Mondo a Colori Media Network S.r.l. (hereinafter Mondo a Colori), as Data Controller, describes to the data subject the processing performed of the use of FullTransfer services, in accordance with the provisions of Art. 13 of the EU Regulation 2016/679 (so-called “GDPR”).
Type of data collected and processed by the Owner
The Data Controller collects and processes the following personal data of the data subject:
- Sender’s e-mail address;
- recipient’s e-mail address;
- payment data and information on the relevant product sector, if the user chooses the fee-for-service mode;
- password chosen by the person concerned for access to their restricted area.
Payment and merchandise sector information is communicated to the Holder by Stripe, a third party payment processor, so that transactions and related communications between Mondo a Colori and the user run smoothly.
The purposes pursued in the processing and the legal bases
The Controller collects and processes the personal data of the data subject by pursuing the following purposes:
- Allow the data subject to register on the website/application, creating his or her own restricted area (legal standing can be found in the performance of contractual obligations between the parties);
- To enable the data subject to benefit from the service of sending the file for a fee (the legal legitimacy of the processing can be found in the performance of contractual obligations between the parties);
- Manage payments (through the support of Stripe, as a third party) and forward the necessary communications to inform the sender of the balance of the cost of the file by the recipient (the legal legitimacy of the processing can be found in the performance of contractual obligations between the parties);
- Manage the billing and fulfillment of the complex of accounting and tax obligations incumbent on the Parties (the legal legitimacy of the processing can be found in the performance of contractual obligations between the Parties and the fulfillment of legal obligations);
- Send advertising information to the data subject regarding services rendered, commercial offers, and initiatives undertaken by the Data Controller (the legal legitimacy of the processing can be found in the free and explicit consent of the data subject);
- Profiling the data subject, in relation to service use preferences (the legal legitimacy of the processing can be found in the free and explicit consent of the data subject);
- Fulfilling specific obligations under applicable regulations, including tax matters (legal standing can be found in the fulfillment of legal provisions);
- To defend, including in court, one’s own rights, even in the event of illegal activities being carried out by the user (the legitimacy of the processing can be found in the pursuit of the legitimate interest of the Owner in the defense of its own rights and in the fulfillment of legal obligations).
Methods of data processing and storage
The data subject’s personal data are processed electronically (e.g., through the use of databases, application software).
The Data Controller retains the personal information of the data subject only as long as necessary to fulfill the purposes for which it was collected and processed, i.e., for the terms prescribed by specific applicable regulations in this regard. Specifically, the customer’s personal data are retained by the Controller for two years for the pursuit of business information purposes, for one year for profiling purposes.
Disclosure of personal data
Personal information may come to the attention of the Owner’s employees who need it to manage the provision of the services offered, with particular reference to administrative, commercial and IT personnel. Our employees have been trained and educated on the regulatory provisions placed on the protection of personal information. The Owner shares the personal information of data subjects with a number of vendors who assist the Owner in managing the service. Specifically:
- Third parties that the Owner uses to operate the website/application;
- cloud service providers.
If the supplier becomes aware of the data, it will do so while complying with the applicable data protection regulations and the instructions given by the Owner in the appropriate acts of designation as External Manager.
Exclusively for the paid service, the data subject releases his/her personal data on the Stripe portal, as a third party, autonomous Data Controller.
The Controller does not disclose personal information to other third parties without the consent of the data subject, unless required to do so by law or by an Authority.
The provision of personal data is optional: refusal will result in the inability to proceed with the processing by providing the service.
Data Transfer
User data are not transferred outside the European Economic Area (EEA).
The rights of the data subject and the exercise vis-à-vis the Controller
The European Data Protection Regulation (2016/679) guarantees the rights provided in Articles 15-22. Specifically, the right to access information, to obtain a copy of the data held by the Data Controller; the right to rectification, if the data are incorrect/updated; the right to object to processing for commercial purposes; the right to object to exclusively automated processing; the right to withdraw consent; and the right to appeal to the Data Protection Authority. It can also exercise, but under the circumstances established by law, the right to erasure, opposition, limitation and portability of data.
The interested party may – without any particular formality – contact Mondo a Colori Media Network S.r.l., Via Paleario Aonio, 10 – 00195 – Rome (RM) – e-mail: privacy@mondoacolori.eu.
The Owner has designated a Data Protection Officer (DPO), who can be contacted for further clarification regarding processing by writing to the e-mail addresses privacy@mondoacolori.eu or PEC mondoacolori.dpo@pec.it