May 7, 2015

Cookie and Privacy Policy

Information regarding processing of personal data

Information regarding processing of personal data collected from the person concerned (Art. 13 of the EU General Regulations on the Protection of Personal Data no. 2016/679)
MamaRent, owner of the processing of personal data in accordance with Articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter “Regulation” or “GDPR”), hereby informs you pursuant to art. 13 of the Regulations that will process the personal data related to the company and individuals who have legal representation for the purpose and with the addition indicated mode

1. DEFINITIONS
The processing of personal data means any operation or set of operations, performed with or without the help of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as collection, recording, organizing, structuring, storing, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or interconnection, limiting, erasure or destruction.

2. PURPOSE OF THE TREATMENT
The Data Controller handles personal data, identity and non-sensitive (in particular, your name, social security number, p. Iva, company name, email, telephone number, bank details and payment, – later, ” personal data “or” data “) communicated by you.

3. PURPOSE OF THE PROCESSING 
Your personal data are processed:

A) without your express consent ex art. 6 letter. b) and e) of GDPR, for the following Service Purpose:

  • conclude contracts for the services of the Holder;
  • fulfill the pre-contractual obligations, contractual and tax arising from reports drawn up with you;
  • fulfill the obligations required by law, regulations, European Community regulations or by order of public authorities (such as anti-money laundering);
  • exercise the rights of the owner, such as the right to legal defense

B) Just prior specific and distinct consent (art. 7 GDPR), for the following Marketing Objectives:

  • send you via e-mail, mail and / or SMS and / or telephone contacts, newsletters, business communications and / or marketing of products or services offered by the Owner and detection of the degree of satisfaction with the quality of services.

4. METHOD OF TREATMENT AND STORAGE TIME 
The processing of your personal data is realized by means of the operations indicated in art. 4 n. 2) GDPR and precisely: collection, recording, organizing, storing, retrieving, processing, modification, selection, retrieval, comparison, use, interconnection, block, communication, cancellation and destruction of data.

Your personal data are processed both paper and electronic and / or automated according to the principles and procedures described in the “Policy concerning the protection of privacy” of 24 May 2018, available at the following link: http://mamarent.com/wordpress/mamarent-policy/ .

The Holder will treat personal information as long as necessary to fulfill the purposes mentioned above and, except for the fulfillment of legal obligations, however for no more than 5 years from the termination of employment for service purpose and for no more than 3 years of data collection for Marketing Purposes.

5. ACCESS TO DATA 
Your data may be made accessible for the purposes of art. 3.A) and 3.B):

  • employees and collaborators of the Holder in Italy and abroad, in their capacity as employees and / or internal controllers;
  • to other companies or other entities (as an indication, banks, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Holder, in their capacity as external supervisory treatment.

6. DATA COMMUNICATION 
Without your express consent (Art. 6 letter. B) and c) GDPR), the owner can communicate your data for the purposes of art. 3.A) for supervisory bodies, judicial authorities as well as to all other persons to whom disclosure is required by law for the fulfillment of those purposes. Your information will not be disseminated.

7. DATA TRANSFER 
The management and conservation of personal data will be processed on servers located within the European Union of the owner and / or third party companies charge.

The data will not be transferred outside the European Union.  Should it be necessary, the Holder will have the right to move the location of the server in non-EU countries. In this case, the Holder ensures henceforth that the transfer of non-EU data will be in compliance with applicable statutory provisions stipulating, if necessary, arrangements which ensure an adequate level of protection and / or adopting the standard contractual clauses under the European Commission.

8. NATURE OF DATA AND CONSEQUENCES OF REFUSAL TO ANSWER
The conferment of data for the purposes of art. 3.A) is required. In their absence, we will be unable to assure you the services to art. 3.A). The provision of data for the purposes of art. 3.B) it is optional. It may then decide not to give any information or to subsequently deny the possibility of processing data already provided in that case, will receive marketing communications and advertising material relating to services offered by the owner. In any case continue to be eligible for services under Article. 3.A).

The legal basis of the processing of personal data is based on the contract is finalized with the Controller.

