Mo.ma snc Via delle Cantine, 1 53045 Montepulciano (SI) VAT No. 01379470527

This summary notice has been drafted in accordance with European Regulation 679/2016 on Data Protection (GDPR) and Article 13 of Legislative Decree 196/2003 (Personal Data Protection Code).

With regard to the processing of your personal data, we inform you that:

The personal data you provide or that is acquired within the framework of the contractual relationships with you is used to fulfill obligations arising from the contract entered into with you, to comply with civil and tax obligations, for bookkeeping, invoicing, credit management, and for commercial purposes.

Where expressly authorized, personal data may be used by Mo.ma snc and/or third parties for promotional and marketing activities.

Such processing includes the collection, registration, organization, storage, modification, consultation, processing, extraction, selection, interconnection, comparison, use, blocking, deletion, and destruction of the data, with the aim of minimizing usage in relation to the purpose of the processing itself.

The processing of the data provided is carried out in compliance with current regulations, using paper and IT tools suitable to protect your security and confidentiality, in compliance with the minimum measures required by Legislative Decree 196/03 and as deemed appropriate in relation to the risk assessment we have carried out for such processing.

Mo.ma snc pays particular attention to the selection of its service providers, ensuring that they meet and, where possible, exceed these security standards. Due to the nature of the services we provide, part of the processing may also take place outside the European territory, as detailed further below.

The provision of the requested personal data (owner's data, business name, VAT number, tax code, bank details) is mandatory, as failure to provide or partially provide such data would prevent the establishment of a business relationship with Mo.ma snc.

The data provided or acquired during the contractual relationship will not be disclosed, but may be communicated to external parties performing specific tasks on behalf of the company, such as accountants, law firms, banks, transportation companies, debt collection agencies, and IT service companies.

The data will be processed by staff directly appointed by the Data Controller. In the absence of a specific deletion request, the data provided will be stored for 5 years after the end of the contractual relationship (or for the minimum periods required by law, if longer).

The Data Controller is Mo.ma snc, with registered office at Via delle Cantine, 1 53045 Montepulciano (SI).

We also inform you that the GDPR and Article 7 of Legislative Decree 196/2003 grant the data subject the right to:

• Request confirmation of the existence of personal data concerning them,

• Obtain information on the processing of such data,

• Request the updating, rectification, integration, deletion, anonymization, and blocking of data processed unlawfully,

• Obtain a copy of the collected personal data,

• Object to processing for legitimate reasons,

• Seek intervention from the Data Protection Authority or the Judicial Authority in case of violations.

This right may be exercised by submitting a request via email to Info@laltrocantuccio.it, which will be handled in a timely manner based on the complexity of the request.

For full details of the ongoing processing, please refer to the privacy policy below.

Privacy Policy of Mo.ma snc Mo.ma snc collects certain Personal Data from its Users.

Users may be subject to different levels of protection. Some Users are therefore entitled to greater protection. More information regarding protection criteria can be found in the section on applicability.

Data Controller Mo.ma snc Via delle Cantine, 1 53045 Montepulciano (SI) VAT No. 01379470527

Email address of the Data Controller: Info@laltrocantuccio.it

Types of Data Collected Among the Personal Data collected by Mo.ma snc, either independently or through third parties, are: Cookies, Usage Data, email, first name, last name, and phone number.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed prior to the data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of Mo.ma snc.

Unless otherwise specified, all Data requested by Mo.ma snc is mandatory. If the User refuses to provide it, it may be impossible for Mo.ma snc to provide the Service. In cases where Mo.ma snc specifically states that some Data is optional, Users are free to refrain from communicating such Data without affecting the availability or operation of the Service. Users uncertain about which Data is mandatory are encouraged to contact the Data Controller.

The possible use of Cookies – or other tracking tools – by Mo.ma snc or by the third-party service providers used by Mo.ma snc, unless otherwise stated, serves to provide the Service requested by the User, as well as for the additional purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through Mo.ma snc and confirms that they have the right to communicate or disclose them, thereby releasing the Data Controller from any liability towards third parties.

Methods and Location of Data Processing METHODS OF PROCESSING

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other parties involved in the operation of Mo.ma snc (administrative, sales, marketing, legal, system administration staff) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may have access to the Data, appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.

LEGAL BASIS OF PROCESSING

The Data Controller processes Personal Data relating to the User if one of the following applies:

• The User has given consent for one or more specific purposes. Note: In some jurisdictions, the Data Controller may be allowed to process Personal Data without the User’s consent or any of the other legal bases specified below until the User objects (“opts out”) to such processing. This does not apply when the processing of Personal Data is subject to European data protection legislation;

• The processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;

• The processing is necessary for compliance with a legal obligation to which the Data Controller is subject;

• The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

• The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

In any case, the Data Controller will gladly help clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

LOCATION

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located. For further information, contact the Data Controller.

The User’s Personal Data may be transferred to a country other than the one in which the User is located. For more information about the place of processing, Users can refer to the section containing details about the processing of Personal Data.

If higher protection standards apply, the User also has the right to be informed about the legal basis for data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Data Controller to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquiring with the Data Controller using the contact information provided at the beginning.

RETENTION PERIOD

The Data is processed and stored for as long as required by the purpose for which it was collected.

Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until such contract has been fully performed.

• Personal Data collected for the purposes of the legitimate interests of the Data Controller will be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Data Controller within the relevant sections of this document or by contacting the Data Controller.

• When processing is based on the User’s consent, the Data Controller may retain Personal Data for longer until such consent is revoked. Furthermore, the Data Controller may be obliged to retain Personal Data for a longer period whenever required to do so for compliance with a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data will be deleted. Therefore, the right to access, erase, rectify, and the right to data portability cannot be enforced after expiration of the retention period.

Purpose of the Data Collected The Data concerning the User is collected to allow the Data Controller to provide its Services, as well as for the following purposes: Analytics, Managing addresses and sending email messages, Contacting the User, Displaying content from external platforms, and Infrastructure monitoring.

For specific information about the purposes of processing and the Personal Data used for each purpose, Users may refer to the relevant sections of this document.

Details on the Processing of Personal Data Personal Data is collected for the following purposes and using the following services:

CONTACTING THE USER

Contact form

By filling in the contact form with their Data, the User authorizes Mo.ma snc to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

ANALYTICS

The services in this section enable the Data Controller to monitor and analyze web traffic and can be used to track User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Data collected to track and examine the use of Mo.ma snc, to prepare reports on its activities, and to share them with other Google services.

Google may use the collected Data to contextualize and personalize the ads of its own advertising network.

Personal Data collected: Cookies and Usage Data.