PRIVACY POLICY PURSUANT TO REGULATION EU 2016/679
(GENERAL DATA PROTECTION REGULATION)

 

Data subjects: CUSTOMERS

 

Pursuant to Article 13 of Regulation EU 2016/679 and in relation to the personal data that the undersigned Data Controller, Meta Technologies s.r.l, will come into possession of with your assignment, I hereby inform you of the following:

  1. Data Controller

The Data Controller is Meta Technologies s.r.l

VAT no. 02947060352

street Emidio Villa 7, 42124- Reggio Emilia 

email: info@metahosp.com

tel. 0522.502.322

 

  1. Purpose of the data processing.

The purpose of the processing is:

  • Full and proper performance of the contract.
  • Sale of products and/or offering of services in the sector of reference.
  • Fulfilment of tax and accounting obligations.
  • Compliance with the obligations incumbent on the company and envisaged by the regulations in force (including but not limited to anti-money laundering, insurance, safety at work).
  • Defence of a right in court or before judicial authorities exercising judicial functions.
  • Video surveillance.
  • In order to prevent infection from the Sars-Cov-2 virus, and to define appropriate safety and organisational measures.
  • Direct marketing and newsletters, i.e. commercial communications via email. Remember that if you do not wish to receive such communications you may notify the Company at any time by writing to the addresses listed in paragraph 1 above of this privacy policy. In such case the Company shall discontinue the aforementioned activity without delay.
  1. Legal basis for the processing.

The processing is lawful because:

  • It is necessary for the performance of a contract you are party to, or the performance of pre-contractual measures taken at your request.
  • It is necessary in order to comply with a legal obligation of the data controller (e.g. keeping and preserving accounting records in accordance with tax law and anti-money laundering, privacy, insurance, health and safety at work regulations).
  • It is necessary for the containment of the spread of the Sars-Cov-2 virus as required by current regulations.
  • It is necessary for the pursuit of the legitimate interest of the data controller, such as the protection of company assets (video surveillance), the defence of a right of the data controller in court or before judicial authorities.
  1. Methods of the data processing.

The processing is carried out in a manner strictly necessary to fulfil the purposes set out above, by means of some of the operations or set of operations indicated in Article 4, no. 2 of Regulation EU 2016/679: collection, recording, organisation, structuring, storage, consultation, processing, adaptation, modification, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure and destruction of the data. The operations may be carried out with or without the aid of electronic, online or otherwise automated tools.

  1. Provision of the data.

The provision of personal data is not a legal obligation, but a necessary requirement for the conclusion of the contract.

  1. Data retention.

The personal data will be processed and stored for as long as is necessary for the complete performance of the contract you are a party to, as well as for the proper fulfilment of storage obligations for civil and tax purposes or for other purposes envisaged by the aforementioned laws or regulations. Storage is envisaged for as long as is necessary for the pursuit of the legitimate interest of the data controller, for the purpose of defending its own right in court or before judicial authorities and in any case until the expiry of the limitation period of the rights arising from the contractual relationship.

  1. Disclosure of the data.

For the above-mentioned purposes and to provide, improve, protect and promote services, the personal data may be disclosed to or seen by:

  • Parties authorised to process the data.
  • Data processors and related additional data processors and authorised parties including but not limited to: accountants, consultants, suppliers of IT services, cloud computing services or assistance thereto, and related technical staff, contractors, persons tasked with occasional maintenance, all adequately trained in the protection of confidentiality.
  • Judicial or administrative authorities, for the fulfilment of legal obligations or the execution of assignments made.
  • Banking and insurance institutions.
  • Other entities that process data in execution of specific legal obligations.
  1. Profiling.

The personal data are not subject to any fully automated decision-making process, including profiling.

  1. Transfer of data abroad.

Your personal data may be transferred to countries outside the European Union as the data controller uses the following services:

  • “Facebook”, “Facebook Messenger” and “Instagram”, headquartered at 1601 Willow Road, Menlo Park, CA 94025, United States, offered by Meta Platforms Ireland Limited, which has offices located in the United States.
  • “LinkedIn”, located at 1000 W. Maude Avenue Sunnyvale, CA 94085, United States, offered by LinkedIn Corporation, with offices located in the United States.

In any case, the transfer of your personal data is compliant with the GDPR, as it is governed by special standard contractual clauses as set out in Commission Decision no. 2010/87/EU, as authorised by the Data Protection Authority.

To consult the privacy policies and thus learn how they process your data, please visit the following pages:

10. Rights of the data subject.

Pursuant to Articles 15-18 and 20-21 of Regulation EU 2016/679, you have the right to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and its communication in an intelligible form. You have the right to obtain information on: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identity of the data controller and any data processors; e) the parties or categories of parties the personal data may be disclosed to or who may become aware of them in their capacity as data processors or persons tasked with processing. You also have the right to: a) have your data updated, corrected or, if you wish, completed; b) the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary for the purposes the data were collected for or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been communicated – as also related to their contents – to the entities the data were disclosed or disseminated to, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected. You have the right to wholly or partially object: a) on legitimate grounds to the processing of your personal data, even if pertinent to the purpose of their collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales materials or for the performance of market surveys or commercial communications. You have the right to data portability, i.e. to receive your personal data in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another data controller without hindrance. You also have the right to lodge a complaint with a supervisory authority (in Italy, the Personal Data Protection Authority: www.garanteprivacy.it). You may exercise your rights by submitting a written request to the data controller at the addresses (registered office, email) provided in point 1.

  1. Subjects processed.

The list of data processors for limited sectors and operations is constantly updated and available by request addressed to the data controller, including to the addresses provided in point 1.