This notice is provided pursuant to article 13 of EU Regulation no. 679/2016 - General Data Protection Regulation (hereinafter "Regulation" or "GDPR") to anyone browsing the following websites:
The notice describes the way in which the Personal Data of visitors to the Websites and of the users of their services is managed. This Policy solely regards the Websites and excludes any other website to which visitors may be redirected via any links present within the Websites (ex. Redirect links).
The data controller and the Data Protection Officer
The data controller (the “Controller”) is Mundys SpA, with its registered office at Piazza San Silvestro 8, 00187 Rome. As data controller, Mundys SpA will process the Personal Data provided through the Websites in accordance with the requirements of the applicable data protection legislation and this Policy.
As the data controller, Mundys has identified and appointed a Data Protection Officer (DPO) in accordance with articles 37-39 of the Regulation. The DPO may be contacted at the following email address: DPO@mundys.com,
Types of data processed and purposes of processing
“Personal Data” means any information – including any online identifier, or identification number – relating to a directly or indirectly identified or identifiable natural person, in this case as a result of them browsing the Controller’s Websites (“Data”).
During use of the Website, the Controller may gather Data either indirectly (e.g., by tracing the device’s IP address or URL when monitoring use of the Websites) or directly (e.g., when you voluntarily enter Data into an online form or, where possible, create a profile on the Websites). In this second case, processing will be coveted by a notice specifically drawn up and provided from time to time by the Controller and to which reference should be made for further details.
When browsing the websites, information about the visitor may be acquired in the following ways:
3.1 Registration data
The information requested during registration will be used to allow access to online areas and services and to ensure correct implementation of all the activities connected with or instrumental to the provision of services. Moreover, since registration is a prerequisite for accessing online services, customers' Personal Data – once the service has been chosen and after further information has been provided – will be processed only for purposes connected with and/or which facilitate provision of the chosen service.
3.2 Browsing data
During their normal operation, the computer systems and software procedures used to run this website acquire certain data whose transmission is implicit in the use of internet communication protocols.
This category of data includes IP addresses or domain names of the computers used by users connecting to the websites, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment. These data are only used to obtain anonymous statistical information regarding use of the website and to check its correct functioning, and are stored for the periods set out in the relevant legislation.
Whether gathered directly or indirectly, the data referring to you may be processed by the Controller to carry out the activities involved in management and administration of the Website or to improve the browsing experience and used to ascertain responsibility in the event of hypothetical computer crimes detrimental to the website.
Cookies are packages of information sent by a web server (e.g., the Websites) to your internet browser, which automatically stores them on your computer and automatically sends them back to the server each time you access the site.
By default, almost all web browsers are set to automatically accept cookies. Visitors can set their computer's browser to accept or reject all cookies, or display a warning each time a cookie is proposed so that they can decide whether or not to accept it. However, users can change the default configuration and disable (i.e., permanently block) cookies by setting the highest level of protection.
Connection to and from third-party websites
From these websites it is possible to connect via links to other websites relating to Mundys and/or Mundys Group companies or third parties.
The Controller of the website disclaims any responsibility for any management of Personal Data by third-party websites or for the management of any authentication credentials provided by them.
Optionality of providing data
How Data is processed and security measures
Personal Data will be processed by means of computer and telematic tools. Data processing will be carried out by means of tools and/or methods aimed at ensuring the confidentiality and security of the data. In this regard, Mundys uses protocols, checks and procedures to ensure that your data remains confidential, and is continuously committed to the adoption, in accordance with art. 32 of the GDPR, of specific technological and organisational measures to protect data against the risk of losses, illegal or incorrect use and unauthorized access.
Personal Data will be processed for the purposes connected with and/or instrumental to the provision of online services, or simply for browsing on the Websites, for the time strictly necessary to achieve the purposes for which the data was collected.
Where there is a contractual relationship with Mundys, your Personal Data will be held and processed for the entire duration of the contract and, in any event, for a period of 10 years following termination of the contract. After this period, the data will be cancelled, unless we are required to continue to hold such data in order to comply with specific legislation or Authority requirements or in relation to the management of disputes, complaints or legal actions.
Data subjects’ rights
For legitimate and well-founded reasons - consistent with any existing legal and contractual obligations incumbent on the Data Controller - data subjects may exercise the rights recognised by the Regulation in articles 15-22 (i.e., right of access to Personal Data, right of rectification, cancellation, limitation of processing, portability of Personal Data, opposition) by writing to this email address: DPO@mundys.com. The email must specify the subject of the request and the reasons for exercising the right.
Furthermore, in the manner and within the limits provided for by the Regulation, subjects have the right to lodge a complaint with the Data Protection Authority.
Your Data may be transferred to Mundys’s external providers of the Websites maintenance and development services and, in general, IT services or to specifically appointed data processors and, where such a communication is possible or required by law, communicated to other organisations and/or public bodies within the European Economic Area, who will process the data for their own purposes as independent data controllers.
Your Data may also be transferred to third-party companies outside the European Economic Area to whom the Controller outsources technology services.
Any transfers of Personal Data to countries outside the EU not covered by a European Commission adequacy decision will only be possible where the controllers and processors involved have provided suitable contractual guarantees (e.g., standard contractual provisions) in conformity with the security measures provided for in the Regulation.
The Controller reserves the right to amend and/or revise this notice. You will be informed of any amendment, addition or revision in compliance with the legislation in force, including by way of publication of such changes on Mundys SpA’s website.