In accordance with Regulation EU 2016/679 (“GDPR”) and the applicable national regulations concerning the protection of personal data, Mela Works S.r.l., registered office Piazza Castello, 26 20121 Milan (Italy), registered with the Chamber of Commerce of Milan no. 11236210966, REA no. MI-2589085, as the data controller (hereafter “data controller” or “Mela Works”), informs you that your data shall be processed in the following ways and for the following purposes in relation to services provided by Mela Works S.r.l. (“Servizi”) delivered through the website https://www.mela.work/ (“Site”) and the mobile and web app for managing professional activities (“App”).
1. DATA SUBJECT TO PROCESSING
The Data Controller shall exclusively handle personal identification data that is provided by clients when requesting Services from the Data Provider through the Site and/or App, registering accounts, or using the Site and/or App, in particular:
USER/DATA SUBJECT ACTIVITY
CATEGORIES OF PERSONAL DATA
Use of Site (registration and account creation)
Name and surname, telephone number, email address, postal address, IP address and session ID.
Where the client has signed up to a paid subscription, the method of payment (e.g. credit card) and billing dates shall be processed in addition to the above.
Use of App
Name and surname, telephone number, email address, postal address, IP address and session ID, messages sent by the client with timestamp and geolocation of information uploaded (including chat messages, photos, videos, voice messages, files).
Where the client has signed up to a paid subscription, the method of payment (e.g. credit card) and billing dates shall also be processed in addition to the above.
Navigation of Site
The Data Controller shall furthermore process, exclusively in anonymised form, data relating to the use of the App and Site (including the overall quantity of downloads and the most regularly viewed screens). The client may at any point disable the gathering of data showing the client’s geolocation at the moment of the loading of information; this may be achieved by disabling the relevant permissions in the App’s system settings.
No provision is made for the processing of specific categories of data.
2. PURPOSES AND LEGAL BASIS OF PROCESSING
Personal data is processed for the following purposes and in accordance with the following legal bases:
A) “Purposes of service”
The Data Controller processes personal data in order to allow the client to access and make use of Services, as well to allow use of the Site and/or App and facilitate their technical and operational management, including the resolution of technical problems, and encompassing use of the chat function present on the Site.
For the furtherance of this purpose, personal data shall be processed upon execution of a contract and/or the fulfilment of precontractual commitments, with no requirement for express prior consent on the part of the client.
B) “Purposes of fulfilling the Data Controller’s legal obligations”
Personal data shall be processed in order to guarantee the Data Controller’s compliance with obligations established by laws, regulations or national and EU legislation, or legislation otherwise imposed by competent authorities. Such processing is necessary to discharge the legal obligation to which the Data Controller is subject and does not require the consent of the client.
C) “Purposes related to the pursuit of the Data Controller’s legitimate interests”, in particular:
- prevention and repression of illegal acts and the exercise of the rights of the Data Controller in judicial proceedings and litigation management;
- management and maintenance of the Site and/or App;
- prevention and detection of fraudulent activities and misuses that are damaging to the Site and/or App and/or Services.
For the pursuit of “Purposes related to the pursuit of the Data Controller’s legitimate interests” referred to in the present subparagraph C, personal data shall be processed without the need for express consent on the part of the client.
D) “Purposes of promoting products or similar services (known as Soft Spam)” such as:
- contacting clients who have already registered with communications regarding products or services similar to the Services (such as, for instance, new features of the App).
For the pursuit of “Purposes of promoting products or similar services (known as Soft Spam)” referred to in the present subparagraph D, personal data shall be processed in order to pursue the Data Controller’s legitimate interests, and therefore without the need for express consent on the part of the client. Nevertheless, the client may refuse consent when registering for the App or through subsequent communications.
3. STORAGE OF PERSONAL DATA
The Data Controller shall process personal data for the time necessary to fulfil its purposes. For the pursuit of “Purposes of promoting products or similar services (Soft Spam)” referred to in subparagraph D of Section 2, the Data Controller shall process relevant data until the moment that the client refuses to receive communications.
Mela Works retains the right to conserve personal data for a further period, insofar as this is required by specific legal dispositions or in order to exercise or defend a right.
