according to the art. 13 of the EU Regulation n. 2016/679 – GDPR
Mamazen s.r.l. Società Benefit, as Data Controller (hereinafter “Controller”) according to the art. 13 of the EU Regulation of 27 April 2016 n. 679 concerning the ” protection of natural persons with regard to the processing of personal data” (hereinafter “regulation” or “legislation”), according to the Italian Legislative Decree 101/2018, and in the person of its Legal Representative Farhad Alessandro Mohammadi, in compliance with the principles of correctness, lawfulness, transparency, and protection of your privacy and your rights,
that the personal data provided on the website www.mamazen.it will be processed in accordance with the current legislation and related confidentiality obligations.
1) Object of data processing
The personal data processed are the following:
a) For the visitors of the website:
> navigation and identification data;
b) For the users of the website:
> personal data such as: personal identification data, email addresses, telephone number…;
c) any other data collected in order to achieve the purposes mentioned in the following paragraph.
2) Purpose of the data processing
The personal data provided to Mamazen s.r.l. Società Benefit are necessary to achieve the following purposes:
> identification and tracking of the website’s visitors;
> a “guided tour” on the website in order to become, if the conditions allow it, by way of example, investor, founder and / or mentor;
> communications and / or requests from users and/or visitors by filling the contact form;
> communications to third parties for marketing and/or profiling purposes;
> any other fulfillment related to the business activity, the points set out above, as well as all the obligations imposed by the law and/or by the public authorities.
3) Methods of data processing and retention
The processing will be carried out in an automated way, in accordance with the provisions coming from the art. 32 of the Regulation on security measures, by individuals specifically authorized and in compliance with the provisions of art. 29 of the Regulations, which will act under the direct authority of the Data Controller. We point out that, in compliance with the principles of lawfulness, purpose limitation and data minimization, according to the art. 5 of the Regulation, your personal data will be retained for the time necessary to achieve the purposes for which they are collected and processed, and for the additional period necessary to comply with regulatory obligations.
4) External Data Processors
The complete list of the External Data Processors is constantly updated and can be found by writing a request to firstname.lastname@example.org
5) Internal individuals authorized to data processing
The complete list of internal individuals authorized to the data processing is constantly updated and can be found by writing a request to email@example.com
6) Nature of the provision of personal data and consequences in case of failure to provide
The provision of personal data, mentioned in paragraph 1 lett. b), for the purposes mentioned in paragraph 2, is essential for the obligations mentioned in the same paragraph 2, typical of the services coming from the website’s activity. Failure to provide such data would lead to the total and/or partial impossibility of fulfilling such obligations.
7) Scope of communication and disclosure of personal data
The data collected will never be disclosed and will not be communicated without your explicit consent, except for the necessary communications that may involve the transfer of data to public bodies, consultants, or other subjects for the fulfillment of contractual obligations, legal obligations. and/or obligations imposed by supervisory authorities. The personal data collected can be disclosed to third parties for marketing and/or profiling purposes.
8) Transfer of personal data
Your personal data are stored on a Google Drive digital archive through shared drives; they will not be transferred either to member states of the European Union or to third countries outside the European Union.
9) Rights of Data Subjects
According to art. 15 – 22 and 77 of the GDPR, data subjects shall exercise the following rights:
a) right of access: right to obtain from the Data Controller confirmation that his/her personal data are being processed or not and, in this sense, to obtain access to them and further information on the origin, purpose, category of data processed, recipients of communication and / or data transfer;
b) right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, also by providing an additional declaration;
c) right to erasure (to be forgotten): the right to obtain from the Data Controller the erasure of personal data without undue delay in the event that the personal data are no longer necessary with respect to the purposes of the processing; the consent on which the processing is based is revoked and there is no other legal basis for the processing; the personal data have been unlawfully processed; personal data must be deleted to comply with legal obligations;
d) right to object to processing: the right to object at any time to the processing of personal data which have a legitimate interest of the Data Controller as their legal basis;
e) right to restriction of processing: the right to obtain from the Data Controller the limitation of the processing, in cases where the accuracy of the personal data is disputed, if the processing is unlawful and / or the interested party has opposed the processing;
f) right to data portability: right to receive personal data in a structured format, commonly used and readable by an automatic device and to transmit such data to another Data Controller, only for cases in which the processing is based on consent and only for data processed by electronic means;
g) right to withdraw: right to withdraw the consent to the data processing previously given;
h) right to lodge a complaint with the Supervisory Authority: without prejudice to any other administrative or judicial appeal, if the interested party believes that the processing that concerns him or her violates the law, he will have the right to lodge a complaint with the Supervisory Authority of the Member State where he habitually resides or works, or the State in which the alleged violation occurred
10) How to exercise the rights of the Data Subject
The Data Subject can exercise his/her rights by writing to Mamazen s.r.l. Società Benefit, to the address of its registered office, or by writing an e-mail to firstname.lastname@example.org.
11) The Data Controller
The Data Controller is Mamazen s.r.l. Società Benefit, Via Bossolasco 11, 10141 – Turin (TO), in the person of its Legal Representative Farhad Alessandro Mohammadi.