Privacy policy in compliance with GDPR 679/2016

About MDisputes

MDisputes is a privately owned company which supports private and public organizations in the prevention and management of international commercial disputes. Moreover, MDisputes organizes training programs to increase performance and reduce costs of conflicts, further to provide pro-bono support to Governments on legislative reforms and access to justice improvement.

1. MDisputes Privacy Statement

The purpose of this Privacy Policy is to inform you of the procedures regarding the collection, use and disclosure of information on the Mdisputes website, including any mobile versions or related mobile applications, collectively called MDisputes Sites, accessible on: www.mdisputes.com Mdisputes encourages you to carefully read this Privacy Policy.

The data controller is MDisputes S.r.l., with registered office in Via di Mezzo, 36 – 50121 Firenze, email: info@mdisputes.com

By visiting the MDisputes Sites and providing information to MDisputes, you acknowledge that you have been informed and you consent to the Privacy Policy, including with regard to the use and disclosure of personal information which may be collected when you contact MDisputes, subscribe to MDisputes email alerts and newsletters, when you register for events,  trainings or platforms, or when you request any other products and services provided by MDisputes in accordance with the purposes detailed in section 3. If you do not wish your personal information to be used by MDisputes in the manner set out in this Privacy Policy, please do not provide us this information.

2. Nature of information collected

2.1. Personal data that you provide voluntarily or that we receive through referrals

In order to receive MDisputes newsletters or information about MDisputes products and services, to contact MDisputes for any questions or comments, to request MDisputes products and services, or to register for MDisputes events, trainings or platforms, you may choose to provide some personal information.

The categories of personal information that MDisputes may collect for the processing purposes described hereto are:

Identification data such as family name, first name;

Demographic data such as country of residence;

Professional data such as organization, job title, activity, main area of interest;

Contact data such as, email address and mobile phone number.

MDisputes will ensure that personal data collected from you are strictly necessary for the purposes described in section 3 below.

2.2. Personal data that we collect automatically

When you visit our website or open our news alerts or newsletters, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area (“EEA”), this information may be considered Personal Data under Applicable Data Protection Laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained in section 9 below.

3. Purposes of Data Processing

MDiputes will only use your personal data where permitted to do so by applicable law. Under GDPR, the processing is lawful only if and to the extent that one of the following legal basis applies:

Consent: you have given consent to our use of your information. You may withdraw your consent through unsubscribe link.

Contract performance: your information is necessary to enter into or perform a contract with you.

Legal obligation: your information is necessary to comply with our legal obligations

Legitimate interests: your information is necessary to pursue a legitimate interest

Our legal basis for collecting and using your information described below will depend on the personal data concerned and the specific contact in which we collect it.

MDisputes, MDisputes affiliates or processors on their behalf, may use the collected personal information:

To administer and perform our services – including to carry out our obligations arising from them.

The legal basis is contract performance, legitimate interest, consent or legal obligation.

To engage with you in MDisputes projects and activities.

The legal basis is legitimate interests, consent or contract performance.

For communication or marketing purposes – we can send news alerts, newsletters, emails, or other communications relating to products and services that may be of interest. We will provide an option to unsubscribe or opt out of further communications.

The legal basis is consent.

To process and respond to your questions and/or inquiries.

The legal basis is legitimate interests.

To facilitate use of websites or platforms.

The legal basis is legitimate interests, consent or contract performance.

4. Data retention

MDisputes will retain your personal data only for as long as it is necessary to complete the operations for which data has been collected or until you request to no longer receive communications from us, in accordance with applicable laws and regulations.

When you submit an enquiry to MDisputes via our “Contact Us” form, an email is sent directly to our secure email server. The details of your enquiry may be stored by MDisputes in our email archives.

5. Transfer of data

For the purposes mentioned in section 3, as a global organization, MDisputes may need to transfer and process your personal information in a country other than your country of residence and/or outside of the European Union, to/in countries which may have different data protection laws.

