Privacy Policy

Privacy Policy

(in accordance with Article 13 of EU Regulation 2016/679)

Article 13 of EU Regulation 2016/679 (hereafter GDPR 2016/679) sets down the rules for the protection of individuals and other entities regarding the processing of personal data. We wish to inform you that the personal data you provide will be processed in compliance with these rules.


1. Data Controller

The Data Controller (i.e. the individual or entity which determines why and how your personal data is processed) is Molok srl – C.F. 10249170969, with headquarters in Milan (MI) at Piazza San Sepolcro n. 1.

To exercise any of the rights referred to in this Privacy Policy and for any further information on how your data is processed and stored, you can contact the Data Controller via email at: – or by registered post at the company’s headquarters.


2. Legal bases and purposes for processing your data

Data is only ever processed in one or more of the circumstances referred to in Article 6, paragraph 1 of the GDPR. This means that the processing of data is lawful only if the following applies:

– the data subject has given consent for their personal data to be processed for one or more specific purposes;

– processing is necessary for the performance of a contract to which the data subject is party;

The Personal data you provide is collected and processed for the following purposes:

a) The provision of services: i.e. for the organisation, planning and monitoring of activities and to enable us more broadly to deliver our services and meet our contractual obligations.

The data subject can also request, via the Controller’s website, to be contacted to receive further information, consultation or metrics regarding the activities carried out by Molok srl;

b) Administration and accounting management: for example, to comply with obligations set out in national law and EC legislation in the areas of accounting, taxation, administration and the protection of health, law and order and public security;

c) Potential publication in the portfolio of client projects set up by Molok srl;

d) When sending a CV or a portfolio, for selection purposes only;

Please note that consent to process your personal data for the purposes described in a) to d) is required to establish and continue a business relationship with the Controller; refusal to provide consent means that Molok srl will not be able to fulfil its contractual obligations.


3. Types of personal data we collect

For the purposes mentioned above, the Controller can and will process the following types of personal data:

a) Personal information and contact details;

b) Tax details;

c) Bank details.


4. How your data is processed and stored

Data is processed in accordance with the security measures referred to in Article 32 of the GDPR 2016/679, by specially designated individuals and in compliance with the provisions of Article 29 of the GDPR 2016/679.

Data is processed electronically or otherwise and involves the collection, recording, organisation, storage, consultation, automatic processing, alteration, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure and destruction of the data.

The data may also be processed on behalf of the Controller, by professionals and/or external companies tasked with providing technical services, consultancy, development, management, administrative and accounting activities, and appointed for that purpose by the Controller.

You should be aware that, in compliance with the principles of lawfulness, purpose limitation and data minimisation laid down in Article 5 of the GDPR 2016/679, and subject to your freely given and explicit consent (given at the bottom of this Privacy Policy), your personal data will be stored for the period required to meet contractual obligations and to fulfil the purposes for which it was collected and processed.

For certain types of data, the law can allow for a longer storage period (for example 10 years for accounting and tax data).


5. Where we process your data

Data is currently processed and stored on the company’s server in Milan, which is equipped with appropriate security measures for the storage and protection of data.

Personal data is primarily stored in electronic files and in residual paper records, using measures that comply with the levels of security prescribed in the legislation.


6. Scope of disclosure and dissemination

Collected data will never be disseminated or disclosed without your explicit consent, except if disclosure is required for the transfer of data to public bodies, advisors, external professionals or other entities for the performance of a contract or fulfilment of legal obligations.

The data is stored on servers located within the European Union. However, the Controller has the right to move the servers to countries outside the EU if necessary. In these circumstances, the Controller will, from then on, ensure that the transfer of data outside the EU is carried out in accordance with the applicable laws, subject to standard contractual clauses laid down by the European Commission which ensure appropriate levels of protection.


7. The existence of automated decision-making, including profiling

The Controller will not process any data using automated decision-making processes, including profiling, referred to in Article 22, paragraphs 1 and 4 of EU Regulation 2016/679.


8. Processing children’s data

The Controller is aware of the sensitive nature of processing children’s data. We do not offer our services to children below the age of 14. We therefore ask that you do not attempt to register for these services if you are under the age of 14.

The Controller asks that anyone with parental responsibility for children under the age of 14 ensures that children do not attempt to use our services and that they advise children under the age of 14 not to leave their personal data on the Controller’s website.

If the Controller becomes aware of any data belonging to children below the age of 14, steps will be taken to delete that data.


9. Your rights as a data subject

You may at any time, in accordance with Article 15 to 22 of EU Regulation 2016/679, exercise your rights to:

a. Access: you are entitled to obtain confirmation of whether or not personal data concerning you exists, as well as how and why it has been processed. You can also obtain the contact details of the Data Controller and the Data Processor if applicable, and of the individuals or entities to whom the personal data may have been disclosed;

b. Rectification and erasure of data: you have the right for your data to be accurate and kept up to date; you may therefore ask for updates, corrections or additions to be made to your data. You can also request that any data processed in violation of the law be erased, made anonymous or blocked, including data which does not need to be kept for the purposes for which it was collected or subsequently processed;

c. Copies: you have the right to request a copy of your data; for additional copies, we may charge a reasonable fee based on administrative costs;

d. Portability: you have the right to receive data that concerns you in a structured, commonly used format and the right to transmit that data to another controller without hindrance;

e. Objections: you have the right to object at any time, on grounds relating to your particular circumstances, to the processing of personal data concerning you which is based on Article 6, paragraph 1 of the GDPR;

f. Withdrawal of consent: with regard to the processing of data for which you have already given consent, you have the right to withdraw it by the same means as it was given;

g. Complaints: in accordance with Article 77 of the GDPR, be aware that in addition to the rights listed above, you also have the right to lodge a complaint directly with the Supervisory Authority if you believe your data has been processed in violation of the provisions of the GDPR.

The Controller will not charge you for exercising any of your rights but may ask for specific information in order to respond to your requests.

We normally respond to complaints within 30 days of receipt but where this time limit cannot be met (e.g. due to the scale of the request or the complexity of the response), the Controller will notify you and keep you up to date on any developments relating to the complaint.


10. Updates and changes

The Controller reserves the right to modify, make additions to or update this Privacy Policy regularly in compliance with the applicable legislation or the provisions of the Italian Data Protection Authority.

You will be informed of any changes and amendments mentioned above through regular updates on the company’s website.