Privacy Policy | MITSUBISHI ELECTRIC Italia

What is the purpose of this privacy policy

In compliance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation), this Privacy Policy provides information about how we process the personal data that you provide. This Privacy Policy is provided pursuant to Article 13 of the GDPR.

Personal Data Processed

Personal Data: «personal data»: means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (C26, C27, C30 GDPR)

Data of the contracting parties.

Data provided by the data subject

The optional, explicit and voluntary sending of messages to the contact addresses indicated on this website and/or the compilation of data forms implies the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data entered.

1. The data controller

The data controller, pursuant to Articles 4 and 24 of Regulation (EU) 2016/679, is Mitsubishi Electric Europe B.V., having its registered office in 1119NS Schiphol – Rijk Capronilaan 34 Netherlands, secondary office in Vimercate 20871 (MB), Via Energy Park 14, Italy, represented by its legal representative, and may be contacted at the following e-mail address privacy@it.mee.com

2. Data protecion Officer (DPO)

Data protecion officer (DPO), appointed pursuant to Articles 37 - 39 of Regulation (EU) 2016/679, who may be contacted on: MEU.DMO@mecc.mee.com

3. Purpose and legal basis of processing, retention period, nature of the provision of data

PURPOSES OF PROCESSING	LEGAL BASIS	RETENTION PERIOD	NATURE OF DATA PROVISION
A) CONTACTS, sending contact requests, information (or material, including in paper format) that will also be provided by the sales/distribution network in the territory; related administrative accounting activities.	Processing is necessary to execute a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (C44) Article 6(1), point b, of the GDPR	A maximum of 12 months	The provision of data is mandatory. Failure to provide the necessary data will make it impossible to receive the service
B) DIRECT MARKETING, to send advertising or direct sales material or carry out market research and analysis, customer satisfaction surveys or send commercial and promotional communications, newsletters, communications about events, invitations or similar sent by email, by automated (email) and traditional methods (telephone and letter mailings). Communications may contain promotional activities and/or logos of third parties and companies belonging to the group. Personal data will not be transferred. For a complete list of group companies and partners, please write to privacy@mee.com In order to compare and possibly improve the results of automated communications, the Data Controller uses systems with reports. Thanks to the reports, the Data Controller is able to know, for example: the number of readers, openings, unique “clickers” and “clicks”; the devices and operating systems used to read the communication; the details of the activities of individual users; details of the emails sent, delivered or not delivered, emails forwarded. The above data are used to compare, and possibly improve, the results of communications.	Processing is based on consent to the processing of personal data (C42, C43) Article 6(1), point a, of the GDPR	Until consent is withdrawn (or the data subject opts-out)	The provision of data is optional. Failure to provide the necessary data will make it impossible to send direct marketing communications.
C) NON-AUTOMATED PROFILING: in order to carry out analyses, evaluations and subdivide the data subjects into similar groups by specific characteristics of activities in order to better manage the services, allow us to analyse their profile, area and sector to which they belong, create clusters, analyse habits, consumptions and behavioural preferences, in order to retain loyalty and improve the commercial offer, the services proposed and allow us to send communications that might be of interest to you and for a more customised service. The processing of personal data may involve customer care activities, by offering customised and courtesy services. These purposes are also pursued by entering the data Iin the Database/company CRMs/platforms and the data will also be processed by the other branch offices.	Processing is based on consent to the processing of personal data (C42, C43) Article 6(1), point a, of the GDPR	Until consent is withdrawn and, in any case, no more than 12 months.	The provision of data is optional. Failure to provide the necessary data will make it impossible to carry out analyses and/or send targeted communications.
D) MANAGEMENT OF REQUESTS TO EXERCISE THE RIGHTS OF DATA SUBJECTS, pursuant to Article 15 et seq. of the GDPR (rights of the data subject)	Data processing is necessary to fulfil a legal obligation of the Data Controller (C45) Article 6(1), point c, of the GDPR	5 years of when the request is settled, other than in the case of pending litigation.	The provision of personal data is mandatory, given that this is necessary to fulfil legal obligations.

PURPOSES OF PROCESSING

LEGAL BASIS

RETENTION PERIOD

NATURE OF DATA PROVISION

A) CONTACTS, sending contact requests, information (or material, including in paper format) that will also be provided by the sales/distribution network in the territory; related administrative accounting activities.

Processing is necessary to execute a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (C44)

Article 6(1), point b, of the GDPR

A maximum of 12 months

The provision of data is mandatory.

Failure to provide the necessary data will make it impossible to receive the service

B) DIRECT MARKETING, to send advertising or direct sales material or carry out market research and analysis, customer satisfaction surveys or send commercial and promotional communications, newsletters, communications about events, invitations or similar sent by email, by automated (email) and traditional methods (telephone and letter mailings).

Communications may contain promotional activities and/or logos of third parties and companies belonging to the group. Personal data will not be transferred. For a complete list of group companies and partners, please write to privacy@mee.com

In order to compare and possibly improve the results of automated communications, the Data Controller uses systems with reports. Thanks to the reports, the Data Controller is able to know, for example: the number of readers, openings, unique “clickers” and “clicks”; the devices and operating systems used to read the communication; the details of the activities of individual users; details of the emails sent, delivered or not delivered, emails forwarded. The above data are used to compare, and possibly improve, the results of communications.

