MONGE & C. S.P.A. – hereinafter the “Data Controller” – with headquarters in Via Savigliano 31 – 12030 Monasterolo di Savigliano (CN), TAX ID CODE/VAT NO. 00182160044, as the Data Controller, pursuant to Art. 13 of the EU Regulation no. 2016/679 wishes to inform you that your data will be processed according to the principles established by the GDPR (General Regulation on EU Data Protection 2016/679), i.e. in compliance with the principle of lawfulness, correctness, transparency, purpose limitation and retention, minimization of data, accuracy, integrity and confidentiality.
1. OBJECT OF THE PROCESSING AND SOURCE OF THE DATA PROCESSED
The data being processed is navigation data, as well as personal data, mainly identification and contact data.
These data are provided spontaneously by the data subject during visits to the premises or phone calls, request for quotes or proposals of offers, previous transactions, direct contacts to participate in events, interactions through the company website (filling in the Contact form, registration for events/seminars and registration to the news service and events promoted by Mondo Monge).
2. PURPOSE AND LEGAL BASIS OF THE PROCESSING
Personal data voluntarily provided by you will be processed for the purposes indicated below.
With regard to navigation data: allow the user to browse the website of the Data Controller; perform statistical searches/analysis on aggregated or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the operation, traffic and interest of the Website itself; fulfil legal obligations to which the Data Controller is subject.
As for personal data:
- Execute the sales contract in order to fulfil contractual obligations, including the exchange of information and the management of negotiations;
- Manage the business relationship, including warranty services, payment management, accounting, auditing, invoicing and collection and related support services;
- Send communications concerning news and events promoted by Mondo Monge in order to stay up to date.
The data is collected and processed on the basis of the contract or in the execution of pre-contractual measures pursuant to points (a) and (b) and on the basis of the legitimate interest of the Data Controller in accordance with point c).
With reference to the sending of communications concerning news and events, the data subject may object to the processing at any time.
3. COOKIES POLICY
4. DISTRIBUTION AND COMMUNICATION OF DATA
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation.
The data is communicated to the recipients to the extent strictly necessary in relation to the aforementioned purposes. They may be communicated to workers who work for the Data Controller; in particular, based on the roles and duties performed, some of them have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given. They may also be communicated, within strictly necessary limits, to companies belonging to the business group and to external parties working with the Data Controller, in particular to those who provide services for the management of the information system used and for the operation of the Website. Finally, they may be communicated to the persons entitled to access them under the provisions of the law, regulations, and community regulations.
5. TRANSFER OF DATA
The Data Controller does not transfer personal data to third countries or international organisations.
6. DATA PROCESSING AND STORAGE METHODS
The processing and storage of data may take place at the operational headquarters of the Data Controller or in any other place where the parties involved in the processing are located.
The processing will be carried out in an automated and/or manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by processors authorized to do so in compliance with the provisions of Article 4 and the principle of accountability of the GDPR.
The Data Controller keeps and processes personal data for the time necessary to fulfil the indicated purposes or to carry out what has been requested by the user. Subsequently, the personal data will be stored and not further processed, for the time established by the current provisions on the matter.
7. RIGHTS OF THE DATA SUBJECT
Pursuant to the GDPR 2016/679 the data subject has the right of access (Art. 15), right of rectification (Art. 16), right to cancellation (Art. 17), right to restriction of processing (Art. 18), right to portability (Art. 20), right to object (Art. 21), right to object to the automated decision-making process (Art. 22), the right to lodge a complaint with the supervisory authority of the state of residence (Art. 77).
In order to assert their rights, the data subject may contact the Data Controller, possibly using the specific form made available on the website, at the email address email@example.com.
The data subject is required to specify the subject of his request, the right he intends to exercise and to attach a photocopy of an identity document that certifies the legitimacy of the request.
8. REFUSAL TO PROVIDE DATA
The data subject may not refuse to provide the Data Controller with the personal data necessary to comply with the laws governing commercial transactions and taxation; therefore, refusal to provide such data will prevent order processing.
With regard to the data provided when filling in the Contact forms, registration for events/seminars and registration to the promoted news and events service, the data subject may refuse to communicate them to the Data Controller, since the provision is optional. However, filling in the indicated fields is essential to be able to receive the requested news and to be able to process the requests received.
9. AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not carry out processing which consists of automated decision-making processes on the data.
10. DATA CONTROLLER
The Data Controller is MONGE & C. S.P.A. based in Via Savigliano 31 – 12030 Monasterolo di Savigliano (CN). The Data Controller guarantees the security, confidentiality and protection of personal data in their possession, at any stage of the processing of the same.
The updated list of internal and external Managers is available from the Data Controller.
The Data Controller will publish the updated version of this deed on the Website, and from that moment it will be binding: the data subject is therefore invited to visit this section regularly.