4. PROVISION OF PERSONAL DATA
In the context of use of the Site and/or the App, the provision of personal data is obligatory. Such data is a prerequisite of the relationship with the Data Controller and the use of Services. The client may decide not to share personal data, though in the absence of personal data it shall not be possible to make use of Services.
If the client wishes to manage, modify, restrict or delete their information, they may change the settings of the Services in order to manage certain information that is available to other clients.
The client may manage contacts and groups or use the block function to manage the clients with whom they communicate. The client may also disable information pertaining to their actual location.
For the “Purposes of promoting products or similar services (known as Soft Spam)” in the context of use of the Site and/or App, the provision of personal data is optional. Failure to provide such data does not prevent the use of the Data Controller’s services, though the client shall not receive communications regarding products or services similar to the Services.
5. METHODS OF PROCESSING, DATA RECIPIENTS AND TRANSFER OUTSIDE THE EU
Personal data shall be processed using manual and computer tools by personnel and collaborators of Mela Works who have been authorised to carry out processing and/or by individuals expressly identified as data processors, and to whom Mela Works has provided detailed operating instructions with specific reference to the adoption of adequate technical and organisational security measures.
In some cases, in addition to Mela Works, data may be available to certain categories of individuals involved in the operation of the Site and/or App or external parties (such as third-party technical service providers, hosting providers).
A complete list of the recipients of data is available at the client’s request, which may be submitted according to the procedure described in article 8.
Personal data shall be processed in Italy and may also be transferred to member states of the European Union and to third countries outside of the European Union for the purposes referred to in this policy, with the adoption of all adequate and relevant security measures as required by legislation.
6. RIGHTS OF THE DATA SUBJECT
In relation to the processing of personal data by Mela Works, the client may at any time exercise the rights recognised by the GDPR and other applicable laws in relation to the processing of personal data, including the right (i) to be informed of the processing of their personal data and to request a copy of the data, as well as further information regarding such processing; (ii) to request a structured copy of the provided data, in a commonly used and machine-readable format; (iii) to ask Mela Works to correct any incomplete, inaccurate or outdated information; (iv) in cases provided for by art. 17 of the GDPR, to ask Mela Works to delete any information concerning the client: (v) in cases provided for by art. 18 of the GDPR, to ask Mela Works to restrict the processing of personal data; (vi) if processing is based on consent, to revoke such consent, it being understood that the revocation does not prejudice the legality of the processing carried out prior to that time; (vii) to file a complaint to the Authority for the Protection of Personal Data where it is deemed that the processing of personal data violates laws concerning the protection of personal data.
7. METHOD OF EXERCISING RIGHTS
The client may at any time exercise the rights referred to in Section 6 (Rights of the Data Subject) above by:
- sending a registered letter to the address of the Data Controller;
- sending an email to firstname.lastname@example.org.
8. DATA CONTROLLER
The Data Controller is Mela Works S.r.l., registered office Piazza Castello, 26 20121 Milan (Italy), registered with the Chamber of Commerce of Milan no. 11236210966, REA no. MI-2589085.
An updated of persons responsible for processing and system administrators is maintained at the registered office of the Data Controller.
The personal data of visitors gathered using cookies shall be processed by the Data Controller in accordance with the paragraphs above, in compliance with applicable legislation. The legal basis, purpose and duration of the processing of each type of cookie used on the Site is outlined below.
First- and third-party technical cookies
First- and third-party technical cookies are used by the data processor to guarantee its essential functions, as well as for statistical purposes. Denial of their use on the part of the visitor and the absence of the data that such cookies gather shall prevent the correct and full functioning of the Site.
The processing of personal data through technical cookies does not require the visitor’s consent.
The App uses technical cookies as outlined in the table below.
Link for further information
Web App authentication cookies
Permits authentication of access to web portal
Until end of browsing session
Payment management cookies
Permits purchase of a subscription to the Mela application
From 1 hour to 10 days
The present Site uses the third-party cookies identified in the following table.
Link for further information
Google Analytics/Tag manager
Collects data anonymously in order to generate traffic and user metrics.