Privacy & Cookie Policy

Data Controller

M31 S.r.l. with registered office in Padua, via Niccolò Tommaseo no. 77, C.F. and P.IVA 04447620289 (hereinafter referred to as “M31,” “Company,” “we,” “us,” “our“) is the Data Controller of personal data in connection with the processing operations described below.

If you want to contact us, you can do so at the following contact details:

Processing of Personal Data

We process your personal data for several purposes. For each of them, the legal basis, the parties to whom we transfer your personal data, the period of storage of your personal data, the compulsoriness of their communication and the consequences in case of refusal are specified.

A) Marketing, profiling, remarketing and behavioral targeting
  • Why does M31 process personal data?
    We process your information to send you relevant information about M31 activities, promotions, newsletters, events and other initiatives via e-mail, fax, text messages, phone calls (including automated), push notifications and regular mail. In addition, we may use a press office for journalistic purposes. If you give your consent for profiling, remarketing and behavioral targeting purposes, we may send you personalized communications about the services, products and initiatives of M31 and our partners. We may also collect your data through landing pages and invitation pages managed by us.
  • What kind of personal data do we process?
    1. contact information (such as first name, last name and e-mail address);
    2. company or entity to which it belongs and role;
    3. images (collected at events in public places or open to the public for press activities for journalistic purposes);
    4. history of clicks and views, IP address;
    5. Additional personal information that you would like to share with us.
  • What is the legal basis for processing personal data?
    Processing is based on your consent. To revoke your consent to the processing of personal data:
  • What are the possible consequences of refusing to provide personal data?
    The provision of data is optional. If you refuse to provide your personal information, we cannot process it for the purposes to which you do not consent.
  • To whom do we disclose personal data?
    • Subsidiaries/partnerships, parents or part of the M31 group;
    • providers of marketing and promotion services, such as multimedia agencies and physical and digital marketing distributors, advertising agencies, hosting companies, IT companies, market analysis agencies, consultants. In particular, your personal data may be disclosed to:
      • MailChimp (The Rocket Science Group LLC), for sending the newsletter and/or promotional/informational communications in general; for more information you can consult the relevant privacy policy https://mailchimp.com/legal/privacy/;
      • Leadpages (Avenue 81 Inc.), for the creation and management of landing pages and invitation pages; for more information you can consult the relevant privacy policy https://www.leadpages.com/privacy;
      • Google Ad Manager (Google Ireland Limited), for conducting advertising campaigns jointly with external advertising networks operated by third parties; for more information you can consult the relevant privacy policy https://policies.google.com/privacy;
      • Google Ad Manager Audience Extension (Google Ireland Limited), to provide you with advertisements from our partners, tailored to your interests and behaviors; for more information you can see the relevant privacy policy https://policies.google.com/privacy.
  • How long do we keep personal data?

We retain personal data until you withdraw your consent, but no longer than ten years after giving it.

B) Navigation data
  • Why does M31 use personal data?

We process personal data to enable you to view and navigate our websites and to optimize and personalize your visit. Browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its proper functioning.

  • What kind of personal data do we process?
    • IP address;
      Browser type and plug-in information;
    • Type of device (e.g., computer, tablet, phone, etc.);
    • device operating system;
    • click history, navigation and visualization (Heat Mapping);
    • Cookies installed on your device;
    • Location of the device, time of the visit.
  • How do we acquire personal data?

We collect your personal information automatically as soon as you log on to our websites.

  • What is the legal basis for processing personal data?

The processing is based on our legitimate interest in the operation of our websites for the development of our business activities.

  • What are the possible consequences of refusing to provide personal data?

Providing data is optional, but necessary to view and navigate our websites. If you refuse to provide personal information, you will not be able to view and browse our websites.

  • To whom do we disclose personal data?

Companies, consultants or professionals for hosting, managing hardware and software, maintaining, updating and generally providing infrastructure for the operation of our websites.
In particular, we communicate data to:

  • Google Tag Manager (Google LLC), for managing tags and scripts used on our websites; for more information you can consult the relevant privacy policy https://policies.google.com/privacy;
  • Cloudflare (Cloudflare Inc.), for the optimization and distribution of online traffic to our sites; for more information you can consult the relevant privacy policy https://www.cloudflare.com/it-it/privacypolicy;
  • Iubenda Consent Solution (iubenda S.r.l.), for the collection and management of evidence of consent to the processing of personal data provided on our websites; for more information you can consult the relevant privacy policy https://www.iubenda.com/privacy-policy/79174687;
  • Google Fonts (Google LLC), for displaying font styles embedded in our websites; for more information you can consult the relevant privacy policy https://policies.google.com/privacy;
  • Google Maps (Google LLC) widget, for displaying maps embedded in our websites; for more information you can consult the relevant privacy policy https://policies.google.com/privacy.
  • How long do we keep personal data?

