Who we are
When carrying on its business, Massive Interactive Media Limited (Company number 07800208) of 4th Floor, 21 Stephen Street, London W1T 1LN, United Kingdom, which is part of Deltatre Group (hereinafter the “Company” or “Deltatre”), pays particular attention to the security and confidentiality of your Personal Data.
Which personal data may be collected
The following categories of Personal Data relating to you may be collected (the term "Personal Data" shall mean all the categories listed below, considered as a whole):
- IP address – it is the numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It gives information about the host and the interface identification and on your location.
- Your location – information relating to the location from which you access the mtribes Help Centre.
How we collect your personal data
We collect and process your personal data when you access the website, during the browsing session, and when you use the mtribes Help Centre.
For what purposes can your personal data be used?
The processing of personal data must be justified by one of the legal bases established by existing data protection regulations, as described below.
a) Operational management and strictly related purposes, for access to the website and/or when you use our services.
We collect your data to allow you to access the site, to provide you with the services and any required assistance.
Legal basis for the processing: performance of a contract.
The provision of data is obligatory to enable us to allow you to access the website, to use our services, and to assist you; in the absence of the data, we will be unable to proceed.
b) Marketing to meet your needs or to inform you of promotions concerning products and/or services similar to the ones already required by you.
Deltatre may process your Contact data for marketing and advertising purposes, to inform you of promotional sales and/or initiatives via automated means of contact (email, SMS and other mass communication tools, etc.) and traditional contact methods (e.g. by telephone), such as for market research and statistical surveys, concerning products and/or services that you could reasonably expect to receive on the basis on your relationship with the controller and, in particular, concerning products and/or services similar to the ones already required by you.
Legal basis for the processing: Company’s legitimate interest to improve the communication and the relationship with you, especially by providing information with regard to product/services similar to the ones already required by you, that you would reasonably expect to receive.
c) To assess and patch any weakness and vulnerability in our systems and products.
We consider the security of our systems and products as a priority in our business.
Therefore, we encourage researchers across the globe to report to us any vulnerability or security issues they’ve discovered according to our Coordinated Vulnerability Disclosure Policy.
In this case, Deltatre will process your contact data (name and surname, email address) to receive and share information with you.
Legal basis for the processing: Company’s legitimate interest both to protect its own systems and products from vulnerability and weaknesses and to ameliorate its services and products
d) To inform you about company news, which may include, for example, product updates, press releases, interviews and release notes.
Basis for the processing: Your explicit consent to receive the company newsletter. Without your consent, we will not send you the newsletter. Your consent to receive it can be withdrawn at any time. The withdrawal of your consent shall not affect any other possible relationship between you and the company.
e) Compliance with legally-binding requests by the legal authorities to discharge obligations of law, regulations, or provisions.
We collect your personal data to comply with legal obligations.
Legal basis for the processing: Legal obligations, to which the Company must comply.
How we keep your personal data safe
The Company has established a wide range of security measures to improve protection and keep the security, integrity, and accessibility of your personal data.
All your personal data is stored on our secure servers (or on secure paper copies) or on those of our suppliers or commercial partners and may be accessed and used based on our standards and our security policies (or equivalent standards for our suppliers or commercial partners).
The security measures we have adopted include:
- Severe restrictions on access to your personal data, based on necessity and solely for the purposes communicated
- Perimeter security systems to prevent unauthorized external access
- Permanent monitoring of access to IT systems to identify and stop the misuse of personal data
- Tracking of access to your personal data by internal personnel and verification of the related purpose
- Using encrypted means via Secure Socket Layer (SSL) technology for transactions on our website that require the entering of personal data
Where we have provided you with (or you have chosen) a password to allow you to access our website, application, or services, you are responsible for keeping this password secret and for complying with any other security procedure we inform you of. Please do not share your password with anyone.
How long do we store your information?
We will keep your personal data only for the length of time necessary to achieve the purposes for which they were collected or for any other related and lawful purpose. Therefore, if your personal data are processed for two different purposes, we will keep the data until the lengthier purpose is achieved. However, we will cease to process the personal data collected for the purpose whose retention period has expired.
