Dear User,
This privacy policy is provided pursuant to Article 13 of the European Regulation 2016/679 on the protection of personal data, taking into account Recommendation No. 2/2001 adopted on May 17, 2001, to users who access the website www.mon5.(it,eu), and relates to all personal data that the Data Controller collects and holds about its users.
This policy applies to this website only and not to other websites and/or applications that may be consulted by the user through links to external third-party pages.

DATA CONTROLLER:
The data controller is MON5 srl, with registered office at Via Galilei 2 Faenza 48018 (Ra) REA code RA – 226529, VAT: 02725300392, email: team@mon5.it
You can contact the Data Controller at any time using the contact details provided for additional information.

COLLECTED DATA
Personal data may be provided directly by the data subject or, in the case of usage data, collected automatically during website access and navigation. The user assumes all responsibility for the accuracy and truthfulness of their provided data and guarantees that they have the right to communicate third-party personal data, releasing the Data Controller from any liability.

DETAILS ON PERSONAL DATA PROCESSING
1. Management of Information, Assistance, or Contact Requests
The optional, explicit, and voluntary sending of messages to the Data Controller's contact addresses results in the acquisition of the sender's contact details necessary to respond, as well as all personal data included in the communications.
The purpose of processing for these categories of data is to manage information requests, assistance, or any other request received by the Data Controller through the contact details made available through the website or via the contact form.
The legal basis for processing is the execution of a contract to which the data subject is party or the execution of pre-contractual measures adopted at the request of the same. Providing personal data for the above purpose is optional, but failure to do so will make it impossible to proceed with the management of the information or support request.
2. Service Purchase
When the user intends to proceed with the purchase of services made available through communication with the Data Controller, they fill out the form by entering the required data, some of which are mandatory and as such marked with an asterisk.
The purpose of processing is the management, including administrative, of received orders and activities necessary to ensure proper contract fulfillment.
The legal basis for processing is the execution of a contract to which the data subject is party or the execution of pre-contractual measures adopted at the request of the same. Providing personal data for the above purpose is mandatory to the extent that such data is necessary for the fulfillment of contractual obligations undertaken by the Data Controller.
3. Promotional and Commercial Communications and Direct Marketing
The user may consent to receiving promotional, commercial, and informative communications at the provided contact details, for products or services similar to those made available through the website.
The purpose of processing these categories of data is to send promotional and commercial communications through automated tools such as email, SMS, instant messaging such as messenger and WhatsApp, and through traditional tools such as mail and operator calls.
The legal basis for processing is user consent, to allow access to specific and additional services such as sending future informative and promotional communications. For this reason, the right to withdraw such consent at any time is recognized, without prejudice to the lawfulness of processing based on consent before withdrawal and without such withdrawal having any prejudicial consequences for the data subject.
4. Statistical Information and Service Operation Control
Through website navigation, the Data Controller automatically collects certain data, known as navigation data. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties or by the data controller, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI addresses of requested resources, time of request, method used in submitting the request to the server, numerical code indicating the status of the server response (success, error, etc.), and other parameters related to the user's operating system and computer environment.
The purposes of processing for these categories of data are the collection of statistical information, also aggregated, on service usage (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.) and the control of proper website and available services functioning.
Certain automatically collected data through navigation is necessary for web service usage, and their provision is mandatory to access the site and available services.
5. Communication of Data to Third Parties in the Sector
Only with the data subject's consent, their personal data may be communicated to third-party companies operating in the sector, which may process the data to send commercial and/or promotional communications about their products and services to the data subject.
The legal basis for processing is user consent, to allow access to specific and additional services such as sending future informative and promotional communications. For this reason, the right to withdraw such consent at any time is recognized, without prejudice to the lawfulness of processing based on consent before withdrawal and without such withdrawal having any prejudicial consequences for the data subject.

RECIPIENTS
The provided personal data may be communicated to appropriately appointed recipients who will process the data as data processors or authorized persons.
In particular, the data subject's personal data may be communicated to recipients belonging to the following categories: competent authorities for legal obligations; computer equipment repair and maintenance companies; companies managing the website and, in general, to allow suppliers to carry out technical, logistical, and other activities on behalf of the Data Controller. Our suppliers have access only to personal data necessary to perform their tasks, commit to not using the data for other purposes, and are required to process personal data in compliance with current regulations.
In any case, the dissemination of processed personal data is excluded.
The complete list of data processors, joint controllers, and persons authorized to process personal data can be requested by sending a specific request to the email address team@mon5.it

PROCESSING METHODS AND RETENTION TIMES
Processing is carried out using computer and telematic tools, with organizational methods related to the processing purposes as illustrated.
In particular, collected personal data is retained for a period determined taking into account the purposes for which it is collected. Personal data collected for purposes related to contract execution or pre-contractual measures is retained until the complete execution of the contract, except for legal obligations that require archiving for longer periods. Personal data collected and processed based on user consent is retained until its withdrawal.
Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.

DATA SUBJECT RIGHTS
Pursuant to Articles 15-22 of EU Regulation 2016/679, each data subject is recognized a series of rights.
Right of Access: The data subject, pursuant to Article 15, has the right to obtain confirmation of whether personal data concerning them is being processed and, if so, to obtain a copy. They also have the right to access their personal data and additional information such as the purpose of processing, categories of recipients, data retention period, and exercisable rights.
Right to Rectification: The data subject, pursuant to Article 16, has the right to obtain the rectification of inaccurate personal data concerning them or the integration of such data.
Right to Erasure: The data subject has the right to obtain the erasure of personal data concerning them without undue delay, where one of the reasons provided for in Article 17 exists.
Right to Restriction of Processing: The data subject has the right, in the cases provided for in Article 18 of Regulation 2016/679, to obtain restriction of processing.
Right to Data Portability: The data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and has the right to transmit such data to another controller without hindrance, as provided for in Article 20 of Regulation 2016/679.
Right to Object to Processing: The data subject has the right to object to the processing of personal data concerning them as provided for in Article 21 of Regulation 2016/679. The data subject also has the right to lodge a complaint with the competent supervisory authority, the Data Protection Authority.
Requests as per the previous points must be made in writing to the Data Controller. The Data Controller will provide a prompt response to requests for the exercise of data subject rights within the time limits established by current legislation. Any clarification or request for information can be made in writing to the Data Controller, also using the specific form available at the link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924

UPDATES AND MODIFICATIONS
The Data Controller reserves the right to modify, supplement, or periodically update this Policy in compliance with applicable legislation or measures adopted by the Data Protection Authority.
The above modifications or supplements will be brought to the attention of data subjects via email and through a link to the Privacy Policy page present on the website.
Each data subject is in any case invited to regularly check the Privacy Policy to verify the updated Policy.