We retain browsing data for as long as is strictly necessary to process it.

C) Statistics, development and improvement
  • Why does M31 use personal data?

We process personal data to analyze performance, evaluate, develop, and improve our services, products, and general business activities. We tend to anonymize personal data before processing them; however, this may not be the case in all circumstances.

  • What kind of personal data do we process?
    • contact information (such as first name, last name and e-mail address);
    • IP address;
    • Browser type and plug-in information;
    • Type of device (e.g., computer, tablet, phone, etc.);
    • device operating system;
    • Click history, navigation and visualization;
    • Cookies installed on your device;
    • Location of the device, time of the visit.
  • How do we acquire personal data?

We collect your contact information only if you give consent; we collect the remaining personal information automatically as soon as you log on to our websites.

  • What is the legal basis for processing personal data?

As for contact data, processing is based on your consent; for the remaining personal data, processing is based on our legitimate interest in improving and developing our services, products and business activities in general.

  • What are the possible consequences of refusing to provide personal data?

Providing contact information is optional; if you refuse to provide it, we will not be able to process your contact information for this purpose.

  • To whom do we disclose personal data?

Companies, consultants or professionals who use personal data to carry out analysis for statistical purposes and to improve our business activities.
In particular, we disclose personal data to:

  • Google Analytics (Google LLC), for tracking and analyzing the use of our websites; for more information you can consult the relevant privacy policy https://policies.google.com/privacy;
  • Google Analytics with anonymized IP (Google Ireland Limited), for tracking and analyzing the use of our websites; for more information you can consult the relevant privacy policy https://policies.google.com/privacy;
  • Cloudflare (Cloudflare Inc.), for collecting and analyzing data related to online traffic on our websites; for more information you can consult the relevant privacy policy https://www.cloudflare.com/it-it/privacypolicy.
  • How long do we keep personal data?

We keep contact information until you withdraw your consent; we keep the remaining personal information for five years.

D) Fulfilment of contractual obligations
  • Why does M31 use personal data?

If you have entered into a contract with us, we use your personal data to fulfill the related contractual obligations (including administrative, accounting and tax obligations) and the exercise of rights dependent on it.

  • What kind of personal data do we process?
    • Contact information (first name, last name, address, email, pec, phone, etc.) of you and possibly your dependents;
    • Identification document data (ID card, social security number, driver’s license, etc.);
    • Special category data (gender, political and/or trade union views);
    • bank details (IBAN, current account details, etc.);
    • Social security and/or welfare data (INPS, INAIL, etc.);
    • Additional personal data specified in the contract.
  • What is the legal basis for processing personal data?

The processing is necessary to perform the contract we have with you.

  • What are the possible consequences of refusing to provide personal data?

Providing personal information is an obligation arising from the contract entered into; if you refuse to provide it in whole or in part we may not be able to fulfill our contractual obligations.

  • To whom do we disclose personal data?

Third parties who perform activities to support the performance of our contractual obligations (e.g., softwarehouses and IT technicians, tax service centers, postal and courier services, communications consultants, technical consultants, service companies, accounting, tax and legal professionals, lending institutions, insurance companies, government agencies, etc.)

  • How long do we keep personal data?

We retain personal data until complete fulfillment of contractual obligations and, thereafter, until the ten-year prescriptive period of rights dependent on the contract has fully run.

E) Support/contact
  • Why does M31 use personal data?

We use personal data to handle your requests for information and/or support.

  • What kind of personal data do we process?
    • Contact information (first name, last name, address, email, phone);
    • Identification document data (ID card, social security number, driver’s license, etc.);
    • Data related to the request (date, time and mode);
    • additional data you provide.
  • What is the legal basis for processing personal data?

Processing is based on your consent.

  • What are the possible consequences of refusing to provide personal data?

The provision of data is optional. If you refuse to provide your personal information, we cannot process it for this purpose.

  • To whom do we disclose personal data?

Third parties who perform functional activities to receive and process your contact/support requests (e.g., call centers, IT technicians, etc.).

