Privacy Policy

Privacy Policy for the Infrajournal website (www.infrajournal.com) pursuant to Art. 13 of EU Regulation 2016/679 (General Data Protection Regulation - "GDPR")

Identity of the data controller

MUNDYS SpA (hereinafter "Mundys" or "Data Controller"), with its registered office at Piazza San Silvestro 8, 00187 Rome

Data controller's contact information

Personal data collected

  • User identification and/or contact data
  • Browsing data (1) and cookies

    1 During their normal operations, the computer systems and software procedures used to run the Company's Websites collect certain data whose transmission is implicit in the use of internet communication protocols.

    Such data include the IP addresses or domain names of users' computers connecting to the website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to a user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical data on use of the website and to check that it is functioning correctly, and are retained for the time periods set by the relevant legal regulations.

    Data referring to Data Subjects, collected either directly or indirectly, may be processed by the Data Controller in order to carry out website management and administration activities, in order to improve users' browsing experience and also determine responsibility in the event of hypothetical cybercrimes that may harm the website.
     

1)
Purpose of processing

Ensure the smooth functioning of the website and the provision of services to users.

Legal basis of processing

Legitimate interest
 

Personal data storage times

Regarding storage times, reference should be made to the cookie policy.
 

2)
Purpose of processing

Configuration of cookies on the website.

Legal basis of processing

Consent.

Personal data storage times

Regarding storage times, reference should be made to the cookie policy.

The retention time may be extended in the event of legal or disciplinary action and to enforce Mundys' rights. In such event, your personal data will be retained for the duration of the proceedings, until they are concluded and all time limits for appeals have expired.
 

How data is processed and security measures

Data may be processed by technological and/or paper methods and through suitable IT tools (e.g. software, hardware, applications, etc.). In this regard, Mundys has controls and procedures in place to ensure the confidentiality of your data, and is constantly committed to adopting, pursuant to art. 32 of the GDPR, specific technological and organisational measures to protect data against the risk of loss, unlawful or incorrect use and unauthorised access.
 

Recipients and categories of recipient of personal data

In order to pursue the stated purposes of processing, personal data may be transferred to various entities, including: 

  • the Data Controller's employees and collaborators, in their capacity as authorised data processors;
     
  • third parties contractually linked to the Data Controller, who in certain cases will act as data processors (e.g. marketing service providers, etc.) or autonomous data controllers;
     
  • judicial authorities and/or public bodies, at their express request and/or by virtue of the law, during investigations and checks in their capacity as autonomous data controllers.

A full list of recipients of Data Subjects' Personal Data, including further details on the location of such recipients, is kept at the Data Controller's head office and may be consulted on request.
 

Transfer of personal data

Your personal data will essentially be processed within the European Union. In the event that it is necessary to transfer your data to third parties located outside the European Economic Area (EEA) for specific processing management purposes, such transfer will only take place where the European Commission has confirmed an appropriate level of data protection in the third country or where there are adequate data protection safeguards in place (e.g. EU standard contractual clauses for the transfer of data to third countries).
 

Data subject rights

With regard to the Data Controller, Data Subjects may at any time exercise their rights as provided for in Articles 15 et seq. of the GDPR, in relation to the processing of their personal data, such as, for example, right of access, correction, deletion, restriction of and opposition to processing by sending an email request to privacy@mundys.com.
 

Right to lodge a complaint to the data protection Authority

If you believe that your personal data have been processed unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority (https://www.garanteprivacy.it/).
 

Provision of personal data

  • With regard to purpose 1, the provision of data is obligatory. 
     
  • With regard to purpose 2, processing of your data is subject to your providing free and express consent.
     

Automated decision-making process

Personal data collected will not be subject to an automated decision-making process.