PRIVACY AND COOKIE POLICYPERSUANT TO ARTICLE 13 OF REGULATION 2016/679(GENERAL DATA PROTECTION REGULATION)

1. Introduction

This notice is intended specifically for our website www.monozukuri.eu and is provided in accordance with the General Data Protection Regulation 2016/679 (hereinafter “GDPR”), which lays down rules relating to the protection of natural persons (“Data Subjects”) with regard to the processing of their personal data and rules relating to the free movement of personal data, and with the EU national laws implementing or supplementing the GDPR. We refer to these regulations as “Data Privacy Laws”.

In compliance with the GDPR, MONOZUKURI hereby provides the necessary information for processing the personal data of those who visit and use our company website’s pages, as we determine the purposes and means of the processing of personal data (hereinafter also referred to as “Data Controller”).

To the extent that MONOZUKURI is deemed to be a data controller under Data Privacy Laws, this notice fulfils our obligation to provide the following information with regard to the processing of personal data of individuals who are named by the GDPR as “Data Subjects” (hereinafter also referred to as “you” or the “User”).

2. Data Controller

For the purposes of the GDPR, the Data Controller is MONOZUKURI S.P.A. (hereinafter also referred to as “we” and “the controller”) with registered office in Rome (Italy) Via Archimede 207, VAT no. IT13051051004 telephone number +39 0632803312 e–mail address: info@monozukuri.eu certified electronic mail: monozukuri@legalmail.it

3. Definitions

Key GDPR terms include:

  •  “Personal Data” and “Data subject”
    For the purposes of the GDPR, with “personal data” we mean any recorded information that is about you and from which you can be identified. It does not include data where your identity has been removed (anonymous data). Therefore, personal data mean any information relating to an identified or identifiable natural person (“data subject”).
  • “Identifiable natural person or individual”
    An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • “Special categories of personal data”
    Special categories of personal data mean information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Under article 9 of the GDPR, such special categories of personal data (Sensitive data) should not be processed, unless processing is allowed in specific cases set out in Data Privacy Laws such as in case of a subject’s explicit consent.
  • “Processing”
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Controller”
    Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • Processor”
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  •  “Recipient”
    A recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data.
  • “Third party”
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4. Data subjects

The protection afforded by the GDPR is intended to apply solely to individuals (“Data Subjects”), whatever their nationality or place of residence, in relation to the processing of their personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. Therefore, as a data controller, this notice applies to the information from or about individuals who visit or use our website (www.monozukuri.eu), and whose personal data we process in this capacity as required by Article 13 of the GDPR and the notice requirements set out in any other applicable Data Privacy Laws.

5. Types of processed data

This Notice describes how we handle and protect your personal data in connection with MONOZUKURI’s business activities in our capacity as a data controller.
This section is intended to inform you about the types of personal data that can be processed by using our website.
We are committed to respecting your privacy and protecting your personal data, which is any information that is capable of identifying you as an individual person.

5.a) Data provided voluntarily by the User

MONOZUKURI collects and processes personal data that the users provide voluntarily when interacting with the functionalities and services of our Site, such as, for example, when registering a contact form, requesting services or information, signing up for newsletter service, or for receiving customer satisfaction surveys, or when sending letters and e-mails to the addresses listed on the Site. In fact, the optional, explicit and voluntary sending of e-mails to the addresses mentioned on this website entails the subsequent acquisition of the senders’ address, necessary for the purpose of responding to their requests, as well as the acquisition of any other personal data included in the message.

When interacting with us or when using our site, you may voluntarily supply the following personal data:

Identity Data such as your first name and last name, job title, position and status within an organization, etc…;

Contact Data that include your postal and mail address, telephone numbers, fax number etc…;

We shall not collect and process special categories of personal data and personal data relating to criminal convictions and offences, as defined by the articles 9 and 10 of the GDPR.

The personal data collected by MONOZUKURI are adequate, relevant and limited to what is necessary for the purposes listed in this Notice.

With regard to the technical aspects and protocols, the types of data that can be processed are:

5.b) Navigation data

The computer systems and software procedures used to operate this website and to enable you to browse our website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected with the purpose to be associated with specific interested third parties, but they might, by their very nature, allow the user’s identification, through data processing and various associations with data held by third parties.

This category of data includes IP addresses or the domain names of the computers used by the Users in order to connect to the site, the addresses contained in the URI (Uniform Resource Identifier), notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.), and other parameters related to the operating system and the User’s IT environment.

These data can be used to ascertain the responsibility in case of hypothetical computer crimes against the site.