  • How long is personal data kept?

We retain your personal information until your support/contact request is fully processed.

F) Curricula
  • Why does M31 use personal data?

We use personal data to evaluate applicants for jobs (employee and self-employed).

  • What kind of personal data do we process?
    • Contact information (first name, last name, address, email, phone);
    • Identification document data (ID card, social security number, driver’s license, etc.);
    • additional data you provide.
  • What is the legal basis for processing personal data?

Processing is based on your consent.

  • What are the possible consequences of refusing to provide personal data?

The provision of data is optional. If you refuse to provide your personal information, we cannot process it for this purpose.

  • To whom do we disclose personal data?

Providers of services functional to this purpose (call centers, accounting, tax and legal consultants).

  • How long do we keep personal data?

We retain personal data until you withdraw your consent, but no longer than ten years after giving it.

G) Compliance with legal obligations
  • Why does M31 use personal data?

We process personal data to comply with laws, regulations, judicial or administrative authority orders.

  • What kind of personal data do we process?
    • contact information (such as first name, last name and e-mail address);
    • Identification document data (ID card, social security number, driver’s license, etc.);
    • IP address;
      Browser type and plug-in information;
    • Type of device (e.g., computer, tablet, phone, etc.);
    • device operating system;
    • Click history, navigation and visualization;
    • Cookies installed on your device;
    • Location of the device, time of the visit.
  • How do we acquire personal data?

We collect personal data when you give consent to processing for general marketing purposes, when you enter into a contract with us, when you send us your resume, when you send us contact/support requests, when you access our websites.

  • What is the legal basis for processing personal data?

The processing is based on the need to fulfill legal obligations to which we are subject.

  • What are the possible consequences of refusing to provide personal data?

The provision of data is mandatory; if you refuse to provide your personal information, we will hold you liable for any damages we may suffer as a result of your failure to provide your personal information.

  • To whom do we disclose personal data?
    • Subjects who have title – judicial or legal – to process personal data (public administrations, judicial and administrative authorities, police forces, etc.);
    • Accounting, tax and legal advisors, if the communication is necessary or otherwise functional for the proper fulfillment of legal obligations.
  • How long do we keep personal data?

We retain personal data until legal obligations are completely fulfilled.

H) Prevention of abuse and crime
  • Why does M31 use personal data?

We process personal data to facilitate judicial or administrative authority investigations, to protect and defend our rights and property, the rights or safety of third parties.

  • What kind of personal data do we process?
    • contact information (such as first name, last name and e-mail address);
    • Identification document data (ID card, social security number, driver’s license, etc.);
    • IP address;
    • Video surveillance system recordings;
    • Browser type and plug-in information;
    • Type of device (e.g., computer, tablet, phone, etc.);
    • device operating system;
    • Click history, navigation and visualization;
    • Cookies installed on your device;
    • Location of the device, time of the visit.
  • How do we acquire personal data?

We collect personal data when you give consent to processing for general marketing purposes, when you enter into a contract with us, when you send us your resume, when you send us contact/support requests, when you access our websites.

  • What is the legal basis for processing personal data?

The processing is based on our legitimate interest in protecting our rights and pursuing available remedies to avoid harm or limit harm.

  • What are the possible consequences of refusing to provide personal data?

The provision of data is mandatory; if you refuse to provide your personal information, we will hold you liable for any damages we may suffer as a result of your failure to provide your personal information.

  • To whom do we disclose personal data?

Public administrations, judicial and administrative authorities, police, accounting, tax and legal advisors, if the disclosure is necessary or otherwise functional to prevent abuse or crime.

  • How long do we keep personal data?

We retain personal data only when there is a reasonable suspicion of abuse or crime; failing that, video surveillance system footage is kept for 48 hours.

I) Applications, services and products of M31

For information about the processing of your personal data within M31’s applications, services and products, you can view the relevant privacy policies:

  • ApiFire User App, ApiFire Technician App and ApiFire Web App: https://apifire.it/accounts/policies/users/privacy_policy.html.

Processing and Storage Methods

User data will be processed in paper or electronic format, including by automated means, at our operational offices and at any other location where the parties involved in the processing are located. Personal data may be accessible to certain types of responsible persons, involved in the operation of M31 (administration, sales, marketing, legal, system administration) or external persons (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed as necessary by our company as data processors.

