Coop Mimosa

Policy privacy

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

in accordance with art. 13 of EU Regulation no.679/ 2016

 

WHY THIS INFORMATION NOTICE

Under (EU) Regulation 679/2016 (hereinafter referred to as the “Regulation”), this page describes how personal data of users consulting the website www.coopmimosa.com shall be processed.
This information does not apply to other sites, pages or online services, accessible through hypertext links that may be published in the sites, but referred to resources outside the domain of the Supervisory Authority.

DATA PROCESSING CONTROLLER

When visiting the site, data concerning identified or identifiable natural persons may be processed.

Data processing controller is Mimosa Cooperative Company, Via S. Nazzaro, 47 – 38066 Riva del Garda (TN), tel. +39 0464 520200, e-mail: info@coopmimosa.com, certified e-mail: info@pec.coopmimosa.com

 

LEGAL BASIS FOR DATA PROCESSING

The personal data stated in this page are processed by the controller to inform users about his activities and to pursue his legitimate interest, as provided for in art. 6(1)(f) of EU Regulation 679/16.
Data may also be processed to reply to users’ requests under art. 6(1)( b) of EU Regulation no. 679/16.
In case of data processing collected for purposes requiring the data subject’s specific consent, under art. 6(1)(a) of EU Regulation 679/2016, his or her consent shall be collected in the pages dedicated to this purpose.

TYPES OF DATA PROCESSED AND PURPOSE OF PROCESSING

Internet navigation data

During their normal course of operation, computer systems and software procedures, designed to operate this site, acquire some personal data, which transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier / Locator) addresses of the requested resources, time of request, method used to submit the request to the server, size of the file obtained in response, numerical response status code from server (successful, error, etc.) and other parameters relating to the operating system and computer environment of the user.
These data, necessary to use web services, are also processed for the following purposes:

- to gather statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
- to monitor the correct functioning of offered services.

Navigation data are not kept for more than seven days and are deleted immediately after their collection (unless they are needed by judicial Authority to ascertain crimes).

Data provided by user

Sending optional, explicit and voluntary messages, as well as filling-in and forwarding existing forms to the site’s contact addresses, result in the acquisition of the sender’s contact data, necessary to reply, and also all personal data included in the communications.
Specific information shall be published in the designated pages of the site for the provision of certain services.

Cookies and other tracking systems

Neither profiling cookies nor other tracking systems are used.
Instead, (not persistent) session cookies are used in a very restricted way, insofar it is necessary for safe and efficient navigation of the sites.
Storage of session cookies in terminals and browsers is under the user’s control, where information relating to cookies remains recorded in the service logs, on the servers, at the end of HTTP sessions; in any case, these data are not stored for more than 7 days, as other navigation data.

RECIPIENTS OF PERSONAL DATA

The recipients of personal data collected when visiting the sites listed above are appointed by the controller as data processors, under art. 28 of the Regulation.
Personal data collected are also processed by the staff of the controller, who acts following specific instructions provided in accordance with purposes and methods of the processing itself.

RIGHTS OF THE DATA SUBJECT

Where applicable, data subjects shall have the right to obtain from the data controller access to and rectification or erasure of their personal data or the restriction of processing concerning them, or to object to the processing (articles 15 et seq. of the Regulation). Specific request may be submitted by contacting the data processing controller, sending a query to the addresses on this site.

RIGHT OF COMPLAINT

Data subjects, who think that the processing of personal data related to them through this site infringes this Regulation, have the right to file a complaint with the Supervisory Authority, as provided for in art. 77 of said Regulation, or to bring the matter before the appropriate courts (art. 79 of said Regulation).

 

INFORMATION NOTICE ON DATA PROCESSING

in accordance with Article no. 13 of the European Regulation 679/2016

 

Dear Client, the company, MIMOSA Società Cooperativa, controller of the processing of your personal data, pursuant to art. no.13 of the European Regulation, informs you about the following with regard to the personal data you provided for the management of the contractual relationship.

