PRIVACY POLICY

Miriade S.r.l. (tax code and VAT number 04124270242), with registered office in 36016 Thiene (VI), via Castelletto 11, in the person of the legal representative for the time, as data controller (hereinafter “Data Controller”), in compliance and in fulfillment of the provisions and provisions of the Reg. EU 2016/679, relating to "protection of natural persons with regard to the processing of Personal Data, as well as the free circulation of Data" (known and henceforth referred to as GDPR), intends to inform users (also referred to as "interested parties”) who consult and, or use the functions and services of the website owned by it (hereinafter also the "Site"), of how the Website collects and uses their personal data or how the data communicated to Miriade through the use of social networks (Linkedin, Instagram and Facebook),at point 11 of this information.

1) Controller and Processor of data protection

The Data Controller is Miriade S.r.l., VAT number 04124270242  with registered office in Via Castelletto 11 – 36016 Thiene (VI), tel. 0445-030111, email privacy@miriade.it.
Miriade has appointed a DPO, who can be contacted at the following e-mail address: dpo@miriade.it.

2) Definitions and legal references

In order to allow a full understanding of what is contained in this document, some definitions are  provided:

System Administrator
Authorized to process data with specific tasks and duties expressly regulated by the Provision of the Guarantor Authority of 27 November 2008.

Authorized
Employees or collaborators of the Data Controller who have access to personal data and who are specifically trained by the data controller for this purpose.

Cookie
Cookies are small text strings sent to the User's computer when he or she visits a website that store, and sometimes track, information relating to the User's use of the Site.
Their use is regulated in a specific information notice, also present on the Site and accessible via link.

Usage Data
This information is collected automatically by this Site (or by third-party sites or applications used by this Site), including: IP addresses or domain names of the computers used by the User who connects to this Site, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example, the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages visited, the parameters relating to the operating system and the User's IT environment.

Personal Data (or Data)
Personal data is any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number.

Interested
The natural person to whom the Personal Data refers.

Data Processor (or Manager)
The natural person, legal person, public administration and any other body, association or organization that processes personal data on behalf of the data controller.

Data Controller (or Owner)
The natural person, legal person, public administration, or any other entity, association, or organization responsible, even jointly with another data controller, for decisions regarding the purposes, means, and methods of processing personal data and the tools used, including security measures, in relation to the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.

User
The individual who uses this Site and whose Personal Data is being processed.

Legal references
Notice to European Users: This privacy policy has been prepared in fulfillment of the obligations set forth in Articles 13 et seq. of Reg. EU GDPR 679/2016 as well as the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, regarding Cookies.
The information contained in this document refers exclusively to the website www.miriade.it, owned by the Data Controller.
Miriade S.r.l. therefore invites the User to read the information on the processing of personal data provided by any third parties with whom they may come into contact while browsing.
In the event that the Personal Data processed belongs to other subjects and not to the User browsing the Site, the latter must be able to communicate them legitimately.

3) Purpose of processing and legal basis

Your personal data is processed for the following Service purposes:

  • A. allow users to receive responses to requests sent via the form;
  • B. sending newsletter and commercial communications by Miriade srl;
  • C. tracking the opening of emails containing commercial communications using tracking tools that collect the date and time of opening, number of openings, and clicks on links;
  • D. fulfill obligations established by law, by a regulation, by community legislation or by an order of the Authority;
  • E. protect your rights and interests (or those of users or third parties), identify any malicious or fraudulent activities;
  • F. manage the organization of workshops, webinars and in general any activity organized by Miriade S.r.l. also in collaboration with third parties involved in various capacities;
  • G. manage the sending, after completing a specific form, of documents and other material owned by Miriade or third parties;
  • H. processing of data for statistical and analytical purposes, in aggregate and anonymous form, to understand User behavior, evaluate site effectiveness, and optimize marketing strategies.

The processing of your personal data for the pursuit of these purposes is based on:

  • for purposes E and I on the pursuit of the legitimate interest of the owner in the correct functioning of its Site and in the protection of its image and rights, in judicial or extrajudicial proceedings (art. 6, par. 1, letter F of the GDPR);
  • for purposes B and C on your explicit consent for each of the purposes* (art. 6, par. 1, letter A of the GDPR)
  • for purposes A, F and G on the performance of a contract to which the data subject is party or the implementation of pre-contractual measures adopted at the request of the data subject (art. 6, par. 1, letter B of the GDPR);
  • for purpose D on the need for the Data Controller to fulfill a legal obligation (art. 6, par. 1, letter C of the GDPR).