5.c) Cookies

Cookies are small text files that are sent from the visited website to the User’s device (usually to the browser), where they are mostly stored in order to recognize this device at the next visit. In fact, at every subsequent visit, cookies are re-sent to the site by the User’s device. Each cookie generally contains: the name of the server from which the cookie was sent, the expiration date and a value, usually a unique number randomly generated by the computer. The server of the website that transfers the cookie uses this number in order to recognize the User when he returns to visit a site or when he browses from one page to another. The cookies can be installed not only by the website’s owner when the User visits the website (first-party cookies), but also by a different site that installs cookies through the first site (third-party cookies) and is able to recognize them. This happens because a visited site may contain elements (images, maps, sounds, links to web pages that belong to other domains, etc) hosted on other servers than the server of the visited site.

Generally, cookies can be classified into different typologies based on the following criteria:

Duration:
– session cookies (temporary) which are automatically deleted when the browser is closed;
– persistent cookies which are active until their expiration date or until they are canceled by the user.

Origin:
– first-party cookies which are sent to the browser directly from the site that is being visited;
– third-party cookies which are sent to the browser from other sites and not from the site you are visiting.

Purpose:
– technical cookiesnavigation/indispensable/performance/process/security cookies contribute to the operating of the website, giving, for example, the possibility to browse through the pages or access protected areas. If the cookies are blocked, the site cannot function properly.
– functionality /preferences/localization /session status cookies allow the storage of information that changes the appearance or the behavior of the site (preferred language, texts size, geographical area where the User is located). If these cookies are blocked, the experience is less functional but not fully compromised;
– statistical/analytic first-party or third-party cookies with IP masking, without data crossing (similar to technical cookie, purpose wise), are used to collect information and generate statistics of website usage in order to understand how visitors interaction works;
– non-technical cookie  third-party statistical/analytic cookies without IP masking, with data crossing, are used to collect information, generate usage statistics, with possible identification and tracking of the website User, in order to understand how visitors interact;
– profiling /publicity / advertising / tracking / conversion cookies for advertising selection, based on what is relevant for a specific User (personalized ads). Profiling cookies are designed to create specific profiles for Users and are then used in order to send advertising messages aligned with the preferences expressed by the same User during his net surfing experience.

5.d) Cookies used in this website

This website uses cookies to ensure the correct operation of systems and improve the users’ experience of some applications.

Based on the characteristics and use of cookies, as above listed, this site uses the following categories of cookies:

  • Technical cookies: these cookies are required for navigation on our website and use of its functions, such as to enable correct display of pages. Therefore, disabling this type of cookies does not allow such activities. These cookies are not used for other purposes and can be divided into:
    – navigation or session cookies, which ensure normal navigation and use of the website;
    – function cookies, which enable navigation according to a set of selected criteria (e.g. language) to improve the service provided to users.
  • Performance cookies: these cookies collect information on the efficiency of a website’s response to users’ requests in an anonymous form, with the only aim of improving the functionality of the website; for example, which pages are most frequently visited by users, whether there were errors or delays in the provision of web pages.
  • This website does not use profiling cookies. These cookies are designed to create user profiles and are used to send advertising messages in line with the preferences shown by users during web navigation.
  • d) Third-party cookies

When visiting this website (www.monozukuri.eu)  users could receive on their device cookies managed by other organizations (third-party cookies). This occurs because the site may contain elements such links to third-party web pages or web services.

These cookies can be sent to the users’ browser by third companies directly from their websites, which can be accessed by navigating the www.monozukuri.eu website.

For information transparency, you can find here below the third party services on our website:

FrankyLabs: our webpages contain a link to FrankyLabs site which is the organization that designed our company worldpress theme and created and animated presentation of our leading technology.

Social sharing buttons: the Website also contains Social sharing buttons. These are “buttons” that in particular depict social network icons, such as Facebook, Twitter, YouTube, Linkedin and allow Users – through a “click” on the icon – to reach and interact with the relevant social networks and direct sharing of contents.

After clicking on the Social sharing buttons, you exit our website, and the personal data that you provide through such third-party websites is not subject to our privacy notices/policies. The social network may collect data relating to your visit to the its Website. The User must refer exclusively to the privacy policy provided by the social network and of each visited website. Some of these third parties may use applications that track your online activities across different websites and platforms over time.

Apart from cases in which the User spontaneously shares his/her browsing data with the social networks chosen by clicking on social buttons/widgets, the Controller does not share or disseminate any Personal Data of the User with the social network.

MONOZUKURI and this site are not to be considered in any way responsible for such third-party websites, as we are not entitled to control or verify any information, content, products, or services provided through any websites’ links included on our Website.

