INFORMATION ACCORDING TO D.L. 101/2018 (EU Regulation 679/2016) "GDPR"

Microring s.r.l. protects the confidentiality of personal data and guarantees them the necessary protection from any event that may put them at risk of violation.

As provided for by Regulation (EU) No 679/2016 ("GDPR"), and in particular Article 13, we hereby provide you with the information required by law concerning the processing of your personal data.

DATA CONTROLLER AND PROCESSED DATA
Microring s.r.l. with registered office in Via Tranquillo Cremona 29, 20145 Milan (Italy) (“the Company”, “Microring” or the “Data Controller”) guarantees compliance with the rules on personal data protection by providing the following information regarding the processing of data communicated or otherwise collected during navigation on this website, such as:

Personal information: name, surname, physical address, province and city of residence, phone number, specialization, email address, tax code (or social security number for US), VAT number
Banking information: IBAN and banking/postal details (excluding credit card numbers)
Telematic traffic data: Logs and source IP address.

The Data Controller does not require the Data Subject to provide "special categories" of personal data, i.e., as provided for by GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation. If the service requested from Microring requires the processing of such data, the Data Subject will receive prior information and will be asked to give explicit consent.

PURPOSES AND LEGAL BASIS OF PROCESSING
The data is necessary for the Owner to follow up on the request for registration and the supply contract of the selected Service and/or purchased Product, manage and fulfill contact requests submitted by the Data Subject, provide assistance, comply with legal and regulatory obligations which the Owner is required to perform in relation to its business activities. Microring does not resell Personal Data of the Data Subjects to third parties or use them for undisclosed purposes.

In particular, the data of the Data Subject will be acquired and processed as follows:

Data generated from accessing the website
During the normal operation of this website, the computer systems and software procedures used to operate it acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This data (such as domain names, IP addresses, operating system used, type of browser device used for connection) is not accompanied by any additional personal information and is used to: i) obtain anonymous statistical information on the use of the site; ii) manage requirements for monitoring its usage mode; iii) ascertain responsibility in case of hypothetical cyber crimes.
The legal basis that legitimizes processing such data is the need to make site features usable after user login.

Dati forniti volontariamente dall’utente
I dati personali forniti dall’utente tramite form sono raccolti e trattati per le seguenti finalità:
a) per lo svolgimento delle attività di relazione con il cliente in base agli accordi contrattuali. Nel caso di utilizzo in prova dei servizi EasyDiet ed EasyDietWeb i dati di recapito, a completamento del servizio di prova, potranno essere utilizzati per verificare direttamente l’esperienza di utilizzo della piattaforma;
b) per finalità amministrative e per l’adempimento di obblighi di legge quali ad esempio quelli di natura contabile, fiscale, o per dar corso a richieste dell’autorità giudiziaria;
c) per l’invio di comunicazioni relative a nuove funzionalità di EasyDietWeb e in generale per l’invio di comunicazioni legate alla nutrizione. Poiché al centro di EasyDietWeb c’è la volontà di costruire una comunità di nutrizionisti e biologi appassionati e particolarmente legati al benessere nutrizionale delle persone, è necessario considerare che queste comunicazioni sono parte integrante del servizio EasyDietWeb;
d) nel caso di invio di curriculum vitae, esclusivamente per finalità di selezione.
La base giuridica che legittima il trattamento è l’esecuzione di un contratto di cui l’interessato è parte o l’esecuzione di misure precontrattuali adottate su richiesta dello stesso. Nei casi espressamente indicati la base giuridica è il consenso liberamente fornito dall’interessato.

Data collected through the EasyDietWeb Platform
For complete information, it should be noted that in sending communications, Microring uses its own EasyDietWeb platform which, through statistical tracking systems, allows for the detection of email message openings, clicks on hyperlinks contained within emails, from which IP address or type of browser the email is opened, and other similar details. The collection of such data is functional to the use of the platform and constitutes an integral part of it. The legal basis legitimizing the processing of such data is the fulfillment of a contract in which the data subject is a party.

Cybersecurity
The Company, in compliance with the provisions of Recital 49 of GDPR, processes, also through its suppliers (third parties and/or recipients), the data relating to the traffic of the Data Subject's personal data to an extent strictly necessary and proportionate to ensure network and information security, namely the ability of a network or information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise availability, authenticity, integrity and confidentiality of stored or transmitted personal data.
The Data Controller will promptly inform Data Subjects if there is a particular risk of violation of their data while respecting obligations under Article 33 GDPR regarding notifications of personal data breaches.
The legal basis for such processing is compliance with legal obligations and the legitimate interest pursued by the Data Controller in carrying out treatments involving purposes related to protecting company assets and ensuring safety within Microring's premises and systems.

