Privacy Policy

MRIGHTS s.r.l., with its registered office at Via San Bernardino 1, 20122 Milan (Italy), VAT Number 12672740961, Tel. 0240320950, in its quality of the personal data controller (“the Controller” or “MRIGHTS”) informs you (“Data Subject”) – according to EU Regulation 2016/679 (“GDPR”) – that your personal data will be processed with the mechanisms and for the purposes set forth below.

1. What is being processed?
Personal data collected directly from the Data Subject
The Controller processes the personal data (such as, first name, surname, State and place of birth, citizenship, date of birth, fiscal code/VAT number, address of residence and/or address of domicile, telephone number, email address, information for payment) that you provide us with:
  • upon entering into or executing the Contract for the services rendered and the activities carried out by MRIGHTS;
  • by filling in the Form available in the “Catalogue” section contained in the Controller’s website.
Personal data collected through your use of MRIGHTS website
In the normal course of operation of the Controller’s website, the IT system and the relative procedures - enabling the functioning itself - acquire some personal data whose transmission is implicit in any communication protocol.
This information is not gathered to be associated with identified Data Subjects, but because of its own nature, it could indeed enable the identification of users through elaboration and association with data kept by third parties.
This category of data may include the IP addresses or the domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the response status given by the server (successful, error, etc.) as well as other parameters relating to the operating system and the user’s IT environment.
Such data are used only to obtain anonymous statistical information on the website’s use and to control its proper functioning and are erased immediately after elaboration. Such data could also be used to ascertain liability in case of hypothetical IT crimes to the detriment of the website. Browsing data will be kept for 26 (twenty-six) months.
Detailed information about our Cookie Policy can be found in the Cookie Policy.

2. Legal basis and purposes of the processing
Your personal data are processed for specific purposes and on these legal bases:
  1. As necessary to perform the Author’s/Producer’s Contract you signed with us, in particular for the following purposes (“Service-related Purposes”):
    • To sign contracts for the services rendered by MRIGHTS;
    • To comply with pre-contractual, contractual and fiscal obligations deriving from the relationship with you.
  2. On grounds of the legitimate interest of the Controller, for the following purposes (“Communication-related purposes”):
    • To send – via email, mail and/or text message and/or contact details – newsletters and commercial information regarding the services rendered by MRIGHTS, if similar to those already offered to you within the framework of the Contract;
    • To display your personal data – strictly limited to name and surname – on the Controller’s website to indicate the list of the represented rightsholders;
  3. at the time of filling the form available in the “Catalogue” section contained in the Controller’s website, for the purpose of allowing the Controller to contact you to receive information (“Contact purposes”).
  4. To exercise the rights of the Controller and to comply with legal obligations laid down by law, regulation, EU legislation or by measure issued by a public authority.
With reference to the browsing data, please read what provided for in the above “Personal data collected through your use of MRIGHTS website” section.

3. Methods of Processing
Your personal data are processed – in conformity with GDPR’s provisions and the national legislation – with the following operations: collection, recording, organization, storage, consultation, adaptation, alteration, selection, retrieval, alignment, use, combination, restriction, disclosure, erasure or destruction.
Your personal data are processed both in paper and in electronic form.
Since MRIGHTS provides its services by means of advanced IT systems – in the interests of the rights held – the personal data processing may be carried out with partially automated methods which do not exclude the human intervention on the part of the controller. In case of disagreement with such methods of processing, you have the right to express your opinion and to challenge the decision taken with the procedures as per point 9. In such case, however, MRIGHTS may not guarantee the Services described in point 2.A).
MRIGHTS will process your personal data for no longer than is necessary for the purposes as per point 2., but, in any case, for the “Service-related Purposes” no later than 10 years after termination of the relationship, for the “Communication-related Purposes”, for the “Contact-related Purposes” no later than 2 years from the data on which the form is sent and according to the limits provided by law for the purposes under point 2.D).
With reference to the browsing data, please read what provided for in the above “Personal data collected through your use of MRIGHTS website” section.