* Consent, where required, is freely and explicitly given by voluntarily completing the required fields.

Consent can always be revoked, without affecting the lawfulness of previous processing (as required by Article 7 of the GDPR).

You can withdraw your consent at any time by simply sending a written communication to the Data Controller or the DPO using the contact details provided in this policy.


4) Methods of processing

Your personal data is processed using the operations indicated in the Privacy Code and subsequent amendments and in Article 4 (2) of the GDPR, specifically: collection, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is processed both in paper and electronic format by the Data Controller's employees, who have been previously instructed and trained, or by companies or external personnel, following the stipulation of a data processor agreement, aimed at ensuring the security and confidentiality of your personal data.
The Data Controller will implement appropriate security measures pursuant to Art. 32 GDPR.

5) Recipients of the data

Your personal data may be made accessible for the purposes referred to in point 3 to the following parties:

  • employees of the Data Controller, in their capacity as authorized data processors duly appointed and trained in compliance with art. 29 GDPR and art. 2 quarterdeces of Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 and/or System Administrators in compliance with the Guarantor's Provision "Measures and precautions prescribed for data controllers of data processed using electronic tools with regard to the assignment of system administrator functions" of 27 November 2008 and subsequent amendments.;
  • external companies and collaborators who perform outsourced activities on behalf of the Data Controller (e.g., hosting service providers, suppliers who provide technical components for the provision of certain service features, etc.), in their capacity as Data Processors, in compliance with Art. 28 GDPR;
  • third-party companies that collaborate with Miriade in various capacities on specific initiatives, which will act as Data Processors pursuant to Art. 28 GDPR;
  • with your express consent, to third-party companies who will act as independent data controllers for their own promotional purposes;
  • administrative and judicial bodies and authorities that operate as independent data controllers pursuant to legal obligations.

Under no circumstances will your personal data be disclosed.

6) Categories of data processed

Through the Website, the Data Controller processes common personal data (e.g., identification, contact, and usage data) that do not belong to special categories pursuant to Article 9 of the GDPR.

7) Data transfer

Personal data will be managed and stored on servers located within the European Union owned by the Data Controller and/or third-party companies duly appointed as Data Processors. In any case, it is understood that the Data Controller, if necessary, will have the right to relocate the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in compliance with applicable legal provisions, stipulating, where necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
8) Nature of the provision of data and consequences of refusal to respond
The provision of your personal data for the purposesA, B, G e H It is necessary to guarantee the Services you have requested. Failure to provide it will make it impossible for the Data Controller to provide the service.
However, the provision is optional for commercial purposes.(purposes C and I).Any refusal to give consent for these specific purposes does not have negative consequences on the provision of the services offered within the Site and related applications, however,will not allow you to receive commercial communications.

9) Time and method of data storage

Your personal data will be stored electronically and for the time strictly necessary to fulfill the purposes set out above, respecting your privacy, the principle of storage limitation (Art. 5, par. 1, letter E of the GDPR), as well as any specific regulatory provisions and/or instructions provided by the Data Protection Authority.
The retention periods are listed below.

  • For the Purpose The User's personal data will be stored for 24 wei;
  • For the purpose B the User's personal data will be kept for 24 months, unless your consent is revoked;
  • For purpose C the User's personal data will be stored for24months from the User's last interaction on Miriade assets (site, commercial emails, forms, ....), except in cases where a contractual relationship exists;
  • Per purposeThe User's personal data will be stored in compliance with legal obligations;
  • For purpose E yesThe User's personal data will be stored for 24 months;
  • Per purpose F e G i daThe User's personal data will be stored for 24 months.
  • Data for purpose I are stored in aggregate form for 2 months

10) Social network

Miriade, in the context of its legitimate interest in carrying out and promoting its social activities through the communication channels offered by social networks, may process personal data that users registered on those social networks decide to share, sometimes even by forwarding messages to the company's social media pages.