 

PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

 

The personal data provided shall be exclusively used for the following purposes, within the limits and for the pursuit of the purposes relating to the existing contractual relationship:

• to provide the service agreed with the data subject; in this case, the legal basis of the processing is the implementation of the obligations arising from the contract to which the data subject is party, or to comply with any specific requests of the data subject, even at a pre-contractual stage;
• to fulfil obligations under laws and regulations (e.g., data for electronic invoicing, accounting, tax, social security and contribution requirements); in this case, the legal basis of the processing is the compliance with a legal obligation to which the controller is subject;
• to send the data subject, prior to his or her consent, newsletter communications and/or commercial offers; in this case, the legal basis for the processing is the consent of the data subject.

 

PROCESSING PROCEDURES AND DURATION

 

The personal data you provided shall be processed “lawfully and fairly” by paper, computer or telematic means.
The data processing shall continue for the entire duration of the relationship with the controller and, if necessary, for any obligations to which the controller is subject, until their completion, in accordance with current regulations.
With regard to the processing required to send communications, newsletters and/or commercial offers, personal data shall be kept until the data subject withdraws his or her consent.
Where legal basis for the processing is the consent of the Client, he or she has the right to withdraw it at any time, without affecting the lawfulness of the processing carried out up to the date of revocation of consent.

 

COMMUNICATION AND DISCLOSURE OF PERSONAL DATA AND POSSIBLE RECIPIENTS

 

Only the persons authorized by the controller may access and therefore become aware of your data and only insofar as needed to carry out their task.
Without prejudice to communications carried out to comply with legal and contractual obligations, all data collected and processed may be communicated exclusively, for the purposes specified above, to:

• persons authorized by the data controller (collaborators, trainees and employees);
• data processors or external collaborators of the data controller (e.g. legal and labour consultants, accountants, IT specialists, auditors);
• public and private entities to whom the communication is due by law or regulation;
• insurance and debt collection companies.

Your data shall not be disclosed.
A list of these possible external parties shall be made available upon request.

 

TRANSFER OF PERSONAL DATA ABROAD

 

Personal data may be transferred abroad only if the controller decides to use computer services (such as website, e-mail, cloud computing, e-mail direct marketing) managed by suppliers residing in countries outside the European Union or using servers located in foreign countries.
In these cases, the transfer to third countries shall take place in compliance with EU Privacy Regulation 679/2016.

 

NATURE OF THE PROVISION OF DATA AND CONSEQUENCES IN CASE OF NON-CONSENT TO PROCESSING

 

The provision of data and its processing are optional, but needed to deal with the activities necessary to carry out contractual obligations.
Contractual relationships and legal obligations may be impossible to comply with, in case of refusal to provide the data for these purposes.
Provision of data to send out communications and commercial offers is optional. Possible refusal shall not affect the supply of other services.
You may object to your data processing at any time, even after you have given your consent for commercial purposes, by sending a request to the data controller forwarding a communication to the following address: info@coopmimosa.com.

 

RIGHTS OF THE DATA SUBJECT

 

The data subject has the right to obtain from the controller confirmation of the existence, or otherwise, of data concerning him or her, even if not yet recorded, and their communication in an intelligible form.
The data subject has also the right to obtain the updating, rectification, or, if interested, integration of his or her data, erasure or restriction of their processing, transformation into anonymous form or the blocking of unlawfully processed data (including data which storage is unnecessary for the purposes for which they were collected or subsequently processed), certification that the operations, including their content, mentioned in the previous paragraphs, have been notified to those subjects to whom the data were communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate use of resources compared to the protected right.
The data subject shall have the right to object, in whole or in part, on legitimate grounds, to his or her data processing, although relevant to the purpose of collection, as well as the right to the portability of electronic data, that are subject to automated processing, and to lodge a complaint with a supervisory authority.
These rights may be exercized by contacting the controller at the physical or telematic addresses stated in the letterhead.

 

IDENTIFICATION DETAILS OF THE DATA PROCESSING CONTROLLER AND PROCESSOR

 

The controller of data processing is MIMOSA Società Cooperativa, Via S. Nazzaro, 47 - 38066 Riva d/G (TN), Tel. 0464/520200, info@coopmimosa.com, info@pec.coopmimosa.com.
The updated list of data processors is available at the headquarters of the data processing controller.