This policy applies exclusively to the website Mosaico S.r.l., not to other websites that may be accessed by users through links.
Mosaico S.r.l., with registered offices at Via E. Jenner 4, 20159 Milan (MI), Italy (the “Company”) is the Data Controller, pursuant to Articles 4, n. 7) and 24 of the GDPR, of the processing of the personal data collected through this website.
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, even if not stored in a database, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Company therefore informs you, as Data Subject, that according to Articles 13 and 14 of the GDPR will process said data for the purposes indicated below, manually and / or with the support of IT or telematic means.
- PURPOSES OF THE DATA PROCESSING
The Data are processed in compliance with the GDPR provisions, for the following purposes:
• SURFING INFORMATION: While the IT systems and software procedures adopted to run this website are performing their routine tasks and functions, they acquire certain personal information which is implicitly transmitted while using Internet communications protocols. The information that falls under this category is: IP addresses, the type of browser used, the operating system, the domain and website addresses used to access or exit the website, information on the pages within the website visited by the user, the time the user accessed the website, how long the user remains on each page, an internal route analysis and other parameters about the user’s operating system and IT environment. This technical/IT information is collected, consolidated and used completely anonymously. These data are processed with the aim of allowing and controlling a correct use of this website, as well as of collecting anonymous statistical information on its use, and will be cancelled immediately after the processing.
• INFORMATION SUPPLIED VOLUNTARILY BY THE USER. Data that may be voluntarily supplied by the user are processed only to the extent the user grants his/her consent to the processing and for the following purposes: o PROVISION OF SERVICES: To access certain services offered by this website, such as registering for courses, conventions or seminars, downloading of software, or saving projects and product calculations , the visitor will be asked to register to the website and, therefore, create a personal account. When registering to the website, the visitor will be asked to voluntary supply certain personal information by completing a registration form such as first name, surname, home address, email address, mobile and/or landline phone number, sector of work and job title. Lastly, the optional, explicit and voluntary sending of emails to the addresses indicated on this website will lead to the sender’s personal information being acquired (example: first name, surname and email address). Personal information supplied voluntarily is to create a user account and for other purposes strictly necessary for, and/or connected to, the supply and correct administration of the services requested, as well as to answer questions formulated by the user, on a casual basis, through the website, by email or by any other communications system available
– MARKETING. To send emails with our newsletter or other informative materials and for promotional and/or marketing purposes.
– PROFILING. For profiling purposes correlated to market researches and statistical analysis. This category also includes activities connected or correlated to the profiling of users to identify their tastes, preferences, habits, needs and choices to improve the quality of the services provided by the Mapei Group companies.
- COMMUNICATION OF THE DATA
Data may be processed by employees and collaborators of Mosaico S.r.l. or companies of the Mapei Group as “persons in charge of the processing” (i.e., persons who, under the direct authority of the Controller or Processor, are authorised to process personal data, as provided for in Article 4, number 10 and 29 of the GDPR) and Data Processors. Data may also be processed by trusted companies providing, on behalf of Polyglass S.p.A. or of the Mapei Group companies, technical and organizational services. These companies are direct collaborators of Polyglass S.p.A. or of the Mapei Group companies and are appointed as Data Processors. Their list is constantly updated and is available, upon request, by sending a communication to the above mentioned address or an email to email@example.com
- NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF THE REFUSAL
DATA PROCESSED FOR PROVIDING SERVICES OFFERED ON THE WEBSITE
To access certain services offered by the website (such as registering for courses, conventions or seminars, downloading of software, or saving projects and product calculations), the supply of personal information is necessary. The refusal to supply said information will render Mosaico S.r.l. unable to provide the service required.
DATA PROCESSED FOR MARKETING PURPOSES
To proceed with the processing for marketing purposes Mosaico S.r.l. obtains a specific, separate, expressed, documented, preventive and optional consent.
By giving the consent to the processing for marketing purposes, the Data Subject specifically acknowledges the promotional, commercial and marketing purposes (included the consequent administrative and managing activities) and expressively allow the processing (the means used for the process could be: call with operator or other non-electronic means, not telematics or not supported by automatic, electronic or telematics mechanisms and / or procedures and where the means used for the process are email, fax, sms, mms, automatic systems without operator and similar, including electronic platforms and other electronic means) according to art. 6, paragraph 1, letter (a) of the GDPR.
A refusal to provide the consent to the processing for marketing purposes will not determine any consequence regarding the execution of a contract, business relationship, or other relationship with the user. T
he Data Subject is free to give the consent to further communications to third parties that would proceed processing for marketing purposes. In case of a refusal to provide the consent to further communications to Third Parties that would proceed processing for marketing purposes, the consequence will be that there will be no communication and the data will be processed solely and exclusively by the Company, where the Data Subject has given consent to the treatment for marketing purposes.
