The Data Controller is Monkey Talkie S.r.l. (hereinafter, the "Controller"), with registered office at Via Angelo della Pergola 8, 20159 Milan (MI), Italy, VAT no. 06417030969, e-mail: info@monkeytalkie.com.
This Privacy Policy applies to the website: www.def404.ai (hereinafter, the "Website").
Through the Website, the Controller may process the following categories of data:
During normal operation, the IT systems and software procedures used to operate the Website acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. Such data includes, for example: IP address; browser type and version; operating system and device information; pages visited, time and date of access; referrer URL (previously visited page); other parameters related to the user's operating system and IT environment.
These data are used in aggregate form or in any case in a way that does not allow immediate identification of the user, except where necessary to ascertain responsibility in case of possible computer crimes.
In particular: identification and contact data (such as name, surname, e-mail address, company, role, telephone number) provided through contact forms, request forms, or similar tools on the Website; data provided for subscription to newsletters (if available); the content of messages sent through the forms or by e-mail.
Data relating to how users interact with the Website (e.g. pages viewed, time spent on page, clicks, navigation paths), collected via: technical tools implemented on the Website; any third-party analytics services (e.g. Google Analytics or equivalent tools) configured in accordance with applicable data protection laws.
The Controller does not intentionally request or collect special categories of personal data within the meaning of Article 9 GDPR (e.g. health data, political opinions, religious beliefs). If the user chooses to include such information in free-text fields, the Controller will process them only where strictly necessary to handle the request and, in any case, will delete them as soon as possible.
Personal data are processed for the following purposes and on the following legal bases:
Purpose: to allow users to access and browse the Website, ensure its proper technical functioning, monitor security, and prevent abuse or fraudulent activities.
Legal basis: the Controller's legitimate interest in ensuring the security and proper provision of the online service (Art. 6(1)(f) GDPR).
Purpose: to respond to requests for information, project proposals, quotes, collaborations, or support sent via the Website or by e-mail.
Legal basis: performance of pre-contractual measures adopted at the request of the data subject and/or performance of a contract (Art. 6(1)(b) GDPR).
Purpose: to send periodic communications regarding DEF_404 / Monkey Talkie projects, services, updates, events, editorial content, and promotional initiatives.
Legal basis: the data subject's consent (Art. 6(1)(a) GDPR). The user may withdraw consent at any time via the unsubscribe link in each e-mail or by contacting the Controller at the above address.
Purpose: to collect statistics, in aggregated and, where possible, anonymized form, on the use of the Website (e.g. number of visitors, pages viewed, navigation paths) in order to improve content, layout, and user experience.
Legal basis: Legitimate interest, where analytics tools are configured so that they collect data only in aggregate or anonymized form and do not allow identification of individual users; Consent, where non-anonymized analytics tools or profiling functionalities are used, via the cookie banner.
Purpose: to comply with legal, regulatory, or EU law obligations, as well as to establish, exercise, or defend legal claims.
Legal basis: legal obligation (Art. 6(1)(c) GDPR) and the Controller's legitimate interest (Art. 6(1)(f) GDPR).
The provision of browsing data is necessary for the operation and proper display of the Website; failure to provide such data may make it impossible to use the Website.
The provision of data requested in contact or request forms is optional; however, failure to provide such data may make it impossible for the Controller to process and respond to the user's request.
The provision of data for newsletter/marketing purposes is optional and subject to the user's consent; refusal to provide such data has no impact on the ability to use the Website or receive other services.
Data are processed by electronic means and, only where strictly necessary, by paper means, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, and storage limitation laid down in Article 5 GDPR.
The Controller adopts appropriate technical and organisational security measures to prevent loss of data, unlawful or incorrect use and unauthorised access, in line with Articles 32 et seq. GDPR.
Personal data may be processed by: employees and collaborators of the Controller, expressly authorised and instructed in accordance with Article 29 GDPR; third parties providing services to the Controller, acting as Data Processors pursuant to Article 28 GDPR, such as: hosting and Website maintenance providers; IT and cloud service providers; newsletter and e-mail marketing service providers; analytics and tracking tools providers, where appointed as processors; legal, tax, accounting, or IT consultants, within the strict limits of the purposes indicated above; public authorities or other entities to which data must be disclosed in compliance with legal obligations or orders from public authorities.
An updated list of Data Processors is available upon request by writing to info@monkeytalkie.com.
Where necessary for technical, organisational, or operational reasons, certain data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), for example if the Controller uses cloud, analytics, newsletter, or other digital services whose servers are located in third countries.
In such cases, the Controller ensures that such transfers are carried out in compliance with Articles 44 et seq. GDPR, on the basis of: adequacy decisions adopted by the European Commission, where applicable; or Standard Contractual Clauses approved by the European Commission, and, where required, additional safeguards to ensure a level of protection essentially equivalent to that in the EU.
Further information on the countries to which data may be transferred and on the relevant safeguards can be obtained by contacting the Controller.
Personal data will be retained for the time strictly necessary to achieve the purposes for which they were collected and, in particular:
Browsing data: generally retained for up to 6–12 months from the date of collection, unless longer retention is necessary for security or legal reasons.
Data provided through contact/request forms: retained for the time needed to manage the request and, in any case, no longer than 24 months from the last meaningful contact with the user.
Data used for newsletter/marketing purposes: retained until withdrawal of consent by the user or, in the absence of withdrawal, for up to 24 months from the last interaction (e.g. opening an e-mail).
Data processed for legal/accounting obligations: retained for the period required by applicable laws (e.g. up to 10 years for tax and accounting purposes).
After the relevant retention periods have expired, personal data will be deleted or irreversibly anonymised.
The user, as data subject, may exercise at any time the rights provided for in Articles 15–22 GDPR, including:
Right of access: to obtain confirmation as to whether or not personal data concerning them are being processed and, where that is the case, to access such data and information relating to the processing.
Right to rectification: to obtain the rectification of inaccurate data and the completion of incomplete data.
Right to erasure ("right to be forgotten"): to obtain the deletion of personal data in the cases provided for by law.
Right to restriction of processing: to obtain the restriction of processing in certain circumstances.
Right to data portability: to receive the personal data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, where applicable.
Right to object: to object, on grounds relating to the user's particular situation, to processing based on the Controller's legitimate interest, including profiling.
Right to withdraw consent: where processing is based on consent, the user has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Requests to exercise these rights may be sent to: E-mail: info@monkeytalkie.com
The user also has the right to lodge a complaint with the competent Supervisory Authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. In Italy, the competent Authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali).
Data Controller: Monkey Talkie S.r.l.
Registered office: Via Angelo della Pergola 8, 20159 Milan (MI), Italy
E-mail (privacy / data subject rights): info@monkeytalkie.com
If a Data Protection Officer (DPO) is appointed in the future, the Controller will publish the relevant contact details on this page.
The Controller reserves the right to modify or update this Privacy Policy at any time, particularly in the event of changes in legislation or updates to the services offered via the Website. Users are invited to periodically review this page.