Nature of data provision

The personal data requested are collected by Memphis Rimini. and processed on computer media, in order to meet the obligations arising from the contract concluded with Clients and for the selection of personnel. The provision of data is mandatory in nature as it is necessary for the performance of the services requested.

Data controller

Memphis s.n.c. Di Lazzari Monica & Co. based in Rimini, Via Mentana, 34, VAT No.: 01517720403 is the Data Controller in accordance with EU Reg. 2016/679.

Data Processors and Data Protection Officers

Users’ personal data may come to the attention of third parties who may process personal data on behalf of the Data Controller as “External Data Processors” and “Data Protection Officer”, such as, but not limited to, providers of IT services functional to the company’s operations, providers of outsourced or cloud computing services, professionals and consultants.
The Data Protection Officer (DPO) is Monica Lazzari, who can be contacted at: info@memphis-rimini.it
Users have the right to obtain a list of any data processors appointed by the Controller by making a request to the Controller in the manner indicated below.

Purpose of processing

The data provided will be retained by the Data Controller for the following purposes and in accordance with EU Regulation 2016/679 (GDPR):
1. to use the data that has been released by the data subject in the context of services provided by the site including the sending of newsletters;
2. install technical and analytics cookies on the user’s device;
3. make data available to third parties for purposes instrumental to what is strictly necessary to execute the services requested by the data subject or to execute legal regulations;
4. use the data provided for personnel selection purposes;
5. to manage the data of customers and suppliers to deliver contracted services;
6. to use the data to send advertising e-mails for products of third-party companies, only in cases where one’s express consent has been given;
7. to execute requests to exercise the data subject’s rights;
8. ensure proper and lawful processing of data, safeguarding their confidentiality, including by applying appropriate security measures.
The forms to be filled out include data that are strictly necessary to adhere to what is of interest and whose failure to indicate does not allow the request to proceed, but also data of optional conferment. Mandatory data are, generally, marked with an asterisk.
All processing carried out within the scope of this site will be carried out with electronic or telematic instruments, with logics related to the purposes for which the data were collected and in compliance with current security regulations, for the specified purposes.

Data recipients

For purposes related to the provision of the service to which the data subject has subscribed, the data will be made available to third parties, who will act as data processors, and who provide services instrumental to fulfilling the user’s request (e.g., labor consultants, banking institutions, professionals in the administrative/accounting field) or to whom the communication of the data is necessary to comply with laws or regulations or EU legislation (e.g., public bodies). It may also be made available to law enforcement agencies (e.g.: prevention and suppression of crimes, including those of a computer nature), the judiciary, authorities and public bodies competent for individual matters for their institutional activities or in case of asserting or defending one’s rights in court. The list of names of these third parties can be requested directly from the Data Controller in the ways specified within this privacy policy.
The personal data will be made available to persons expressly authorized by the Data Controller – and for this purpose appointed as data processors – who carry out processing activities that are indispensable for the pursuit of the purposes indicated above; the categories of the persons in charge are specified from time to time in the policy. In general, these are the persons in charge of the provision of specific services, administration, management of information services, relations with actual and potential customers, marketing and sales, call center.
The data provided will not be transmitted outside the EU territory.

Conservation period

Based on the identified purposes, the following data retention periods are defined:
1. services provided by the site (including newsletters): until cancellation request by the user;
2. installation on the user’s device of technical and analytics cookies: until cancellation by the user;
3. make data available to third parties for purposes instrumental to what is strictly necessary to carry out the services requested by the data subject or to execute legal regulations: until cancellation request by the user or for the periods identified by legal regulations
4. use the data provided for personnel selection purposes: until requested by the user for deletion;
5. managing customer and supplier data to deliver contracted services: until user’s request for deletion;
6. sending e-mail advertisements of products of third-party companies: until request for deletion or revocation of consent by the user;
7. executing requests to exercise the data subject’s rights: until requested deletion by the user.
Personal data retention times are documented in our records of processing activities.

Rights of the data subject

The following rights of the data subject are guaranteed:
– Right of access to data (Art. 15 EU Reg. 2016/679)
– Right to rectification (Art. 16 EU Reg. 2016/679)
– Right to erasure (Art. 17 EU Reg. 2016/679)
– Right to restriction (Art. 18 EU Reg. 2016/679)
– Right to data portability (Art. 20 EU Reg. 2016/679)
– Right to object (Art. 21 EU Reg. 2016/679)
The data subject, if the acquisition of the data by the data controller took place following the granting of consent, has the right to withdraw consent at any time.

In addition, the data subject, if he/she believes that one or more of his/her rights have been violated, may lodge a complaint with the Privacy Authority in the manner indicated at the following link
It should also be noted that no automated decision-making processes are used by the Data Controller.
All of the above rights may be exercised, at any time and without charge, by writing to info@memphis-rimini.it or by sending a request in writing to Memphis s.n.c. di Lazzari Monica & Co, Via Mentana, 34 47921 Rimini (RN).

Personal data security

The security standards used by the Owner to make your personal information private and confidential, including “firewalls” and data transmission through SSL (Secure Socket Layer), are the highest in the state of the art. In addition, specific techniques are used to protect this data from unauthorized access by third parties. The minimum security measures indicated by the Privacy Code and subsequent amendments are, in any case, guaranteed.
You can check whether you are operating in secure mode in several ways:
– by receiving a warning message from your browsing program;
– by checking that the address of the page where you are is preceded by the abbreviation Https;
– by checking the symbol that appears at the bottom, left or right, in the window of your browsing program: if you see a whole key or a closed padlock, it means that SSL is active.
In any case, the Data Controller takes appropriate and preventive security measures to safeguard the confidentiality, integrity, completeness, and availability of personal data. As established by the regulatory provisions governing the security of personal data, technical, logistical and organizational arrangements are put in place that aim to prevent damage, even accidental loss, alteration, improper and unauthorized use of data. Similar preventive security measures are taken by third parties (data processors) who are entrusted with data processing operations on our behalf and with respect to whom the Data Controller has dictated behavioral rules and instructions of security procedures to be followed, supervising the proper implementation of the same by the data processors.
The Controller is not responsible about untrue information sent directly by the user (example: correctness of e-mail address or postal address or other personal data), as well as information about him/her that was provided by a third party, even fraudulently.

Navigation data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified users, but which by its very nature could, through processing and association with data held by third parties, allow the users themselves to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error or similar) and other parameters relating to the user’s operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.