Security Measures

We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of personal data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data. Please note, however, that we cannot completely eliminate the security risks associated with the storage and transmission of personal data.

Transfer of Data Abroad

Data collected from users are stored within the European Economic Area (“EEA“) but may be transferred and processed in a country outside the EEA. Any transfer of personal data will be made in accordance with applicable laws.

Personal data may be transferred to countries within the European Union and to third countries for any specific purposes as stated above. In case of data transfer to countries outside the European Union, these countries will ensure an adequate level of protection on the basis of a specific decision of the European Commission or, alternatively, we will ensure that adequate protection of your personal data will be guaranteed through agreements on the basis of EU standard contractual clauses approved under Art. 46 GDPR.

Personal data of third parties

You can only provide us with personal data of third parties if you have their permission. If you provide us with personal data of third parties, you must inform them of our processing. In any case, you assume any and all responsibility with regard to the disclosure of personal data of third persons.

Cookies

Our websites use session cookies and similar devices to make them easier to view and navigate, to understand how you interact with us, and, in some cases, to be able to show you advertisements in line with your browsing habits. Please read our Cookies Policy to understand in more detail what cookies and similar devices we use, their purpose, and other information of interest.

Exercisable Rights

To exercise your rights, contact us through our e-mail [email protected].

Subject to applicable law and only in exceptional circumstances, we may charge you for this service and we will respond to reasonable requests as soon as practicable and in any case within the time limits prescribed by law.

You have the following rights:

Withdrawal of consent (Art. 7 GDPR)

You can revoke your consent-in cases where it is necessary for processing-at any time. However, this does not affect the legitimacy of the processing carried out before the revocation. In some cases, we may continue to process your information after you withdraw consent if we have another legal basis for doing so or if your withdrawal of consent was limited to certain purposes;

Right of access to your personal data (Art. 15 GDPR)

You have the right to ask us for confirmation about the processing of your personal data (for example, the purposes of processing or the categories of personal data involved);

Right to rectification (Art. 16 GDPR)

You have the right to correct/update your personal information;

Right to Cancellation (Art. 17 GDPR)

You have the right to ask us to delete your personal information. This right may be exercised inter alia:

  • (i) when your personal information is no longer needed for the purposes for which it was collected or otherwise processed;
  • (ii) when you withdraw the consent on which the processing is based and there is no further legal basis for the processing;
  • (iii) When you object to processing under Art. 21 GDPR, unless there are overriding legitimate reasons for processing;
  • Or (iv) when your personal information has been processed unlawfully;

You have the right to request the restriction of processing in limited circumstances, including: when the accuracy of your personal data is disputed; when processing is unlawful and you object to the deletion of your personal data and instead request the restriction of the use of your personal data; or when you have objected to processing under Art. 21 GDPR, pending verification that our legitimate interests outweigh yours;

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing in limited circumstances, including: when the accuracy of your personal data is disputed; when processing is unlawful and you object to the deletion of your personal data and instead request the restriction of the use of your personal data; or when you have objected to processing under Art. 21 GDPR, pending verification that our legitimate interests outweigh yours;

Right to data portability (Art. 20 GDPR)

You have the right to receive copies of the personal information you have provided to us, in a structured, commonly used, machine-readable format, and you have the right to transmit that information to another data controller, including the right to transmit it directly, where technically feasible;

Right to object (Art. 21 GDPR)

You have the right to object to our processing of your personal data. This right is limited to (i) to processing necessary for the performance of a task carried out in the public interest or in connection with the exercise of public authority vested in M31 or (ii) to processing necessary for the pursuit of the legitimate interest of M31 or third parties, and includes profiling and processing for direct marketing purposes. Thereafter, we will no longer use your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing of your personal data is necessary for the establishment, exercise or defense of legal claims;

Right to file a complaint with the Data Protection Authority (Art. 77 GDPR)

You have the right to file a complaint if you believe that the processing of your personal data violates applicable data protection laws.

Changes to the Disclosure

We may amend this Privacy Policy in accordance with applicable data protection laws. Please visit our website from time to time for information about updates to this Privacy Policy.

Contact us

If you have any questions about our processing of personal data or this policy, you can contact us by writing to the following contact details:

Attributions

The graphic elements used on m31.com are borrowed from public repositories and more specifically:

All logos used on this site are the property of their respective brands and owners. The use of such logos is for illustrative purposes only and does not imply an endorsement of the site content or affiliation with M31.