Privacy policy
in accordance with article 13 of Regulation (EU) 2016/679 (“GDPR”)

Dear User,
Indicated below are the methods of processing the personal data collected automatically or provided browsing or using the website https://www.mosaicopapers.com (“Website”).

1. DATA CONTROLLER

The data controller is Mosaico S.p.A., with registered office at Via Piave no. 1, Altavilla Vicentina (VI) (“Controller” or “Company”).

2. TYPE OF DATA PROCESSED

To enable browsing of the Website, the Controller must process some personal data.

Data communicated voluntarily by the user
To enable use of the Website, including the possibility of subscribing to the newsletter and contacting the Controller, the Company may process the following personal data:

Browsing data
The IT systems and software procedures used to make this Website work acquire, during their normal operation, some personal data the transmission of which is implicit in the use of the Internet communication protocols.

This category of data includes the IP addresses or the domain names of the computers and terminals used by the users; the addresses in URI/URL (Uniform Resource Identifier/Locator) notation; the time of the request; the method used in submitting the request to the server, the dimensions of the file obtained in response; the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user's operating system and IT environment.

These data are necessary for fruition of the services through the Website and are also processed for the purpose of:

The browsing data do not persist for more than the necessary time and, in any case, for not more than 2 days. They are conserved to guarantee the operation of the site and are cancelled immediately after their aggregation (except for any need for ascertainment of crimes by the Judicial Authority).

Data communicated by the user
The optional, explicit and voluntary sending of messages to the contact addresses, and the compilation and sending of the forms present on the sites, entail the acquisition of the contact data of the sender, necessary to reply, and of all the personal data included in the communications.

Specific disclosures will be published in the pages prepared for the provision of certain services.

Cookies and other tracing systems
For the use of cookies in the site consult the Cookie Policy

3. PURPOSES, LEGAL BASIS AND NATURE OF THE PROVISION

 

Purposes of processing

Legal basis

Nature of provision

A

Use of the contents and services of the Website and guarantee of the security of the networks and the information.

This purpose includes the possibility of making use of the Website and of sending requests and communications to the controller.

In addition, this purpose includes the processing of personal data related to the traffic, to a strictly necessary and proportionate extent to guarantee the security of the networks and the information.

  • Performance of a contract (art. 6.1 (b) of the GDPR).
  • Compliance with legal obligations (art. 6.1 lett. (c) of the GDPR).
  • Legitimate interest (art. 6.1 (f) of the GDPR).

Obligatory.

Non-conferment would entail the impossibility of making use of the contents and Services of the Website and of guaranteeing the security of the networks.

B

Receiving marketing communications.

This purpose includes the possibility of subscribing to the newsletter and receiving information of a commercial nature on offers and other promotional initiatives adopted, through traditional and automated contact systems, such as, merely by way of example, the use of your e-mail address.

  • Consent (art. 6.1 (a) of the GDPR).

 

Optional.

Non-conferment, although it does not impede use of the Website in any way, may prevent you from making use of the service requested

C

Where applicable, ascertain, exercise or defend the rights of the Controller out of court and/or in court.

  • Legitimate interest (art. 6.1 (f) of the GDPR).

 

Obligatory.

Non-conferment may preclude the exercise of the controller’s rights.

4. CONSERVATION OF THE PERSONAL DATA

The personal data processed for marketing purposes will be conserved for 24 months unless a request is made for cancellation and/or revocation of the consent; this may be presented at any time according to what is indicated in the paragraph “Rights of the data subject” below.
In the case of processing of the personal data for the exercise of a right in court, the personal data will be conserved for the entire duration of the dispute and until expiry of the terms for lodging an appeal.

5. RECIPIENTS OF THE PERSONAL DATA

The personal data may be communicated to the following parties:

In addition, the employees, designated as subjects that act under the authority of the Data Controller under art. 29 of the GDPR or as System Administrators may become aware of your personal data.

6. TRANSFERS TO THIRD COUNTRIES

The Controller could transfer the personal data to third countries and, in particular, to the United States if the user consents to the installation of analytic or profiling cookies. The processing is in any case subject to adequate guarantees since the third parties that have installed the cookies have accepted the EU-US Data Privacy Framework. For further details on this instrument, you can consult the specific website available here: Data Privacy Framework.

7. AUTOMATED DECISION-MAKING PROCESSES

The Controller does not intend to use automated decision-making processes.

8. RIGHTS OF THE DATA SUBJECT

In your capacity as data subject, you have the right to revoke the consent given at any time and to obtain from the Company access to the personal data. You may also ask the Company to correct or delete them. In addition, you have the right to obtain the limitation of the processing of the personal data that regard you, as well as the right to the portability of these data.

In addition to the above, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data performed under the terms of art. 6, paragraph 1, letters e) or f), including profiling based on these provisions, as provided for in art. 21 of the GDPR.

Lastly, you have the right to complain to a supervisory authority or take appropriate legal proceedings, if you believe that the processing that regards you breaches the GDPR.

To exercise each of your rights, you may contact the Controller addressing a communication to the registered office of Burgo Group S.p.A., at Via Piave no. 1, Altavilla Vicentina (VI), or sending an email to the address privacy@burgo.com.