The midifiles.gr takes very seriously the privacy of the users and undertakes to comply fully with the applicable law (Regulation (EU) 2016/679 – henceforth the “GDPR” Regulation).
Data Processing Officer and DPO
The Data We Process
The following data can be processed:
1) the customary Personal Information you may provide when using the features of the Site, including Browser Data or Service Requests offered on the Site (eg limited access, contests, and other initiatives that may on the Site, use of Applications, requests for information and reports also submitted via communication forms, etc.) as well as data collected from cookies as specified in the Cookies Policy
2) specific data categories such as those relating to the medical history (Article 9 of the GDPR Regulation). In this case, processing is based on the user’s consent, compliance with obligations related to the reporting of adverse reactions, the fulfillment of legal or regulatory obligations or contractual or pre-contractual obligations relating to the supply of goods or services (including applications for information about our products and their proper use). In any case, the legal basis for the processing of specific categories of data is Article 9 (2) (a) and (i) of the GDPR Regulation.
Why and how we process your Personal Information
With your consent, the Company may process your usual Personal Data to ensure that you can take advantage of the services and features available and improve their performance, gather statistics on its use, manage your requests and reports received through the Website and manage your registration in any restricted areas and initiatives (eg competitions) that may be on the Site in accordance with Article 6.1.a of the GDPR Regulation. The Company may also process your Personal Data for the fulfillment of obligations arising from laws, regulations and European Union law: the legal basis for processing for this purpose is Article 6 (1) (c) of the GDPR Regulation.
In addition, with your optional consent, your usual Personal Data may also be used in official publications of the company (such as newsletters) or in advertising (marketing), that is, in the context of the sending of promotional material and / or commercial communications relating to services (eg mail, telephone, etc.) or automated means (eg Internet communications, fax, fax, e-mail, emails, text messages, mobile apps such as smartphones and tablets, social media accounts, such as Facebook or Twitter, etc.). The legal basis of the Processing for this purpose is Article 6 (1) (a) of the GDPR Regulation.
Finally, the Company may process your usual and special Personal Data to protect its rights in court proceedings.
If Data subjects provide Third Party Personal Data, they must take action in advance to ensure that midifiles disclosure (and subsequent processing for the purposes specified in the information notice) is consistent with the GDPR: for example, , Data Subjects may provide Third Party Personal Data only after they have been duly informed and with specific consent. All of your Data is processed using automated and electronic tools that are appropriate to ensure full security and confidentiality.
Necessary and Optional Editing
The forms to be filled in on this Site require that you provide the Personal Data that is strictly necessary for the processing of your messages and requests. These data are marked with an asterisk [*]. If you do not wish to provide them, we will not be able to process your messages / requests.
Instead, some forms may provide the ability to provide Personal Data that is not strictly necessary to process your requests: provision of such Data is optional and their non-submission has no effect.
Links to other sites
How we store the Data and for how long
According to Article 5 (1) (c) of the GDPR Regulation, the computers and programs used by the Company are created in such a way that the use of Personal Data and Identification Data is minimized. These Data are processed only to the extent necessary to achieve the purposes stated in this Policy and will be stored for as long as is strictly necessary to achieve the specific purposes pursued. In any case, the criterion used to determine the storage period is based on compliance with the deadlines allowed by law and the principles of data minimization, storage limitation, or rational management of our records.
How we guarantee the security and quality of your Personal Information
The Company undertakes to ensure the security of the User’s Personal Data and to comply with the statutory security provisions to prevent the loss of Data, illegal or unlawful use of Data or unauthorized access to Data, with particular but not exclusive reference to Articles 25-32 of the GDPR. The Company uses many types of advanced technologies and security procedures to protect the user’s Personal Data. For example, Personal Data is stored on secure servers located in protected and controlled access. The user can help the Company update and correct its Personal Data, announcing any change of address, qualifications, contact details etc.
People who have access to the Data
Persons belonging to the following categories are authorized to process User Data: technical and administrative staff, IT staff, product managers, internal control and compliance personnel, as well as other staff members who have to process the Data to perform their tasks
Data may also be communicated to other countries of the midifiles Group outside the EU (“third countries”) for the same purposes and / or for administrative and accounting purposes in accordance with Article 6 (1) (f) and recital 48 of the GDPR.
In addition, data may also be communicated to third countries: (i) institutions, authorities, public bodies for institutional purposes; (ii) professional, independent consultants – whether employed individually or collectively – and other third parties and providers providing the Company commercial, professional or technical services required for the operation of the Website (eg providing IT services and Cloud Computing) for the purposes stated above and to support the Company in providing the services (iii) to third parties in the case of mergers, acquisitions, transfers of undertakings or their branches, controls or other exceptional operations; iv) supervisory bodies of the company headed by the Data Processor in the exercise of their activities (supervision of legal obligations , Ethical Standards, midifiles Group Code of Conduct, etc.). The named recipients only receive the necessary Data for their respective functions and duly process them only for the purposes mentioned above and in accordance with the Data Protection Laws.
Data may also be shared with other legitimate recipients identified from time to time by applicable laws. Except as stated above, Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Processing Manager and will not be disseminated. The Parties receiving the Data shall be processed as Data Processing Authorities, Processors or persons authorized to process the Personal Data, as appropriate, for the purposes mentioned above and in accordance with the applicable data protection legislation.
Regarding the transfer of Data outside the EU, even in countries whose laws do not guarantee the same level of Privacy as that provided by EU law, the Processing Officer informs that the transfer will in any case be made in accordance with the methods allowed by GDPR, for example based on user consent, on the basis of the standard contractual clauses approved by the European Commission, selecting parties participating in an international program for the free movement of data (eg EU-US Privacy Shield) or carried out in countries that are considered safe by the European Commission.
You may at any time exercise the rights provided by GDPR Articles 15-22, including the right to confirm the existence of Personal Data relating to you, to check their content, origin, correctness, location (also in relation to any Third Countries), request a copy, request a correction, and in cases provided by law, request that you limit their processing, delete them, oppose direct communication activities , To object to direct marketing activities (which also limited to certain media). Similarly, you can always withdraw your consent and / or make comments on specific issues regarding the Processing of Your Personal Data that you consider to be incorrect or unjustified in your relationship with the Company or to file a complaint with the Personal Data Protection Authority. You may contact us at email@example.com to submit any claims regarding the processing of Personal Data by the Company to exercise your legal rights.