5.e) Cookie Management

Users can decide whether to accept cookies using the settings on their browser. Disabling all or part of the technical cookies can compromise the use of the functionality of the site. Disabling cookies “third party” does not prejudge in any way the navigability. The setting can be defined specifically for different websites and web applications. Furthermore the best browsers allow you to define different settings for cookies “owners” and those of “third parties”.

5.f) Other information

For more information on the use of cookies and on how to block them, you can visit the following website: www.allaboutcookies.org

6. Legal basis by which we process your personal data

MONOZUKURI processes your personal data for the purposes identified below, on the lawful basis indicated for each respective processing activity.

Purposes Legal basis for the processing of personal data under article 6 of the GDPR
6.A use of the Services, the Site and its functionalities

Contractual Purposes

(performance of a contract between the two parties or for entering into a contract with you)

 

responding to your inquiries and requests for information and giving you access to the services you request
availing the Controller’s rights such as the right to
exercise or defence of legal claims
performance of a contract between the two parties and legitimate interest pursued by the controller
complying with legal obligations or those deriving from regulations, from EU legislation or from Authority prescriptions and to prevent frauds

Regulatory Purposes

(compliance with legal obligations)

 

disclosing data to government institutions or supervisory authorities compliance with government inspections and other requests from government or other public authorities, responding to legal process and managing any complaints or claims
6.B marketing purposes such as sending newsletters, communications and/or other material about products and services offered by MONOZUKURI

consent to the processing given by the data subject

 

Sending customer satisfaction surveys to you in order to evaluate and improve our services

Processing personal data for marketing and/or for customer satisfaction purposes shall be carried out only upon your prior consent.
The processing of your personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected.

7. Data provision

The provision of data is required for the purposes mentioned in paragraph 6 section 6.A. In case of refusal, MONOZUKURI will not be able to provide the services requested.

The provision of data for the purposes mentioned in paragraph 6 section 6.B is optional as the processing of personal data is based on your consent. You may decide either not to provide any data or to freely withdraw your consent at any time by following the instructions contained within each of our e-mail communications. In these cases, you will not be enabled to receive newsletters, commercial communications and/or customer satisfaction surveys regarding the services offered by the Controller or you will cease to receive them. You will still be entitled to the services mentioned in paragraph 6 section 6.A.

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Your consent shall not be required and requested when the processing activities are covered by other legal basis such as in cases reported in section 6.A.

If you provide MONOZUKURI with Personal Data of other third parties involved in the processing, you act as autonomous controller, assuming all the obligations and responsibilities of the law. In this sense, you indemnify and keep MONOZURI harmless, to the widest extent possible, with respect to any dispute, claim, request for compensation for processing damages, etc. from third parties whose Personal Data have been processed through your use of the Services in violation of the applicable Personal Data protection regulations. In any case, if you provide or otherwise process Personal Data of third parties in the use of our site, you guarantee – assuming all related responsibilities – that the processing is based on a suitable legal basis in accordance with Article 6 of the GDPR.

8. Methods of processing

Your personal data shall be processed manually and/or using electronic and telematic tools and shall be stored in electronic and paper format. No automated decision-making processes or profiling shall be carried out.

9. Data recipients

The operations related to the processing of personal data can be fulfilled by authorized persons and by appointed processors on the behalf of the controller in accordance with the data privacy laws as set out below.

  • Internal third parties: Monozukuri’s employees and consultants who act as authorized persons under article 29 of the GDPR;
  • External third parties engaged by MONOZUKURI and appointed as external data Processor as per Article 28 of the GDPR to provide services related to MONOZUKURI’s business activities such as:
    – Service providers acting as processors who provide IT and system administration services and other services to the controller;
    – Professional advisers including bankers, lawyers, auditors and insurers who provide banking or legal consultancy, insurance and accounting services.

We require all third parties to respect the security of your personal data and to treat them in accordance with the law. We shall not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, in performance of law, regulations and contract obligations.
In addition, we may disclose information about you:

  • if we are required to do so by law or legal process;
  • to law enforcement authorities or other government officials and to other authorities who require reporting of processing activities in certain circumstances;
  • to protect our legal rights;
  • to prevent fraud against us;
  • to comply with any and all applicable laws.

Your data shall not be made public.
The list of data recipients is available upon request.

10. Where your personal data are stored and processed

Your Personal Data shall be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union and transmitted to third parties including those outside of the EU, provided that an adequate level of protection is guaranteed through contractual measures, recognized by a specific adequacy decision of the European Commission to rule the transfer of personal data outside of the EEA and/or the EU-US Privacy Shield framework is applied.

Any personal data processed shall be stored in accordance with the principles of proportionality and necessity and, in any case, until the purposes of the data processing have been completed.

