Pursuant to Article 13 of the Regulation (EU) 2016/679 containing provisions for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (hereinafter the “GDPR”), we hereby provide you with information regarding the processing of your personal data provided by you and/or collected via the website mbeswitzerland.ch (the “Website”).
1. Data controller
Personal Data collected via the Website will be processed by MBE Worldwide S.p.A., with registered office in Milan, Viale Lunigiana 35-37, 20125, in its quality of data controller (hereinafter the “Controller” or “MBE”).
2. Categories of Personal Data processed
The following Personal Data provided by you (hereinafter the “Personal Data”) may be processed via the Website:
- the IP address;
- navigation data on the Website;
- information on the browser and on the device;
- information collected through cookies, pixel tags, provided by you and without disclosing your specific identity;
- demographic information and other information provided by you and without disclosing your specific identity;
- information that has been aggregated in such a way as to no longer reveal your specific identity.
Moreover, the following Personal Data provided by you may be processed if you decide to interact with the Website:
Name, surname, email, telephone number, city, country, if you send messages to MBE, an MBE master licensee or an MBE center through our forms;
Name, surname, email, telephone number, city, country, if you ask to be contacted in order to obtain information on how to commence your business with MBE;
Your physical position, if you ask the website for the MBE centers closer to your position.
3. Purposes of processing Personal Data
The Controller will process your Personal Data for the following purposes:
a. to allow you to benefit from the features offered by the Website, and more in detail:
- to allow you to communicate with the specific MBE master licensee or MBE center selected by you through the contact forms on the Website (in this case your Personal Data will be transmitted to the specific MBE master licensee or MBE center selected);
b. to provide you with the services you request, and more in detail:
- to be contacted by the MBE staff in order to obtain the relevant information on how to commence your business with MBE;
- to find the MBE centers closer to your current position;
c. to send you, by any means of communication (fax, e-mail, text message, multimedia messaging service, paper-based mail, operator-assisted phone calls), advertising material and literature of a promotional nature or in any case involving commercial solicitation pertaining to services, products or discounts offered by the Controller, as well as for conducting studies and surveys of the market, and elaborating related statistics.
The Personal Data collected may also be processed in the context of any corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities.
4. Legal basis for processing Personal Data
The processing of your Personal Data for the purposes referred to in Section 3, a. is carried out in order to comply with your request and on the basis of a legitimate interest of the Controller, which business is inevitably linked to the quality of the services offered by its Website, to the users’ interaction experience and to the satisfaction of their expectations. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to send your contact request to the MBE master licensee and/or the MBE center selected.
The processing of Personal Data for the purposes referred to in Section 3, b., is necessary in order to perform the pre-contractual and contractual measures adopted upon your request when you ask for the services offered by the Website. Any refusal to provide the Personal Data for the purposes set out above will make it impossible to use and enjoy the services above.
The processing of your Personal Data for the purposes referred to in Section 3, c. is optional and is based on your freely given consent. Any refusal to provide the Personal Data for the purposes set out above will have the sole consequence of making it impossible for the Controller to send you advertising and promotional messages, to conduct studies and surveys of the market, and elaborating related statistics.
In case of processing in the event of any potential corporate events (sale of the company or business units), due diligence or in the case of defence of a legal claim and the related preliminary activities, such processing will be carried out on the basis of legitimate interests of the Controller in the continuation of its commercial activities and for the protection of its rights.
5. Modalities of processing of Personal Data
The processing will be carried out with the assistance of both automated instruments and on paper suitable for guaranteeing the security and confidentiality of Personal Data, this to collect, consult, store, manage, extract and transmit the Personal Data.
6. Recipients of Personal Data
The Personal Data will be disclosed to the persons authorized for the processing within the Controller’s staff.
The Personal Data may be disclosed by the Controller solely and exclusively for the purposes indicated and where necessary, to the following categories of subjects:
(i) agents or collaborators of the Controller who are located within the territory of the European Union;
(ii) MBE master licensee or MBE centers that are located within or without the territory of the European Union;
(iii) service providers for marketing activities;
(iv) MBE Group companies as specified above, including – as of the date of this privacy notice – MBE Worldwide S.p.A., Sistema Italia 93 S.r.l., Jonathan & Assist S.r.l.; Eurocubia S.r.l.; DireFareStampare S.r.l., Forama S.r.l., MBE Deutschland GmbH, MBE Spain 2000 SL, MBE France Sarl, MBE Poland Sp.z.o.o.;
(v) consultants for accountancy, administrative, legal, tax and financial matters;
(vi) where required, the competent judicial authorities;
(vii) where required, public administrations and supervisory and control authorities.