DATA PROCESSED FOR PROFILING PURPOSES
It is possible that for marketing purposes and to improve the Services, the Company carries out data processing through “profiling”. For such processing, and for the purpose of complete information, reference is made to the definition in art. 4, paragraph 1, n. (4) of the GDPR, that define “profiling” as “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person”.
To proceed with the profiling activity Mosaico S.r.l.obtains the previous and specific consent of the Data Subject.
In case of a refusal to provide the consent for profiling activities, the consequence will be the impossibility for the Company to proceed with the aforementioned processing. The Data Subject is free to give the consent to the marketing purposes and not to the profiling activities and/or to further communications to third parties that would proceed to profiling activities. In case of a refusal to provide the consent to the profiling activities and/or to further communications to third parties that would proceed to profiling activities, the consequence will be that there will be no profiling activities by the Company and communication to third parties and the data will be processed solely and exclusively by the Company, where the Data Subject has given consent to the treatment for marketing purposes. The data that are subjects to profiling activities will not be object to any disclosure.
GENERAL PROVISIONS I
n any case, even if the Data Subject has given consent to authorize the Company to pursue all the purposes aforementioned, he/she will remain free at any time to revoke it.
As provided for in Article 21 of the GDPR, the Data Subject has the right to object at any time to processing of personal data concerning him or her for the above purposes. In such a case, the personal data shall no longer be processed for said purposes.
- TRANSFER OF THE PERSONAL DATA TO NON-EEA THIRD COUNTRIES
The collected and processed data may be transferred for the above-mentioned purposes outside the European Economic Area (i.e., member States of the European Union, together with Norway, Iceland and Liechtenstein) to:
– Third party providers of IT services and/or data storage, also cloud-based.
– Mapei Group companies.
The data are transferred only in compliance with data protection laws and where the means of transfer provides adequate safeguards in relation to the data, for example:
– by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
– by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
– transferring the data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
– where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in the interests of the data subject for the purposes of that contract; or
– where the data subject has consented to the data transfer.
- DURATION OF THE PROCESSING OF DATA
All personal data are collected and registered in a lawful and fair manner and for the purposes described above. Data are processed also with the help of IT systems and databases on terms which are consistent with said purposes in order to ensure their security and confidentiality.
The personal data will be stored in compliance with the principle of proportionality in such a way as to allow the identification of the Data Subject and until the purposes of the processing have been pursued.
- DATA CONTROLLER AND DATA PROCESSORS
The Data Controller is: Mosaico S.r.l., Via E. Jenner 4 20159, Milan (MI), Italy
As mentioned above, data may also be processed by trusted companies that provide, on behalf of Polyglass S.p.A. or of the Mapei Group companies, technical and organizational services. These companies are direct collaborators of Polyglass S.p.A. or of the Mapei Group companies and are appointed as Data Processors. Their list is constantly updated and is available, upon request, by sending a communication to the above mentioned address or an email to firstname.lastname@example.org
- RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 13, paragraph 2, letters (b) and (d), 14, paragraph 2, letters c) and e), 15, 16, 17, 18, 19 20 and 21 of the GDPR, the Data Subject has the right to:
- a) request to the Company access to the persona data, their rectification or erasure, the limitation of the processing, or to object to their processing;
- b) the portability of the data;
- c) to file a claim with the Authority for the protection of personal data, in accordance with the procedures and indications available on the official website of the Authority www.garanteprivacy.it.
Any rectification, erasure or limitation of the processing made on request of the Data Subject – unless impossible or requiring an unreasonable effort – will be notified by the Company to those to whom the personal data have been communicated. The Company may communicate their names to the Data Subject, if so requested by the Data Subject.
The exercise of rights is not subject to any form of constraint and is free. To exercise the rights, the Data Subject may contact the Data Controller by sending a notice to the above mentioned address or an e-mail to email@example.com.
For a concrete and prompt implementation of the Data Subject rights under Articles 15 to 31 of the GDPR, and in accordance with Article 12 of the GDPR; the Company has adopted appropriate measures to provide all required information and communications in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Company also undertakes to provide the information in writing or by other means and, when requested by the Data Subject, also orally, provided that the identity of the data subject is proven by other means.
The Company shall also provide the Data Subject with information on the action taken on a request under Articles 15 to 21 of the GDPR. The Company shall provide the response without undue delay and, in any event, within a reasonable time, taking into account the complexity and number of the requests.
If the Company does not take action on the request of the Data Subject, the Company shall inform the Data Subject without delay of the reasons for not taking action and on the possibility of lodging a complaint with the Authority for the protection of personal data and seeking a judicial remedy.
- SOCIAL MEDIA PLUG-INS
- LINKS TO THIRD PARTY WEBSITES
From this website, it is possible to connect directly to other third party websites through dedicated links. The holder of this website declines all responsibility for the way personal information is administered and managed by third party websites and the management of authentication credentials supplied by third parties.