top of page



MEC SERVICE SRL UNIPERSONALE (the "Company" or the "Data Controller"), with headquarters in Via Arzignano, 18 IT-36070 Trissino VI, intends to inform you that, according to Article 13 of the General Data Protection  Regulation n.679/2016 (“GDPR” or “Regulation”), personal data related, connected and/or instrumental to the execution of the contract between you and the Company will be processed for the following purposes and modalities:

Data Controller

The Data Controller is Carlo Pellegrino the complete and updated list of the Data Processors and other subjects to whom your data may be transferred is available on request from the Data Controller.

Purposes and legal basis of the data processing

Your personal data, including identifying and fiscal data and those related to your bank account, will be processed (pursuant to the definition of “processing”: Article 4 (2) of the Regulation) for the following purposes:

  • purposes related to the establishment, management, execution and/or conclusion of the contract;

  • purposes related to the management of the above contractual relationship, i.e. to operational/managerial requirements (e.g. accounting and taxation, credit management, etc.);

  • purposes related to the fulfilment of any other obligation arising from national and EU legislation to which the Data Controller is subject, or orders given by authorities to that legitimated by law.

  • purposes related to the newsletter service and sending of communications for promotional purposes in the event that you decide to subscribe to the Data Controller newsletter, only following your possible and specific consent, your personal data will be processed by the Data Controller for the sending of commercial or promotional communications and related updates, for example , to exclusive offers, special events and promotions.

Your personal data will be processed where the processing is required for the establishment, execution and eventual termination of the contract concluded between you and the Company and in the obligations to the same contract related and/or directly and/or indirectly arising therefrom.

Processing Methods and Data Retention Period

Personal data will be processed with information systems suitable to ensure security and confidentiality, in full compliance with Chapter II (Principles)  and Chapter IV (Controller and processor) of the Regulation.

The processing can also be carried out by automated tools in order to memorize, manage or transmit personal data.

The processing of your personal data is carried out by means of the operations indicated in Article 4,( 2) of the Regulation, to which it refers for any useful purpose.

Personal data collected will be processed and stored for the duration of the contract between you and the Company and, after its termination, for purposes related to the fulfilment of regulatory obligations in the administrative-accounting, tax, fiscal and civil matters.

The Controller, upon written request from the data subject, shall provide a copy of personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee taking into account the administrative costs. The right to obtain a copy shall not adversely affect the rights and freedoms of others.


Access to personal data

Your personal data may be made accessible to:

  1. employees and collaborators of the Data Controller and/or employees and collaborators of the Data Controller, in their capacity as persons authorized to process and / or system administrators within the Company;

  2. authorized representatives, companies, consultants, self-employed professionals who provide services functional to the purposes, with particular but not exclusive regard to technological, accounting, administrative, legal, fiscal and financial matters;

  3. banks and insurance companies;

  4. all those subjects whose communication is necessary for purposes strictly connected and instrumental to the management and execution of the obligations arising from contractual and pre-contractual relations with the Company;

  5. rating or auditing companies;

  6. subjects to which is entrusted the service of maintenance and development of our computer system, for the time strictly necessary to the execution of the services.

With specific reference to subjects, companies, associations or professional firms that lend services or activities of assistance and consultancy or provide services to the Company, they will be appointed, by the Controller, as Processors of personal data within the meaning of Article 28 of the Regulation, by means of a dedicated appointment, indicating the processing methods and the measures required  for the fulfilment of the Controller’s obligations.


Recipients of the personal data

Even without your consent, pursuant to Article 6, lett. b) and c) of the Regulation, your personal data could be communicated, for the purposes above mentioned, to Judicial or Administrative Authorities, for the fulfillment of legal obligations.

Data Transfer to Third Countries

Management and storage of personal data shall be in servers located in European Union, belonging to the Controller or to third-party companies duly appointed as Processors. Currently the servers are located in Italy. [IS1] Data won’t be transferred outside European Union. However, the Controller has the right to change the servers’ location inside the European Union and/or to Countries Extra-UE. In the latter case, the Controller ensures that Extra-UE data transfer shall be in full compliance with Articles 44 and following of the Regulation, and will provide appropriate safeguards by contractual clauses between the Controller and the recipient of the personal data in the third country which include a description of adequate security measures.


Nature of the provision of personal data and consequences

Data provision is mandatory for the purposes referred to in paragraph 2 of this privacy notice.

Personal data acquired by the Controller are essential for the improvement of the contractual relationship and for the subsequent execution of the contractual relationship arising from the same. Therefore, your possible refusal to provide personal data may lead to the result that is not possible for the Controller to:

  1. guarantee compliance with the existing regulatory provisions in civil, fiscal and tax matters, as well as the measures issued by the competent authorities;

  2. ensure the proper management of the contractual relationship;

  3. handle disputes, as well as exercise his rights in Court.


Your Consent is necessary for the purpose related to the newsletter service. You can always revoke the consent given at any time by writing to

Data subjects rights

We inform you that at any time in relation to your data, you can exercise the rights under articles 15, 16, 17, 18, 20 and 21 of the GDPR.

In detail, you have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: i) the purposes of data processing; ii) the categories of personal data concerned; iii) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) the period for which the personal data will be stored; v) where the personal data are not collected from the data subject, any available information as to their source; vi) the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved; vii) when personal data are transferred to a third country or to an international organization the appropriate safeguards pursuant to Article 46 relating to the transfer.

Moreover you have the right of: access, update, rectification, integration or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; obtain data portability; withdraw consent to the processing of personal data, and if applicable; to lodge a complaint with the competent supervisory authority.

The Company shall provide information on action taken on a request under Articles 15, 16, 17, 18, 20, and 21 to the data subject without undue delay and in any event within one month of receipt of the request.

That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The company shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

The outcome of your request will be provided in writing or in electronic format.


Exercise of your rights

You can exercise the above mentioned rights at any time in the following ways:

  1. sending an e-mail to

  2. sending a registered letter addressed to the Controller in Via Arzignano, 18 IT-36070 Trissino VI.

The Data Controller



bottom of page