We limit access to your personal data to only those individuals who need to use them for the appropriate purposes.
When your personal data is no longer required, or when there is no longer any legal precondition for keeping them, they will be irreversibly anonymized (and in such a way may be stored) or securely destroyed.
The retention periods relating to the different purposes described above are indicated to follow:
a) Operational management and strictly-related purposes for access to the website: data processed for these purposes may be kept for the duration of the contract and in any case no longer than the subsequent 10 years.
b) Marketing to meet your needs or to inform you of promotions concerning products and/or services similar to the ones already required by you: data processed for marketing purposes may be kept for 24 months from the date on which you provided such data (except where you decline to receive further communications); for profiled marketing purposes, data will be kept for 12 months.
c) To assess and patch any weakness and vulnerability in our systems and products: we will keep your data for the time necessary to manage and patch the vulnerability/issue discovered starting from the moment we became aware of it and, in any case, for a period not longer than two years.
d) Company newsletter: data processed for this purpose may be kept for 24 months from the date on which you provided your consent, except where you decline to receive further communications, or however freely withdraw your consent: in this case, your personal data will be deleted without undue delay and, at last, within one month of receipt of your request.
e) In the event of disputes: should it be necessary for us to defend ourselves or take action or bring claims against you or third parties, we may keep the personal data we deem reasonably necessary for such purposes, for the length of time it takes to pursue the claim.
Who we can share your personal data with
Your Data may be accessed by duly authorized employees and by external suppliers, appointed, if necessary, as data processors, who support us in providing services.
For the purposes of performance of contractual obligations, as described above in point a), and if such obligations necessarily require the involvement of another Deltatre Group company, your personal data may also be accessed by other Deltatre Group companies.
Please contact us email@example.com if you would like to see a list of the data processors or other entities to which we communicate data.
International data transfer
As a globally active company, in order to carry out some processing activities, Deltatre may transfer your personal data to third parties located in countries that do not belong to the European Union (EU) or to the European Economic Area (EEA) (“Third Countries”).
Any transfer of personal data to Third Countries will be carried out according to applicable law. Where personal data are not transferred to Third Countries on the basis of an adequacy decision of the European Commission, standard contractual clauses approved by the European Commission will be adopted, possibly supplemented by additional measures, where necessary, to ensure that the level of protection is essentially equivalent to that guaranteed within the EU.
You can write to Deltatre at any time, contacting us at the e-mail address firstname.lastname@example.org, asking information about the entities that will receive your personal data and a copy of the safeguards adopted for the transfer, by contacting us at the e-mail address email@example.com.
Your personal data protection rights and your right to lodge a complaint before the supervisory authorities.
On certain conditions, you are entitled to request:
- access to your personal data
- a copy of the personal data you have provided to us (‘portability’)
- the adjustment of data in our possession
- the deletion of any data for which the legal precondition for processing no longer exists
- to deny processing for direct marketing purposes
- to revoke your consent, in cases where the processing is based on consent
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you performed by the controller where the processing is based on the legitimate interest. The objection to processing shall be sent to the following address: firstname.lastname@example.org.
The exercising of the above rights is subject to certain exceptions that are intended to safeguard the public interest (e.g. the prevention or identification of crimes) and our interests (e.g. maintaining professional secrecy). Should you wish to exercise any of the above rights, we will check that you are entitled to do so and will usually respond within one month.
We endeavour to respond to any complaints or reports concerning the methods used to process your data. Nevertheless, should you wish, you may forward your complaints or reports to the authority responsible for data protection using the following contact details:
Garante per la protezione dei dati personali
Certified email address: email@example.com
The contact details for Deltatre, in its capacity as Data Controller, and the Data Protection Officer (DPO) are the following: firstname.lastname@example.org and DPO@deltatre.com. We have also local points of contact email@example.com; firstname.lastname@example.org; email@example.com.