DATA CONTROLLER
Microfinanza Rating Srl
Registered office: Via Rigola 7, 20159 Milan (Italy)
PURPOSE AND METHODS OF DATA PROCESSING
Data are collected and used to allow navigation of the site and for statistical purposes, as well as for further purposes specified below. The personal data provided by Users who request the performance of services and/or request information through the use of specific forms found in the various sections of the site, are used for the purpose of processing requests, without prejudice to the possibility of their use for additional purposes and subject to the express consent of the Data Subject. Also applicable are purposes related to the management of contractual relationships, payments, interaction with social networks and external platforms, as well as for the display of content residing on external platforms, rather than in connection with participation in events/workshops, etc. organised, also in partnership with third parties, by the company.
Data are processed using automated tools (e.g. using electronic procedures and media) for the time strictly necessary to achieve the purposes for which they were collected and, in any case, in accordance with the relevant statutory provisions. Specific security measures are observed to prevent loss, unlawful and/or incorrect use and/or unauthorised access.
TYPE OF DATA PROCESSED and LEGAL BASIS
Browsing data: the computer systems and software procedures used to operate the institutional website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is collected anonymously and cannot be associated with identified data subjects. This category of data includes the IP addresses or domain names of the computers used by Users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the response given by the server (e.g. successful, error, etc.) and other parameters relating to the User’s IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation; it is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site. The legal basis for the processing of such data is the consent given when the User consults the site. For the acquisition of consent in relation to the use of cookies, see the dedicated ‘cookies’ section.
Data provided voluntarily by the User:
The optional, explicit and voluntary sending of data via web forms (e.g. forms) and/or the use of e-mail at the e-mail addresses indicated at the corporate website entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data contained in the message. In addition, the data subject gives his or her e-mail address for subscription to the company newsletter, by flagging his or her consent, which, in any case, can always be revoked by him or her by contacting the addresses indicated in the ‘Data Subjects’ Rights’ section. The legal basis for the processing is a voluntary request by the data subject and, therefore, falls under the heading “Execution of a contract or pre-contractual measures”. The form is sent only after the obligatory ticking of the appropriate box in the dedicated sections.
Within the ‘Atlas Platform’ owned by Microfinanza Rating S.r.l, there is the management of the account and access to the Atlas platform, communications related to information services and evaluation reports as well as statistical analysis on the use of the platform. The access data, provided by Microfinanza Rating S.r.l., are modified when the user logs in for the first time.
With regard to the personal data provided and/or acquired through modalities other than the website constitute the legal basis:
The Controller may also legitimately collect Personal Data without the involvement of the data subject by drawing on sources provided by third parties, in accordance with the legal bases described.
Should the Data Controller have collected Personal Data in such a way, the User may request specific information from the Data Controller regarding the sources and, in any case, the Data Controller will take care to indicate this in the information notice that, for various reasons and where due, it will issue to the Data Subject for the specific case.
It is, however, always possible to request the Data Controller to clarify the specific legal basis referring to each processing operation.
OPTIONALITY OF PROVIDING DATA
Apart from that specified for navigation data, the User is free to provide personal data to request the services offered by the Controller. Failure to provide them may make it impossible to provide the requested service.
PLACE OF DATA PROCESSING
The data collected are processed at the Data Controller’s head office as well as, in some cases, at external data processors indicated as necessary from time to time. In particular, the data on this site are stored within the WordPress system and securely transmitted to the Data Controller’s email accounts.
PERIOD OF STORAGE
Data are processed and stored for the time required by the purposes for which they were collected. In particular:
The above, unless the data is used for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period the data shall be deleted.
LINKS TO OTHER WEBSITES AND BANNERS
This Privacy Policy refers exclusively to the institutional website(s) pertaining to the domain mf-rating.com and the atlasdata.org platform of MICROFINANZA RATING SRL. The site contains links to third party websites, over which the Owner has no form of control. The Owner is therefore in no way responsible for the processing of personal data that Users may access while browsing other sites. Advertisements and/or commercial information relating to third parties (companies or individuals) may also appear on the company’s institutional site(s). The Owner has no control over such banners and over the processing of personal data possibly carried out by third-party advertisers.
RIGHTS OF INTERESTED PARTIES (Art. 11 and 12 European Regulation D. Lgs. 679/2016)
The subjects to whom the personal data refer have the right to obtain, at any time, confirmation of the existence or non-existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification. In particular, according to:
Art. 15 c. 3 Right of access – The User has the right to access and receive a copy of the personal data being processed. This right may also be granted by direct, remote and secure consultation of his personal data;
Art.16 Right of rectification – Considering the purposes of the processing, the User has the right to obtain the integration of incomplete personal data, also by providing consistent statements;
Art. 17 Right to Cancellation – The Data Subject has the right to obtain from the Controller the cancellation of personal data concerning him/her, in the cases provided for in letters a) – f) and with the exceptions referred to in c. 3, including the obligation on the part of the Controller to inform other controllers handling the personal data cancelled of the request for cancellation, including any link, copy or reproduction (c.2);
Art. 18 Right of restriction of processing – The User has the right to obtain the restriction of processing when the cases referred to in points a) – b) occur;
Art. 20 Right to data portability – The User has the right to data portability for the data provided;
Art. 21 Right to object – The User has the right to object, at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of these provisions.
In addition, the right to lodge a complaint with the supervisory authority is unaffected, also with reference to Articles 141-144 of Legislative Decree 101/2018.
In order to exercise your rights, you may contact the Data Controller using the contact details above or send an email to the Data Protection Officer by writing to: dpo@mf-rating.com
Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact details.
Update: 9 September 2025