Metacase undertakes to process all personal data, in the context of its activities, in accordance with EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to respect for the processing of personal data and the free movement of personal data.
To this end, Metacase undertakes to:
- Collect only data from holders, and only those strictly necessary for the performance of their commercial activity and Human Resources Management (in the case of holders who are employees of Metacase);
- Whenever legally required, collect, directly and in advance, the informed consent of the data subject, obtaining their authorization for use in the company’s business environment;
- Do not share data of holders with other entities;
- Communicate to the data subject, in accordance with the legislation in force, any anomalous situation that has occurred and that poses significant risks to their fundamental rights and freedoms.
Cumulatively, Metacase assures data subjects that they are:
- Object of lawful, fair and transparent treatment;
- Collected for specific, explicit and legitimate purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are treated;
- Kept only for the period necessary for the purposes for which they are treated;
- Treated in a way that ensures your safety, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Metacase also ensures the following rights to data subjects:
- access to the personal data collected concerning them and to exercise this right with ease;
- rectification, destruction or opposition to the processing of your personal data;
to know and be informed of the purposes for which the personal data are processed, the period during which the data are processed, the identity of any recipients, the logic underlying the possible automatic processing of personal data and, at least when based on the definition of profiles, of their consequences;
- to receive the personal data concerning you, in a structured format, in current use, of automatic reading and interoperable (capable of being read and processed by any organization), for transmission to another responsible person;
- to complain to Metacase about any situation that you consider to be anomalous, regarding the protection of your personal data or your privacy.
For the exercise of rights by data subjects, as well as for other issues related to the protection of personal data, Metacase has designated an element of the organization to perform the functions of “Data Protection Officer”, whose responsibility is to ensure that the technical and organizational measures necessary for the effective and efficient protection of personal data and maintenance of the privacy of the holders are implemented and are subject to continuous improvement.
It is also up to the Data Protection Officer:
- Promote the integration of technical and organizational measures, in the context of data protection and privacy, in the company’s policies, processes and procedures;
- Promote the execution of awareness-raising actions on the matters in question, for Metacase employees or relevant third parties;
- Supervise the processing of any anomalous situation with a negative impact on the fundamental rights and freedoms of data subjects;
- Promptly promote the execution of access validation processes assigned to users of the company’s information and communication systems;
- Promote the performance of audits, internal or external, on a regular basis in order to validate compliance with the rules established for data protection and privacy and compliance with the regulation;
- To be the sole contact element between the company and the Local Data Protection Authority and between the former and the holder of personal data.
Metacase employees are responsible for complying with and enforcing this policy on privacy and protection of personal data and other rules and regulations in force on this matter, as well as reporting any weakness or anomalous situation with an impact, even if potential, on fundamental rights and freedoms of data subjects.
All employee violations of the rules established in this regulation will be dealt with (if applicable) in the competent disciplinary and/or criminal scope.
The Metacase Data Protection Officer can be contacted via email email@example.com.