11. Data retention

Your data shall not be kept longer than is needed for the purposes of the processing operations in a form that enables identification, unless a longer retention period is required or permitted by law, for instance, in order to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with all applicable laws.

In case of termination of a contract between the two parties, MONOZUKURI shall retain your personal data for as long as it is granted by any applicable laws.
In case processing is fulfilled for marketing purposes upon your consent, we shall retain your personal data until the consent is withdrawn at any time.

Thereafter, if the collected Personal Information is no longer needed for purposes specified in this Privacy Notice, MONOZUKURI shall delete Personal Information in its possession within a reasonable timeframe or render it anonymous, meaning “non-personal information”.

12. Data Subject Rights

With respect to the personal data provided and collected, in accordance with articles 15 – 21 of the GDPR, data subjects have the following rights:

  • Right of access (article 15 of the GDPR): you may obtain confirmation as to whether or not Personal Data relating to you are being processed, as well as access to information on the purposes of the processing, the categories of Personal Data being processed, the recipients or categories of recipient to whom the Personal Data are or will be disclosed, the storage period envisaged, the existence of the right to request rectification, erasure or restriction of processing, the right to lodge a complaint with a supervisory authority, the existence of an automated decision-making process, including profiling;
  • Right to rectification (article 16 of the GDPR): you may obtain the rectification of inaccurate Personal Data concerning you, or you may have incomplete Personal Data completed;
  • Right to erasure (‘right to be forgotten’) (article 17 of the GDPR): you may obtain the erasure of Personal Data concerning you, if:
    i. you withdraw the consent given for the processing of Personal Data;
    ii. the Personal Data are no longer necessary for the purposes for which it were collected;
    iii. the Personal Data have been unlawfully processed;
    iv. for compliance with a legal obligation, the Personal Data must be erased;
  • Right to restriction of processing (article 18 of the GDPR): you have the right to obtain the restriction of the processing of Personal Data concerning you if:
    i. the accuracy of the Personal Data is contested by you, for a period enabling the Controller to verify the accuracy of the Personal Data;
    ii. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
    iii. MONOZUKURI no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
    iv. for the time necessary to assess the possible prevalence of the legitimate grounds of the Controller over those of the User, the User has opposed the processing of his/her personal data pursuant to point which follows;
  • Right to data portability (article 20 of the GDPR): you have the right to receive the Personal Data concerning you provided to the Controller, in a structured, commonly used and machine-readable format, and have the right to transmit such data to another Controller without hindrance by MONOZUKURI, if the processing is carried out by automated means. If technically feasible, you are also entitled to have your Personal Data transmitted directly from MONOZUKURI to another Controller;
  • Right to object (article 21 of the GDPR): you have the right to object at any time to the processing of Personal Data concerning you if such processing is carried out pursuant to Article 6.1 letter e) (i.e. for the performance of a task carried out for reasons of public interest to which the Controller is subject) or letter f) (i.e. to prosecute a legitimate interest of the Controller) of the Regulation, unless there are compelling legitimate reasons for the Controller to proceed with the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You have the right to withdraw your consent at any time.
The rights set out above can be exercised in writing by sending an email to: info@monozukuri.eu
Pursuant to article 19 of the GDPR, we shall communicate any rectification or erasure of personal data or restriction of processing requested by you, as a data subject, to each recipient to whom your personal data has been disclosed, unless this proves impossible. You, as data subject, have also the right to lodge a complaint with the Italian Data Protection Authority.

13. Applicable law

This Privacy Notice is governed by Italian law and in particular by the regulations on data privacy, including the Regulation, measures, authorisations and guidelines adopted by the Privacy Supervisor governing the processing of Personal Data, where applicable.

14. Updates and changes to this privacy notice

We may modify or simply update, in whole or in part, this Privacy & Cookie policy concerning our Website, also in consideration of changes in the laws or regulations governing the matter. Changes and updates to the Privacy policy will be notified to Users as soon as they are adopted and will be binding as soon as they are published on the Website and will be contained and available for consultation on the Website. We therefore recommend that you regularly access this section to check the publication of the most recent and updated Privacy Notice.
Where required by law, we will seek your prior consent to any change.

15. Contact details

If you have any comments, questions or concerns about any of the information in this Privacy Notice, or any other issues relating to the processing of personal data carried out by MONOZUKURI please contact:

MONOZUKURI S.P.A.
Email address: info@monozukuri.eu
Postal address: via Archimede 207 00197 ROME (ITALY)

Rome, July 2020.

CONSENT REQUEST PURSUANT TO ARTICLE 7 OF THE GDPR

By clicking on the “Sign up” button in the newsletter subscription form you give your consent to our processing of your personal data in accordance with the purposes described above.