In this case, MDisputes will put in place appropriate and adequate operational, organizational, procedural, and technical measures to ensure the security and confidentiality of your personal data.

6. Security

Protecting your privacy and your personal information is a priority for MDisputes. Thus, MDisputes has taken reasonable measures to protect your personal information from loss, misuse and alteration. However, please be aware that no data transmission over the Internet or storage technology can be guaranteed to be 100% secure. MDisputes can only take steps to help reduce the risks of unauthorized access to information/data. Each individual using the Internet user can also take steps to help protect his/her personal information and is encouraged to do so to further minimize the likelihood that a security incident may occur.

7. Your rights

Right to request access, rectification, erasure, restriction processing, object to the processing, portability

The collected information is necessary for your registration and, more generally, for the purposes described in section 3. It is subject to data processing at MDisputes or their processors, when appointed. In application of the European Regulation on the protection of natural persons with regard to the processing of personal data and of the free movement of such data (General Data Protection Regulation “GDPR”) you will benefit from the right to access, rectification, erasure, restriction processing, object to the processing, portability. If you wish to exercise these rights and obtain all relevant information, please contact us at dataprotection@mdisputes.com

In which circumstances can you exercise your rights with MDisputes?

Right of access

1. You have the right to obtain from the controller, confirmation as to whether or not your personal data is being processed, and, where that is the case, access to your personal data and the following information:


i. the purposes of the processing;
ii. the categories of personal data concerned;
iii. the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
iv. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
v. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
vi. the right to lodge a complaint with a supervisory authority;
vii. where the personal data is not collected from you, any available information as to it source;
viii. subject to the conditions provided by the GDPR, the existence of automated decision-making.

2. Where personal data is transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies you may request, the controller may charge a reasonable fee based on administrative costs.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)

1. You shall have the right to obtain from the controller the erasure of personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:


i. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
ii. you withdraw your consent;
iii. you object to the processing on grounds relating to your particular situation including profiling and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing;
iv. the personal data has been unlawfully processed;
v. the personal data has to be erased for compliance in accordance with European Union or Italian law.

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of the personal data.

3. The right to erasure shall not apply to the extent that processing is necessary for:i. exercising the right of freedom of expression and information;


ii. compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
iii. the establishment, exercise or defence of legal claims.

Right to restriction of processing

1. You shall have the right to obtain from the controller restriction of processing where one of the following applies:

i. you contested the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
ii. the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of its use instead;
iii. the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
iv. you have objected to processing on grounds relating to your particular situation including profiling pending the verification of whether the legitimate grounds of the controller override yours.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

3. When you have obtained restriction of processing pursuant to paragraph 1, you shall be informed by the controller before the restriction of processing is lifted.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.

Right to data portability

1. You shall have the right to receive personal data which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

i. the processing is based on consent; and
ii. the processing is carried out by automated means.

2. In exercising your right to data portability pursuant to paragraph 1, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of your right to data portability shall be without prejudice to the right of erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right to data portability shall not adversely affect the rights and freedoms of others.

Right to object

1. You shall have the right to object, on grounds relating to your particular situation, at any time to processing which is based on legitimate interests. The controller shall no longer process your personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

2. Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4. At the time of the first communication with you, the right referred to in paragraphs 1 and 2 shall be explicitly brought to your attention of the data subject and shall be presented clearly and separately from any other information.

Right to object to automated individual decision-making, including profiling

1. You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

2. This right shall not apply if the decision:

i. is necessary for entering into, or performance of, a contract between you and the data controller;

ii. is authorised by European Union or Italian law and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

iii. is based on your explicit consent.

3. In the cases referred to in sub-paragraph (i) and (iii) above, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

Right to unsubscribe

If you no longer wish to receive communications from MDisputes, you may opt out by cancelling your subscription on the MDisputes Site by sending an email to dataprotection@mdisputes.com

Right to lodge a complaint with Italian supervisory authority

Autorità Garante per la Protezione dei dati personali: https://www.garanteprivacy.it/

9. Cookies Policy

9.1. Types of cookies

9.1.1 Technical cookies

Technical cookies allow us to improve your browsing and to provide you with all the services offered by the website.

