We inform you that, in compliance with Regulation (EU) 2016/679 (below: “Regulation”, “GDPR”), the personal data that you provide or will provide directly through this site or third parties, will be processed by the following Company owner and co-owner of processing.

Monitor The Planet Srl - P.zza Martiri della Libertà, 7- FAENZA - VAT id.number 02606600399 Director: Emanuele Dal Monte E-mail: info@monitortheplanet.com A full list of the managers and sub-managers is available on request. Please contact us at info@monitortheplanet.com.

The information provided by customers, potential customers, suppliers, job applicants (information in the resume) web users through the contact form, those provided directly by the data subject and/or third parties (e.g. the company they work for) are the followings - by way of example and without limitation: Company name, Name and Surname, e-mail, phone number, personal and contact data, bank details, data included in the resume and other data such as role, task and so on.

N.B.Whether the user communicates particular data categoriesby e-mail or through the contact form (e.g. data related to their health, racial or ethnic data, political and sexual orientation data, judicial data contained in the resume) ex article 9 of Regulation (EU) 2016/679, this represents a manifestation which must be freely given, specific, informed and unambiguous, with which the data subject gives their explicit consent to the controller to process those personal data.

Nevertheless, the Controller and the Manager will do everything they can to delete all those data once the required purposes are obtained.

The data controller uses the personal data in the purposes, sub-purposes and in accordance with the following legal basis, also taking advantage of other Managers and Sub-managers whose references are available upon request as previously indicated:

The personal data provided through an estimate or an order of services are processed to meet the demand of contact, estimate or fulfilment of an order or a service, or to contact the customer/supplier or their employees and those who must carry out the role concerning the contractual relation; Data are required to fulfil these goals; otherwise, we cannot meet your demand. The legal basis of this data processing is contractual and pre-contractual commitment.

b) REGULATORY and ADMINISTRATIVE PURPOSES The personal data collected are intended to carry out administrative, accounting and fiscal tasks related to passive and/or active invoicing of required services/ products. It is understood that any refuse to submit such data and any failure to consent to the processing of data makes it impossible to reach the goal. Data will be processed within the time and the modalities requested by the current regulation. Furthermore, data can be processed to:

i. implement legal obligations, regulations, national and Community legislation as well as regulations issued by authorities with right to do so by law.

ii. to verify, exercise and/or defend the controller's rights in a court of law.

Legal basis for this treatment are contractual and pre-contractual commitment, legal obligations, legitimate interest for Common Data and consent in case the data subject should provide Particular (sensitive) Personal Data, as for example:

Furthermore, personal data listed above which are directly provided by the head office of the data subject or third parties (e.g. the company they work for) let us subscribe you to our Business and Marketing services. These services work through automated means (e.g. e-mail, newsletter, SMS, on-line messaging, social media, web advertising, re-marketing, and others) and other non-automated means (e.g. phone operators, ordinary mail), informing you about the news, ventures, promotions, events and other marketing activities directly or indirectly organised by the controller.

In case you already are a Customer and no more than 24 months have gone by since Last Contact, the legal basis for this treatment is legitimate interest, even with no consent. The data controller can therefore send business and marketing communications akin to products or services they have already purchased. (considering article 47 of GDPR). Whether you haven’t had any Contact with the controller, among which the participation to an event of the co-controller company/companies, the use of a product or a service, E-mails opening or a contact with our sales network during the past 24 months (definition of Last Contact), the only legal basis for this goal is Consent collected through this/these site(s), or directly by the data subject, as well as third parties (e.g. the company they collaborate with) or through our sales network.

d.1) Cookie Browsing Data (sub-goals)


Cookies consist of portions of code installed in the browser that assist the Owner in providing the service according to the purposes described. Some of the purposes for installing Cookies may also require the User's consent. The legal basis for this purpose is Consent, expressed clicking the Banner that appears automatically the first time you enter the website. Once the first consent is acquired, the banner will not appear anymore but you will be able to change your preferences directly in the browser.

For further details on cookies used on this website and how to change consents, see the specific section for cookies (Cookie policy) at the end of this document.

d.2) Other statistics data (sub-goals):

In order to provide communications and services more oriented to your interests and your preferences, we can use the data you give us through the website or directly. This, with a view to improving the quality and the precision of products and services we would offer to you in the future, excluding completely automated systems (e.g. ERP system, CRM, spread sheets, e-mail platforms, and so on)

The legal basis for this sub-goal is legitimate interest in case you already are a Customer and no more than 24 months have gone by since Last Contact. Whether you are not customer, the legal basis is Consent.

