ex articolo 13 del Regolamento UE 2016/679

A. Who are we and why are we giving you this document?

The Mondadori Group, a group of public limited-liability companies all subject to direction and coordination pursuant to art. 2359 Civil Code by its holding company Arnoldo Mondadori Editore S.p.A. (hereinafter “Mondadori Group”), has considered for many years very important the protection of its customers and users personal data by ensuring that such personal data are processed, whether automatically or manually, in full compliance with the rights and safeguards provided by the General Data Protection Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”) and in all such other laws and regulations as may apply to the protection of personal data.
For the purposes of this Notice “personal data” is defined as in Article 4 (1) of the Regulation, “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter “Personal Data”).
The Regulation requires that before Personal Data may be subjected to “processing” - meaning, as defined in Article 4 (2) of the Regulation, “any operation or set of operations performed on personal data or sets of personal data whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter the “Processing”) – the person to whom those Personal Data belong must be informed of the purposes for which those data are requested and how they are going to be used.
The purpose of this Notice is accordingly to provide you, straightforwardly and intuitively, with all the information you may need before contributing your Personal Data and those of the Minor for whom you have parental responsibility so that you can make that contribution with proper understanding and in a duly informed manner and can request and obtain clarifications and/or corrections at any time.
This Notice (hereinafter the “Notice”) has accordingly been drawn up on the basis of the Principle of Transparency and of everything required by Article 13 of the Regulation; it is arranged in separate parts (“Sections”) each of which deals with one particular topic that it may be more quickly read and more readily understood.

B. B. Who will process your Personal Data?

The company which will be processing your Personal Data for the purposes provided by Section D of this Notice (and which will accordingly be the Data Controller as defined in Article 4(7) of the Regulation, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and the means of the processing of personal data”) is as follows:
Mondadori Electa S.p.A. with its registered office at in Via Bianca di Savoia 12, 20122 – Milan, operative office and administrative office at Via Mondadori 1, 20090 – Segrate (MI), duly registered at the Companies’ Register of Milan, Tax Code no. 01829090123 and VAT Code no. 09671010156
(hereinafter the “Data Controller”)
The Data Controller, for several activities and purposes as per Section E, will act jointly with other companies that will be considered as Joint Controllers defined as “two or more companies that jointly defined porpoises and means of processing” as defined in article 26 of the Regulation:
(hereinafter jointly with Data Controller, the “Joint Controllers”)
The Joint Controllers have stipulated a joint controller agreement, as provided by article 26 of the Regulation, in which they assumed to:

C. C. Whom can you contact?

To facilitate dealings between the Data Controller and the persons concerned, or (in the singular) the person defined in Article 4, (1) of the Regulation as “the identified or identifiable natural person” to whom the Personal Data refer (hereinafter the “Data Subject”), the Regulation requires, in some specific cases, the designation of a person responsible for control and support; one of that person’s tasks is to act as the point of contact for the Data Subject.
The Mondadori Group has instituted the position of Data Protection Officer (the “DPO”), and has appointed Mr. Ugo Ettore Di Stefano to that position in accordance with Article 37 of the Regulation.
The DPO’s duties, under Article 39 of the Regulation, include the following:
As provided for in Article 38 of the Regulation, you are welcome to contact the DPO if you have any questions about the processing of your Personal Data and/or want to exercise your rights as described in Section G of this Notice. You can do this by e-mailing or by writing to the Data Protection Officer of the Mondadori Group at the address of its holding company, Arnoldo Mondadori Editore SpA, 1 via Mondadori, 20090 Segrate (MI), Italy, or by calling +39 02 75421.
You can find all the information about how your Personal Data are used and processed, together with the latest contact details and communication channels made available to all Data Subject by the Mondadori Group, by going to the “Privacy” section of the Websites at any time.

D. For which main purpose will be processed your Personal Data?

The Data Controller needs to process your Personal Data in order to allow your registration to one or more of its own websites, ask information by using the contact section and/or subscribe to newsletter service. The websites for which the Data Controller will collect your Personal Data are listed in the Mondadori Electa section of the Mondadori Group Privacy Policy at the following link (hereinafter “Websites”). The Personal Data will be processed by Data Controller for the following purposes: to allow your registration to Websites, join in the events organized by the Data Controller, receive newsletters, to beneficiate of the services provided by each of Websites in which you are registered. The Processing will be legally based on the contractual relationship that will occur between you and Data Controller further to your acceptance of Websites General Terms and Conditions.
The Personal Data that will be collected for the purpose above could be: first name, last name, home address, date and place of birth, e-mail address and telephone numbers.
Whenever you decide to access to Websites by using a social profile (e.g. Facebook, Google, Twitter profile), where allowed, the collection of your Personal Data will be done by the Data Controller at third parties, owners of the relevant social network that you used to have access to our Websites. Anyway you can read this Privacy Notice in the Privacy Section of every Websites.

