PRIVACY | GDPR | LEGAL INFORMATION

DISCLOSURE PURSUANT TO ART. 13 G.D.P.R.

Pursuant to and in accordance with Article 13 of the New Data Protection Regulation (GDPR 2016/679), we inform the Client (so-called data subject) that:

   1. Owner and other designated parties 

The Data Controller is 18 Montenapoleone S.r.l. (the Company), with registered office in Milan, Via Monte Napoleone n. 18, c.f., p. iva and CCIAA business registry of Milan Monza Brianza Lodi n. 06970880966 - R.E.A. 1927517, share capital: € 10.000,00 I.v. - pec: admin@pec.18montenapoleone.it , in the person of the pro-tempore legal representative Ms. Antonietta Mastrototaro.

The Customer may communicate with it via the email 18@18montenapoleone.it in order to exercise its rights.

   2. Processes carried out and legal basis

Data of a personal nature, freely provided by the Client to the Company by reason of the activity carried out under special contractual regulations will be processed lawfully, in accordance with fairness, as well as in accordance with the provisions of the Regulations for:

  • purposes related to obligations under laws, regulations and EU legislation as well as provisions issued by Authorities empowered to do so by law or by supervisory and/or control bodies
  • contractual purposes, related and instrumental to the establishment and management of customer relationships, such as the acquisition of information prior to the possible conclusion of a contract
  • purposes of communication of data to potential buyers/sellers/users For the promotion, by the use of traditional or electronic means, of real estate or retail business-related proposals, as well as of the services offered by the Company (such as market analysis and evaluation)
  • Purposes envisaged by current anti-money laundering legislation (Legislative Decree 231/07 and subsequent amendments)

The provision of the above data is mandatory in order for 18 Montenapoleone, as Data Controller, to carry out the assignment entrusted to it. In case of refusal to provide the requested data, the company will find itself unable to perform the services contractually provided.  

For such processing, the Company will collect consent by electronic and/or paper means. 

   3. Processing tools and data storage methods

The data processed (which may be common and identifying in nature) are up-to-date, complete, relevant and not excessive in relation to the aforementioned purposes of processing.

The same data will be processed, in accordance with the necessary security and confidentiality, through the collection of data from the data subject and the recording and storage of the same for the predetermined, explicit and legitimate purposes. The same data will be processed by both paper and electronic means.

Personal data will be processed by 18 Montenapoleone, as the Data Controller, as well as by employees and collaborators authorized to process it.

The data may be communicated not only to the public bodies to which the communications/statements subject of the contractual relationship are addressed, but also to the inspection bodies in charge, where required within phases of verification and control, inherent to the regularity of the fulfillments. 

The same data, the subject of this information, may be disclosed to professionals and/or collaborators of the owner for the performance of the task entrusted and for the same purposes. Conversely, the data in question will not be subject to dissemination, beyond the limits specified therein, unless otherwise specified by the interested party, provided in writing.

18 Montenapoleone, as Data Controller, could transfer the data subject of this to a third country (with respect to the European Community) or to an international organization, only and exclusively for the purpose of carrying out the task conferred on the same, as provided for in the exemption in art. 49, paragraph 1 letter "b", of Regulation 679/2016. It should be noted that the external backup is also performed by an Italian company, therefore also required to comply with the privacy regulations in question, through the use of servers located within the EU or in countries with which an adequacy decision is in force, ex art. 45, paragraph 1, of the G.D.P.R.

No automated decision-making process is present.

Finally, the data subject is informed that The Data Controller has put in place security measures to protect the data against the risk of loss, misuse or alteration.

   4. Period of data retention

The data, the subject of this information, will be kept:

  • for 5 years after the conclusion of the contractual relationship, for processing with a contractual legal basis
  • Until consent is withdrawn for treatments having a consensual basis
  1. Rights of the data subject 

The data subject has the right:

  • to request from the Data Controller confirmation or otherwise of the possession of personal data concerning him/her, even if not yet registered, and their communication in intelligible form, as well as verification of the same, their possible updating or integration, rectification or cancellation, their transformation into anonymous form or the blocking of those processed in violation of the regulations, the restriction of the processing of data concerning him/her or to oppose their processing, as well as the right to data portability. He/she also has the right to obtain the indication of the origin of personal data, their purpose and processing methods, as well as the logic applied in case of processing carried out with the aid of electronic instruments
  • He/she may also object in whole or in part to the processing of data concerning him/her
  • has the right to revoke consent at any time, without prejudice to the lawfulness of the processing carried out by reason of the consent given before revocation, as well as the right to lodge a complaint with a supervisory authority.