PRIVACY POLICY
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 – 14 OF EU REGULATION 2016/679 AND CONSENT.

Pursuant to EU Regulation 2016/679 (hereinafter referred to as the Regulation or ‘GDPR’) and current national legislation on personal data protection, this privacy notice is provided to: natural persons acting on behalf of Clients, the Client itself if a natural person (e.g., sole proprietorship or professional), users of the website (moving-glass.com), potential Clients, hereinafter also referred to as Data Subjects:

1. Data Controller: Moving Glass e Metal Design s.r.l. VAT No. 02193920283, Tel. +39 049 945 1022, email: moving@moving-glass.com, website moving-glass.com.
2. types of Data Processed – The personal data processed are collected directly from the Data Subjects or from the company they work for, during pre-contractual activities, the conclusion, and the execution of the contract. Such common data include personal details (surname and first name, …), contact information (phone number, email address, …). The Joint Controllers do not process any ‘sensitive’ or ‘special’ data (see Art. 9 of the GDPR). The processing of personal data is carried out in compliance with the provisions of the GDPR and the current Privacy Law, using manual, paper-based, IT, and telematic tools, including automated systems, and following the principles of fairness, lawfulness, and transparency to ensure the security and confidentiality of the data. In particular, processing may take place through automated systems (such as email, SMS Short Message Service, or other types of electronic communication) as well as traditional systems.
3. purpose, Legal Basis of Processing, and Mandatory Nature of Data Provision – The Joint Controllers process personal data:
   1. for purposes strictly related and instrumental to the management and execution of contracts with Clients (e.g., acquisition of preliminary information for the conclusion of a contract, provision of services, handling of development requests, support, etc.). The provision of personal data for this purpose and its processing are necessary to the extent that the Data Subjects deem it necessary to communicate such data to ensure the effectiveness of the pre-contractual, service provision, and support activities carried out by the Joint Controllers. These processing operations do not require the consent of the Data Subjects. The legal basis for processing is identified as the necessity to enter into or perform a contract;
   2. in the case of a sole proprietorship or professional, for purposes of protecting the assets and rights of the Joint Controllers, such as acquiring information related to their creditworthiness or for debt recovery. The data are necessary for the conclusion of the contract. The legal basis for processing is identified as the legitimate interest of the Joint Controllers, and consent is not required.
   3. for direct/indirect marketing purposes (this list is not exhaustive): sending commercial information and newsletters, communication of promotional initiatives and events of the Joint Controllers and technological partners. The provision of personal data for these purposes is not mandatory, and the related processing requires the consent of the data subjects. Failure to provide consent will not affect the service provided but will result in the Joint Controllers being unable to send you commercial communications. The legal basis for processing is the data subjects’ explicit consent.
4. Categories of recipients of personal data: personal data, within the limits and for the purposes indicated, may be disclosed to or become known by and subsequently processed by:
   1. employees and collaborators of the Joint Controllers who are expressly authorized;
   2. consultants of the Joint Controllers, marketing agencies, agents, companies providing IT services (website management, internet services, etc.), potentially in their capacity as external data processors;
   3. technological partners of the Joint Controllers;
   4. shippers or carriers for goods to be delivered/received;
   5. companies specialized in customer creditworthiness information systems, and companies and/or professionals for debt collection;
   6. entities that may access the data by virtue of legal provisions or European regulations, within the limits provided by law.
   7. the full list of recipients is available at the Joint Controllers’ headquarters.
5. data retention period: the personal data in question are processed for the entire duration of the commercial relationship and for up to 10 years thereafter; for marketing purposes, the data are processed and retained until the consent is revoked.
6. data transfer abroad: processing is carried out within the European Economic Area (EEA) and data may be transferred to the USA; in this case, the guarantee of data protection is ensured by the signing of appropriate contractual clauses designed to ensure an adequate level of protection.
7. automated decision-making processes: any automated decision-making process, including profiling, is excluded.
8. Data subject rights: the Joint Controllers inform you that, with regard to the data provided, you as the Data Subject have the following rights:
   1. right of access to data and obtaining a copy: to obtain confirmation as to whether or not your Personal Data is being processed, and if so, to gain access to the Personal Data and the information provided for in Article 15 of the GDPR, including, for example: the purposes of the processing, the categories of Personal Data processed, etc.
   2. right to rectification: to obtain the rectification of your inaccurate Personal Data as well as, considering the purposes of the processing, the supplementation of the data, if incomplete, by providing appropriate documentation;
   3. right to erasure of personal data: to request the erasure of your Personal Data if one of the reasons provided for in Article 17 of the GDPR applies, including, for example, when the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, or when the consent on which the processing of your Personal Data is based has been withdrawn and there is no other legitimate reason for processing. The Joint Controllers will not be able to erase your Personal Data if its processing is necessary, for example, for compliance with a legal obligation, or for the establishment, exercise, or defense of a legal claim.
   4. right to restriction of processing: to obtain the restriction of the processing of your Personal Data if one of the conditions set out in Article 18 of the Regulation applies, including, for example: disputing the accuracy of your Personal Data for the time necessary for the Joint Controllers to carry out the necessary verifications; objection to the processing while the Joint Controllers verify whether the legitimate grounds for the processing override yours;
   5. right to data portability for electronic data subject to automated processing: to obtain a copy of the Personal Data you have provided in a structured, commonly used, and machine-readable format (e.g., computer and/or tablet); to transfer your received Personal Data to another Data Controller without hindrance from the Joint Controllers and based on your specific authorizations and instructions;
   6. right to object to processing: to block the processing if it is carried out for the pursuit of a legitimate interest of the Controller, unless there are legitimate reasons to proceed with the processing (reasons that outweigh the interests, rights, and freedoms of the data subject), or the processing is necessary for the establishment, exercise, or defense of a legal claim;
   7. right to withdraw consent to processing, without prejudice to the lawfulness of the processing based on the consent given prior to its withdrawal;
   8. right to lodge a complaint with the competent supervisory authority: the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
9. contact details: for any clarification and to exercise their rights, data subjects can contact the Joint Controllers by writing to the centralized Privacy Office:

Moving Glass e Metal Design s.r.l.
Via M. Buonarroti, 73, 35010, San Giorgio in Bosco (PD)
C.F. e P.IVA 02193920283
Tel. +39 049 945 1022
email: moving@moving-glass.com