Privacy Policy.

The Controller processes the following types of Personal Data voluntarily provided by the Data Subject:

• ▸Contact Data: first name, last name, address, email, phone, images, authentication credentials, any additional information sent by the Data Subject, etc.

Failure by the Data Subject to provide Personal Data for which a legal or contractual obligation exists, or which constitute a necessary requirement for the conclusion of the contract with the Controller, will make it impossible for the Controller to establish or continue the relationship with the Data Subject.

Any Data Subject who communicates to the Controller Personal Data belonging to third parties is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.

The Application uses cookies, web beacons, unique identifiers, and other similar technologies to collect Personal Data from the Data Subject regarding pages visited, links clicked, and other actions performed when the Data Subject uses the Application. They are stored and then transmitted on the Data Subject’s next visit. The full Cookie Policy can be viewed at the following address: https://mensys.it/en/cookie

The processing of Personal Data is necessary:

1. for the performance of a contract with the Data Subject, and specifically:
   1. fulfilment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
2. to comply with a legal obligation, and specifically:
   1. compliance with any obligation imposed by applicable laws, statutes and regulations, in particular in tax and fiscal matters
3. based on the legitimate interest of the Controller, for:
   1. anonymous statistics: to carry out statistical analyses on aggregated and anonymous data to analyse the behaviour of the Data Subject, to improve the products and/or services provided by the Controller, and to better meet the expectations of the Data Subject

The Data Subject’s Personal Data may also be used by the Controller to defend itself in legal proceedings before the competent courts.

The processing of Personal Data is carried out using paper and electronic instruments, with organisational methods and logic strictly related to the stated purposes, and by adopting adequate security measures.

Personal Data are processed exclusively by:

• ▸persons authorised by the Controller to process Personal Data who have committed to confidentiality or have an adequate legal obligation of confidentiality;
• ▸entities operating independently as separate data controllers, or entities designated as data processors by the Controller in order to carry out all processing activities necessary to pursue the purposes set out in this notice (e.g. business partners, consultants, IT companies, service providers, hosting providers);
• ▸subjects or entities to whom Personal Data must be communicated by legal obligation or by order of the authorities.

The entities listed above are required to use appropriate safeguards to protect Personal Data and may only access those necessary to carry out the tasks assigned to them.

Personal Data will not be disseminated indiscriminately in any way.

Personal Data will not be transferred outside the territory of the European Economic Area (SEE).

Personal Data will be retained for the period of time necessary to fulfil the purposes for which they were collected, in particular:

• ▸for purposes related to the performance of the contract between the Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after termination, for the ordinary limitation period of 10 years. In the event of legal disputes, for the entire duration of the proceedings, until the expiry of the challenge period
• ▸for purposes related to the legitimate interest of the Controller, they will be retained until the fulfilment of such interest
• ▸for compliance with a legal obligation, by order of an authority, and for legal defence, they will be retained in accordance with the timeframes set by such obligations and regulations, and in any case until the expiry of the limitation period provided by applicable law
• ▸for purposes based on the consent of the Data Subject, they will be retained until the withdrawal of consent

At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.

Data Subjects may exercise certain rights with respect to the Personal Data processed by the Controller. In particular, the Data Subject has the right to:

• ▸be informed about the processing of their Personal Data
• ▸withdraw consent at any time
• ▸restrict the processing of their Personal Data
• ▸object to the processing of their Personal Data
• ▸access their Personal Data
• ▸verify and request the rectification of their Personal Data
• ▸obtain the restriction of the processing of their Personal Data
• ▸obtain the erasure of their Personal Data
• ▸transfer their Personal Data to another controller
• ▸lodge a complaint with the supervisory authority for the protection of their Personal Data and/or take legal action.

To exercise their rights, Data Subjects may send a request to the following email address amministrazione@mensys.it. Requests will be taken in charge by the Controller immediately and handled as soon as possible, in any case within 30 days.