Privacy policy

Dear Customer,

for MAINO INDUSTRIES S.N.C. the protection of your personal data is a principle that goes beyond legal obligations. For this reason we have reviewed our information on Personal Data Protection and we have strengthened our management system to ensure that your data is treated safely and to prevent it from being disclosed to unauthorized third parties.

MAINO INDUSTRIES S.N.C. will never sell your data to third parties.

The commercial offers that we offer to our clients are designed to satisfy their needs and offer the best and most convenient service. In our Privacy Policy we indicate what your rights are and how you can exercise them, what data we collect and for what purposes. You can read the information below. If at the moment we do not have your consent to send you communications regarding personalized offers and latest news and you are interested, write to us and we will update your personal data form.

We remind you that, at any time you can request any modification and / or partial and / or total cancellation, change your preferences and consent. With this update, we satisfy the need for privacy protection, which is increasingly felt by European citizens, and we comply with the new EU Regulation 2016/679 (GDPR) on the protection of personal data.

THE GDPR for MAINO INDUSTRIES S.N.C. https://maino.it edited by Alfredo Maino.

GDPR: GDPR regulation; what it is, when it comes into force and what changes it entails.

  1. What is the GDPR.
  2. Notes on personal data, data processing and subjects involved.
  3. Main obligations required by the GDPR.
  4. Specific aspects within the computer platform – online store.
  5. Embedded content from other websites.

1. What is the GDPR? The GDPR (General Data Protection Regulation) is the new General Data Protection Regulation (EU Regulation 2016/679). It was issued by the EU. It should have gone into effect on 05/24/2016, however the effective date has been postponed to 05/25/2018. It describes all the necessary requirements for the implementation of a data protection management system and serves to demonstrate that the processed data has been adequately protected. Unlike in the past (Italian legislation, such as the “Privacy Law”, Legislative Decree 196/2003 or ISO 27001/2013, provide a checklist of clear obligations), the GDPR does not quickly indicate how to protect information, but he asks for power to show that they have been adequately protected.

2. Notes on personal data, on data processing and on the subjects involved: What is personal data Personal data is information that identifies or makes a natural person identifiable and that can provide details about their characteristics, habits, style of life, personal relationships, health, financial situation, etc. Personal data includes: • identifying data: those that allow direct identification, such as personal data (for example: name and surname); • sensitive data: those that may reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, unions, associations or organizations of a religious, philosophical, political or union nature, health and life status; judicial data: those that may reveal the existence of certain judicial measures subject to registration in the criminal record (for example, final criminal convictions, conditional release, prohibition or obligation to stay, alternative measures to detention) or the status of accused or suspect . The subjects involved Owner – Responsible – Interested – Responsible • Interested party: is the natural person to whom the personal data refers. So if a treatment refers to, for example, the address, the tax code, etc. by Pippo Bianchi, this person is the “interested”; • Owner: is the natural person, company, public or private body, association, etc., who is in charge of deciding on the purposes and methods of treatment, as well as on the tools used; • Responsible: is the natural person, company, public or private body, association or body to which the owner entrusts, even outside its organizational structure, specific and defined tasks of management and control of data processing. The appointment of the manager is optional. • Responsible: is the natural person who, on behalf of the owner, processes or materially uses the personal data based on the instructions received from the owner and / or manager.

3. Main obligations required by the GDPR: The data controller must: ● Define what data is acquired and how, the purposes for which it is collected and the retention period (Privacy Policy); ● Analyze the risks to which it is subjected through a specific risk matrix; ● Prepare the security plan with all the necessary procedures to face the risks. ● Facilitate the exercise of the rights provided by the regulations for clients; ● implement the following security measures: ● pseudonymisation and / or any encryption of personal data; – measures that have the capacity to guarantee confidentiality on a permanent basis; – the integrity, availability and resilience of processing systems and services; – measures that have the ability to quickly restore the availability and access to personal data in the event of a physical or technical accident; – a procedure to test, verify and periodically evaluate the effectiveness of technical and organizational measures to guarantee the security of the treatment; ● keep a log of the processing activities, containing the name and contact details of the data controller, the representative of the controller and the manager of the controller; the purposes of the processing; description of the categories of data subjects and of the categories of personal data, categories of data recipients, data transfer to third countries or international organizations, deadlines for data deletion, description of technical and organizational security measures. ● check whether the conditions exist for the appointment of a DPO (Data Protection Officer). According to the Regulation (article 37), the appointment of the DPO is mandatory: (a) if the treatment is carried out by a public authority or a public body, with the exception of judicial authorities in the exercise of judicial functions; or (b) if the principal activities of the owner or manager consist of processing that requires regular and systematic monitoring of stakeholders on a large scale; or (c) if the main activities of the controller or processor consist of the large-scale processing of particular categories of data or personal data related to criminal convictions and offenses. ● designate all subjects involved in data processing: external data processing manager (if present, eg accountant, labor consultant …); appoint the persons in charge, if present, with a specific confidentiality agreement (for example, employees or collaborators), appoint the DPO if necessary; ● Train those responsible for data processing.

4. Specific aspects within the computer platform – online store: MAINO INDUSTRIES S.N.C. is the data controller of the data acquired through the website www.maino.it (for example, data provided by customers when creating the account for the purchase). ● MAINO INDUSTRIES S.N.C. It is designated by the clients (data controllers) as an external administrator of the data that is uploaded to the hosting, server, cloud…. In this case, the activities that MAINO INDUSTRIES S.N.C. or those responsible are well defined within the appointment contract (which contains all the specifications to be followed, including the security measures adopted).

5. Embedded content from other websites: only if present, some articles on the MAINO website may include content with links to the outside (for example, videos, images, articles, etc.). Any content embedded in other websites behaves in exactly the same way as if the visitor had visited another website. These websites (such as Gravatar https://automattic.com/privacy/, but also Google, Amazon, Youtube, etc. with their respective privacy reference pages, etc.…) could collect visitor data, use cookies, integrate additionally monitor third parties and monitor interaction with such embedded content, including tracking interaction with embedded content, whether you are a visitor or user with an account or not from that website.

Thanks! Questions? Write to alfredo@maino.it