PRIVACY POLICY

PREAMBLES

DEKA M.E.L.A. S.r.l., with registered office in (50041) Calenzano (FI), via Baldanzese no. 17, hereby informs users of the web site www.monalisatouch.com that it wishes to provide information on the methods adopted to manage the site with reference to the handling and protection of personal data of subjects (users) who navigate within the site, with direct access from home pages or from internal pages.

This document is an informative notice complying with that laid down in article 13 of Legislative Decree no. 196 dated 30th June 2003, (Code dealing with the protection of personal data). This notice applies solely and exclusively to the web site www.monalisatouch.com owned by the company and not to other sites consulted by the user via any links activated on the pages of that site. Data referring to identified or identifiable persons may be collected by merely navigating on the site.

DATA CONTROLLER AND PROCESSORS

The Data Controller is DEKA M.E.L.A. S.r.l., with registered office in (50041) Calenzano (FI), via Baldanzese no. 17. An up‐to‐ date list of the processors, instructed by the Data Controller in the manner envisaged in art. 29 of Legislative Decree 196/2003, is available at the Data Controller’s registered office.

DATA HANDLED

Navigation data:

Data processing systems and software procedures adopted to run the web site acquire, during normal operations, certain personal data whose transmission is implied when Internet communication protocols are used.

This information is not collected to be associated with identified subjects, but due to its very nature, could, through processing and association with data held by third parties, identify individual users.

This category of data covers IP addresses or domain names of computers used by users who connect up to the site, addresses in notation URI (Uniform Resource Identifier) of the resources requested, the time of the request, the method used to make the request to the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operative system and the user’s computer environment.

Data, collected in this way, may be used to ascertain liability in connection with computer crimes damaging the site.

Data supplied directly by the user

The discretionary submission, explicit and voluntary, of data as requested by various sections on the web site indicated above, allows the company to process users’ requests (including, for example, but not limited to: when information or explanations are requested by writing to the electronic mail addresses found on the site on the home page or internal pages or when a user sends in his CV of his own accord in order to apply as a candidate, or when direct calls are made or faxes sent to numbers found in the section “contacts”). These provisions apply in particular to data inserted by companies or professional advisers on pages dedicated to the relevant registration necessary to make an application or to apply as a candidate for training.

Specific informative notices can be found on the web site relating to particular services requested by the user.

NATURE OF SUPPLY OF DATA

Navigation data are handled in order to execute data processing and data transmission protocols; the supply of personal data by users is free and voluntary.

HANDLING METHODS

Data collected through the above‐mentioned web site are handled by means of data processing and data transmission procedures. Technical data are kept by the servers operated by the company that is responsible for all the security measures envisaged in Legislative Decree no. 196/2003 and its attachments.

COOKIES

No personal data relating to users are acquired on this matter by the above‐mentioned web site.

Cookies are not used to transmit information of a personal nature, nor so‐called persistent cookies of any kind or systems to track users.

The use of so‐called session cookies (which are not stored persistently on the user’s computer, but vanish as soon as he closes the browser) is strictly limited to the transmission of session identification data (made up of random numbers generated by the server) necessary to allow the site to be explored safely and efficiently.

So‐called session cookies used on the aforementioned web site avoid the use of other data processing techniques that could potentially compromise the confidential manner in which users are able to navigate, and do not permit the system to collect the user’s personal identification data.

The Data Controller uses a number of cookies, as described in detail in the informative notice dealing with cookies that can be found on the company’s web site.

RIGHTS OF THE DATA SUBJECT

The data subject may enforce his rights as expressed in articles 7, 8, 9 and 10 of Legislative Decree no. 196 dated 30th June 2003, having recourse to the Data Controller. More precisely, according to art. 7 the data subject (party concerned) is entitled to obtain confirmation regarding the existence or otherwise of personal data regarding self, even if such data are not yet registered, and to receive the said data in intelligible form. The data subject is entitled to receive information regarding: a) the origin of the personal data; b) the purposes for which the data are being handled and the methods adopted; c) the logics applied in the event that the data are handled with the use of electronic equipment; d) details identifying the data controller, the data processing supervisors and the appointed representative as envisaged in article 5, paragraph 2; e) the subjects or the categories of subject to whom the personal data may be transferred or to whose attention they may be brought in a capacity as appointed representative for the territory of the State in question, as data processing supervisors or data processors. The data subject is entitled: a) to have data revised, altered or, when in his or her interests, supplemented; b) to have data handled in contravention of the law deleted, rendered anonymous or the circulation thereof restricted, including any information which need not be kept for the purposes for which the data were collected or subsequently handled; c) to obtain confirmation that the measures referred to in the foregoing paragraphs a) and b), including details thereof, have been brought to the attention of the parties to whom the data have been transferred or disseminated, unless such an obligation proves impossible or would require means which are grossly disproportionate to the rights being protected. The data subject is entitled to oppose, either in whole or in part: a) upon legitimate grounds, the handling of personal data regarding self, even if such data are relevant, with regard to the purposes underlying the collection thereof; b) the handling of personal data regarding self for purposes connected with the sending of advertising material, with direct sales, market research or sales communications.

TRANSFER AND DISSEMINATION OF DATA

Data collected will not be disseminated, sold or exchanged with third parties without the express consent of the data subject, apart from any notices sent to authorised third parties – who are obliged to treat them as confidential, or, if the case, instructed data processing supervisors, as defined in art. 29 of Legislative Decree no. 196/2003‐ (such as IT companies and hosting companies) whenever necessary for purposes connected with this informative notice. Data may be transferred to the competent authorities, in accordance with the law.

PLACE IN WHICH PERSONAL DATA ARE HANDLED

Personal data obtained via Web services offered by DEKA M.E.L.A. S.r.l. are kept at the company’s registered office situated in (50041) Calenzano (FI), via Baldanzese no. 17. The data are dealt with solely by technical personnel instructed to handle them or staff instructed from time to time to carry out maintenance work.