Privacy Notice under Article 13 of Regulation (EU) 2016/679 – GDPR – Privacy Notice for the processing of personal data collected from the data subject.
In accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation), we are providing you with information about the processing of your personal data. The Controller’s domain Websites may contain links to other websites. This Privacy Notice does not cover any data processed by third party websites and the Controller is not responsible for those websites.
Personal Data processed: “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (R26, R27, R30)
SPECIFIC PRIVACY NOTICES
Specific privacy notices may be provided in pages of the Website in relation to particular services or processing of Data provided.
For more information about the cookies used in this website, visit our Cookies Policy.
1. THE DATA CONTROLLER,under Articles 4 and 24 of Regulation (EU) 2016/679 is GRUPO MCI – MUNDOCOLOR HOLDING SL, Registered headquarters in Calle del Oficis, 25, 08850, Gavà (Barcelona), represented by the legal representative, email: email@example.com
2. PURPOSES AND LEGAL BASIS OF THE PROCESSING
The personal data provided will be processed in accordance with the conditions of lawfulness under Article 6 of Regulation (EU) 2016/679 for the following purposes:
A) Compliance with obligations for the performance of a contract, legal compliance and administrative and accounting purposes (Article 6(1)(b) and (c)) for managing product repairs and relative administrative and accounting activities. For the purposes of applying the personal data protection provisions, data is processed for administrative and accounting purposes only if this is required to perform organisational, administrative, financial and accounting activities, whatever the nature of the data processed. More specifically, those purposes include internal organisational activities, activities required for the purpose of entering into a contract and performing contractual obligations
B) Direct marketing (Article 6(1)(a), to receive newsletters and promotions, market research or other customer satisfaction surveys and direct sales, information, commercial and advertising material or with regard to events and initiatives by the Controller by means of automated media, electronic mail or other, and until and unless you object.
3. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
The personal data provided will be disclosed to recipients who will process the data as Processors (Article 28 of Regulation (EU) 2016/679) and/or as natural persons acting under the Authority of the Controller and or of the Processor (Article 29 of Regulation (EU) 2016/679), for the purposes listed above. Specifically, your data will be disclosed to: – the sales/distribution network in the territory; – entities that provide services for managing the IT system and communication networks; – firms or enterprises as part of advisory and consultancy relationships; – competent authorities for compliance with legal obligations and/or provisions of public bodies, on request.
The entities in the foregoing categories act as Data Processors, or they operate independently as separate Data Controllers.
4. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANISATIONS AND SAFEGUARDS
The personal data you provide may be transferred to third countries in and outside the European Union, in order to comply with the foregoing purposes.
They may be transferred to third countries on the basis of the provisions of Articles 44 – 46 of Regulation (EU) 2016/679.
Data Subjects can obtain information about the safeguards for transfer of data by writing to firstname.lastname@example.org
5. THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED OR THE CRITERIA USED TO DETERMINE THAT PERIOD
Data may be processed by automated and/or manual means, using procedures and equipment in a manner that ensures utmost security and confidentiality, by specifically designated persons.
In accordance with the provisions of Article 5(1)(e) of Regulation (EU) 2016/679, the personal data collected will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. The period the personal data provided will be stored depends on the purpose of the processing:
- navigation on this website (session);
- contact request (no more than one (1) year);
- receive newsletters or promotional communications, usually by email (no more than two (2) years);
- administration and/or accounting (ten (10) years)
The period of storage of personal data is determined on the basis of criteria that can be consulted by sending a request to email@example.com
6. NATURE OF THE PROVISION OF DATA AND REFUSAL
The provision of data for purpose A) is required because it is essential for the performance of a contract and for compliance with legal obligations. Failure to provide the personal data requested means the Controller cannot enter into a contract with you, since they would not be able to comply with the relevant legal and/or contractual obligations.
The provision of data for purpose B) is optional but necessary for the purposes under point B). Failure to provide these data may make it impossible for data subjects to be contacted for commercial purposes but will have no negative consequences relating to the purposes under point A).
7. RIGHTS OF DATA SUBJECTS
You may exercise your rights as expressed in Regulation (EU) 2016/679, by contacting the Controller at firstname.lastname@example.org or writing to the address of the Controller’s headquarters indicated above.
You have the right, at any time, to ask the Controller to access (Article 15), to rectify (Article 16), to erase (Article 17) your personal data, or to restrict the processing of your personal data (Article 18), or to object to the processing of your personal data based on grounds relating to your particular situation (Article 21).
Withdrawal of consent. Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
To object to the processing of your personal data and to exercise other rights, write to email@example.com
You are not obliged to provide your personal data. You are free to provide your personal data in dedicated areas of the website. Failure to provide personal data will make it impossible to use the services offered by the Data Controller.