4. Sharing of personal data
Your personal data may be shared for the purposes laid down in points 2. A) and 2. B):
  • With employers and collaborators of the Controller in charge of personal data processing and/or in their capacity of data processor;
  • With companies, entities and societies in general (such as other collecting societies) in charge – on a collective and/or individual basis – of managing neighboring rights and collecting money deriving from relevant exploitations of the repertoires of the Controller’s Mandators in their capacity of data processors or independent data controllers;
  • With third-party companies or other individuals carrying out outsourced services on behalf of the Controller in their capacity of data processors.
Personal data you provide with for the purposes as per point 2. C) will be indeed shared exclusively among those employers and collaborators of the Controller who are in charge of processing personal data.
With reference to the browsing data, please read what provided for in the above “Personal data collected through your use of MRIGHTS website” section.

5. Disclosure of personal data
The Controller may disclosure your personal data for the purposes as per points 2.A) and 2.D) to supervisory authority, judicial authorities, insurance companies for the provision of insurance services, as well as to those individuals to whom such disclosure is mandatory or allowed by law. Such individuals will process the data in their capacity of independent data controllers.
Other than what provided for in the previous paragraph, your personal data will remain confidential and it remains safe as specified for browsing data.

6. Transfer of personal data
In order to offer its services, MRIGHTS may transfer your personal data to third parties located in countries which are not members of the European Union. In such instances, MRIGHTS shall ensure that the transfer of your personal data is carried out in accordance with the national legislation and the GDPR.

7. Provision of your personal data and consequences of your refusal to provide them
The provision of your personal data is essential in order to perform the activities and services for the purposes as per points 2.A) and 2.D), since they constitute the core business of MRIGHTS and/or they are necessary for the compliance with legal obligations to which the Controller is subject or for the exercise of the Controller’s rights. Otherwise, we can’t ensure you such services and activities. 
The provision of your personal data is optional as per the purposes described in point 2.B). You can therefore choose not to provide the Controller with any of your personal data. In such instance, you may neither receive newsletters and commercial communications regarding the Services of the Controller nor being displayed in the roster of the our Mandators MRIGHTS’s Mandators available on the Controller’s website.
The above is without prejudice of the provisions laid down with regard to the Service-related purposes as per point 2.A).
The provision of your personal data is optional as per the purposes of point 2.C). However, should you choose not to provide your personal data, the Controller may not be able to supply you with the information you request by filling in the above-mentioned “Catalogue” form.

8. Rights of the Data Subject 
As Data Subject and in relation to your personal data, you are given the rights listed in Articles 15-22 of the GDPR, and precisely:

  1. Right to access to your personal data;
  2. Right to obtain the update, rectification or – when interested – completion of incomplete personal data;
  3. Right to obtain the erasure of personal data;
  4. Right to obtain restriction of processing;
    1. Right to object – in whole or in part - on legitimate grounds - to the processing of personal data, even if it is pertinent to the purpose of their collection; more precisely, you may object to the processing described under point (iii) above and, in such event, the Controller shall cease to process your personal data for such purpose within 30 days from the receipt of your request. Right to object to the processing with regard to Communication-related purposes may be exercised also in part, i.e. with regard to a single purpose of those mentioned under point 2.B) or to a single marketing process (email, traditional mail, SMS, telephone). 
  5. Right to data portability;
  6. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you;
  7. The right to lodge a complaint with the Authority for the protection of personal data ((Piazza Venezia n. 11, 00187 Roma; tel. 06.696771; fax 06.69677.3785; mail

You can exercise your rights at any time by sending a registered letter to MRIGHTS S.r.l. – via Sam Bernardino 1, 20122 Milano (MI). You can exercise your right to object by sending an email to 

9. Data Protection Officer – other persons in charge of processing
The Data Protection Officer - appointed by MRIGHTS – is Mr. Fernando Mantovani, reachable at any time: via email or via regular mail to MRIGHTS registered offices at via San Bernardino 1, 20122 Milano.
The updated list of controllers and of other persons in charge of personal data processing is kept at MRIGHTS’s registered offices.

10. Amendments and changes
This present regulation of personal data processing was updated on 20th February 2023. The Controller may amend or update its content at any time. Should the occurred amendments lead to substantial modifications in the processing or have a significant impact on Data Subjects, you shall be adequately notified by the Controller.