9.1.2 Analytical Cookies

Analytical cookies allow us to analyze how you browse the Website in order to help us improve your browsing experience.

9.1.3 Profiling cookies

Profiling aims to analyze your way of browsing the Website, your habits, your purchases and your behavior in order to offer you commercial communications in line with your preferences.

9.2 Purpose and cookies used by the Website

The technical cookies used by our Website (Google cookies) are used to make and facilitate your navigation and to provide you and allow you to use the services of the Website.

Analytical cookies used by our Website (Google cookies) are used to analyze and monitor the way in which the Website is used (for example, the number of accesses and pages viewed), for statistical purposes and to allow us to make improvements to the Website in terms of operation and navigation.

For any further information on Google cookies, please visit the following links:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

https://policies.google.com/privacy

Profiling cookies are used to analyze your way of browsing the Website, your habits and your behavior in order to offer you communications in line with your preferences. The provision of data, with the exception of those collected through technical cookies, is optional.

9.3 How to check and delete cookies

Technical cookies operate by default and shall not be accepted by you, serving the functioning of the site.

Analytical and profiling cookies operate only with your authorization. You can consent to the use of cookies by clicking on the “Accept all” button directly from the Banner or manage your preferences for each cookie indicated by clicking on “Cookies settings”.

You can then disable cookies at any time also by manually changing the configuration of your browser, as follows:

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9

Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

If you are using a web browser not listed above, please refer to your browser’s documentation or online help for more information. Users are warned that the Owner acts as a mere technical intermediary for the links shown in this document and cannot assume any responsibility in the event of any changes.

You will find more information on Cookies, including how you can understand what the cookies have set on your device, and how you can manage and delete them, by accessing the following link: www.aboutcookies.org.

10. Links to Other Sites

The www.mdisputes.com site may contain links to or from a number of third party websites (hereinafter referred to as “Third Party Sites”). MDisputes does not, in any way, control or operate the Third Party Sites. MDisputes is not responsible for the privacy practices, content, policies or actions of the Third Party Sites. This Privacy Policy is only applicable to general information processed by the MDisputes Sites, pursuant to information collected on MDisputes Sites. The use of any information you may provide to third parties on Third Party Sites, or which such parties may otherwise collect on other websites, is not governed by this Privacy Policy.

11. Social Networks

Social media plug-ins of social networks such as Facebook and LinkedIn or services with user-generated content features are integrated into the MDisputes Sites. Where the MDisputes Sites contain a plug-in to a social network site, these are clearly marked (e.g. with a Linkedin button). If you choose to click on one of these buttons or links, your browser connects directly to the servers of the relevant social network. The other website’s privacy policy applies to any personal information you provide to that website. If you do not want the social network to collect the information about you, please review the privacy policy of the relevant social network and/or log out of the relevant social network before you visit the MDisputes Site.

12. Intellectual Property (IP) / Content

All content displayed on the MDisputes Sites, including but not limited to, text, graphics, logos, buttons, icons, images, sounds, audio clips, digital downloads, data compilations and software, is the property of MDisputes or its content suppliers and is protected by the Italian and/or foreign applicable laws.

Registered trademarks that appear on the MDisputes Sites are the property of their respective owners.

You are prohibited from using, without permission, any of the marks, trademarks, trade names, service names, logos or other proprietary graphic appearing throughout the MDisputes Sites.

13. Updates to Privacy Policy

To the extent permitted by applicable law in your jurisdiction, MDisputes may, from time to time, revise or update this Privacy Policy. You agree to be bound by such modifications or updates. If we make material revisions to the way we collect or use your personal information such that we are using it for purposes that you have not consented to, we will notify you of the changes and, as the case may be, ask for your explicit consent.

Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Internet, accessible through the MDisputes Sites. By continuing to use the MDisputes Sites following such changes, you will be deemed to have agreed to such changes.

Last updated 07/06/2021