This Privacy Policy concerns the management methods of the website www.mondiaswiss.com with regard to the processing of users' personal data. Processing of personal data means any operation or set of operations performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Pursuant to EU Regulation 679/2016 on data processing
personal when you use our services, you agree that our company
collect some of your personal data. This information is intended
purpose of telling you what data we collect, why and how we use it.

When you request information on our website through the Contact form, register an account, or purchase one of our products, we ask you to provide us with some information that is necessary for you to use our services.
These are, by way of example and not exhaustively, the data we ask you for:
• Name
• Surname
• Email address
• Tax code/VAT number
For online purchases and to be able to take advantage of the guarantee on our products, we may ask you further:
• payment information
• residential address
• tax information
• Telephone number
• Profession

Data processing will be aimed at carrying out the activities listed below:
2.1) Personal data is collected on our website for the purpose of:
• allow the user access to the website www.mondiaswiss.com
• allow the user to request information
• register on our website
• perform the requested service or performance
• allow you to purchase the products you requested
• allow you to benefit from the warranty on our products
• collect statistical information on the use of the site (most visited pages, number of visitors per time slot, geographical areas of origin, etc.) and improve its usability for its users.
Furthermore, we would like to point out that:
2.2) Subject to your express consent (Article 130 of the Privacy Code and Article 7 of the GDPR), we may process your data to send you, including via email, advertising material, newsletters, and communications containing informational and/or promotional content regarding the services provided and/or events promoted by the Data Controller or its commercial partners.
2.3) always with your express consent, we may also manage your data for the purpose of carrying out individual and aggregate profiling activities, market research and third-party research, aimed, for example, at analyzing consumer habits and choices, compiling statistics on the same or evaluating the level of satisfaction with the products and services offered.

Your personal data is processed using the operations indicated in Article 4(2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data is subject to both paper-based and electronic and/or automated processing.
The protection of your personal data and all transactions are guaranteed by SSL (Secure Sockets Layer) communication protocol encryption from the moment you register.
Your data will not be disclosed.

Your data may be made accessible for the purposes set out in Article 2.1 and, with your consent, Articles 2.2 and 2.3 to:
• employees and collaborators of the Data Controller in their capacity as authorised and/or internal data processors and/or system administrators;
• to third-party companies or other subjects (for example, ICT companies, website providers, service providers, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data controllers

Without the need for express consent (Article 6, letters b) and c) of the GDPR), the Data Controller may disclose your data for the purposes set out in Article 2.1 to supervisory bodies or judicial authorities, as well as to those entities to whom disclosure is required by law for the fulfillment of the aforementioned purposes. These entities will process the data in their capacity as independent data controllers. Only with your consent, for the purposes set out in points 2.2 and 2.3, will the Data Controller disclose the data to third-party companies such as commercial partners and event organizers, who will process the data in their capacity as external data processors.

Data management and storage take place on servers owned by the Data Controller and/or third-party companies appointed as external data processors. These servers are located at the Data Controller's premises (in Italy) and within the European Union.
Personal data will not be transferred outside the European Union. In any case, it is understood that, if necessary, the Data Controller may also transfer personal data to countries outside the EU. The Data Controller hereby guarantees that the transfer of personal data outside the EU will be in compliance with applicable laws (starting with EU Regulation No. 679/2016) and, if and when necessary, will stipulate specific agreements that guarantee an adequate level of personal data protection or, in any case, adopt the standard contractual clauses provided by the European Commission for the transfer of personal data outside the EU.

Please note that with reference to the purposes set out in point 2 of the "Purposes of Processing" section, without your personal data and your consent to processing, the service cannot be provided. Failure to provide data for the purposes set out in points 2.2 and 2.3 of the "Purposes of Processing" section will not have any impact on the provision of services. For the consequences of not accepting and/or removing cookies, please see the Cookie Policy.

The data collected by the site during its operation is retained for the time strictly necessary to carry out the specified activities. Upon expiration, the data will be deleted or anonymized, unless there are additional purposes for retention, such as for security reasons, in the event of potential abuse. In such cases, the Data Controller will retain the personal data acquired for the time necessary to fulfill legal obligations and/or to assert and/or defend a right in the appropriate courts. The data collected for the purpose referred to in point 2.2 will be retained for 2 years from the date of the last purchase, while that relating to the purpose referred to in point 2.3 will be retained for 12 months from the date of the last purchase.

As a data subject, you have the rights set forth in Article 15 of the GDPR, specifically the rights to:
• obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
• obtain information on: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors, and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors, or persons in charge of processing;
• obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data were communicated or disseminated, except in the case in which such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
• object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales materials or for conducting market research or commercial communications, through the use of automated calling systems without the intervention of an operator, via email and/or through traditional marketing methods such as telephone and/or post. Please note that the data subject's right to object, set out in point b) above, for direct marketing purposes via automated methods extends to traditional methods and that, in any case, the data subject retains the right to object even partially. Therefore, the data subject may decide to receive communications only via traditional methods, only automated communications, or neither type of communication.
Where applicable, you also have the rights set forth in Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

You may exercise your rights at any time by sending:
a registered letter to – Diffusione Orologi Srl with registered office in Via Santa Maria Valle, 4 20123 – Milan (MI), and/or an e-mail to privacy@diffusioneorologi.it .

The data controller is Diffusione Orologi Srl, with registered office at Via Santa Maria Valle, 4, 20123 Milan (MI), VAT number 02099340610. The updated list of data processors and persons in charge of data processing is kept at the registered office of the Data Controller.