Privacy Policy

Mediana S.r.l.u. (hereinafter referred to as “Mediana”) believes in an honest and transparent processing of personal data. We believe it is important that our visitors and customers understand when and what kind personal data we collect.
“Personal data” means any information relating to an identified or identifiable person, as defined in Article 4 of the “General Data Protection Regulation” (GDPR – Regulation 2016/679).
We collect personal data of people who visit our website, make a written request, apply for a job or use the chat to get information.

Mediana processes the Personal Data of Users by adopting appropriate security measures to prevent access, disclosure, modification or unauthorized destruction of Personal Data.
The user has the right to know who he manages his data, whom he can make inquiries to, he can be aware of the purpose of the collection and processing of his personal data and the legal basis to which we refer.
We may share your personal data with third parties. The User has the right to know the identity of these third parties and how we protect your personal data when we transfer them.
The data controller of your data is:
Mediana S.r.l.u.
VAT number 00199510280
Via Lisbona, 10
35127 Padova (PD), Italy
As the data controller, Mediana determines the purpose and means of the processing of your personal data. Requests concerning your personal data can be forwarded to the responsible data controller.

Mediana can provide your personal data to internal recipients. These recipients are allowed access to your data in order to achieve the purposes previously described. Inside Mediana it can be allowed to the following categories of recipients:

    • Marketing: for promotion of services and events via newsletter, as well as for offers; upon request by telephone or through the “Contact” form on our website
    • Administration: to evaluate offers and contracts; and related payment methods
    • Human resources: for job applications received from the “Jobs” page on our site

Besides Mediana, in some cases, the access to the Data may be allowed to persons involved in the organization of the site (legal, system administrators) or external subjects (suppliers of third party technical services, hosting providers) appointed, if necessary, Responsible of Data Treatment by Owner.

Mediana does not share your personal data with any external recipient (third parties) who intends to use it for direct marketing purposes, unless you have specifically consented that.

The retention of personal data will be in paper and / or electronic format, and for the time strictly necessary to fulfill the purposes referred to in Point 1, in compliance with your privacy and current regulations.
For direct marketing and profiling purposes, we store your data for a maximum period equal to that envisaged by the applicable legislation (respectively equal to 24 and 12 months).
Invoices, accounting documents and transaction data are stored for 11 years in accordance with the law (including tax obligations).

In case of the oblivion exercise through the request for explicit cancellation of personal data processed by the owner, we remind you that such data will be kept, in a protected form and with limited access, only for purposes of ascertainment and repression of crimes, no more than 12 months from the date of the request and then will be securely deleted or anonymised irreversibly.

Finally, we remind you that for the same purposes, the data relating to electronic traffic, excluding the contents of communications, will be kept for a period of no more than 6 years from the date of communication, based on art. 24 of the Law n. 167/2017, which implemented the EU Directive 2017/541 on anti-terrorism.

If you do not exercise any active action (for example navigation, searches and / or any other way of using the service) on for a period of 27 months, you will be classified as an inactive user and your personal data will be deleted automatically.

No internet transmission is completely secure or error-free, nor data stored without vulnerable aspects.
The data are collected by the subjects mentioned in Point 3, according to the indications of the relevant legislation, with particular regard to the security measures provided by the GDPR (Article 32) for their processing by means of IT tools, manual and automated and with strictly related logic to the purposes indicated in Point 1 and in any case in such a way as to guarantee the security and confidentiality of said data.
We use encryption measures through the SSL certificate installed on our site and constantly updating the software for the management of our website.
We also take measures for staff training on data protection.

Data breach (breach of personal data) means a breach of security that accidentally or unlawfully leads to the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
The Data Controller must notify the Privacy Guarantor of any data breach, where possible, within 72 hours of becoming aware of the breach, unless the breach of personal data is unlikely to present a risk to the rights and freedoms of individuals. Any delay must be justified.
In addition, if the breach poses a high risk to the rights of individuals, the data controller should communicate it to all data subjects, using the most appropriate channels, unless it has already taken measures to reduce its impact.

For information or in the case of Data Breach

Links to other websites
Our website may contain links to other third party websites. We are not responsible for the privacy policies of these websites.

Changes of the Privacy Policy
We may occasionally change our privacy policy. In that case, we will post a notice to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom.

Last updated on 23/04/2020