This Notice is provided pursuant to article 13 of Regulation (EU) 2016/679 (the "Regulation" or "GDPR") to anyone accessing or browsing the following websites:
The Notice describes the way in which the Personal Data of visitors to the Company’s Websites and of users of the related services is managed. This policy solely regards the above Websites and excludes any other website that may be visited whilst browsing (e.g., via any links redirecting visitors).
2. The data controller
The data controller is Mundys, with its registered office at Pizza San Silvestro 8, 00187 Rome. As data controller, Mundys will process the Personal Data provided through the Websites in accordance with the requirements of the applicable data protection legislation and this Policy.
3. Types of data processed and purposes of processing
“Personal Data” means any information – including any online identifier, or identification number – relating to a directly or indirectly identified or identifiable natural person, in this case as a result of them browsing the Controller’s Websites (“Data”).
During use of the Websites, the Controller may gather Data either indirectly (e.g., by tracing the device’s IP address or URL when monitoring use of the Website) or directly (e.g., when you voluntarily enter Data into an online form or, where possible, create a profile on the Website). In this second case, processing will be covered by a notice specifically drawn up and provided from time to time by the Controller and to which reference should be made for further details.
When browsing the Websites, information about the visitor may be acquired in the following ways:
3.1. Registration data
The information requested during registration will be used to allow access to online areas and services and to ensure correct implementation of all the activities connected with or instrumental to the provision of services. Moreover, since registration is a prerequisite for accessing online services, customers' Personal Data – once the service has been chosen and after further information has been provided – will be processed only for purposes connected with and/or which facilitate provision of the chosen service.
3.2. Browsing data
During their normal operation, the computer systems and software applications used to run the Company’s Websites acquire certain data whose transmission is implicit in the use of internet communication protocols.
This category of data includes IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment. These data are only used to obtain anonymous statistical information regarding use of the website and to check its correct functioning, and are stored for the periods set out in the relevant legislation.
Whether gathered directly or indirectly, the data referring to you may be processed by the Controller to carry out the activities involved in management and administration of the Websites or to improve the browsing experience and used to ascertain responsibility in the event of hypothetical computer crimes detrimental to the website.
Cookies are packages of information sent by a web server (e.g., the Website) to your internet browser, which automatically stores them on your computer and automatically sends them back to the server each time you access the site.
By default, almost all web browsers are set to automatically accept cookies. Visitors can set their computer's browser to accept or reject all cookies, or display a warning each time a cookie is proposed so that they can decide whether or not to accept it. However, users can change the default configuration and disable (i.e., permanently block) cookies by setting the highest level of protection.
4. Connection to and from third-party websites
From these Websites it is possible to connect via links to other websites relating to Mundys and/or Mundys Group companies or third parties.
The Controller of the website disclaims any responsibility for any management of Personal Data by third-party websites or for the management of any authentication credentials provided by them.
5. Providing data
Apart from the above specifications regarding registration data, users are free to provide any data necessary for requests for clarification and/or information that they wish to send to Mundys. Please note that failure to provide such data may make it impossible to obtain the service requested.
As well as for the above-mentioned service purposes in accordance with the details given by the user when registering for the newsletter, such data, including email addresses, may be used for marketing purposes, only if the user has given specific and prior consent, where necessary.
6. How Data is processed and security measures
Personal Data will be processed by means of computer and telematic tools. Data processing will be carried out by means of tools and/or methods aimed at ensuring the confidentiality and security of the data. In this regard, Mundys uses protocols, checks and procedures to ensure that your data remains confidential, and is continuously committed to the adoption, in accordance with art. 32 of the GDPR, of specific technological and organisational measures to protect data against the risk of losses, illegal or incorrect use and unauthorized access.
7. Storage times
Personal data will be processed for the purposes connected with and/or instrumental to the provision of online services, or simply for browsing on the Websites, for the time strictly necessary to achieve the purposes for which the data was collected.
Where there is a contractual relationship with Mundys, your Personal Data will be held and processed for the entire duration of the contract and, in any event, for a period of 10 years following termination of the contract. After this period, the data will be cancelled, unless we are required to continue to hold such data in order to comply with specific legislation or Authority requirements or in relation to the management of disputes, complaints or legal actions.
8. Data subjects’ rights
For legitimate and well-founded reasons, and consistent with any existing legal and contractual obligations, data subjects may exercise the rights granted by Regulation (EU) 2016/679 in articles 15 et seq. of the Regulation. This can be done by writing to the Data controller at the above address or to the email address firstname.lastname@example.org, specifying the subject of the request and the reasons for which the data subject intends to exercise their rights.
Please note that, under existing legislation, data subjects have the right:
- to request that their data be updated, amended, added to, removed or converted into anonymous form and block the processing of any data processed in breach of the law, including data no longer needed for the purposes for which it was collected;
- to be informed of the reasons for which the data is processed and the related procedures and purposes;
- to receive the data in a structured, commonly used electronic format;
- to withdraw any consent given for the processing of their data at any time and object to, in full or in part, the use of such data.
Furthermore, in the manner and within the limits provided for by the Regulation, Mundys grants you the right to lodge a complaint with the Data Protection Authority and to exercise the other rights granted to you by existing legislation.
9. Data transfer
Your Data may be transferred to Mundys external providers of website maintenance and development services and, in general, IT services or to specifically appointed data processors and, where such a communication is possible or required by law, communicated to other organisations and/or public bodies within the European Economic Area, who will process the data for their own purposes as independent data controllers.
Your Data may also be transferred to third-party companies outside the European Economic Area to whom the Controller outsources technology services.
Any transfers of Personal Data to countries outside the EU not covered by a European Commission adequacy decision will only be possible where the controllers and processors involved have provided suitable contractual guarantees (e.g., standard contractual provisions) in conformity with the security measures provided for in the Regulation.
10. Final provisions
The Controller reserves the right to amend and/or revise this notice. You will be informed of any amendment, addition or revision in compliance with the legislation in force, including by way of publication of such changes on Mundys website.