PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
The present notice supplements the website navigation policy in order to explain how the Controller will specifically process the data entered in this form. You are therefore invited to read the privacy notice relating to browsing the website www.mcz.it.
Identity and contact details of the Data Controller
MCZ GROUP S.p.A., headquartered in Vigonovo di Fontanafredda (PN), Via La Croce, 8, e-mail: privacy@mcz.it, telephone number +36 0434 599 599, hereinafter also “MCZ” or the “Controller”.
Contact details of the Data Protection Officer
The Data Protection Officer can be contacted at the following address: dpo@mcz.it.
Categories of data and their source
MCZ processes common personal data (e.g. personal details, contact information, data relating to the products and services requested) that you provide to us through the form.
Purposes and legal bases
- A. Handling information requests from PRIVATE INDIVIDUAL / ARCHITECT / JOURNALIST: if you contact us as a private individual, architect or journalist, the personal data will be processed for all needs related to responding to requests for information and/or quotations submitted through the contact forms on the Website, for example in order to obtain information on the Controller’s products and services such as brochures, catalogues, guides and/or other corporate information material, or to receive assistance, quotations, inspections and/or consulting regarding the Controller’s products and services and/or information about our retailers. To respond to certain types of requests you send us (e.g. quotations, inspections, consulting), we may rely on our local partners who will directly provide you with the requested products, services and/or information. In such cases, where necessary to respond to your request, we will share the personal data you have provided with our local partners.
- B. Handling information requests from DEALER / INSTALLER / SERVICE CENTRE: if you contact us as a Dealer / Installer / Service Centre, the personal data will be processed for all needs related to responding to requests for information and/or quotations and to managing the contractual relationship in all its phases (e.g. logistics organisation, management of customer support activities and fulfilment of legal obligations applicable to the Controller).
- C. Newsletter: contact data are used to send institutional e-mails or general-interest information about our company.
- D. Marketing: to send you, via e-mail, SMS, social networks, opinion and satisfaction surveys, commercial communications containing information on the Controller’s products and services, as well as promotions or invitations to events in which the Controller will participate.
- E. Defensive purposes: the Controller may need to process personal data for the management of disputes, both out-of-court and judicial.
| Purpose | Legal basis (common data) |
|---|---|
| A. | Performance of pre-contractual measures. |
| B. | Performance of pre-contractual and contractual measures. |
| C. | Consent. |
| D. | Consent. |
| E. | Legitimate interest of the Controller to establish, exercise or defend a legal claim. |
Retention period
| Purpose | Retention period |
|---|---|
| A. | 3 months from the response to the data subject. |
| B. | 10 years from termination of the contractual relationship. |
| C. | 24 months from the collection of consent. |
| D. | 24 months from the collection of consent. |
| E. | 10 years from the final resolution of the dispute. |
Nature of provision and consequences of refusal
| Purpose | Nature | Consequences |
|---|---|---|
| A. | Mandatory | Impossible to receive the requested information. |
| B. | Mandatory | Impossible to start or continue the commercial relationship. |
| C. | Optional | Impossible to receive the newsletter. |
| D. | Optional | Impossible to receive marketing communications from the Controller. |
| E. | Mandatory | Impossible to manage the dispute. |
Scope of communication
Data are processed by internal staff authorised for specific tasks and are communicated externally according to the following rules:
| Purpose | Categories of external recipients |
|---|---|
| A. | Companies belonging to the same corporate group; agents; commercial consultants; distributors; retailers; local partners. |
| B. | Companies belonging to the same corporate group; agents; commercial consultants; distributors; retailers; local partners. |
| C. | Companies belonging to the same corporate group; external consultants; companies providing hosting / technology platform management services. |
| D. | Companies belonging to the same corporate group; external consultants; companies providing hosting / technology platform management services. |
| E. | Law firms; debt recovery or debt transfer companies; judicial authorities. |
Since data are also processed using IT tools, they may also be visible to entities providing maintenance/support on such systems.
Transfer of data to a third country or international organisation
Personal data may be transferred, for the purposes for which they are collected, to the United States of America, which is a country outside the European Union. The transfer of personal data to entities located in the United States of America will take place exclusively on the basis of the Standard Contractual Clauses adopted or approved by the European Commission and/or the Adequacy Decision of the European Commission of 10-07-2023 on the adequacy of the level of protection of personal data under the EU–US Data Privacy Framework. To obtain a copy of such data, you can contact the Controller as indicated in the following paragraph.
Data subjects’ rights
The data subject is granted the following rights:
- Access: you can find out whether your personal data are being processed and, if so, obtain access to them and request a copy.
- Rectification: you can request the updating of your personal data, their correction if inaccurate, and the completion of incomplete data.
- Erasure: you can obtain the erasure of your personal data when certain conditions are met (for more information, please contact the Controller).
- Restriction: you can request that the data be marked so as to restrict their future processing when certain conditions are met (for more information, please contact the Controller).
- Objection: you can object to the processing of personal data for reasons related to your particular situation, where the processing is based on legitimate interest or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; you can also object to the processing of personal data for direct marketing purposes.
- Portability: you can receive in a structured format the personal data provided to the Controller and transmit them to another controller where the processing is based on consent or on a contract and is carried out by automated means.
- Withdrawal of consent: you can withdraw consent for the purposes that require it, without affecting the lawfulness of processing carried out before such withdrawal.
The rights that can actually be exercised in relation to the processing activities carried out are:
| Purpose | Access | Rectification | Erasure | Restriction | Objection | Portability | Withdrawal of consent |
|---|---|---|---|---|---|---|---|
| A. | X | X | X | X | X | ||
| B. | X | X | X | X | X | ||
| C. | X | X | X | X | X | ||
| D. | X | X | X | X | |||
| E. | X |
To exercise the above rights, you can use the form available here: Supervisory Authority form and send it to privacy@mcz.it.
You can lodge a complaint with the Supervisory Authority for the protection of personal data: www.garanteprivacy.it.
Last modified date: 03/12/2025 10:07
