Privacy Policy

This privacy policy aims to provide all information regarding the processing of personal data carried out by Mira when the User accesses and navigates this website (as better indicated below).

1. INTRODUCTION - WHO ARE WE?
Mira s.r.l. with registered office in Milan (MI) – P.tta Umberto Giordano, n. 2, Tax Code/VAT Number n. 13143640962 and Milan Companies Registry registration number - 13143640962 (hereinafter, "Controller"), owner of the website https://www.mira.cv/ (hereinafter, the "Website"), as data controller of the personal data of users who navigate the website (hereinafter, "Users") provides below the privacy policy pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, "Regulation" or "Applicable Law").
2. HOW TO CONTACT US?

The Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information regarding this privacy policy, Users may contact the Controller at any time, using the following methods:

Users can also contact the Data Protection Officer (DPO) of the Controller. whose contact details are reported below: Alessandra Titone (email dpo@mira.cv)

3. WHAT DO WE DO? – PROCESSING PURPOSES

Through browsing the Website, the User can stay always updated regarding the services and activities developed by the Controller and get in contact with the Controller (hereinafter, "Service").

In relation to the activities that may be carried out through the Website, the Controller collects personal data relating to Users.

This Website and the services eventually offered through the Website are reserved to subjects who have reached eighteen years of age. The Controller therefore does not collect personal data relating to subjects under 18 years of age. Upon request from Users, the Controller will promptly delete all personal data involuntarily collected and relating to subjects under 18 years of age.

In particular, Users' personal data will be lawfully processed by the Controller for the following processing purposes:

a) contractual obligations and service provision, to allow navigation of the Website and fulfill specific User requests. User data collected by the Controller for the purpose of any contact request on the Website includes: name, surname, email address, as well as all personal information of the User possibly and voluntarily published. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Controller make Users' personal data accessible to other Users and/or third parties.
b) administrative-accounting purposes, i.e., to carry out organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
c) legal obligations, i.e., to comply with obligations provided by law, by an authority, by a regulation or by European legislation.

The User’s personal data will be used by the Controller for the exclusive purpose of contacting the User solely for service reasons based on the User’s request (e.g., to send the information requested by the User), as better specified above.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to contact the Controller for the purposes indicated on the Website through the appropriate sections provided by the Controller on the Website.

4. LEGAL BASIS
5. PROCESSING METHODS AND DATA RETENTION TIMES

The Controller will process Users' personal data through manual and computerized tools, with logic strictly related to the purposes themselves and, in any case, in a way that guarantees the security and confidentiality of the data themselves.

The personal data of Website Users will be retained for the time strictly necessary to fulfill the primary purposes illustrated in the previous paragraph 3, or in any case according to what is necessary for the protection in civil court of the interests of both Users and the Controller.

6. SCOPE OF DATA COMMUNICATION AND DISSEMINATION

The User's personal data may be transferred outside the European Union and, in such case, the Controller will ensure that the transfer takes place in compliance with the Applicable Law and, in particular, in compliance with arts. 45 (Transfer based on an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation.

The Controller's employees and/or collaborators responsible for managing the Website and User requests may become aware of Users' personal data. Such subjects, who have been instructed in this regard by the Controller pursuant to art. 29 of the Regulation, will process Users' data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.

Third-party subjects who may process personal data on behalf of the Controller as Data Processors may also become aware of Users' personal data, such as, by way of example, suppliers of IT and logistics services functional to the Website's operation, providers of outsourcing or cloud computing services, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Controller, by making a request to the Controller using the methods indicated in the following paragraph 7.

7. DATA SUBJECTS' RIGHTS

Users may exercise the rights guaranteed to them by the Applicable Law, by contacting the Controller using the following methods:

Pursuant to the Applicable Law, Users have:

a. the right to withdraw consent at any time, when processing is based on their consent;
b. the right of access to personal data;
c. (where applicable) the right to data portability (right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ("right to be forgotten");
d. the right to object:
i. in whole or in part, for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection;
ii. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication;
e. where they consider that the processing concerning them violates the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State where they habitually reside, where they work or where the alleged infringement occurred). The Italian supervisory authority is the Garante per la protezione dei dati personali, with headquarters in Piazza Venezia, n. 11, 00186 - Rome (RM) (www.garanteprivacy.it).

The Controller is not responsible for updating all links viewable in this Privacy Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referenced by such link.