Processing is based on consent to the processing of personal data (C42, C43)

Article 6(1), point a, of the GDPR

Until consent is withdrawn

(or the data subject opts-out)

The provision of data is optional.

Failure to provide the necessary data will make it impossible to send direct marketing communications.

C) NON-AUTOMATED PROFILING: in order to carry out analyses, evaluations and subdivide the data subjects into similar groups by specific characteristics of activities in order to better manage the services, allow us to analyse their profile, area and sector to which they belong, create clusters, analyse habits, consumptions and behavioural preferences, in order to retain loyalty and improve the commercial offer, the services proposed and allow us to send communications that might be of interest to you and for a more customised service. The processing of personal data may involve customer care activities, by offering customised and courtesy services. These purposes are also pursued by entering the data Iin the Database/company CRMs/platforms and the data will also be processed by the other branch offices.

Processing is based on consent to the processing of personal data (C42, C43)

Article 6(1), point a, of the GDPR

Until consent is withdrawn and, in any case, no more than 12 months.

The provision of data is optional.

Failure to provide the necessary data will make it impossible to carry out analyses and/or send targeted communications.

D) MANAGEMENT OF REQUESTS TO EXERCISE THE RIGHTS OF DATA SUBJECTS, pursuant to Article 15 et seq. of the GDPR (rights of the data subject)

Data processing is necessary to fulfil a legal obligation of the Data Controller (C45)

Article 6(1), point c, of the GDPR

5 years of when the request is settled, other than in the case of pending litigation.

The provision of personal data is mandatory, given that this is necessary to fulfil legal obligations.

Purpose and legal basis of processing, retention period, nature of the provisioning of data

Your personal data will be disclosed, including for the envisaged purposes in specific areas, to persons who will process your data as independent Data Controllers, or Data Processors (Article 28 of the GDPR) and will be processed by individuals (Article 29 GDPR) acting under the authority of the Data Controller and Data Processors based on specific instructions relating to the purposes and methods of processing, for specific purposes according to the area in question. Your data may be disclosed to recipients belonging to the following categories:

Companies and organisations based in Italy and EEA countries, who provide services to manage communications networks, including e-mails, platforms and CLOUD, databases;
Mitsubishi Electric Group Company, to the sales/distribution network and servicing in the territory;
Firms or companies for purposes of servicing and consulting services;
Credit reference agencies that provide solvency assessments and payment habits surveys and/or debt collection agencies in the case of administrative accounting purposes;
For direct marketing, after giving prior consent, to agencies for the management of direct marketing activities;
The competent authorities in order to fulfil obligations under applicable laws and/or orders of public authorities, on request.

In order to receive the list of Data Processors please write to privacy@it.mee.com or the other addresses indicated above.

5. Are data transferred to non-EEA Countries?

Your personal data will not be transferred outside the European Union.

6. Will automated decision-making processes be used?

Your personal data will be processed using traditional, electronic and automated processing methods. No fully automated decision-making process is in use.

Profiling consists of the use of personal data to evaluate, with the express consent of the data subject as indicated in the purposes, through an operator who prepares the profile of the data subject and analyses the habits and consumption preferences, in order to improve the commercial offer and services of the data controller (non-automated profiling).

7. What are your rights? How can you exercise your rights?

You may exercise your rights as set out by Article 15 et seq. of Regulation (EU) 2016/679, by contacting the Data Controller, sending an e-mail to privacy@it.mee.com or writing to the above contact addresses. You have the right, at any time, to request any of the following rights: right of access (Article 15), right to rectification (Article 16), right to erasure (Article 17), right to restriction of processing (Article 18). The controller shall communicate (Article 19) any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed. The controller shall inform the data subject about those recipients if the data subject requests this. Furthermore, where provided, you have the right to data portability (Article 20) and in this case you will receive your personal data in a structured, commonly used, machine-readable and interoperable format. You have the right to withdraw the consent given without affecting the lawfulness of the processing based on you consent prior to the withdrawal of such consent.

To stop receiving direct automated marketing messages (emails), simply write at any time to privacy@it.mee.com indicating in the subject line “cancellation from automated marketing message” or use our automatic cancellation systems used only for emails. To stop receiving traditional direct marketing messages (operator calls and direct mail), simply send an email to privacy@it.mee.com at any time indicating in the subject line “cancellation from traditional marketing”. If you wish to stop marketing messages, simply send an email at any time to privacy@it.mee.com indicating in the subject line “cancel marketing messages”. You may withdraw your consent to profiling (non-automated) at any time by writing to privacy@it.mee.com indicating in the subject line “no profiling”.

If the data subject believes that the processing of his or her personal data by the Data Controller is in breach of the provisions of Regulation (EU) 2016/679, the data subject has the right to lodge a complaint with the Supervisory Authority, in particular in the Member State where it habitually works or resides or the place where the alleged breach of the regulation took place, or take appropriate legal action.

There is no automated decision-making process.

8. Changes of the privacy policy

The Data Controller reserves the right to modify, update, add or remove parts of this privacy policy. In order to facilitate verification and modification of the text, the date of update will be shown in the privacy policy.

Date of update: 31 January 2024