Profiling
The Personal Data of the Data Subject may also be processed for profiling purposes (such as analysis of transmitted data and chosen Services/Products, proposing advertising messages and/or commercial offers in line with the choices expressed by users themselves) only if the Data Subject has given explicit and informed consent. The legal basis for such processing is the consent given by the Data Subject prior to such processing, which can be freely revoked by the Data Subject at any time.

Fraud prevention (considering Art. 47 and 22 GDPR)
1) Personal data of the data subject, excluding special (Art. 9 GDPR) or judicial (Art. 10 GDPR) data, will be processed to allow checks aimed at monitoring and preventing fraudulent payments by software systems that carry out automated verification before negotiating Services/Products;
2) Failing such checks will result in the inability to complete the transaction; however, the data subject may express their opinion, obtain an explanation or challenge the decision by providing reasons to Customer Support or contact staff@microring.it;
3) Personal data collected solely for anti-fraud purposes, as opposed to those necessary for proper performance of requested services/products, will be immediately deleted at the end of control phases.

Protection of minors
The services/products offered by the Owner are reserved for legally capable individuals, based on the national regulations in force, to enter into contractual obligations.

NATURE OF THE DATA PROVISION
Apart from what is specified for navigation data and data collected through the EasyDietWeb Platform, providing the data: with respect to the purposes referred to in letters a), b), c) and f) is optional but any refusal will make it impossible for Microring to fulfill its contractual commitments.

DATA PROCESSING METHODS AND RETENTION PERIOD
The collected data will be processed through electronic or automated means, computer and telematic systems, or through manual and/or paper processing with logic strictly related to the purposes for which personal data was collected and ensuring their security in all cases. The data is kept for the time strictly necessary to manage the purposes for which they were collected in compliance with current regulations and legal obligations.

In any case, Microring practices rules that prevent indefinite data retention and therefore limits the storage time in compliance with the principle of minimizing data processing.

AUTHORIZED DATA PROCESSORS, RESPONSIBLE PARTIES AND COMMUNICATION OF DATA
The processing of the collected data is carried out by Microring's internal personnel who have been identified and authorized for this purpose, in accordance with specific instructions given in compliance with current regulations.

The data collected, if necessary or instrumental for the execution of the indicated purposes and to comply with certain legal obligations, may be processed by third parties appointed as external Data Processors, or, depending on the case, communicated to them as independent data controllers, specifically:

Affiliated companies with Microring - Administrative, accounting and contractual compliance obligations;
Third-party suppliers - Provision of services (assistance, maintenance, delivery/shipping of products, provision of additional services, providers of electronic communication networks and services) related to the requested performance;
Credit and digital payment institutions; Banks/post offices - Management of collections, payments, refunds related to the contractual performance
External professionals/consultants and consulting firms- Compliance with legal obligations, exercise of rights, protection of contract rights, credit recovery
Tax authorities, public bodies,judicial authorities,supervisory authorities - Compliance with legal obligations , defense of rights ;lists and registers kept by public authorities or similar entities according to specific regulations in relation to contractual performance.
Formally delegated or legally recognized individuals/entities- Legal representatives,Curators,Tutors etc.

The collected data may also be transferred abroad to companies both inside and outside of our corporate group, including outside the European Union in forms and ways provided for by current regulations while guaranteeing an adequate level of protection.

In any case, personal data will never be disclosed.

The legal basis for such processing is the fulfillment of obligations relating to the established relationship, compliance with legal obligations and Microring's legitimate interest in carrying out necessary processing for these purposes.

WHERE THE DATA OF THE DATA SUBJECT ARE PROCESSED
The personal data of the Data Subject are stored in paper, electronic and telematic archives located in countries where the GDPR is applicable (EU countries).

DATA RETENTION PERIOD OF THE DATA SUBJECT
Unless the data subject explicitly expresses their will to remove them, personal data of the Data Subject will be retained for as long as they are necessary with respect to the legitimate purposes for which they were collected.
In particular, they will be kept for the entire duration of their registration and in any case not beyond a maximum period of 24 (twenty-four) months of their inactivity, or if no Services and/or Products have been associated/ purchased using said registration within such time limit.
In the case of data provided to the Controller for commercial promotion purposes for services other than those already acquired by the Data Subject, to which consent was initially given, these will be kept for 24 months unless revoked at any time.
In the case of data provided to The Owner for profiling purposes, these will also be kept for 24 months unless always revoked at any time.
It should also be added that if

RIGHTS OF THE DATA SUBJECT
At any time, the data subject may access their personal data, object to its processing or request its deletion, modification or updating of all personal information collected by Microring. They may exercise their right to restrict processing and the right to data portability by sending an email to staff@microring.it.