III – DATA RETENTION Personal data will be kept for the time necessary to reach the purposes for which they have been collected and then processed. Personal data will be kept for the entire duration of the contract you concluded and also for the following period:

i. within the deadlines set by the current legislation;

ii. within the deadlines also set by secondary legislation that impose data retention (e.g. tax declarations);

iii. within the period necessary to protect data subject’s rights in case of legal disputes related to the service provided;

iv. data processed according to Legitimate Interest (resulting from customer-supplier relationship) will be kept up to maximum 24 months since last contact, purchase or manifestations of interest shown by the customer;

v. where other legal basis are not applicable, processed data through informed consent for the purposes referred to letters (c) and (d) will be kept until revocation of the same or exercise of another User right (see rights of the data subject) ;

IV - PROCESSING METHODS

The data provided will be treated through paper and computer facilities exclusively by our personnel specifically authorised and trained on the processing and/or by other controllers selected according to the requirements and elected by the owner. A full list of the managers and possible sub-managers is available on request. Please contact us at info@monitortheplanet.com. Data will be processed with adequate security and protection measures both organizational and instrumental, in order to reduce risks, prevent and mitigate any violation caused by loss, misuse, improper use or by unauthorized access, pursuant to Article 32 of GDPR.

V - COMPULSORY OR OPTIONAL NATURE OF THE PROVISION OF DATA and LEGAL BASIS OF THE TREATMENT Some data are required for the operation of the website, others are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning. These are immediately deleted after the elaboration (session cookies). For the purposes of points (a) and (b) of the previous paragraph II, the provision of personal data by Users, Customers and Suppliers is compulsory. Otherwise, the services required would not be provided. Instead, the provision of personal data and the consent to their processing are not mandatory but optional, for the purposes of points (c) and (d) of the previous paragraph. The failure to the consent to the processing of data will not prevent you from receiving the other services of points (a) and (b) for the common data.

I- Communication of data to third parties

Your data, limitedly to the indicated purposes, may be communicated to third parties such as - by way of example and without limitation:

Banking institutes for the management of payments, finance and leasing companies, public authorities, legal authorities, police force and other inspections body, ministry of Health and Local health units territorially competent, tax and legal consultants, informatics assistance, web and marketing Agency, professionals, videographers and photographers, authorised employees and collaborators, Managers and Sub-managers and/or named by the Manager/Owner/Co-owner, suppliers, transportation companies, cabs, couriers and companies we can make use of to provide our services.

Please note that, for no reason, the data you provided directly or through third parties (partner companies) will not be submitted to third parties, not explicitly stated in this policy, for business and marketing purposes.

II- DATA TRANSFER OUTSIDE THE EU In accordance with GDPR, data transfer to a third country is possible, as a matter of principle, only if the third country ensures an adequate protection level. According to this Regulation, the committee can state that a third country ensures an adequate protection level, thanks to its national legislation or international obligations. Lacking a decision of such adequacy, this transfer is possible only if the personal data exporter, decided by the EU, lays down adequate guarantees. These guarantees may result, in particular, by standard contractual clauses adopted by the EU commission. The transfer in also possible if the data subject has enforceable rights and an effective remedy. Furthermore, GDPR determines precisely the conditions such transfer can be done, lacking a decision of adequacy or adequate guarantees. In case it is necessary to transfer data to extra EU countries and, lacking the adequacy requirements of Standard contractual clauses mentioned above, the only legal basis is consent. The Controller also clarifies that he/she will not transfer data outside EU.

Individuals can, at any time, exercise the rights of Privacy Regulation, sending a written communication to one of the contact details in this policy. In particular, the data subject has the right to ask the controller for the access to personal data, their correction or deletion, the limitation on data concerning him or her or object to their processing, as well as the right to data portability. Furthermore, the data subject has the right to withdraw their consent at any time: the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal and he or she also have the right to lodge a complaint with a supervisory authority. It is understood that the User/Customer/Supplier exercise their rights under the conditions set out in paragraph 4 and in GDPR Regulation EU 2016/679.

Whether you want to object to the data processing for the purposes of point (c) and (d) effected by the means indicated here, as well as withdraw the consent given, you will be able to do it at any time, by clicking on the link “Unsubscribe” at the end of the e-mail or by contacting the data controller at the addresses indicated in this policy, without affecting the lawfulness of processing based on consent before its withdrawal.

If you want to make a complaint to the Supervisory Authority, please follow the instructions at the following link: https://www.garanteprivacy.it/home/modulistica-e-servizi-online/reclamo

Transparency on how we process and keep safe your data is part of our commitment to ensure and enhance privacy rights. This is why this policy can be subject to amendments by the Controller. For minor changes, we invite you to refer to this website periodically.

Last review of this policy: 15/12/2020