Information for traders
INFORMATION PURSUANT TO ART. 13 REG. EU 679/2016
ADDRESSED TO MERCHANTS DURING THE REGISTRATION TO THE MITGATE APP
MitGate S.R.L with headquarters in Corso di Porta Vittoria 18 – 20122 Milan (MI), as Data Controller (hereinafter “Owner”), pursuant to Article 13 of Regulation no. 2016/679 (hereinafter “GDPR”) relating to the protection of data of natural persons, wishes to inform you of how it processes information relating to your personal data.
This policy applies to the processing of personal data of Merchants who act as merchants adhering to the community, but also as consumers of the services provided by the Owner (hereinafter “User” or “Interested”), as part of the registration and use process of all services provided through the MitGate application (hereinafter the “App”) and the website https://mitgate.com (hereinafter the “Site”) as a merchant (therefore for the management of payments and orders) and as a consumer (therefore to access the App services and make payments with the available channels).
- WHO ARE WE ?
The data controller is MitGate S.R.L with headquarters in Corso di Porta Vittoria 18 – 20122 Milan (MI), email: privacy@mitgate.com
- WHICH CATEGORIES OF DATA DO WE TREAT?
- Personal data provided by the User
To become part of the Mitgate community, upon registration you will be asked to enter the following data:
- As a “trader”, you will be asked to provide personal data such as, for example, name, surname, email, telephone number and VAT number which will be stored by MitGate;
- In any case, after the registration phase, in order to use some services as a merchant or consumer, additional personal data may be requested such as, for example, municipality of residence, address, tax code, IBAN code or other information relating to the transaction. (PAN code), date of birth.
- User location data collected via GPS and electronic POS devices. These data can only be collected when the application is active if you have activated the use of geo-location services.
It should be noted that the recognition and authentication system for the execution of access and operations, including payment, does not save and / or record and / or store any information relating to the sample and biometer model of the interested party, but uses the features of the operating system in use without using the biometric data of the same (data that remain in the availability of the operating system).
- WHAT IS THE PURPOSE OF THE TREATMENT AND THE LEGAL BASIS?
| Why do we process your data? Is the provision mandatory? What happens if you don’t provide the data? |
Legal Basis | Retention Time |
The provision of data is mandatory, as it is necessary for the execution of obligations arising from the contract. |
Contract of which the interested party is a party. | For personal data of use of the services, for 10 years from the registration of personal data. For personal registration data, as long as you do not ask to revoke your registration on the App.In the case of judicial litigation, for the entire duration of the same, until the terms of enforceability of the appeals are exhausted. |
| For the fulfillment of legal obligations, regulations and / or national and European legislation as well as for the fulfillment of provisions issued by the authorities legitimated by the law and / or by supervisory and control bodies. | Fulfill legal obligations to which the owner is subject. | For the duration of the contractual relationship and, after termination, for 10 years, as an ordinary prescription of contractual liability, unless otherwise specified by law or by sector regulations. In the case of judicial litigation, for the entire duration of the same, until the terms of enforceability of the appeals are exhausted. |
| Technical cookies: Technical cookies allow certain sections of the site to function correctly. They allow the main functions to be used and the connection to be protected, they maintain session identifiers and store information relating to authentication. Without these cookies, some or all of the site’s features may not be usable. | Contract of which the interested party is a party. | Valid for the browsing session up to a maximum of 12 months. |
| For promotional activities of the Owner relating to the Services of MitGate or other merchants participating in the community: with specific consent, Mitgate communicates promotions and offers by sending advertising material, with automated contact methods (e-mail, other communication systems, including online via communication networks such as, by way of example and not limited to: sms, push notifications and social networks – Whatsapp, Facebook, Instagram) and traditional (paper mail, calls via operator), having evaluated the benefits that the User / Consumer can enjoy belonging to the target segment of the aforementioned promotional campaigns. The provision of data is optional. MitGate will not transfer your personal data to third parties, including other merchants participating in the community. |
Consent. It is specified that the consent can be revoked freely and at any time, without affecting the lawfulness of the treatments previously carried out. | 24 months for promotions and offers according to the sending of advertising material.
In the case of judicial litigation, for the entire duration of the same, until the terms of enforceability of the appeals are exhausted. |
| For purposes related to the analysis of statistics and spending trends, including through localization data (profiling). MitGate analyzes the purchase data, the data relating to the geographical position and the data relating to the volume of spending, to offer services and promotions consistent with the preferences of the Users / Consumers.
With specific consent, MitGate carries out data profiling to determine habits and preferences, also in order to propose advertising messages and / or commercial proposals in line with the choices made by the Users / Consumers themselves. The provision of data is optional . |
Consent. It is specified that the consent can be revoked freely and at any time, without affecting the lawfulness of the treatments previously carried out. | Personal data, including location data: 12 months for profiling.
In the case of judicial litigation, for the entire duration of the same, until the terms of enforceability of the appeals are exhausted. |
| With specific consent, for location via GPS system and POS devices.
The provision of data is optional. |
Consent. It is specified that the consent can be revoked freely and at any time, without affecting the lawfulness of the treatments previously carried out. | |
| To ascertain, exercise or defend the rights of the Data Controller in the context of a complaint and / or out-of-court and / or judicial resolution, where necessary. | Legitimate interest. | For the entire duration of the complaint and / or out-of-court and / or judicial proceedings, until the expiry of the terms of enforcement of judicial protections and / or appeals. |
| Once the retention terms indicated above have elapsed, personal data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures. The data will be stored in the European territory. | ||
- MINORS
MitGate does not process the personal data of individuals under the age of 18, as better provided for in the general conditions of service.
- WHO WILL YOUR DATA BE COMMUNICATED TO?
Your data will be processed by MitGate employees and / or collaborators as data processors and referents.
Your data may be processed by trusted companies that carry out tasks of a technical and organizational nature on our behalf as well as companies that provide IT services for the management of the App and / or Site and maintenance of the server, where the User’s data reside. .
These companies are direct collaborators of MitGate and perform the function of data controller.
Your data may also be disclosed to third parties, independent data controllers, and specifically to companies of the MitGate group, companies, associations or professional firms that provide assistance and advice, public authorities if it is required or obliged to do so by law.
In particular, due to the legal obligations imposed by Article 5 of the Decree of the Ministry of Economy and Finance dated January 13, 2022, your personal data including operations will be transmitted quarterly to the OAM licensed body. According to Article 7 of the aforementioned Decree, The OAM adopts the same data protection measures established by the GDPR, more details can be found at https://www.organismo-am.it/privacy-policy
Your data will not be disseminated.
- WILL YOUR DATA BE TRANSFERRED OUTSIDE THE EU?
Your personal data will not be transferred to countries outside the European Union.
- WHAT ARE YOUR RIGHTS?
By contacting the Data Controller by email privacy@mitgate.com, you have the right to obtain, in the cases provided for by the Regulations, access to data concerning you, their cancellation, correction of inaccurate data, integration of incomplete data, the limitation of the processing, the portability of their data as well as the opposition to processing. For the purposes pursued with prior consent, you have the right to withdraw consent at any time without prejudice to the overall lawfulness of the processing.
You also have the right to lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or the one that carries out your duties and exercises its powers in the Member State where the violation, as required by art. 77 of the GDPR, as well as to take the appropriate judicial offices pursuant to art. 78 and 79 of the GDPR.
