Privacy policy

Privacy Policy for the Investor Relations newsletter pursuant to art. 13 of EU regulation 2016/679 (General Data Protection Regulation - "GDPR")

1) IDENTITY OF THE DATA CONTROLLER
MUNDYS SpA (hereinafter "Mundys" or "Data Controller"), with its registered office at Piazza San Silvestro 8, 00187 Rome

2) DATA CONTROLLER'S CONTACT INF0RMATION
•    Email: privacy@mundys.com
•    Address: Piazza San Silvestro 8, 00187 Rome.

3) PERSONAL DATA COLLECTED
Identification and/or contact data

Data are provided by users via the web form posted on Mundys website in the "Investor - Mailing list" section.

4) PURPOSE OF PROCESSING
1)    Manage the newsletter containing corporate communications, including regular reports on Company performance (e.g. integrated annual report, financial reports, etc.).
2)    Send out invitations to specific events and other Company information

5) LEGAL BASIS OF PROCESSING
Consent

6)PERSONAL DATA STORAGE TIMES
Until withdrawal of consent, and in any event no later than forty-eight (48) months from the provision of consent
The retention time may be extended in the event of legal or disciplinary action and to enforce Mundys' rights. In such event, your personal data will be retained for the duration of the proceedings, until they are concluded and all time limits for appeals have expired.

7) HOW DATA IS PROCESSED AND SECURITY MEASURES
Data may be processed by technological and/or paper methods and through suitable IT tools (e.g. software, hardware, applications, etc.). In this regard, Mundys has controls and procedures in place to ensure the confidentiality of your data, and is constantly committed to adopting, pursuant to art. 32 of the GDPR, specific technological and organisational measures to protect data against the risk of loss, unlawful or incorrect use and unauthorised access.

8) RECIPIENTS AND CATEGORIES OF RECIPIENT OF PERSONAL DATA
In order to pursue the stated purposes of processing, personal data may be transferred to various entities, including: 
•    third parties contractually linked to the Data Controller, who in certain cases will act as data processors or autonomous data controllers;
•    judicial authorities and/or public bodies, at their express request and/or by virtue of the law, during investigations and checks in their capacity as autonomous data controllers.
•    Other Group companies.
A full list of recipients of Data Subjects' Personal Data, including further details on the location of such recipients, is kept at the Data Controller's head office and may be consulted on request.

9) TRANSFER OF PERSONAL DATA
Your personal data will essentially be processed within the European Union. In the event that it is necessary to transfer your data to third parties located outside the European Economic Area (EEA) for specific processing management purposes, such transfer will only take place where the European Commission has confirmed an appropriate level of data protection in the third country or where there are adequate data protection safeguards in place (e.g. EU standard contractual clauses for the transfer of data to third countries).

10) DATA SUBJECT RIGHTS
With regard to the Data Controller, Data Subjects may at any time exercise their rights as provided for in Articles 15 et seq. of the GDPR, in relation to the processing of their personal data, such as, for example, right of access, correction, deletion, restriction of and opposition to processing by sending an email request to privacy@mundys.com.

11) RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
If you believe that your personal data have been processed unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority (https://www.garanteprivacy.it/).

12) PROVISION OF PERSONAL DATA
With regard to purposes 1 and 2, processing of your data is optional and subject to your providing free and express consent, although it is mandatory if you wish to subscribe to and receive the Newsletter. If you fail to provide the requested data, or give partial or incorrect information, you will be unable to subscribe to and receive the Newsletter.

13) AUTOMATED DECISION-MAKING PROCESS
Personal data collected will not be subject to an automated decision-making process.