9. RIGHTS OF  
In your capacity as an interested party, the rights under Art. 15 GDPR and precisely those of:

  1. obtain confirmation of whether or not personal data concerning you, even if not yet recorded, and their communication in intelligible form;
  2. to be informed: a) origin of personal data; b) the purposes and methods of treatment; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed pursuant to art. 5, paragraph 2 Privacy Code art. 3, paragraph 1, GDPR; e) subjects or categories of persons to whom the data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
  3. obtain: a) updating, correction or, if you have an interest, integration of data; b) the cancellation, the transformation in anonymous form or the block of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in points a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or distributed, except in the case in which such fulfillment It proves impossible or involves a manifestly disproportionate to the protected right;
  4. object, in whole or in part: a) for legitimate reasons the processing of personal data, pertinent for collection purposes; b) the processing of personal data for purposes of sending advertising materials or direct selling or for carrying out market research or commercial communications through the use of automated calling systems without human intervention via email and / or through traditional marketing mode by telephone and / or paper mail. Please note that the right to object, set out in paragraph b), for direct marketing purposes by means of automated it extends to the traditional ones and that still remains the possibility for the person concerned to exercise their right to object even only partially. Therefore, where applicable, also the rights contained in Articles. 16-21 GDPR (Right of reply, right to oblivion, right to treatment limitation, the right to data portability, the right of opposition), and the right to claim the Guarantor Authority.

10. MODE OF EXERCISE OF RIGHTS
You may at any time exercise the above rights by sending:

– a registered letter to MamaRent, via Alfieri 20/A -30034- Mira Venice;

– an e-mail to info@mamarent.com

11. DATA, DATA PROCESSOR AND DATA PROTECTION 
The data controller is MamaRent.
The updated list of persons responsible of the treatment is kept in via Alfieri 20/A -30034- Mira Venice.

_______________________________________________________________________________________________

Policy regarding the protection and treatment of Personal Data

1. INTRODUCTION

Purpose
This document summarizes the procedures and standards used by MamaRent concerning the protection of privacy, particularly with regard to the processing of personal data (“Data”) transmitted or acquired by MamaRent in the execution of its business.

The data will always be treated in a lawful, fair and transparent to the stakeholders.

Based on the analysis of the risk carried by technicians and external consultants, in this document are summarized as follows:

  • the criteria and procedures to ensure safety in the handling of personal data;
  • the distribution of tasks and responsibilities within the structure for the processing of data:
  • the technical and organizational criteria for the protection of sites and premises affected by the security measures and procedures to control access of unauthorized persons to said premises;
  • the criteria and procedures to ensure the integrity and availability of data;
  • the criteria and procedures for the security of data transmissions, including those for the access restrictions via computer;
  • the criteria and procedures for restoring access to data;
  • the elaboration of a training plan to acquaint the controllers of the identified risks and ways to prevent damage.

The effectiveness of these security measures will be subject to ongoing monitoring and audit magazines, to be performed at least annually.

Scope and Applicability
This Policy applies to all personal data collected, processed, shared or used by Mamarent. It applies to all employees, contractors and consultants. This Policy comes into force on 24.05.2018.

Since then, that some data collected in European countries could also be handled by Group of companies based in non-EU countries, it should be noted that in this case the transfer of non-EU data will be processed in accordance with the entering into the law, if necessary, arrangements ensuring an adequate level of protection and / or adopting the standard contractual clauses laid down by the European Commission.

A copy of this Policy is published on the Group’s website in the “Privacy Policy” and delivered to each employee, contractor and consultant in paper or digital form.

The requirements described in this document apply to all treatments performed within the entire Group’s organizational structure, by any and all Officers in charge, and shall be binding on the contractual relationships related to treatments performed by other external entities whose is given a position of Head of data processing in which the Group is the owner.

2. DEFINITIONS
In this document:

  • with the term “treatment” (Art. 4, n. 2, the EU Regulation 2016/679) it refers to any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or any other form making available, alignment or interconnection, limiting, erasure or destruction;
  • the term “personal data” (art. 4, n. 1, the EU Regulation 2016/679) refers to any information relating to an identified or identifiable individual ( “data subject”); an identifiable natural person who can be identified, directly or indirectly, with particular reference to an identification such as name, an identification number, location data, online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity;
  • with the term “profiling” (Art. 4, n. 4, the EU Regulation 2016/679) refers to any form of automated processing of personal data consisting in the use of such personal information to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of the job performance, the economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that individual;
  • the term “pseudonymisation” (art. 4, n. 5, the EU Regulation 2016/679) refers to the processing of personal data in such a way that personal data can no longer be attributed to a specific person concerned without using additional information, provided that such additional information are stored separately and are subject to technical and organizational measures to ensure that such personal data is not attributed to an identified or identifiable natural person;
  • the term “data controller” (art. 4, n. 7, the EU Regulation 2016/679) refers to the natural or legal person, public authority, service or other body which alone or together with others It determines the purposes and the personal data processing means;
  • the term “controller” (art. 4, n. 8, the EU Regulation 2016/679) refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

 

3. ORGANIZATIONAL FUNCTIONS FOR THE PROTECTION OF PERSONAL DATA

The data processor in the person of the legal representative of each of the Group companies, the support as appropriate of the data processors (art. 28 of the EU Regulation 2016/679), if appointed:

  • identifies and makes decisions regarding the purposes and to the data processing, including the security profile;
  • make an inventory and update the register of the data processing activities and ensures the person all the rights referred to artt.15-21 of EU Regulation 2016/679;
  • identifies, prepares, checks, documents and discloses the security measures (minimum and larger) necessary for the protection of personal data.