Personal Data will not be publicly disclosed.
Entities belonging to the categories listed above, may act, as the case may be, as data processors (and in this case they will receive appropriate instructions from the Controller) or as autonomous data controllers. In the latter case, the Personal Data will be communicated only with the express consent of the data subjects, except where the communication is mandatory or necessary pursuant to the applicable law or for the pursue of purposes for which the consent from the data subject is not required.
The Controller also have the right to transfer your Personal Data to third countries. Transfers of Data outside the European Economic Area are subject to a special regime pursuant to the GDPR, and are only made in respect of countries that ensure an adequate level of personal data protection, on the basis of an adequacy decision of the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have enforceable rights and effective judicial remedies.
8. Retention of Personal Data
Personal Data will be stored, in compliance with the applicable law, for a term not exceeding what is necessary to pursue the purposes for which they are processed.
The criteria for determining the storage period of the Personal Data takes into account the allowed processing period and the applicable laws on the statute of limitation of rights and legitimate interests of the data subject where they are the applicable legal basis for processing.
As per the purposes of Section c,, the Controller will process the Personal Data for a period no longer than twenty-four months from the time when the relevant consent has been collected. Subsequently the Personal Data will be deleted, aggregated or anonymized.
9. Rights of the data subject
At any time, you will be entitled to:
(i) obtain confirmation from the Controller as to whether your Personal Data is being processed, and where that is the case, to access to the personal information pursuant to art. 15 of the GDPR;
(ii) obtain the rectification of inaccurate Personal Data concerning you, or, taking into account the purpose of the processing, the integration of incomplete Personal Data;
(iii) obtain the erasure of your Personal Data, where one of the grounds under art. 17 of the GDPR applies;
(iv) obtain the restriction of processing of your Personal Data, where one of the cases under art. 18 of the GDPR applies;
(v) object to the processing of your Personal Data on grounds relating to your particular position, where applicable;
(vi) receipt in a structured, commonly used and machine-readable format Personal Data concerning you and provided by you, as well as to transmit those Personal Data to another controller, in the cases and within the limits referred to in art. 20 of the GDPR, where applicable.
You also have the right to withdraw your consent to the processing of your Personal Data (where given) at any time, without prejudice to the lawfulness of the processing based on your consent before its withdrawal. You will have the possibility to opt-out from marketing via email by clicking on the relevant “unsubscribe” link.
According with the GDPR, the Controller may not charge for complying with any of the requests mentioned in this paragraph, unless they are clearly unfounded or excessive and repetitive. Should you request more than one copy of your Personal Data or in cases of excessive or unfounded requests, the Controller may: (i) charge a reasonable expense, considering the administrative costs incurred to fulfil the request; or (ii) refuse to fulfil the request. In these cases the Controller will inform you of the costs before fulfilling the request.
The Controller may ask for further information before fulfilling the requests if it needs to verify the identity of the person who has made them.
Without prejudice to any administrative or legal remedy, you also have the right to lodge a complaint to the relevant supervisory Authority (for Italy: the “Garante per la protezione dei dati personali”), if you believe that processing of your data is in breach of the GDPR. More information is available on the website https://www.garanteprivacy.it/en/home_en
In any case, the Controller is interested in knowing the reasons for the complaint and requests that you use the above contact methods before turning to the authorities, in order to prevent and resolve any disputes, amicably and promptly, with the greatest courtesy, professionalism and discretion.
For more information about the provisions contained in Articles from 15 to 22 of the GDPR, click on the following link:
10. Contacts for the exercise of the rights of the data subject and for further information
With respect to the exercise of your rights in relation to the purposes as per Section 3 above and/or to obtain any type of information you may need in relation to the Controller pursuant to this privacy notice, you can send a written communicationto MBE Worldwide S.p.A. (Fiscal Code and VAT number 10697630159), with registered office in Milan, Viale Lunigiana 35-37, or a fax by dialling 02 67625625 or an email to firstname.lastname@example.org.
11. Changes to this privacy notice
This privacy notice will be valid as of the date indicated below. It is advisable to regularly monitor this privacy notice by visiting the Website in order to keep up to date with any future changes.
Latest update: 27 May 2020