Skip to main content

Privacy policy

We wish to inform you that European Regulation 2016/679 (hereinafter GDPR) establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules relating to the free movement of such data, aimed at protecting the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data. The free movement of personal data within the Union cannot be restricted or prohibited for reasons relating to the protection of natural persons with regard to the processing of personal data. We therefore inform you that, pursuant to the aforementioned GDPR, "personal data" means any information relating directly or indirectly to you as a data subject, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. The website management procedures with regard to the processing of personal data of users who consult it and have access to the reserved area are also described here. This information is also provided pursuant to Article 13 of the GDPR to those who interact with METEDA SRL's web services, which are accessible electronically at the following addresses:

www.meteda.it   >  www.metadieta.it > www.metadieta.com

This information applies only to METEDA SRL websites and not to other websites that may be accessed by the User via links. Visiting this website may result in the processing of data relating to identified or identifiable individuals.

The purpose of this policy is to identify certain minimum requirements for the collection of personal data online, and, in particular, the methods, timing, and nature of the information that data controllers must provide to users when they connect to web pages, regardless of the purpose of the connection.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The identity of the Data Controller and his contact details, also shown in the header, are as follows:

  • METEDA SRL
  • address: Via Antonio Bosio, 2 Int.10 – 00161 Roma (RM)
  • Amm. Headquarters  ed Operativa: Via Silvio Pellico, 4 – 63074 San Benedetto del Tronto (AP)
  • contacts:   e-mail  privacy@meteda.it      Telefono: +39 0735 783021      Fax: +39 0735 83887

2. PURPOSE OF PROCESSING – LEGAL BASIS
The processing related to this site's web services takes place at the aforementioned Data Controller's headquarters, at the headquarters identified by the website operator, and is handled only by personnel authorized to process data, or by persons assigned to occasional maintenance operations. No data deriving from the web service is disclosed. The personal data provided by users who submit requests for material relating to the requested service (or even simply for informational purposes) is used to fulfill the User's requests and may be disclosed to third parties only if necessary and if involved and functional to fulfilling the aforementioned requests.

The collection and processing of the User's personal data will take place in compliance with the general principles of necessity, correctness, relevance and non-excess and in particular the data will be processed for:

A.     respond to questions and provide information requested by the User (the optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message) and to contact the User regarding the services provided by METEDA Srl;

B. the use of so-called video tutorials, provided – following specific registration of the individual interested parties – by the undersigned via the dedicated page of the company web portal, in order to instruct each registered User on the functionality and use of the proprietary applications licensed for use;

C.     the "NEWSLETTER" service to which the User may freely subscribe. The personal data provided by users when registering for the aforementioned service will be used solely for the purpose of sending the newsletter and will not be disclosed to third parties, nor will they be used in a non-anonymous and/or aggregated form for profiling and similar activities;

D. assistance requests (ticketing), with authenticated access via login and password, or assistance via remote connection;

E.     insertion of assistance requests (which includes the so-called “Drug Update” service) into our company CRM;

F.     the necessary and indispensable processing of an operational, managerial, accounting and other nature;

G.      some data (identification and tax) will be used for registrations and communications required by law;

H.     checks on the level of customer satisfaction with regard to the services provided and any other type of request, through personal or telephone interviews, which each interested party will be free to opt out of and which, in any case, will be kept anonymous and will not be used for purposes other than customer care, with a view to constantly improving customer support services;

I.     subject to the "consent of the interested party"[1] for purposes functional to commercial/promotional activities such as commercial communications, sales, sending of advertising material or for carrying out market research on the services offered (by way of example and not limited to: updates on initiatives, offers and promotions relating to services and products relating to the activity of METEDA Srl and third parties with which it collaborates, programmes and promotions, including online, aimed at rewarding or retaining potential customers).

The legal basis for the processing is identifiable, pursuant to art. 6 of EU Regulation 679/16 (see also below, art. 3):

  • in contractual requirements;
  • from the need to fulfill legal obligations;
  • in the need, where required, to obtain unambiguous consent from each interested party.

3. LAWFULNESS OF PROCESSING
Processing is lawful if at least one of the following conditions is met:

from the art. 6 co. 1 letter a), b), c), f) 

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the data controller is subject;

d) processing is necessary for the purposes of the legitimate interests pursued by the data controller (such as, for example, the prevention of fraud or abuse of our website: Processing personal data for direct marketing purposes may be considered legitimate interest, as highlighted in recital 47 of the GDPR) or by third parties, provided that the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail, in particular if the data subject is a minor.

