractual clauses set by the European Commission, and/or, in any case, complying with the conditions required by the applicable regulations.

RETENTION PERIODS
The data collected from the Site will be used exclusively for the purposes indicated and will be stored for the time strictly necessary to carry out the Company's activities. Data will not be stored for a period longer than necessary to fulfill the purpose for which they were processed. To determine the appropriate retention period, the Company will consider the quantity, nature, and sensitivity of the personal data, the purposes for which they are processed, and the possibility of achieving those purposes through other means. Data collected from the Site will therefore be stored for as long as necessary to respond to requests and, even after cessation, to manage any contractual, pre-contractual, administrative, or legal obligations connected to or arising from them, or for the period allowed by Italian law to protect the legitimate interests of the Company.

RIGHTS OF DATA SUBJECTS
Data subjects have the right to obtain from the Company, in the cases provided, access to their personal data and the rectification or deletion of the same, or the limitation of the processing concerning them, to object to the processing, or to request the so-called data portability. Data subjects may also, at any time, withdraw the consent given (cf. Articles 15 et seq. of the Regulation).

The appropriate request to the Company can be made by contacting the Data Protection Officer at the contact details provided above.

Data subjects who believe that the processing of their personal data through the Site is in violation of the provisions of the Regulation have the right to file a complaint with the Data Protection Authority, as provided by Article 77 of the Regulation, or to take appropriate legal action (Article 79 of the Regulation).

CHANGES AND UPDATES TO THIS PRIVACY POLICY
The Company may modify or simply update, in whole or in part, this privacy policy, also in light of any regulatory and/or legislative changes in the field. The Company commits not to limit any previously granted rights without first obtaining the explicit consent of the data subject. Changes and updates will be made available on the homepage of the Site. The most significant changes will be highlighted through a more prominent notice (for example, where the services and collected data allow it, through an email notification).