E. Other purposes

The Data Controller, jointly with Joint Controllers, after your explicit, free and unequivocal consent, as provided by article 6,1, point a) of the Regulation, will have the possibility to ask you other Personal Data, adding them to the ones described before, for example and not in order to be exhaustive, data related to your preferences, habits, needs and market choices, for the following purposes:
Your Personal Data will be processed for the purposes as per point (ii) and (iii) upon your express consent that shall respect all the conditions provided by article 7 of the Regulation, so that the Processing of your Personal Data for this purposes will be lawful.
With reference to direct marketing activities as per point (i), according to article 6,1, point f) of the Regulation, the Joint Controllers shall make such activities on the basis of their legitimate interest, without your express consent and until your opposition to carrying out such Processing activities as better defined in the Preamble 47 of the Regulation in which “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. It will be possible to carry out such activities further to the evaluation carried out by the Joint Controllers on the prevalence of their own legitimate interest with respect to your interest, rights and fundamental freedom provided by the applicable legislation.
You may be contacted in a different ways for direct, indirect marketing and profiling, as per points (i), (ii) and (iii); such ways will concern automatic tool (e-mailing, sms, mms, fax, calls without operator) or traditional tool (calls with operator or mailing). Anyway, as better regulated in the following Section H, you can withdraw your consent, even in a partial way.
Only for the call activities, we wish to inform you that the Joint Controllers will process your Personal Data further a prior check at the Opposition Register as regulated by the Presidential Decree September 7th, 2010, no. 178 and hereinafter modifications.

F. To whom may your Personal Data be disclosed?

Your Personal Data may be disclosed to specific persons regarded as their “Recipients”; Article 4(9) of the Regulation defines such a “recipient” as “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not
That being so, in order that all the Processing activities needed for the purposes mentioned in this Notice can be carried out correctly, the Recipients who may come to process your Personal Data are as follows:

G. For how long will your Personal Data be processed?

One of the principles that apply to the Processing of your Personal Data restricts the period of storage. This is governed by Article 5(1)(e) of the Regulation, which reads “Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the Data Subject.”
In the light of this principle your Personal Data will be processed by the Data Controller for no longer than is needed for the purposes set out in Section D of this Notice. Specifically, your Personal Data will be processed for the shortest time necessary, as indicated in paragraph 39 of the Preamble to the Regulation; that is, until the end of the contractual relationship between you and the Data Controller – though a further period of storage may be required by some statutory or regulatory provision, as provided for in paragraph 65 of the Preamble to the Regulation.

H. Which are your rights?

Article 21 of the Regulation entitles you to access your Personal Data, and to ask for them to be rectified or updated if they are wrong or incomplete and erased if they have been collected in breach of a law or regulation, and to object on specific legitimate grounds to their Processing.
In detail, all the rights you can exercise at any time by demanding action on the Data Controller’s part are set out below:
To exercise any of the above rights you need only contact the Data Controller in one of the following ways:
You are reminded that you can also contact the Mondadori Group’s DPO at any time, as explained in Section C of this Notice.

I. Where will your Personal Data be processed?

Your Personal Data will be processed by the Data Controller within the European Union.
We hereby give you notice that whenever technical and/or operational considerations make it necessary to have recourse to persons outside the European Union, those persons will be appointed Data Processors as defined in Article 28 of the Regulation and with the effects provided for in that Article; the transfer of your Personal Data to those persons, which will be limited to the performance of specific processing activities, will be governed in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will accordingly be taken to guarantee the fullest protection of your Personal Data, since the transfer in question will be based on: (a) decisions of the European Commission as to the adequacy of the recipient non-EU country in question; (b) appropriate safeguards provided by the third-party recipient in accordance with Article 46 of the Regulation; (c) binding corporate rules. You can in every case get further details from the Data Controller whenever your Personal Data have been processed outside the European Union, by asking for an explicit account of the specific safeguards in place.
* * * * *
Version: May 2018