REGARDING THE PROTECTION OF PERSONAL DATA PURSUANT TO ART. 13 OF REG. (EU) 2016/679 Dear Customer, the protection of personal data is a fundamental value for MBS Engineering. 

Your personal information will therefore be treated in compliance with the law and the principles of correctness, lawfulness and transparency, and your customer rights guaranteed as established in the information. Our Company protects the confidentiality of personal data and guarantees adequate security measures against events that can put personal data at risk of violation.

As required by Regulation (EU) 679/2016 of the European Parliament and of the Council (GDPR) and by Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, and in particular by art. 13, below we provide the Customer, as an “Interested”, with the information required by law relating to the processing of their personal data.

This Information may be integrated by the Data Controller if any additional services requested by You, should involve further processing.

1 – DATA CONTROLLER: Is MBS Engineering, in the person of the Legal Representative.

Tel: 0916360897, E-mail:



As part of the processing, it is necessary to know and store personal data such as: name and surname, company name, tax code and VAT number, address, telephone / fax, e-mail, bank and payment references. Any change in such data must be promptly communicated by the interested party in order to correctly manage the contract.


The data provided voluntarily by the Customer are those necessary for the Owner to provide the support service for the resolution of IT problems (system blocks, data loss, presence of viruses, performance degradation, loss of functionality, hardware breakdowns … ) aimed at restoring normal operations. These available data are processed lawfully and fairly for:

Execution of pre-contractual activities and the acquisition of preliminary information for the purpose of signing the contract. Management of the contractual relationship and all administrative, operational, managerial and accounting activities (order management, invoicing, assistance and post-service support). Compilation of VAT forms, withholding agents and other tax returns in general and any other fulfilment necessary for the fulfilment of the supply mandate given to the Company.
The management of litigation, breach of contract, warnings, transactions, arbitrations, judicial disputes and the fulfilment of obligations under laws, regulations, community regulations and provisions issued by authorities

  • LEGAL BASIS OF THE PROCESSING engineering the legal basis that legitimizes the processing of data is the execution of the contract.

In relation to the aforementioned purposes, the data is processed both on paper and with electronic, IT and telematic tools. The collected data is entered in the records and registers required by law and are kept by the Data Controller in computer and paper archives.


The provision of personal data relating to the processing is mandatory, as this is required for the fulfilment of legal and contractual obligations.


Any refusal will make it impossible for the Data Controller to follow up on the contract or to properly fulfil the obligations required by law related to the execution of the contract.


In the processing of your personal data, the Data Controller adopts the necessary precautions to ensure the protection of confidentiality, availability and integrity in compliance with the principles set by the data protection regulations. The data in paper format are collected in a locked cabinet, while those in digital format are collected on a PC equipped with a username and password for access.


Your personal data will be processed and stored for the entire duration of the contractual relationship and, at the end of the same, they will be kept for all legal obligations related to or deriving from the contract entered by you with the Company. your personal data, in case of failure to complete the contract, will be deleted within 24 months.


As part of the management of the employment relationship, there is no transfer of data to third countries outside the EU or to international organizations.


MBS Engineering, in the person of the Legal Representative.

Tel: 0916360897, E-mail: 

The processing of your personal data is carried out by internal and external personnel, based on their respective duties, according to instructions given in compliance with current legislation on privacy and data security. If it is necessary, the data may be processed by third parties who are appointed as Data Processors (pursuant to Article 28 of the GDPR) or “autonomous” Data Controllers, and precisely:

By banks and credit institutions as well as by professionals, companies, associations or professional firms that provide the Owner with assistance or advice for administrative, accounting, tax or legal protection purposes;


In relation to the treatments described in this Notice, as an interested party you may, as required by the European Regulation 679/2016, exercise the rights enshrined in articles 15 to 21 and 77 of the GDPR and in particular: MBS Engineering has the right of access – Article 15 of the GDPR: the right to obtain confirmation as to whether or not personal data concerning You is being processed and, in this case, to obtain access to your personal data, including a copy.

Has the right to rectify – Article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data.

Has the right to cancel (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning you.

Has the right to limitation of treatment – article 18 GDPR: right to obtain limitation of treatment, when:

  1. the interested party disputes the accuracy of personal data, for the period necessary for the owner to verify the accuracy of such data.
  2. the processing is unlawful, and the interested party opposes the deletion of personal data and instead requests that its use be limited.
  3. personal data are necessary for the interested party to ascertain, exercise or defend a right in court.
  4. the interested party opposed the processing pursuant to art. 21 GDPR, in the period of waiting for the verification of the possible prevalence of legitimate reasons of the data Controller with respect to those of the interested party.

Has the right of data portability – article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning You provided to the Data Controller and the right to transmit them to another controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data to be transmitted directly by the Bank to another holder, if this is technically feasible.

Has the right to object – article 21 GDPR: right to object, at any time for reasons connected to your particular situation, processing of personal data concerning You, based on the condition of lawfulness of the legitimate interest or the execution of a task of public interest and the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defence of a right in court; may object to process at any time if personal data is processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing;

Has the right of complainant:

The interested party has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM).

All the above rights may be exercised against the owner by contacting the references indicated above.

The Data Controller, through the designated structures, will take care of your request and provide You, without undue delay and in any case, at the latest, within one month of the receipt.

We inform you that if the Data Controller has doubts about the identity of the natural person submitting the request, he may request additional information necessary to confirm the identity of the interested party. 

To fulfil your rights as an interested party, is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge you a reasonable fee, for the costs incurred to manage your request, or deny your request.