Back to top


Pursuant to art. 13 of EU Regulation 2016/679 (“GDPR”), we issue the present statement in relation to the processing of the personal data entered in the above form (hereinafter, the “Data”).

1. Data Controller
The Data Controller is MDC S.p.A., with registered address in viale Lombardia 17, 20131 Milano, VAT reg. no. 12584550151, certified email (“pec”) (hereinafter “MDC”).

2. Scope of communication and dissemination of personal data
The Data may come to the knowledge of the Controller’s employees and/or contractors appointed to process the Data. Such persons, who have been instructed to this effect by the Controller pursuant to art. 29 of the GDPR, will process the Data exclusively for the purposes indicated in the present statement and in compliance with the provisions of the applicable legislation.
The Data may also come to the knowledge of possible third parties who will process the Data on behalf of the Controller in the capacity of external persons responsible for the processing, such, by way of example, as suppliers of goods and/or services, professionals and consultants, and in any case appropriately selected third parties equipped with experience, skills and reliability, guaranteeing compliance with the provisions in force on matters of processing of personal data. The complete and updated list of data processors appointed by the Controller can be requested by sending an e-mail to the following address:

3. Subject matter and purposes of the processing
The processing aims at the correct and complete setting up, management, execution and conclusion of the sale agreement signed with MDC in relation to the purchasing online of the products marketed in the “Shop” page at the address (hereinafter, the “Agreement”) and the fulfilment of any other obligation arising from national and EU legislation applicable to the contractual relationship.
Processing by the Controller does not envisage automated decision-making processes and the Data will not be subject to dissemination.
The processing of the Data will guarantee the principles of correctness, lawfulness and transparency and compliance with the rules of confidentiality and security.

4. Data retention
The Data will be retained for the time necessary for the execution of the Agreement and in any case for a maximum of 10 years in compliance with the administrative and book-keeping obligations pursuant to the law.

5. Submission of the Data
Submission of your Data is not obligatory, but failure to provide them will make it impossible to sign the Agreement.

6. Legal basis of the processing
The legal basis of the processing of your data lies in the execution of the contractual obligations and in the fulfilment of all the legal obligations arising from your consent.

7. Security of the Data
Adequate security measures are observed pursuant to the Privacy Code and the GDPR to prevent, in addition to unauthorised access, also the loss of the Data and their illicit or incorrect use.

8. Rights of the person concerned
Without prejudice to the content of the preceding paragraphs, you have the right to:
a) require the Data Controller to give access to the Data to rectify or cancel them or to limit their processing concerning you or object to their processing;
b) in relation to the processing founded on the legal basis of consent, revoke your consent at any time, without prejudice to the lawfulness of the processing based on the consent given before revocation;
c) lodge a complaint with the national supervisory body;
d) receive in a structured format, in common use and legible by an automatic device, the data provided by you for the purposes of portability;
e) if you agree to the processing of your Data for promotional purposes, to object to such processing at any moment and free of charge, whether regarding the initial or subsequent processing.
In order to exercise the rights listed above, as also for any request regarding the processing of the Data and the security measures adopted, you may contact the following e-mail address: