Privacy Policy

Privacy Policy

Data Controller

MP Poland Sp. Z o.o. with registered office: Łagiewnicka 39 – 30-417 Kraków – Poland

Tax Code and VAT Number: 679-292-69-62

as data controller (hereinafter “Controller”), informs, pursuant to EU Regulation 679/2016 (“GDPR”) and the legislation, including national legislation, on the protection of personal data applicable at the time (“Privacy Policy”), that your data will be processed in the manner and for the purposes set out below.

Email address of the Controller: privacy@mppoland.eu

Types of data collected

On our website mppoland.eu, hereinafter “website”, the following personal data are collected, independently or through third parties:

name, surname, email.

Personal data, provided freely by the User or, in the case of Usage data, collected automatically during the use of the site, unless otherwise specified, are all mandatory.

Usage data means information that the computer systems and software procedures used to operate the website acquire during their normal operation and whose transmission is implicit in the use of internet communication protocols (see sections “Further information on processing” – “Definitions” – “Legal references”).

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data are collected.

Any use of Cookies or other tracking tools by mppoland.eu as well as by the owners of third-party services used by the same, unless otherwise specified, has the purpose of providing the service requested by the User in addition to the other purposes described in this information and/or in the Cookie Policy.

The User, assuming responsibility for the personal data of third parties obtained, published or shared through the “website”, guarantees that he/she has the right to communicate or disseminate them, freeing the Data Controller from any liability towards third parties.

Methods and place of processing of collected data

Methods of processing

The Data Controller declares to adopt the appropriate security measures aimed at preventing and preventing unauthorized access, disclosure, modification or destruction of personal data. The processing is carried out using electronic and/or telematic methods, organizational and with logic strictly related to the purposes indicated.

Legal basis of the processing

In some cases, specified below, the Data Controller may be authorized to process personal data without the express consent of the User or other legal bases, until the possible opposition to such processing by the User (“opt-out”), where the processing is necessary:

  • to prevent or discover fraudulent activities or abuses harmful to the Site;
  • for the pursuit of the legitimate interest of the Data Controller or third parties;
  • to fulfill a legal obligation to which the Data Controller is subject;
  • for the performance of a task of public interest or for the exercise of public powers vested in the Data Controller;
  • to carry out aggregate statistical analyses on an anonymous basis, in particular of navigation data, in order to guarantee and improve the functioning of the site.

It is however understood that it will be possible at any time to request clarifications from the Data Controller regarding the concrete legal basis of each treatment in addition to the specification whether it is based on the law, provided for by a contract or necessary for its conclusion.

Place

The data is processed at the registered and operational offices of the Data Controller and in any other place where the parties involved in the processing are located.

More information in this regard may be obtained by contacting the Data Controller.

It is specified that the User’s personal data may be transferred to a country other than the one in which the User is located.

To obtain further information on the place of processing, the User can refer to the section “Details on the processing of personal data collected”.

The User has the right to obtain information regarding the legal basis of data transfers outside the European Union or to an international organization governed by public international law or consisting of two or more countries, as well as regarding the security measures adopted by the Owner to protect the data.

If one of the transfers described above takes place, the User can refer to the respective sections of this document or ask the Owner for information by contacting him at the contact details provided at the beginning.

Retention period

Personal data are processed and stored for the time required by the purposes for which they were collected.

When the processing is based on the User’s consent, the Data Controller may retain personal data for a longer period until such consent is revoked.

It is also understood that the Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, personal data will be deleted and therefore the right of access, cancellation, rectification and the right to portability will be precluded.

Purpose of the processing of collected data

The user may obtain detailed information on the purposes of the processing and on the personal data concretely relevant for each purpose in the relevant sections of this document or by contacting the Data Controller.

Details on the processing of Personal Data collected

Personal data is collected for the following purposes and using the following services:

Contact form

By filling out the contact form with their data, the User consents to their use to respond to requests for information.

personal data collected: name, surname, contact email.

User rights

The user, as an interested party, has the right to:

  • obtain confirmation of the existence or otherwise of personal data, even if not yet registered, and that such data be made available to him in an intelligible form;
  • revoke consent at any time to the processing of his personal data previously expressed;
  • access his data, obtain information on the data processed by the Data Controller, request specifications on certain aspects of the processing as well as receive a copy.
  • Specifically, the User can request information:
    • of the origin and category of personal data;
    • of the logic applied in the case of processing carried out with the aid of electronic instruments;
    • of the purposes and methods of processing;
    • of the identification details of the Data Controller;
    • where possible, the period for which the data will be stored or the criteria used to determine that period;
  • obtain the limitation of processing when the following conditions occur:
    • the accuracy of the personal data is contested;
    • unlawful processing by the Data Controller to prevent its deletion;
    • exercise of a right in court;
  • obtain the deletion, blocking, removal of your personal data or, where possible, transformation into anonymous form if the following conditions exist:
    • the data are processed unlawfully;
    • the data are no longer necessary in relation to the purposes for which they were collected or subsequently processed;
    • the consent on which the processing is based has been revoked and there is no other legal basis;
    • in the case of compliance with a legal obligation;
    • in the case of data relating to minors. The Data Controller may refuse deletion only in the case of:
      • exercise of the right to freedom of expression and information;
      • fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority;
      • reasons of public health interest;
      • archiving in the public interest, scientific or historical research or for statistical purposes;
      • exercise of a right in court;
      • receive, if the processing is carried out by automatic means and the processing is based on the User’s consent, on a contract to which the User is a party or on contractual measures connected to it, without impediments and in a structured, commonly used and readable format, the personal data concerning the user to transmit them to another owner or if technically feasible to obtain direct transmission by the Owner to another owner;
      • file a complaint with the Personal Data Protection Authority or take legal action.

In the cases mentioned above, where necessary, the Owner will inform the third parties to whom the personal data are communicated of the possible exercise of the rights by the user, with the exception of specific cases (e.g. when such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right).

Details on the right to object

In the event that personal data is processed in the public interest, in the exercise of public authority vested in the Owner or to pursue a legitimate interest of the Owner, Users have the right to object to the related processing for reasons related to their particular situation.

In the event that the data is processed for direct marketing purposes, users may object to the processing without providing any justification.

To this end, in order to ascertain whether the Owner processes data for direct marketing purposes, Users may refer to the respective sections of this document.

How to exercise your rights

To exercise your rights, you may send a request directly to the Data Controller at the address indicated in this document, who will process it as soon as possible and, in any case, within one month.

Security

Digital Domain intends to protect your personal data.

We have implemented appropriate physical, administrative and technical safeguards to help us protect personal data from unauthorized access, use and disclosure.

For example, we encrypt some personal data such as payment information when we transmit such information over the Internet.

We also require our business partners and service providers to protect such information from unauthorized access, use and disclosure.

All our services work in the cloud.

The website does not manage physical routers, load balancers or servers.

Our infrastructure and data are hosted on Aruba Italia.

Our “Website” is served 100% on https.

All data sent to or to the website is encrypted in transit using 256-bit encryption, using TLS / SSL protocols.

Cookie Policy and other technologies

A cookie is a small amount of data that is sent to your browser from a web server and stored on your device.

When you visit our websites, we may automatically collect information such as IP address, browser type and language, operating system, location, date and time.

Strictly necessary cookies allow us to improve the security and safety of our website.

More information on processing

Defense in court

The Owner may use the user’s personal data in court or in the preparatory stages of its possible establishment for the defense against abuse. The User declares to be aware that the Owner may be required to reveal data by order of public authorities.

Information not contained in this policy

Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact details provided in this document.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users through the same channels.

You are therefore invited to consult this page regularly, referring to the date of the last modification indicated at the beginning of the document.

If the changes affect processing whose legal basis is consent, the Data Controller will, if necessary, collect the User’s consent again.

Definitions

Personal data

Personal data means any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable.

Usage data

This information is collected automatically, including: IP addresses or domain names of computers used by the User who connects, the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details relating to the itinerary followed within the website, with particular reference to the sequence of pages visited.

User

The individual who views the “Website” who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor (or Processor)

Data Controller (or Owner)

The Data Controller, unless otherwise specified, is Digital Domain di Maurizio Stefano.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document shall be understood to extend to all current member states of the European Union and the European Economic Area.

Cookie

Small portion of data stored within the User’s device.

Legal References

This information is drawn up on the basis of multiple legislative systems, including articles 13 and 14 of Regulation (EU) 2016/679.