The processing of such personal data is necessary to allow Miriade to respond to requests made by users.

If the contact occurs via social networks Facebook and InstagramMiriade will not carry out targeting activities, either on the personal data provided by the User or on personal data otherwise observed or inferred.

Through LINKEDIN, instead, in addition to responding to the requests received, targeting activities may also be carried out on the personal data provided, observed and inferred

The personal data provided by the User are those that the latter has entered directly into the social network.
Observed personal data (point 67 of Guidelines 8/2020) is data obtained from observing the User's behavior on social media. This observation is carried out by LinkedIn using cookies on its website, to which the User must consent or not.
Finally, inferred personal data refers to data created by the data controller based on data provided by the data subject or based on observed data.

Myriad, through a service made available by LinkedIn (LinkedIn sales navigator), based on the data communicated, observed, and/or inferred, identifies users potentially interested in its products and services by entering specific criteria. This targeting activity is carried out manually, using computerized methods, by individuals authorized by Miriade to manage and use the social media pages.It is possible for you to know the targeting criteria or ask the Owner for those actually in use.Miriade, once the users have been identified, will be able to proceed with sending commercial communications,in compliance with theLinkedIn license agreement, to which reference is made. 

Finally, with regard to the rights of the interested parties, in addition to those specified in art. 11 of this information notice,You can check the data entered in your social media profile at any time and, if necessary, modify or delete it.
Further information included in your right of access may be found by viewing the license agreement you signed with the social network platform.  

11) Rights of the interested party 

We inform you that in your capacity as interested party, you have, in addition to the right to withdraw consent at any time by contacting the Data Controller at the contact details below, also the right to lodge a complaint with the Supervisory Authority, by contacting the Guarantor for the protection of personal data (http://www.garanteprivacy.it) or to the European Data Protection Supervisor (http://www.edps.europa.eu).
Furthermore, you also have the right to exercise the rights listed below, which you can assert by making a specific request to the Data Controller:

Art. 15 Right of access - The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information relating to the processing.
Art. 16 Right to rectification -The data subject has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 Right to erasure (right to be forgotten) - The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller has the obligation to erase personal data without undue delay.
Art. 18 Right to restriction of processing - The data subject has the right to obtain from the data controller restriction of processing when one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) although the data controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21, paragraph 1 of the Regulation, pending the verification whether the legitimate grounds of the controller override those of the data subject.
Art. 20 Right to data portability - The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Art. 21 Right to object - The data subject has the right to object at any time, for reasons relating to his or her particular situation, to the processing of personal data concerning him or her, including profiling based on these provisions.
Art. 22 Right not to be subjected to automated decision making, including profiling - The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

12) How to exercise your rights

You may, at any time, also through the rights exercise form made available on the Site, exercise your rights by sending a request to the Data Controller, contacting him via:

  • Registered mail with return receipt addressed to: Miriade S.r.l. in Via Castelletto 11 – 36016 Thiene (VI);
  • Email to (privacy@miriade.it)
  • PEC to the address (miriade@legalmail.it);
  • Telephone: 0445 030111

The feedback will be given within the terms set out in Article 12, paragraph 3 of the GDPR (The controller shall provide information to the data subject on action taken on a request pursuant to Articles 15 to 22 without undue delay and in any event within one month of receipt of the request. That period may be extended by two more months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.)
The exercise of these rights is not subject to any formal requirements and is free of charge. Only if the data subject requests additional copies of the data, Miriade S.r.l. may charge a reasonable fee based on administrative costs. If the data subject submits the request electronically, and unless otherwise specified by the data subject, the information will be provided in a commonly used electronic format.
If you decide to contact the Data Controller by telephone, you will receive the necessary instructions on how to receive and/or complete the rights exercise form, prepared for this purpose.
No further feedback will be given by telephone.
Alternatively, the request can be sent to the Data Protection Officer (DPO) by contacting him/her by email at: dpo@miriade.it.
If you decide to contact the DPO, the characteristics of gratuitousness and freedom of the form of the request will not disappear.  

13) Changes to this Policy

This Policy may be subject to change. We therefore recommend that you check this Policy regularly and refer to the most up-to-date version.
Information updated on May 13, 2025.