Customer privacy
Information on the processing of personal data collected from the data subject
This information notice provides the necessary information regarding the processing of personal data provided by clients and suppliers who are individuals and by persons acting in the name and on behalf of legal entities, pursuant to Article 13 of Regulation (EU) 2016/679. It also provides information on personal data protection and the security measures adopted to ensure confidentiality in full compliance with the applicable regulations.
1. DATA CONTROLLER
The Data Controller, pursuant to Articles 4 and 24 of Regulation (EU) 2016/679, is Mondialtex Srl, with registered office at Via Dolomiti, 70 – 37132 Verona (VR), VAT No. 02487840239. The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
2. OBJECT OF THE PROCESSING
The data subject to processing is collected directly by the Company and/or through third parties specifically appointed for this purpose, from the data subjects and/or from third parties, also through the distance communication techniques used by the Company. The Data Controller processes personal, identification, and non-sensitive data (in particular, name, surname, tax code, VAT number, email, phone number – hereinafter, "personal data" or simply "data") provided by you at the beginning of commercial relationships with the Data Controller.
3. PURPOSE OF THE PROCESSING
Your personal data will be processed:
A. Without your express consent (Article 6(b), (e) GDPR), for the following Service Purposes:
• Concluding contracts for the services of the Data Controller;
• Fulfilling pre-contractual, contractual, and fiscal obligations arising from relationships with you;
• Complying with obligations established by law, regulation, EU legislation, or an order from the Authorities (such as anti-money laundering regulations);
• Exercising the Data Controller's rights, for example, the right to defense in court.
B. Only with your specific consent (Article 7 GDPR), for the following Marketing Purposes:
• Sending you via email newsletters, commercial communications, and/or advertising material on products or services offered by the Data Controller. Please note that if you are already our client, we may send you commercial communications regarding services and products of the Data Controller similar to those you have already used, unless you object.
For the same purposes, personal data and contact details (personal data, business emails, business phones, work smartphones, etc.) of your administrators, employees, and collaborators who manage and/or execute the contract in relation to their tasks and assignments may also be processed.
4. METHODS OF PROCESSING
The processing of your personal data is carried out through the operations indicated in Article 4(2) GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is processed both in paper form and electronically and/or automatically. The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above and, in any case, for no longer than 10 years after the termination of the relationship for Service Purposes and no longer than 2 years from data collection for Marketing Purposes.
5. ACCESS TO DATA
Your data may be made accessible for the purposes referred to in Article 3.A) and 3.B):
• To employees and collaborators of the Data Controller, in their capacity as persons in charge of processing and/or internal data processors and/or system administrators;
• To third-party companies or other entities (e.g., software houses, credit institutions, professional firms, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
6. DATA DISCLOSURE
Without your express consent (Article 6(b), (c) GDPR), the Data Controller may disclose your data for the purposes referred to in Article 3.A) to Supervisory Bodies, Judicial Authorities, and all other entities to which the communication is mandatory by law. Your data will not be disseminated.
7. DATA TRANSFER
The management and storage of personal data will take place on servers located at the Data Controller's premises and/or third-party companies appointed and duly designated as Data Processors. Data will not be transferred outside the European Union.
8. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data for the purposes referred to in Article 3.A) is mandatory. In their absence, we cannot guarantee the requested Services. The provision of data for the purposes referred to in Article 3.B) is optional.
9. DATA SUBJECT'S RIGHTS
As a data subject, you have the rights set forth in Articles 7, 15, and 22 of the GDPR, specifically:
• Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
• Obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the Data Controller, data processors, and the representative designated pursuant to Article 3(1), GDPR; e) of the entities or categories of entities to whom the personal data may be communicated or who may learn about them as designated representatives in the territory of the State, data processors, or persons in charge;
• Obtain: a) the updating, rectification, or, when interested, integration of data; b) the erasure, transformation into anonymous form, or blocking of data processed in violation of the law, including data that does not need to be stored for the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, also with regard to their content, to those to whom the data was communicated or disseminated, except where such compliance proves impossible or involves a manifestly disproportionate effort compared to the protected right;
• Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for conducting market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and/or traditional marketing methods by telephone and/or paper mail. Please note that the right of objection of the data subject, set out in point b) above, for direct marketing purposes through automated methods extends to traditional methods and that the data subject's right to object may also be exercised only in part. Therefore, the data subject can decide to receive only communications by traditional means or only automated communications, or neither type.
Where applicable, you also have the rights set out in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
10. EXERCISING DATA SUBJECT RIGHTS
You can exercise your rights at any time by sending:
• A registered letter with return receipt to Mondialtex Srl – Via Dolomiti, 70 – 37132 Verona (VR)
• Or an email to info@mondialtex.it