Privacy Policy

Privacy Policy


The  takes very seriously the privacy of the users and undertakes to comply fully with the applicable law (Regulation (EU) 2016/679 – henceforth the “GDPR” Regulation).

This document(“Privacy Policy”) provides information on how the Processing of Personal Data collected by the Company through this Website ( the “Site”) constitutes an informational notice to the Data subjects in accordance with Article 13 of Regulation GDPR. Special informational notices about the confidentiality of information are usually published in the sections of the Website where the User’s Personal Data is collected and are in any case supplemented by this Privacy Policy.

Data Processing Officer and DPO

The Data We Process

The following data can be processed:

1) the customary Personal Information you may provide when using the features of the Site, including Browser Data or Service Requests offered on the Site (eg limited access, contests, and other initiatives that may on the Site, use of Applications, requests for information and reports also submitted via communication forms, etc.) as well as data collected from cookies as specified in the Cookies Policy

2) specific data categories such as those relating to the medical history (Article 9 of the GDPR Regulation). In this case, processing is based on the user’s consent, compliance with obligations related to the reporting of adverse reactions, the fulfillment of legal or regulatory obligations or contractual or pre-contractual obligations relating to the supply of goods or services (including applications for information about our products and their proper use). In any case, the legal basis for the processing of specific categories of data is Article 9 (2) (a) and (i) of the GDPR Regulation.

Why and how we process your Personal Information

With your consent, the Company may process your usual Personal Data to ensure that you can take advantage of the services and features available and improve their performance, gather statistics on its use, manage your requests and reports received through the Website and manage your registration in any restricted areas and initiatives (eg competitions) that may be on the Site in accordance with Article 6.1.a of the GDPR Regulation. The Company may also process your Personal Data for the fulfillment of obligations arising from laws, regulations and European Union law: the legal basis for processing for this purpose is Article 6 (1) (c) of the GDPR Regulation.

In addition, with your optional consent, your usual Personal Data may also be used in official publications of the company (such as newsletters) or in advertising (marketing), that is, in the context of the sending of promotional material and / or commercial communications relating to services (eg mail, telephone, etc.) or automated means (eg Internet communications, fax, fax, e-mail, emails, text messages, mobile apps such as smartphones and tablets, social media accounts, such as Facebook or Twitter, etc.). The legal basis of the Processing for this purpose is Article 6 (1) (a) of the GDPR Regulation.

Finally, the Company may process your usual and special Personal Data to protect its rights in court proceedings.

If Data subjects provide Third Party Personal Data, they must take action in advance to ensure that midifiles disclosure (and subsequent processing for the purposes specified in the information notice) is consistent with the GDPR: for example, , Data Subjects may provide Third Party Personal Data only after they have been duly informed and with specific consent. All of your Data is processed using automated and electronic tools that are appropriate to ensure full security and confidentiality.
Necessary and Optional Editing

The forms to be filled in on this Site require that you provide the Personal Data that is strictly necessary for the processing of your messages and requests. These data are marked with an asterisk [*]. If you do not wish to provide them, we will not be able to process your messages / requests.
Instead, some forms may provide the ability to provide Personal Data that is not strictly necessary to process your requests: provision of such Data is optional and their non-submission has no effect.
Browsing data

If you simply visit the Site (ie, without sending any message or using any of the services / functions available), your Data Processing is limited to the Browsing Data, that is, the Data that must be sent to the Website for the operation of the computers in which the Website operates and the Internet protocols. This category includes, for example, IP addresses or computer domains used to visit the Site and other parameters related to the operating system used to link to the Site. The Company collects these and other Data (such as the number of visits and time devoted to the Site) for statistical purposes only and in anonymous form in order to monitor the operation of the Website and improve its performance. These Data are not collected to link to other user information or to identify users. However, such information may, by its nature, allow the Company to identify users through the Processing and Connection with Third Party Data. Browsing Data is usually deleted after it is edited in an anonymous form but may be stored and used by the Company to identify and identify the perpetrators of any computer offenses committed against or through the Site. Subject to this and the provisions of the Cookie Policy, the Browsing Data described above is stored only temporarily, in accordance with the law.
Links to other sites
This Privacy Policy applies only to the Site defined above. Although the Site may contain links to other sites (known as third party sites), we inform you that the Company does not have access to, or use cookie tracking, Internet lightning or other user tracking technologies that may be active on third party sites , the content and material posted to them or the methods of Processing Your Personal Data. For this reason, the Company expressly disclaims any responsibility for such matters. Therefore, you should verify the privacy policies of such third party sites and collect information about the terms and conditions and the way in which your Personal Data is processed.
How we store the Data and for how long