Data Processors
If appointed, the data processors run by treatments based on his tasks and detailed in writing by the Holder. The Officers will comply with the decisions by the Owner who, including through regular audits, monitors strict compliance with the provisions on the treatment provided for by the Regulation, including related to security matters. Officials for the treatment shall ensure compliance of the instructions given to the responsible treatment.

Treatment under the authority of the data controller or data 
to each employee assigned, upon recruitment or in the case of job change at an organizational unit where the data, instructions have been provided to operate are treated as part the assigned treatment, with the utmost care and attention and respecting the safety measures put in place by the Group.

 

4. GUIDELINES FOR EMPLOYEES, CONTRACTORS AND CONSULTANTS
The following are the standards to employees and / or consultants must follow in carrying out tasks involving a personal data processing.

Preliminarily it should be noted that, in order to prevent foreign persons may gain knowledge of personal data to be processed, employees, advisors and / or consultants must observe the following due diligence rules, and any other additional measures deemed necessary to ensure compliance with the provisions of the regulations on privacy:

  • all treatment must be carried out so as to ensure compliance with the security measures, strict confidentiality of the information they possess is considering all confidential data and, as a rule, subject to professional secrecy;
  • the individual steps and conduct to be observed must be designed to ensure that the data are subject to risk of loss or destruction, which you can access by unauthorized persons, which are carried out operations of treatment not allowed or not in accordance with the purposes for which the same data were collected;
  • in the event that a data subject withdraws consent to the processing of data pursuant to Art. 7, paragraph 3 of the Regulation, the employee and / or consultant is required to promptly notify the owner or, if present, the Manager for the adoption of all necessary measures as appropriate;
  • in the event of removal, even temporarily, from their workstation must take all the necessary measures (eg. PC lock) to third parties, even if employees can not access personal data for which there was an ongoing any type of treatment;
  • They must be carried out only the processing operations necessary for the achievement of the purposes for which the data were collected;
  • It must be constantly verified the accuracy of the processed data and their relevance to the purposes sought in the individual cases.

Accessing data from the station / work tool
The location and the working tools must be:

  • used only for purposes related to their work;
  • used exclusively by one user;
  • protected, preventing other users from accessing the data you are dealing with.

Moreover, one must point out that it is the duty of each employee, contractor and / or consultant:

  • no software to install and / or not previously authorized mobile application;
  • do not leave on your desk confidential information, whatever the medium they are stored (paper, CD, peripherals, etc.).
  • call up the operating system security features (sequence of CTRL + ALT + DEL keys for Windows and activate the Lock Workstation feature systems for Windows and sequence ⌘-control-Q systems for the Mac) in case of momentary abandonment of its PC or, alternatively, set the screen saver with a password so that the maximum effect after 5 minutes of inactivity;
  • do not leave your laptop unattended in the workplace (at the end of working hours, during work breaks, or during meetings away from your desk);
  • do not leave it unattended smartphone;
  • do not use fax and / or telephone to transmit confidential and personal information unless you are absolutely certain of the identity of the interlocutor or customer and if it is not entitled to receive them.

The smartphone data supplied to the employee, subcontractor, or is equipped with a lock code that is checked once a year.

Password management
for proper password management, each employee, contractor and / or consultant should take care to:

  • change, the first connection, that the IT Department has attributed by default;
  • change at least every 90 days, or immediately in cases where it is compromised;
  • compose using at least 8 characters or, in the case where the electronic instrument does not allow it, with a number of characters equal to the maximum allowed;
  • use both letters and numbers and at least one uppercase character;
  • not base the choice of easy to deduce information such as, for example, your name, the name of his family, birth dates, social security numbers, etc.,
  • keep confidential and not disclose it to third parties;
  • not allow other users (eg. colleagues) to operate with its own user identifier;
  • do not write it down on media (eg. paper, post-it) easily accessible to third parties or leave it stored on your PC;
  • never communicate by phone except for serious needs.

