This privacy policy aims to provide all the information on the processing of personal data carried out by Media Trade
Company S.r.l. when the user accesses and browses this website in order to use the service (as better indicated below).

1. Introduction - who are we?
Media Trade Company S.r.l., with registered offices in via Giovanni Battista Pirelli, 9, Milano and Tax Code/VAT No. 08046610963 (hereinafter the “Data Controller”) is a company that was born from many years of experience in the application of solutions in the field of strategic and operational marketing services, communication and publishing.
Media Trade Company S.r.l. acts as the Data Controller of personal data of the users who browse and are registered on the Website www.citiplat.org (hereinafter the “Website” or the “Site” and the “Users”) and provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Regulations”).

2. How to contact us?
The Data Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:
 Sending a registered letter with return receipt to the registered offices of the Data Controller (via Giovanni Battista Pirelli, 9, Milano);
 Sending an electronic mail message to the address citiplat@mediatradecompany.com The Data Controller has not identified a Data Protection Officer (RPD or DPO), as it is not subject to the obligation of designation provided for by Article 37 of the Regulation.

3. What we do? - Processing purposes
By registering to the Site, the User can enter, store, publish, disseminate, communicate, consult information, texts, images, links to external sites related to issues such as climate change and environmental sustainability.
In relation to the activities that may be carried out through the Website, the Data Controller collects personal data relating to the Users.
The personal data of the Users will be processed lawfully by the Data Controller pursuant to Article 6 of the Regulation for the following processing purposes:
a) Contractual obligations and provision of the service, to enable the browsing of the Website or to implement the Website Terms of Use, which are accepted by the User during registration to the Website and to fulfil the User’s specific requests. The User’s data collected by the Data Controller for the purpose of any registration on the Website include:
- all personal data whose transmission is implicit in the use of Internet communication protocols, that the computer systems and software procedures used to operate the Site acquire during their normal functioning: the IP addresses or domain names of the computers used by the Users, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters relating to the operating system and the User’s IT environment.
- personal and contact data: as, for example, the name, surname and email address, and any personal information of the User that may be given to the Company by the User.

The User’s personal data will be used by the Data Controller for the sole purpose of ascertaining the identity of the User, thus avoiding possible scams or abuses, and contacting the User only for service reasons (e.g. sending of notifications regarding the services offered on the Website). Notwithstanding the provisions contained elsewhere in this privacy policy, under no circumstances will the Data Controller make the personal data of the Users accessible to other Users and/or third parties.
The provision of personal data for the purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to register on the Site and use the Service.
b) Legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or European legislation.

4. Legal basis
Provision of the service (as described in paragraph 3, letter a)): the legal basis of processing is article 6, letter b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).
Legal obligations (as described in paragraph 3, letter b)): the legal basis of processing is article 6, letter c) (processing is necessary for compliance with a legal obligation to which the controller is subject).

5. Processing methods and data retention times

The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
The data are processed at the operational offices of the Company and at other companies, duly appointed as data processors. The data will not be transferred outside the European Union. In any case, it is understood that the Company, if necessary, will be entitled to move the location of the server outside to Countries outside the EU. In this case, the Data Controller ensures from now on that the transfer of data will take place in accordance with the applicable laws and by entering, if necessary, into agreements that guarantee an adequate level of protection.
The personal data of Website Users will be retained for the time strictly necessary to carry out the relevant purposes described in paragraph 3 letter a) and letter b) above or, in any case, for the time necessary for the protection of the civil interests of the Users and of the Controller.
In any case, any retention periods provided for by law or regulations are not affected.

 

6. Transmission and dissemination of data
The employees and/or collaborators of the Data Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who are formally appointed by the Data Controller as “in charge of processing”, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as "Processors", such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 7 below.

7. Rights of the Data subjects
Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:
 Sending a registered letter with return receipt to the registered offices of the Data Controller (via Giovanni Battista Pirelli, 9, Milano);
 Sending an electronic mail message to the address citiplat@mediatradecompany.com
Pursuant to Applicable Regulations, the Data Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
a) Access, updating, rectification, or, when interested, integration of data;
b) The cancellation or transformation into anonymous form of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
c) Certification to the effect that notification has been supplied of operations as per letters a) and b), as regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, the Users have:
a) The right to revoke consent at any time, if the processing is based on their consent;
b) (If applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
c) The right to restriction of processing;
d) The right to object;
e) If it is deemed that the processing concerning their personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No.
11, 00187 – Rome (http://www.garanteprivacy.it/).
_____________

The Data Controller is not responsible for updating all links viewed in this Privacy Policy, therefore,
whenever a link does not work and/or is not updated, the Users acknowledge and accept that they
must always refer to the document and/or section of the websites referred to by this link.