Back to the Blog Back to the Blog

Privacy Policy

14 Jul 2025 Share Facebook Linkedin Twitter
Facebook Linkedin Twitter

Privacy Policy

pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR")

Dear Client,

Below are the methods of processing personal data provided by you or collected automatically through the use of the reserved area of the web (web app) https://app.mela.work and the mobile app (jointly "App").

1. DATA CONTROLLER

    The data controller is Mela Works S.r.l., with registered office at Piazza Castello n. 26, 20121 Milan (MI) ("Controller" or "Company").

    2. TYPES OF DATA PROCESSED

      To enable navigation of the App and allow you to use its services, the Controller will need to process certain personal data.

      To access your personal area, the Controller will collect the following data:

      • first and last name

      • email address

      • telephone number

      • purposes for which the user wishes to use the App

      Furthermore, to use customer service and enable the resolution of any issues, the following personal data will be processed:

      • first and last name

      • email address

      • where necessary for problem resolution, telephone number

      • any additional personal data included in the communication

      3. PURPOSE, LEGAL BASIS AND NATURE OF DATA PROVISION

        Purpose of processing

        Legal basis

        Nature of provision

        A

        Use of the personal area and guarantee of network and information security. This purpose includes the possibility of using the App, as well as the processing of personal data relating to traffic carried out by the Controller, to the extent strictly necessary and proportionate to guarantee network and information security.

        - Performance of a contract (Art. 6.1 (b) of the GDPR). - Legitimate interest (Art. 6.1 (f) of the GDPR).

        Mandatory. Failure to provide data would result in the impossibility (i) to use the content and Services of the App and (ii) to guarantee network security.

        B

        Registration and use of the personal area. This purpose includes the possibility of registering on the App and using the personal area.

        Performance of a contract to which the data subject is party (Art. 6.1 (b) of the GDPR).

        Mandatory. Failure to provide data would result in the Controller's inability to allow you to use the personal area.

        C

        Contacting the Controller. This purpose includes the possibility of contacting the Controller to have support for error resolution.

        Performance of a contract to which the data subject is party (Art. 6.1 (b) of the GDPR).

        Mandatory. Failure to provide data would result in the Controller's inability to support you in case of requests.

        Sending tips on using Mela Works. This purpose includes the possibility for the Controller to send emails and WhatsApp messages to present the features of the purchased product and facilitate onboarding.

        Legitimate interest (Art. 6.1 (f) of the GDPR).

        Mandatory. Failure to provide data, while not affecting the use of Mela Works, could result in the inability to receive communications to present the purchased product and illustrate its features. The possibility to object to such processing always remains.

        D

        Sending updates and communications about Mela Works. This purpose includes the possibility for Mela Works to contact you via email, through WhatsApp or with push notifications and send you tips on using the personal area and updates on features.

        Consent (Art. 6.1 (a) of the GDPR).

        Optional. Failure to provide consent, while not resulting in the Controller's inability to update you about Mela Works, could prevent you from staying updated on news and tips.

        D

        Where applicable, to ascertain, exercise or defend the rights of the Controller in out-of-court and/or judicial proceedings.

        Legitimate interest (Art. 6.1 (f) of the GDPR).

        Mandatory. Failure to provide data may preclude the exercise of the controller's rights.

        4. RETENTION OF PERSONAL DATA

        Information relating to malfunction reports will be kept for 5 years from their resolution. Data relating to the personal area will be retained until its deletion by the user. This is without prejudice to the case where it is necessary to retain such information to exercise or defend a right in court.

        In case of processing of personal data for the exercise of a right in court, personal data will be retained for the entire duration of the dispute and until the expiry of the terms for filing appeals.

        5. RECIPIENTS OF PERSONAL DATA

          Personal data may be communicated to the following subjects:

          • those who can access the data by virtue of provisions of law provided for by European Union law or that of the Member State to which the Controller is subject;

          • subjects who carry out activities auxiliary to the purposes indicated in the appropriate paragraph and, specifically, banking or payment institutions, companies offering hosting services, instant messaging, IT infrastructure and IT assistance and consultancy services as well as design and implementation of software and websites, companies offering data analysis and development services (including those relating to user interactions with our services).

          Furthermore, employee personnel, designated as subjects acting under the authority of the Data Controller pursuant to Art. 29 of the GDPR or as System Administrator, may also become aware of your personal data.

          6. TRANSFERS TO THIRD COUNTRIES

            The Controller may transfer your personal data to third countries and, specifically, to the United States, for example in the case of payments. The safeguards adopted are the supplier's adherence to the Data Privacy Framework. For more information on what the Data Privacy Framework is, you can visit the site at this address: https://www.dataprivacyframework.gov/.

            Where suppliers do not adhere to the Data Privacy Framework, pursuant to Art. 46 of the GDPR, the Controller has signed the standard contractual clauses approved by the EU Commission.

            To obtain the complete list of third countries of destination and the indication of the specific safeguards adopted, you can contact the Controller using the contacts indicated in the following paragraph 8.

            7. AUTOMATED DECISION-MAKING PROCESSES

              The Controller does not intend to use automated decision-making processes.

              8. RIGHTS OF THE DATA SUBJECT

                As a data subject, you have the right to withdraw consent given at any time and to obtain access to personal data from the Company. You may also request their rectification or erasure from the Company. Furthermore, you have the right to obtain restriction of processing of personal data concerning you, as well as the right to data portability.

                In addition to the above, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data carried out pursuant to Art. 6, paragraph 1, letters e) or f), including profiling based on those provisions, as provided for by Art. 21 of the GDPR.

                Finally, you have the right to lodge a complaint with a supervisory authority or to take appropriate legal action if you believe that the processing concerning you violates the GDPR.

                To exercise each of your rights, you can contact the Controller by sending a communication to the registered office of Mela Works S.r.l., with registered office at Piazza Castello n. 26, 20121 Milan (MI), or by sending an email to privacy@mela.work.

                Share
                Facebook Linkedin Twitter

                Need help
                to get going?

                Tell us how we can help
                Contact us on WhatsApp!