Definitions
For the purpose of this Privacy Policy:
- Personal data: means any information relating to an identified or identifiable natural person
(‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly,
in particular by reference to an identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person;
- Processing: means any operation or set of operations which is performed on personal data or on
sets of personal data, whether or not by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction,
erasure or destruction;
- Data controller means the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the processing of personal
data; where the purposes and means of such processing are determined by Union or Member State law, the
controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- Data Processor: means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the Data Controller;
- Recipient : means a natural or legal person, public authority, agency or another body, to which
the personal data are disclosed, whether a third party or not. However, public authorities which may
receive personal data in the framework of a particular inquiry in accordance with Union or Member State
law shall not be regarded as recipients; the processing of those data by those public authorities shall
be in compliance with the applicable data protection rules according to the purposes of the processing;
- Third party: means a natural or legal person, public authority, agency or body other than the
data subject, controller, processor and persons who, under the direct authority of the controller or
processor, are authorised to process personal data;
- Consent of the data subject:means any freely given, specific, informed and unambiguous
indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action,
signifies agreement to the processing of personal data relating to them;
- Data concerning health: means personal data related to the physical or mental health of a
natural person, including the provision of health care services, which reveal information about their
health status; and
- Supervisory Authority: means an independent public authority which is established by a Member
State pursuant to Article 51
- The above definitions of are drawn from Article 4 of the European Union’s General Data Protection
Regulation 2016/679.
Data controller
-
Miracle Srl
-
Via San Pietro 34, Capurso, BA 70010, Italia
-
VAT Number: 08271590724
-
Miracle Srl has appointed a Privacy Officer for data protection compliance within the company. Should
you have questions about how we handle your personal data or about this policy, contact
privacy@miraclesrl.com outlining your requirements.
Collecting personal data
-
Miracle Srl will collect your personal data when you use our website at www.miraclesrl.com, or any of the services you can get access to through our website.
-
Miracle Srl collects personal data when you:
-
1. register to use one of our services.
-
2. use any of our services;
-
3. contact us for information;
-
4. take part in marketing promotions.
-
Specifically, Miracle Srl has a legal basis (a valid legal reason) to collect the following personal data:
|
Personal data |
Legal basis |
Register to use one of our services |
Registration information including your VAT number, company name, company registered address, telephone number, email address, full name of responsible party, username, password, and IBAN or PayPal transaction ID. |
Contract obligation |
Use any of our services
|
Records of our correspondence if you contact us or we contact you. |
The data we collect depends on the context of your interactions with Miracle Srl and the choices you make, including the services and features you use.
|
Contract obligation |
Contact us for information |
Records of our correspondence if you contact us. |
Legitimate Interest |
Take part in marketing promotions |
E-mail address and your marketing preferences. |
Consent |
When acting as a Data Processor, Miracle Srl may process special categories of personal data concerning health in connection with telemedicine service provision. To the extent that personal data you provide contains details of physical or mental health or condition, you expressly authorize Miracle Srl to handle such details as specified in this privacy policy.
Miracle Srl website uses cookies and other electronic communication protocols. For further information, please consult our Cookie Policy.
Data recipients and sharing with third parties
Miracle Srl may share your personal data internally, with service providers and other third parties as necessary in connection with service acquisition, legal or regulatory requirements, to respond to requests from public and government authorities, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
Miracle Srl requires that its service providers and such other third parties keep your personal data confidential and that they only use it in furtherance of the specific purpose for which it was disclosed. Third Party privacy agreements were made with the below companies to ensure the safety of your data:
- • Amazon Web Services, Italia;
- • Dropbox Inc., United States;
- • Google Limited, United Kingdom;
- • Apple Inc., United States;
- • Microsoft Coop., United States;
- • Paypal Holdings Inc., United States;
- • Aruba S.p.A, Italy;
- • BPER Banca S.p.A., Italy;
- • Gagliardi e Associati Consultings Srls, Italy.
Security and confidentiality
Except as otherwise stated in this privacy policy or as required for legal or regulatory purposes, Miracle Srl treats your personal data as confidential and will not disclose it to third parties without your consent. Miracle Srl maintains, and requires its services providers to maintain, reasonable technical and organisational measures designed to protect the confidentiality and security of your personal data.
Retention and access
We will not retain your personal data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, Miracel Srl considers the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
Your rights
- 1. You have the right to be informed about how Miracle Srl uses your personal information;
- 2. You can ask to see the personal data Miracle Srl holds about you;
- 3. You can ask Miracle Srl to correct your personal data if you think it is incomplete or inaccurate;
- 4. You can ask Miracle Srl to delete your personal data;
- 5. You can object to Miracle Srl processing your personal information for marketing purposes or if we are we are using it for legitimate interests;
- 6. You can ask Miracle Srl to restrict the use of your personal data;
- 7. You can ask Miracle Srl to provide your personal data in a structured, commonly used, and machine-readable format;
- 8. You can withdraw your consent at any time.
To exercise any of your right, you can send Miracle Srl an email at privacy@miraclesrl.com. For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
Miracle Srl will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
If you have any complaints regarding our compliance with this policy, you should first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of your personal information in accordance with this policy. If you are still unhappy with how we have handled your personal data, you can complain to your local supervisory authority.
Last modified: 26/08/2022