4. RECIPIENTS OF PERSONAL DATA
Disclosure to the identified recipients will occur only if they are involved and functional to achieving the purposes referred to in point 2 above. Therefore, the personal data collected and processed may be: a) used anonymously for statistical purposes;

a.      made available to the Data Controller's Collaborators, in their capacity as Managers or persons authorised to process personal data;

b. communicated to third parties, whether natural or legal, public administrations, professionals, law enforcement agencies, government bodies, regulatory bodies, courts or other public authorities authorised by law;

c.      communicated to commercial partners, only with the prior and express consent of the User.

d.     if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, also with regard to the right to data portability;

The list of Data Processors is available at the Data Controller's headquarters.

5. CATEGORIES OF PERSONAL DATA
We do not process special categories of personal data (those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or a person's sex life or sexual orientation), nor data relating to minors. The personal data processed is solely and exclusively that which is necessary and functional to the proper achievement of the purposes indicated in point 2.

6. DATA RETENTION
The data provided for the purposes referred to in point 2 will be retained:

  • For administrative/accounting purposes: for the period required by tax and civil law;
  • For marketing purposes and sending newsletters: until the consent given is revoked, until the right to object is exercised and in any case no later than ten (10) years from collection.

Personal data will not be disclosed and will be destroyed when we no longer need or are obliged to retain them. Upon express request from the interested party, they will be destroyed within thirty (30) days of the same, unless they must be kept intact due to mandatory legal provisions.

7.    PROCESSING METHODS
The computer systems and software procedures used to operate this website platform acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes IP addresses (for verifying user trustworthiness and for security purposes) or the domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) ​​addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user's operating system and IT environment. This data is used solely to obtain anonymous statistical information on site usage and to verify its proper functioning and is deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site: except for this possibility, web contact data is currently not retained for more than seven days.

The personal data subject to processing will be processed:

  • Manually and/or electronically and will be stored in dedicated paper and/or electronic archives. Paper and electronic documentation will be properly maintained and protected for the entire time necessary for processing, using appropriate security measures to minimize the risk of destruction or loss, unauthorized access, or processing that does not comply with the purposes of collection;
  • There is no automated decision-making process and no profiling is carried out.

8.       COOKIES
We use so-called cookies, which are small files stored on your computer's hard drive and are used to provide services and/or information. Most cookies are "session cookies" and are deleted from your hard drive at the end of the session (when you log out or close your browser). They may be present on some pages of the site to analyze web page access, personalize services, content, and advertising, measure the effectiveness of promotions, and ensure trust and security. The so-called session cookies used on this site avoid the use of other IT techniques that could potentially compromise the privacy of users' browsing experience and do not allow the acquisition of personal data that could identify the user.

Our website's cookie policy can be found in the dedicated section.

9. DATA PROVISION
Except as specified for navigation data, the user is free to provide the personal data requested through specific forms relating to services, products, and any other type of request that the site operator or its commercial partners are able to offer.

Failure to provide them may make it impossible to obtain a response to any requests or to use the services or products that the site manager, or its commercial partners, are able to provide.

10. RIGHTS OF THE INTERESTED PARTY
We inform you that, as a Data Subject, you have all the rights provided for by Articles 15-16-17-18-20-21-22 of the GDPR, by virtue of which:

  • The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • the existence of the right to request from the controller access to and rectification or erasure of personal data, restriction of processing concerning the data subject, or to object to processing, as well as the right to data portability, including any available information regarding their source; and the right to obtain the erasure of personal data concerning the data subject without undue delay pursuant to Article 17 (the "right to be forgotten").
  • where the processing is based on Article 6, paragraph 1, letter a), or on Article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • the right to lodge a complaint with a supervisory authority;
  • Obtain from the data controller a copy of the personal data undergoing processing, provided that it does not infringe the rights and freedoms of others; for further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. Where the request is made electronically, unless otherwise specified, the information shall be provided in a commonly used electronic format;

The above information will be provided:

  • within a reasonable period of time after obtaining the personal data, but at the latest within 30 (thirty) days, taking into account the specific circumstances in which the personal data are processed;
  • If the personal data is intended for communication with the data subject, no later than the time of the first communication to the data subject; or, if communication to another recipient is envisaged, no later than the first communication of the personal data. All data subject rights under the GDPR are exercised by submitting a request without formalities to the Data Controller, including through a designated representative, to which appropriate responses will be provided without delay.

 (Document updated on 05/15/2018)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.