Published using Google Docs
Privacy Policy | MontyLab.docx
Updated automatically every 5 minutes

Privacy Policy

The purpose of this Privacy Policy is to provide you with information on the processing of personal data carried out by The Tech Alchemist Ltd when you access and browse this website (as further described below).

  1. INTRODUCTION - WHO ARE WE? 

The Tech Alchemist Ltd, with registered office at Old Casino, 28 Fourth Avenue - Hove, EAST SUSSEX BN3 2PJ - United Kingdom, VAT Reg #: 164 8463 82 (hereinafter, "The Tech Alchemist" or "Controller") owner of the website https://marcomontemagno.com/nft/(hereinafter, the "Site"), as data controller with respect to the processing of the personal data of the users who browse the site (hereinafter, "Users") hereby provides the privacy policy pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016 and the privacy legislation in any case applicable to the processing carried out by the Controller (hereinafter, "Regulation", or "Applicable Law").

  1. HOW TO CONTACT US?

The Controller takes into the utmost consideration the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users may contact the Controller at any time, using the following methods:

The Tech Alchemist has not identified a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for in Article 37 of the Regulation. The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to art. 27 of the Regulation, the company Shibumi S.r.l., with registered office in Via Lentasio 9, 20122 – Milan (Italy).

  1. WHAT DO WE DO? - PURPOSE OF PROCESSING  

By browsing the Site, the User can stay up to date with the first NFT collection of Marco "Monty" Montemagno and register to the so-called MontyLab community, as described by the Site itself (hereinafter, "Service").

In relation to the activities that may be carried out through the Site, the Controller collects personal data relating to Users.

This Site and the services that may be offered through the Site are reserved for individuals who are 18 years of age or older. Therefore, the Controller does not collect personal data on persons under 18 years of age. Upon request of the Users, the Controller will promptly delete all personal data involuntarily collected on persons under 18 years of age.

Users’ personal data will be lawfully processed by the Controller for the following purposes

(a)         contractual obligations and provision of the Service, to enable navigation of the Site or to execute the General Conditions of the Site and to fulfil specific requests of the User. The User's data collected by the Controller for the purposes of any registration on the Site include: e-mail address, wallet ID, as well as any personal information the User may have voluntarily published. Unless the User gives the Controller a specific and optional consent to the processing of his/her personal data for the further purposes provided for in the following paragraph, the User’s personal data will be processed by the Controller for the exclusive purpose of ascertaining the User's identity, thus avoiding possible fraud or abuse, and contacting the User for service reasons only (e.g. sending notifications relating to the Service). Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Controller make the personal data of the Users accessible to other Users and/or third parties;

b) administrative-accounting purposes, i.e. to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;

c) legal obligations, i.e. in order to comply with obligations imposed by law, by an authority, by a regulation or by European legislation.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to use the Service offered by the Controller.

  1. FURTHER PROCESSING PURPOSES

Marketing (sending of advertising material, direct sales and commercial communication)

Some of the User's personal data (i.e. the e-mail address) may also be processed by the Controller for marketing purposes (sending advertising material, direct sales and commercial communications), i.e., so that the Controller can contact the User by e-mail, to propose the purchase of products and/or services offered by the Data Controller and/or third-party companies, to present offers, promotions and commercial opportunities.

If consent is not given, the possibility of using the Service will not be affected in any way.

In the case of consent, the User may revoke it at any time by making a request to the Controller in the manner indicated in paragraph 8 below.

The User may also easily oppose further sending of promotional communications by e-mail by clicking on the appropriate link for withdrawing consent, which is present in each promotional e-mail.

The Controller informs that, following the exercise of the right to object to the sending of promotional e-mail communications, it is possible that, for technical and operational reasons (e.g. the formation of contact lists already completed shortly before the receipt by the Controller of the request for objection) the User will continue to receive some further promotional messages. If you continue to receive promotional messages after 24 hours of exercising your right to object, please report the problem to the Controller using the contact details set out in paragraph 8 below.

  1. LEGAL BASIS

Contractual obligations and provision of the Service (as described in paragraph 3, lett. a) above): the legal basis consists in art. 6, paragraph 1, lett. b) of the Regulation, i.e., the processing is necessary for the performance of a contract to which the User is party or for the performance of pre-contractual measures taken at the User's request.

Administrative-accounting purposes (as described in paragraph 3, letter b) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, as the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures taken at the request of the User.

Legal obligations (as described in paragraph 3, letter c) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, as the processing is necessary to comply with a legal obligation to which the Data Controller is subject.

Further processing purposes: for the processing relating to marketing activities (as described in paragraph 4 above), the legal basis consists of Article 6(1)(a) of the Regulation, i.e., the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User to provide specific free and optional consent in order to pursue such processing purpose.

  1. PROCESSING METHODS AND DATA RETENTION

The Controller will process the personal data of the Users by means of manual and computerized tools, with logic strictly related to the purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.

The personal data of the Users of the Website will be kept for the time strictly necessary to carry out the primary purposes described in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Users and the Controller under the civil law.

In the case of paragraph 4 above, the personal data of the Users will be kept for the time strictly necessary to fulfil the purposes described therein and, in any case, until the User revokes his consent.

  1. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA

The User's personal data may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer takes place in compliance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation.

The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Site and the Users' requests. These subjects, who have been instructed in this sense by the Controller pursuant to art. 29 of the Regulation, will process the data of the Users exclusively for the purposes indicated in this information notice and in compliance with the provisions of the Applicable Law.

Users' personal data may also be disclosed to third parties who may process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Site, suppliers of outsourcing or cloud computing services, professionals and consultants.

Users are entitled to obtain a list of any data processors appointed by the Data Controller, by making a request to the Data Controller in the manner indicated in paragraph 8 below.

  1. RIGHTS OF THE DATA SUBJECTS

Users may exercise the rights guaranteed to them by the Applicable Law by contacting the Controller in the following ways:

The Tech Alchemist has not identified a Data Protection Officer (DPO), as it is not subject to the designation obligation provided for in Article 37 of the Regulation. The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to article 27 of the Regulation, the company Shibumi S.r.l., with registered office in Via Lentasio 9, 20122 – Milan (Italy).

Pursuant to the Applicable Law, the Controller informs Users that they have the right to obtain information on (i) the source of the personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic instruments; (iv) the identification details of the data controller and data processors; (v) the entities or categories of entities to whom the personal data may be communicated or who may become aware of it in their capacity as data processors or persons in charge of processing.

Furthermore, Users have the right to obtain

(a) access, updating, rectification or, when they are interested, integration of the data;

b) the cancellation, transformation into an anonymous form or limitation of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

In addition, Users have:

(a) the right to withdraw consent at any time, if the processing is based on their consent;

b) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);

(c) the right to object:

(i) in whole or in part, on legitimate grounds to the processing of personal data concerning them, even if relevant to the purpose of collection;

ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication;

iii) if their personal data are processed for direct marketing purposes, at any time, to the processing of their data for such purposes, including profiling insofar as it is related to such direct marketing.

(d) if they consider that the processing of their data is in breach of the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they have their habitual residence, in the Member State in which they work or in the Member State in which the alleged breach has occurred). The Italian Supervisory Authority is the Garante per la protezione dei dati personali, based in Piazza Venezia n. 11, 00187 - Rome (http://www.garanteprivacy.it/). The English Supervisory Authority is the Information Commissioner's Office (ICO), with its registered office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (United Kingdom) (https://ico.org.uk/).

_____________

The Controller is not responsible for updating all the links displayed in this policy; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by such link.