INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF THE EUROPEAN GENERAL DATA PROTECTION REGULATION 2016/679 – “GDPR”

Data Controller:

Mozzone Building System – Via Torino, 272 – 12038 – Savigliano (CN) Tel. +39 0172 371115 VAT Number: IT 03359510041
e-mail – contact details	info@mozzonebs.it

This information notice aims to explain how the Data Controller collects, uses and stores your personal data. For the purposes of this notice, “personal data” means any information relating to an identified or identifiable natural person; “processing” means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

1. SOURCE OF PERSONAL DATA AND CATEGORIES OF DATA:

Your personal data are collected through the website https://www.mozzonebs.it and, in particular, through the forms available on its pages.

The personal data processed are:

• identification data (first name, last name, company name, etc.);
• contact details (physical and electronic addresses);

2. PURPOSES AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA:

The Data Controller mainly processes your personal data to fulfil pre-contractual and legal obligations:

• for the purpose of collecting any requests for information regarding products / services / company from the user; legal basis for processing: pre-contractual / contractual;
• for the purpose of evaluating any unsolicited application submitted through the “work with us” form; legal basis for processing: pre-contractual / contractual;
• for carrying out all activities instrumental and ancillary to the main ones and in any case necessary to pursue the purposes indicated above (such as, by way of example, data recording, processing, storage, consultation and retention);

The processing of personal data for the aforementioned purposes (contractual and pre-contractual) is necessary; therefore, any refusal will result in the failure to respond / provide the service by the Data Controller.

Finally, the Data Controller may process your personal data on the basis of its legitimate interest in ensuring the security and confidentiality of the processing carried out, also taking into account voluntary compliance regulations, including ISO standards adopted by the Data Controller, as well as in fulfilment of further legal obligations, when it carries out:

• the control and monitoring of hardware and software systems, applications and IT tools used for the processing of personal data; and also when
• it implements procedures for detecting and notifying personal data breaches.

3. CATEGORIES OF RECIPIENTS: to whom may the data be disclosed?

For the purposes set out above, your personal data may be disclosed to entities, including external ones, which provide commercial, marketing, technical services (for example IT services, server farms, cloud services for the operation and maintenance of the IT platform), staff supply services and to other companies of the Mozzone Group on behalf of the Data Controller. These providers are appointed as Data Processors.
The complete list of Data Processors is available at the Data Controller’s offices and may be consulted upon explicit request.
Furthermore, your data may be disclosed to the competent authorities in order to comply with legal or regulatory obligations, including those of EU origin, and with provisions issued by authorities legally entitled to do so or by supervisory and control bodies or in the public interest.

4. TRANSFER OF DATA ABROAD AND OUTSIDE THE EU: Can your data be transferred abroad? Also outside the European Union? The Data Controller processes data within the European Union or in third countries for which the European Commission has issued an adequacy decision or where appropriate safeguards exist.
   
   
5. DATA RETENTION PERIOD: How long are your data retained?

• Information / quotation requests: 2 years;
• Job applications: 1 year.

Once the retention periods have expired, the data will be deleted or may be anonymised and stored in anonymous form solely for statistical purposes.

6. PROFILING: No profiling activities are carried out.

7. DATA SUBJECT RIGHTS: What are your rights in relation to the processing of your data? You may exercise the following rights:

• Right of access to stored data, which implies the right to obtain confirmation as to whether or not personal data concerning you are being processed;
• Right to rectification of data if you believe that the data are incomplete or inaccurate;
• Right to erasure, which may be exercised if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if the data subject objects to the processing, if the personal data have been unlawfully processed, or if the personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject;
• Right to restriction of processing, which may be exercised when the data subject contests the accuracy of the personal data, for the period necessary for the Data Controller to verify their accuracy, when the processing is unlawful and the data subject opposes erasure and requests restriction of use instead, when the Data Controller no longer needs the personal data for processing purposes but they are required by the data subject for the establishment, exercise or defence of legal claims, or when the data subject has objected to processing pending verification of whether the legitimate grounds of the Data Controller override those of the data subject;
• Right to data portability, meaning the right for the data subject to receive personal data concerning them in a structured, commonly used and machine-readable format and to transmit those data to another controller, provided that the processing is based on consent or a contract, the data have been provided by the data subject and the processing is carried out by automated means;
• Right to object and withdraw consent: for reasons relating to your particular situation, you may object at any time to the processing of your personal data where it is based on legitimate interest, by sending your request to the Data Controller at the addresses indicated below. You have the right to have your personal data erased if there is no overriding legitimate reason in relation to the reason that gave rise to your request.

The aforementioned rights may be exercised by submitting a written request to the Data Controller using the contact details provided above.

You also have the right to lodge a complaint regarding the processing of your data with the Italian Data Protection Authority (https://www.garanteprivacy.it).