According to Article 5 (1) (c) of the GDPR Regulation, the computers and programs used by the Company are created in such a way that the use of Personal Data and Identification Data is minimized. These Data are processed only to the extent necessary to achieve the purposes stated in this Policy and will be stored for as long as is strictly necessary to achieve the specific purposes pursued. In any case, the criterion used to determine the storage period is based on compliance with the deadlines allowed by law and the principles of data minimization, storage limitation, or rational management of our records.

How we guarantee the security and quality of your Personal Information

The Company undertakes to ensure the security of the User’s Personal Data and to comply with the statutory security provisions to prevent the loss of Data, illegal or unlawful use of Data or unauthorized access to Data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced technologies and security procedures to protect the user’s Personal Data. For example, Personal Data is stored on secure servers located in protected and controlled access. The user can help the Company update and correct its Personal Data, announcing any change of address, qualifications, contact details etc.

People who have access to the Data

Persons belonging to the following categories are authorized to process User Data: technical and administrative staff, IT staff, product managers, internal control and compliance personnel, as well as other staff members who have to process the Data to perform their tasks
Data may also be communicated to other countries of the midifiles Group outside the EU (“third countries”) for the same purposes and / or for administrative and accounting purposes in accordance with Article 6 (1) (f) and recital 48 of the GDPR.
In addition, data may also be communicated to third countries: (i) institutions, authorities, public bodies for institutional purposes; (ii) professional, independent consultants – whether employed individually or collectively – and other third parties and providers providing the Company commercial, professional or technical services required for the operation of the Website (eg providing IT services and Cloud Computing) for the purposes stated above and to support the Company in providing the services (iii) to third parties in the case of mergers, acquisitions, transfers of undertakings or their branches, controls or other exceptional operations; iv) supervisory bodies of the company headed by the Data Processor in the exercise of their activities (supervision of legal obligations , Ethical Standards, midifiles Group Code of Conduct, etc.). The named recipients only receive the necessary Data for their respective functions and duly process them only for the purposes mentioned above and in accordance with the Data Protection Laws.

Data may also be shared with other legitimate recipients identified from time to time by applicable laws. Except as stated above, Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Processing Manager and will not be disseminated. The Parties receiving the Data shall be processed as Data Processing Authorities, Processors or persons authorized to process the Personal Data, as appropriate, for the purposes mentioned above and in accordance with the applicable data protection legislation.

Regarding the transfer of Data outside the EU, even in countries whose laws do not guarantee the same level of Privacy as that provided by EU law, the Processing Officer informs that the transfer will in any case be made in accordance with the methods allowed by GDPR, for example based on user consent, on the basis of the standard contractual clauses approved by the European Commission, selecting parties participating in an international program for the free movement of data (eg EU-US Privacy Shield) or carried out in countries that are considered safe by the European Commission.

Your rights

You may at any time exercise the rights provided by GDPR Articles 15-22, including the right to confirm the existence of Personal Data relating to you, to check their content, origin, correctness, location (also in relation to any Third Countries), request a copy, request a correction, and in cases provided by law, request that you limit their processing, delete them, oppose direct communication activities , To object to direct marketing activities (which also limited to certain media). Similarly, you can always withdraw your consent and / or make comments on specific issues regarding the Processing of Your Personal Data that you consider to be incorrect or unjustified in your relationship with the Company or to file a complaint with the Personal Data Protection Authority. You may contact us at to submit any claims regarding the processing of Personal Data by the Company to exercise your legal rights.