Antivirus
The hardware supplied to employees, contractors and consultants (personal desktop computer or laptop, tablet and smartphone) while protected against computer virus attacks through special programs, remain potentially exposed to virus attacks is not known.

To reduce the likelihood of the occurrence of such attacks is necessary that the following rules apply:

  • check that the antivirus program installed is updated periodically and is active care is not the employee, but MamaRent;
  • properly closing your programs;
  • do not open, if you work in network, suspicious files and of dubious origin;
  • do not download or install applications / software that has not been previously approved and authorized;
  • Subscriptions are not both free and payment services in the Cloud that have not been approved and authorized;
  • check with the help of the antivirus program supplied each magnetic media containing data (CD-Rom or USB), before execution of the files it contains;
  • Do not use CD-Rom, USB drive or other electronic media of uncertain origin;
  • put the necessary focus on the results of the calculations made, and on any unusual reports sent from the PC, notifying Area IT;
  • used correctly and only for business needs e-mail and the Internet;
  • do not modify the configurations set on your PC;
  • turn off your PC at the end of the work day.

At the verification of a PC failure or smartphone, which may make you suspect the presence of a virus, it is good that the employee, contractor and / or consultant:

  1. suspend every operation on the PC / smartphone avoiding to work with the infected system;
  2. immediately contact the IT area;
  3. closes the system and its applications.

Protection for laptops, smartphones and tablets
Notwithstanding any provisions of the preceding paragraphs, the following are the additional precautions to be taken in the use of portable devices (laptops, tablets and smartphones):

  • store the instrument in a safe place at the end of the working day;
  • do not leave it unattended PC or smartphone when used in the external sphere the company;
  • immediately notify the IT area, which will give the appropriate indications, in case of theft of a laptop or a smartphone;
  • always be well aware of the information stored on the laptop or smartphones that are more prone to theft or loss with respect to a fixed location;
  • always operate in strict confidence when using your laptop or smartphone in public: the data, especially passwords, could be intercepted by prying observers.

Internet and email
The electronic communication tools (Internet and email) must be used exclusively for work purposes. They are prohibited behavior that could harm the Group.

In particular, the user must observe the following rules:

  • internet browsing is allowed only in sites related and necessary for the performance of assigned duties;
  • is not allowed to download free software (freeware or shareware) downloaded from the Internet;
  • It is not allowed to register Internet sites or participate in discussion forums if this is not strictly necessary for the conduct of their work;
  • the only instant messaging features allowed are those submitted from the IT;
  • it is absolutely forbidden to access e-mail from sources other than business;
  • it is forbidden to open e-mails and files of unknown origin or attachments that exhibit the anomalous aspects (such as, for example, a subject not clear);
  • It is not allowed to respond to messages from unknown senders or dubious contents merely because the act ensures the sender of the existence of the recipient;
  • It has banned the use of email to communicate confidential information, personal information or critical data, without guaranteeing the appropriate protection;
  • It should always make sure your correspondence by e-mail are entitled to get hold of the data that is sending;
  • It must always be aware that e-mail and web browsing are vehicles for the introduction on your machine (and therefore the company) for viruses and other potentially harmful elements;
  • it is only allowed to use from the installed IT programs;
  • You do not install programs themselves, in fact subsisting grave danger of introducing viruses and / or alter the functionality of existing software applications, of violating the law on copyright lacking the appropriate licenses purchased by the Group;
  • it is prohibited to change the characteristics set to the equipment or install storage devices, communication or other (eg burners, modem, wi-fi or connect card), connect to the corporate network any equipment (eg. switches, hubs, storage apparatuses network, etc.), make connections to the outside of any type (eg. via modem or connect card etc.) using a pC that is both connected to the corporate network (thus creating a link between the internal corporate network and the external network );
  • in order to optimize the resources available to corporate email and improve system performance, note that the mailbox has to be “in order” held periodically erasing or otherwise if they exceeded the limits of space granted, unnecessary or cumbersome attached documents ;
  • must always be given the greatest attention in the use of external origin media (eg. USB keys, external hard drives etc.).

Networks Wi-Fi / LAN
The devices can be connected to the enterprise Wi-Fi network while in office. In different situations the employee, contractor and / or consultant may decide to connect to a wi-fi network different if deemed safe and reliable. Access to MamaRent network is limited to employees, contractors and consultants, who have received their login credentials from the IT.

5. CENSUS OF TREATMENTS AND ANALYSIS OF RISKS
MamaRent carried out periodically and carry out the census and risk analysis in accordance with the best practices of the industry.

