PERSONAL DATA PROTECTION

MMB has appointed (under Article 37(b) of the GDPR), a Data Protection Officer (hereafter DPO), whose job (under Article 39 of the GDPR) includes monitoring compliance with the applicable data processing regulations. You can contact our DPO to exercise your rights under the GDPR at the following e-mail address: rpd@mmbsoftware.it.

MMB processes personal data for the following purposes:

1. entering into or performing a contract (e.g. keeping you informed of technical updates or regulatory changes affecting your business) or pre-contractual operations, such as the production of forms, offers, sending requested material, etc. This need provides the legal basis for the resulting processing. The provision of data for such purposes constitutes a contractual obligation or a necessary requirement for entering into the contract. Non-communication and partial or inaccurate communication may make it impossible to carrying out the requested activities and prevent MMB from performing its contractual obligations;
2. fulfilling legal obligations (e.g. invoicing and bookkeeping, orders issued by the authorities or courts, etc.). This need provides the legal basis for the resulting processing. The provision of the data required for these purposes is a legal obligation. Without the data, MMB would be unable to establish relations and could be obliged to report you;
3. protecting MMB's rights, i.e. the data controller's legitimate interests, whether in court proceedings or in an out-of-court procedure;
4. as our customer, to use, in our legitimate interests and only in the event that you do not deny us this facility, any email address provided at the time of the sale to send you promotional material relating to products/services similar to the ones we supplied to you. For this purpose, your refusal will not affect the provision of the requested products or services. Remember that you can revoke your authorisation at any time by simply notifying the data controller in writing. You will find instructions for unsubscribing from our list at the end of the e-mail messages we send you.

In addition to data relating to the company (e.g. company name, VAT number, location of operating headquarters, telephone numbers, email and/or certified email (PEC) addresses, bank and payment references, contact IP address) the data may be:

1. a list of dealings that have taken place between the parties by means of email, PEC, fax and verbal requests which may have been made by telephone or opening support tickets;
2. the name and/or surname, role or duties of one or more individuals employed by your company who interact with MMB for the purposes of performing the contract, including any direct telephone number (landline or mobile) that the person decides to provide in order to speed up and improve performance of the contract.

Processed data strictly required to perform the contract may be disclosed to:

1. third-party companies that provide legal, bookkeeping and/or administrative advice and will operate exclusively in full compliance with instructions provided by MMB as Data Processors;
2. companies belonging to the MMB group, including sister, parent, subsidiary and associated companies for administrative and commercial purposes;
3. oversight bodies, judicial authorities and all entities to which disclosure is mandatory by law (Article 6(1)(c) of the GDPR), e.g. the tax authorities.

To obtain a full list of the data processors, you may contact the data controller at any time using the contact details provided at the end of this document.

For the performance of certain activities, which require the processing of personal data of a common nature, we use the cloud services of our suppliers that involve transferring data to countries outside the EU, specifically to the USA. Standard contractual clauses (SCCs) adopted by the Commission (Article 46 GDPR “Transfers subject to appropriate safeguards”) are included in contracts signed with suppliers which act as data processors under Article 28 of GDPR 2016/679, to guarantee the transfer of data to a non-EU country in the absence of an adequacy decision by the European Commission. You may obtain a copy of the aforementioned guarantees by making a specific request to the Data Controller in the manner  indicated in the section on Rights of the data subject, or by clicking on the following links:

Your data will be processed throughout the contractual relationship established and also thereafter for the fulfilment of all legal obbligations. The data provided will be stored in our archives according to the new following parameters:

1. for administrative, accounting, contractual, and dispute management activities: from 5 to 10 years as established by civil law and by the rules governing tax powers and inspections, unless an extension is justified by specific reasons (e.g. in the event of disputes or inspections by the competent authorities);
2. to contact you for promotional purposes until you deny us this facility by exercising your right of objection and/or cancellation at any time.

The company does not carry out processing based on automated decision-making, including profiling, which could have a legal impact on you or which may significantly affect you.

You are entitled to exercise your rights at any time (Article 15 et seq. of the GDPR), in particular:

1. you can confirm whether or not we hold personal data concerning you and, if we do, you can request information on:
   • all available information regarding their origin;
   • the purposes of the processing and its legal basis;
   • the recipients of your personal data and how they are protected during transfer, as well as the im pursued and the limitations imposed on the recipient;
   • the intended period for which your data will be stored;
   • the rectification of inaccurate data including the completion of incomplete personal data;
   • restriction, or withdrawal of your consent to the processing;
2. you may also object (Article 21 of the GDPR) to the processing of your data;
3. you may request the deletion of your personal data (Article 17 of the GDPR). A request for deletion will be met only be made if storage is not compulsory under a European Union or Member State law. In this case, processing will be carried out solely for the purposes set out in Article 2(B) of this Policy;
4. you may obtain a copy of your data in a structured, commonly used and machine-readable format that you can also use to transmit those data to third parties;
5. if  you consider that your data is being processed in breach of the GDPR, you may refer the matter to the Italian Data Protection Authority www.garanteprivacy.it.

You may assert your rights by contacting our DPO, using the email address we have provided above, or by using the following email address: trattamentodati@mmbsoftware.it. You may also exercise your rights using the form made available by the Italian Data Protection Authority at

MMB may supplement and/or update this privacy policy in order to incorporate Italian and/or EU regulatory changes that may affect the applicable privacy legislation. MMB will inform you of any material amendments to this policy by publishing the changes on this website.