Privacy policy
in accordance with article 13 of Regulation (EU) 2016/679 (“GDPR”)

Dear User,
Indicated below are the methods of processing the personal data collected automatically or provided browsing or using the website https://www.mosaicopapers.com (“Website”).

1. DATA CONTROLLER

The data controller is Mosaico S.p.A., with registered office at Via Piave no. 1, Altavilla Vicentina (VI) (“Controller” or “Company”).

2. TYPE OF DATA PROCESSED

To enable browsing of the Website, the Controller must process some personal data.

Data communicated voluntarily by the user
To enable use of the Website, including the possibility of subscribing to the newsletter and contacting the Controller, the Company may process the following personal data:

• name and surname;
• email address and/or telephone number;
• any further information contained in the message sent.

Browsing data
The IT systems and software procedures used to make this Website work acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.

This category of data includes the IP addresses or the domain names of the computers and terminals used by the users; the addresses in URI/URL (Uniform Resource Identifier/Locator) notation; the time of the request; the method used in submitting the request to the server, the dimensions of the file obtained in response; the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user's operating system and IT environment.

These data are necessary for fruition of the services through the Website and are also processed for the purpose of:

• obtaining statistical information on the use of the services (pages most visited, number of visitors by time band or daily, geographical areas of origin, etc.);
• checking the correct operation of the services offered.

The browsing data do not persist for more than the necessary time and, in any case, for not more than 2 days. They are conserved to guarantee the operation of the site and are cancelled immediately after their aggregation (except for any need for ascertainment of crimes by the Judicial Authority).

Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses, and the compilation and sending of the forms present on the sites, entail the acquisition of the contact data of the sender, necessary to reply, and of all the personal data included in the communications.

Specific disclosures will be published in the pages prepared for the provision of certain services.

Cookies and other tracing systems
For the use of cookies in the site consult the Cookie Policy

3. PURPOSES, LEGAL BASIS AND NATURE OF THE PROVISION

	Purposes of processing	Legal basis	Nature of provision
A	Use of the contents and services of the Website and guarantee of the security of the networks and the information. This purpose includes the possibility of making use of the Website and of sending requests and communications to the controller. In addition, this purpose includes the processing of personal data related to the traffic, to a strictly necessary and proportionate extent to guarantee the security of the networks and the information.	Performance of a contract (art. 6.1 (b) of the GDPR). Compliance with legal obligations (art. 6.1 lett. (c) of the GDPR). Legitimate interest (art. 6.1 (f) of the GDPR).	Obligatory. Non-conferment would entail the impossibility of making use of the contents and Services of the Website and of guaranteeing the security of the networks.
B	Receiving marketing communications. This purpose includes the possibility of subscribing to the newsletter and receiving information of a commercial nature on offers and other promotional initiatives adopted, through traditional and automated contact systems, such as, merely by way of example, the use of your e-mail address.	Consent (art. 6.1 (a) of the GDPR).	Optional. Non-conferment, although it does not impede use of the Website in any way, may prevent you from making use of the service requested
C	Where applicable, ascertain, exercise or defend the rights of the Controller out of court and/or in court.	Legitimate interest (art. 6.1 (f) of the GDPR).	Obligatory. Non-conferment may preclude the exercise of the controller’s rights.

4. CONSERVATION OF THE PERSONAL DATA

The personal data processed for marketing purposes will be conserved for 24 months unless a request is made for cancellation and/or revocation of the consent; this may be presented at any time according to what is indicated in the paragraph “Rights of the data subject” below.
In the case of processing of the personal data for the exercise of a right in court, the personal data will be conserved for the entire duration of the dispute and until expiry of the terms for lodging an appeal.

5. RECIPIENTS OF THE PERSONAL DATA

The personal data may be communicated to the following parties:

• those that can access the data on the basis of legal provisions laid down in the law of the European Union or in that of the Member State to which the Controller is subject;
• - parties that perform activities auxiliary to the purposes indicated in the specific paragraph and, in particular, companies that offer advertising, marketing and communication services, companies that offer IT infrastructures and IT assistance and advice services and design and creation of software and websites, companies that offer data analysis and development services (including those related to the interactions of users with our services).

In addition, the employees, designated as subjects that act under the authority of the Data Controller under art. 29 of the GDPR or as System Administrators may become aware of your personal data.

6. TRANSFERS TO THIRD COUNTRIES

The Controller could transfer the personal data to third countries and, in particular, to the United States if the user consents to the installation of analytic or profiling cookies. The processing is in any case subject to adequate guarantees since the third parties that have installed the cookies have accepted the EU-US Data Privacy Framework. For further details on this instrument, you can consult the specific website available here: Data Privacy Framework.

7. AUTOMATED DECISION-MAKING PROCESSES

The Controller does not intend to use automated decision-making processes.

8. RIGHTS OF THE DATA SUBJECT

In your capacity as data subject, you have the right to revoke the consent given at any time and to obtain from the Company access to the personal data. You may also ask the Company to correct or delete them. In addition, you have the right to obtain the limitation of the processing of the personal data that regard you, as well as the right to the portability of these data.

In addition to the above, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data performed under the terms of art. 6, paragraph 1, letters e) or f), including profiling based on these provisions, as provided for in art. 21 of the GDPR.

Lastly, you have the right to complain to a supervisory authority or take appropriate legal proceedings, if you believe that the processing that regards you breaches the GDPR.

To exercise each of your rights, you may contact the Controller addressing a communication to the registered office of Burgo Group S.p.A., at Via Piave no. 1, Altavilla Vicentina (VI), or sending an email to the address privacy@burgo.com.

Privacy policy
in accordance with articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)

Dear Applicant,
Indicated below are the methods of processing the personal data provided by filling in the form present on the website – on the Company's “Contacts” page, send your request as defined below.

1. DATA CONTROLLER

The data controller is Mosaico S.p.A., with registered office at Via Piave no. 1, Altavilla Vicentina (VI) (“Controller” or “Company”).

2. TYPE OF DATA PROCESSED

To examine your application, the Controller must process some personal data, such as, for example:

• name and surname;
• email address;
• any further information included in the message trasmitted

Please enter in the form only the data necessary to assess the profile and abstain from indicating particular categories of data, such as those relating to health condition, religious beliefs or political opinions.

3. PURPOSES, LEGAL BASIS AND NATURE OF THE PROVISION

	Purposes of processing	Legal basis	Nature of provision
A	Receiving marketing communications This purpose includes the possibility to receive information of a commercial nature through traditional and automated contact systems, such as, by way of example, the use of your email address.	Compliance with legal obligations (art. 6.1 (a) GDPR)	Optional. Non-conferment, while not preventing the use of the website in any way, may not allow you to use the requested service.
B	Where applicable, ascertain, exercise or defend the rights of the Controller out of court and/or in court.	Legitimate interest (art. 6.1 (f) GDPR)	Obligatory. Non-conferment may preclude the exercise of the controller's rights.

4. CONSERVATION OF THE PERSONAL DATA

Your personal data will be conserved for a maximum period of 24 months starting from the date of receiving the CV, or from that of the last update of the same communicated to us by you, subject to your option to request their cancellation at any time.

In the case of processing of the personal data for the exercise of a right in court, the personal data will be conserved for the entire duration of the dispute and until expiry of the terms for lodging an appeal.

5. RECIPIENTS OF THE PERSONAL DATA

The personal data may be communicated to the following parties:

• those that can access the data on the basis of legal provisions laid down in the law of the European Union or in that of the Member State to which the Controller is subject;
• companies belonging to the Group, to assess the possibility of collaboration or recruitment at the same;
• parties that perform activities auxiliary to the purposes indicated in the specific paragraph and, in particular, recruiting companies, law offices, insurance companies, banks, companies that offer IT infrastructures and IT assistance and advice services and design and creation of software and websites.

In addition, the employees, designated as subjects that act under the authority of the Data Controller under art. 29 of the GDPR or as System Administrators may become aware of your personal data.

6. TRANSFERS TO THIRD COUNTRIES

The Controller does not intend to transfer the personal data to third countries. All the processing is performed in the European Union.

7. AUTOMATED DECISION-MAKING PROCESSES

The Controller does not intend to use automated decision-making processes.

8. RIGHTS OF THE DATA SUBJECT

In your capacity as data subject, you have the right to revoke the consent given at any time and to obtain from the Company access to the personal data. You may also ask the Company to correct or delete them. In addition, you have the right to obtain the limitation of the processing of the personal data that regard you, as well as the right to the portability of these data.

In addition to the above, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data performed under the terms of art. 6, paragraph 1, letters e) or f), including profiling based on these provisions, as provided for in art. 21 of the GDPR.

Lastly, you have the right to complain to a supervisory authority or take appropriate legal proceedings, if you believe that the processing that regards you breaches the GDPR.

To exercise each of your rights, you may contact the Controller addressing a communication to the registered office of Burgo Group S.p.A., at Via Piave no. 1, Altavilla Vicentina (VI), or sending an email to the address privacy@burgo.com.