6. SECURITY MEASURES TO BE
In order to ensure the integrity of data processed and prevent the communication and / or unauthorized disclosure, the Group adopted of physical security measures (relative to the retention of data on paper) and computer MamaRent is equipped with the minimum protection measures, provided for and described in the DPS. Cabinets and drawers in offices and in which the documents with confidential data are stored are locked; the key is kept by the employee who manages the documents themselves.

7. TRAINING
At least every year are organized meetings or training material is made available for personal MamaRent regards the rules concerning the protection of privacy.

8. DATA BREACH
Each employee and / or consultant is required to notify promptly, and no later than 24 hours or 2 working hours from the moment he became aware of a breach of security of personal data and / or any another event that may compromise its security, so as to allow the Owner and / or, if present, to the Manager to comply with the provisions of Articles. 33 and 34 of the Regulations.

_______________________________________________________________________________________________

Use of cookies and similar technologies

Mamarent.com uses cookies and other similar technologies, such as pixels or local storage, to help provide you with a better, faster, and safer experience. Here are some of the ways that our services—including websites, SMS, APIs, email notifications, applications, buttons, widgets, and ads—use these technologies: to save your preferences, personalize the content you see, protect against spam and abuse, and show you more relevant ads.

Below we explain how Mamarent.com, our partners, and other third parties use these technologies, your privacy settings and the other options you have.

What are cookies, pixels, and local storage?

Cookies are small files that websites place on your computer as you browse the web. Like many websites, Mamarent.com uses cookies to discover how people are using our services and to make them work better.

A pixel is a small amount of code on a web page or in an email notification. As many services do, we use pixels to learn whether you’ve interacted with certain web or email content. This helps us measure and improve our services and personalize your experience on this website.

Local storage is an industry-standard technology that allows a website or application to store information locally on your computer or mobile device. We use local storage to customize what we show you based on your past interactions with us.

Why does Mamarent.com use these technologies?

This website uses these technologies to deliver, measure, and improve our services in various ways. These uses generally fall into one of the following categories:

  • Authentication and security:
    • To protect your security
    • To help us detect and fight spam, abuse, and other activities that violate the Privacy Rules

For example, these technologies help prevent unauthorized parties from accessing your data. They also let us show you appropriate content through our services.

  • Preferences:
    • To remember information about your browser and your preferences

For example, cookies help us remember your preferred language or country that you are in. We can then provide you with content in your preferred language without having to ask you each time you visit our website. We can also customize content based on your country, such as showing you what topics are trending near you, or to withhold certain content based on applicable local laws.

  • Analytics and research:
    • To help us improve and understand how people use our services, including buttons and widgets, and Ads

For example, cookies help us test different versions of our services to see which particular features or content users prefer. We might also optimize and improve your experience by using cookies to see how you interact with our services, such as when and how often you use them and what links you click on. We may use Google Analytics to assist us with this. Learn more about the cookies you may encounter through our use of Google Analytics. We might also use cookies to count the number of users that have seen a particular post.

  • Personalized content:
    • To customize our services with more relevant content, like tailored trends, stories, ads, and suggestions for people to follow
  • Advertising:
    • To help us deliver ads, measure their performance, and make them more relevant to you based on criteria like your activity on the website and visits to our ad partners’ websites

For example, Mamarent.com may use cookies and pixels to tailor ads and measure their performance. Using these technologies, we can show you ads and evaluate their effectiveness based on your visits to our ad partners’ websites. This helps advertisers provide high-quality ads and content that might be more interesting to you.

Our third-party advertising providers, including Google Analytics for Display Advertisers, also use these technologies for marketing, including the delivery of interest-based ads and measurement of their performance. If you do not want our advertising providers to use your visits to this websites to show you personalized ads on our behalf, you can opt out using your “Do Not Track” browser setting. You can also opt out of Google Analytics by installing Google’s opt-out browser add-on, and out of interest-based Google ads using Google’s Ads Settings.

Where are these technologies used?

Mamarent.com uses these technologies on our own websites. This includes our advertising and platform partners’ websites. Third parties may also use these technologies, for example, when you interact with their content from within our services, like when you click a link or stream media on this website from a third-party service, and to help with the delivery of ads shown on and off of this website.

What are my privacy options?

We are committed to offering you meaningful privacy choices. You have a number of options to control or limit how Mamarent.com, our partners, and other third parties use cookies:

  • For using cookies: You can modify your settings in most web browsers to accept or deny all cookies, or to request your permission each time a site attempts to set a cookie. Although cookies are not required for some parts of our services, Mamarent.com may not work properly if you disable cookies entirely.

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.