January 22nd, 2026

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

MOLESKINE EVERYDAY SUITE

This privacy notice on the processing of personal data (the "Notice"), provided pursuant to Artt. 13 and 14 of Regulation (EU) No. 2016/679 General Data Protection Regulation (GDPR), describes how Moleskine S.r.l., with registered office in Via Bergognone 34, 20144, Milan, VAT No./Tax Code No. 07234480965 ("Moleskine") and EDO.io S.r.l., with registered office in Via Federico Fratini No. 6, Terni (TR), Tax Code/VAT No. 13276441006, in the person of its pro-tempore legal representative (hereinafter "EDO"), as Joint Controllers pursuant to Art. 26 GDPR (hereinafter jointly referred to as the "Joint Controllers," "we"), process the personal data ("Personal Data" or "Data") of the various subjects with whom they interact through the Apps that are part of the Moleskine Everyday Suite, as identified in point 1 below (hereinafter "Moleskine Everyday Suite" or simply the "Suite").

DEFINITIONS

The following definitions apply in this Notice:

Privacy Code: Legislative Decree No. 196 of June 30, 2003, as amended, including Legislative Decree No. 101 of August 10, 2018.
GDPR or Regulation: Regulation (EU) No. 2016/679 on the protection of personal data.
Notice: this Notice on the processing of personal data.
Personal Data or Data: any information relating to an identified or identifiable natural person, even indirectly, by reference to any other information, including, by way of example only, an identification number, location data, or an online identifier.
Data Subject(s): means the natural person(s) to whom the Personal Data refers;
Moleskine Everyday Suite or Suite: Suite of software applications that includes the following Apps: Moleskine Planner, Moleskine Notebooks, Moleskine Journal, Moleskine Pocket.
Joint Controllers: as defined in Regulation (EU) 2016/679 (GDPR) in Art. 26, Joint Controllers are Moleskine and Edo. The Joint Controllers have signed a joint controller agreement pursuant to Art. 26 of the GDPR, an extract of which can be viewed by clicking on this link.

DATA PROCESSING METHODS AND INTEROPERABILITY BETWEEN APPS:

In the following paragraphs, after illustrating the integration and interoperability of the Suite's Apps, the various types of personal data processing carried out by the Joint Controllers are described in relation to the specific purposes indicated from time to time.

Integration between apps and service interoperability

The applications that make up the Moleskine Everyday Suite are developed and managed by the Joint Controllers themselves and are designed to work in an integrated manner.

Users can access all the apps in the Suite through a single user account, which allows them to use the features offered by each app in a coordinated and synchronized manner. Information entered or generated in one of the apps (e.g., events, preferences, or settings) may also be made available in the other apps in the Suite, limited to the technical and operational purposes related to the provision of the service.

This internal sharing of data does not require specific consent, as it is necessary for the performance of the contract (pursuant to Art. 6, par. 1, letter b of the GDPR) and to ensure continuity of the user experience across the various applications of the Suite.

Provision of Services through the Moleskine Everyday Suite Apps
1. Categories of data subjects:
2. Data processed:
  - identification data (first name, last name, tax ID number, date of birth, gender);
  - contact details (email address, postal address and postcode, telephone number);
  - account data (username, email address, password);
  - information entered by Users within the Suite, including data relating to personal and work activities, events, reminders, notes, data on projects and objectives, to-do lists, anonymized usage data, cookies;
  - photos, videos, and other content uploaded by App users;
  - information about Moleskine devices connected to the App (e.g., Smart Pen);
  - user voice;
  - transaction information (first name, last name, credit card details for processing payments);
  - data relating to user purchases;
  - content of communications with the Joint Controllers, for example in the event of a support request;
  - browsing data (browser type, IP address, unique device identifiers, preferred language, referring site, date and time of access, operating system, and mobile network information);
  - information about users' devices and their use (device ID);
  - geolocation data;
  - cookies and other technologies such as pixel tags;
  - data from other sources, e.g., when the user connects an App from the Suite to other third-party services or apps;
  - AI-generated responses that may, directly or indirectly, contain personal data if based on specific user input.
3. Purpose of processing:
  
  The data collected and/or received is used by the Joint Controllers to provide services through the Moleskine Everyday Suite apps and, in particular, to allow users to enjoy all the features of the Suite apps.
4. Legal basis:
  The need to perform a contract or related pre-contractual measures – Art. 6(1)(b) of the GDPR and – if the user voluntarily enters data belonging to special categories – explicit consent pursuant to Art. 9(2)(a) of the GDPR. When accessing one of the Suite's apps, the user will be asked to give their explicit consent to the processing of data belonging to special categories.
5. Source of data:
  - Users and users of the Apps that are part of the Suite.
  - Apps in the Suite.
6. Consequences of failure to provide data
  
  Inability to fulfill the obligations arising from the contract.
7. Retention period:
  
  10 (ten) years* following its conclusion or from when the rights arising from it can be enforced (pursuant to artt. 2935 and 2947 of the Italian Civil Code); as well as for the fulfillment of obligations (e.g., tax and accounting obligations) that remain even after the conclusion of the contract (Art. 2220 of the Italian Civil Code), for which purposes the Data Controller must retain only the data necessary for their pursuit.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative, or other authority.
Enabling and providing of the "Mol-E-Ai Assistant" feature through the Moleskine Everyday Suite app
1. Categories of data subjects:
  - Users and consumers of the Apps that are part of the Suite;
  - Other subjects whose personal data is entered into the Suite apps in content processed by the AI assistant.
2. Data processed:
  - Texts and content entered by users in the Suite apps (e.g., notes, reminders, messages, to-do lists, etc.);
  - Personal data that may be included in such content (including data relating to third parties);
  - Data that may belong to special categories pursuant to Art. 9 of the GDPR (e.g., data relating to health, religious beliefs, political opinions, etc.), if voluntarily entered by the user;
  - Data generated as output by the Mol-E AI assistant that reflects or reworks the information provided;
  - Technical logs of interaction with the AI (e.g., timestamps, user IDs, device identifiers);
  - Data that may be collected by third-party technology providers (e.g., OpenAI), limited to the processing of requests and responses.
3. Purpose of processing:
  
  Provision of the "Mol-E AI Assistant" functionality which, through APIs provided by OpenAI, allows automatic analysis of text content entered by the user in order to generate suggestions, organize information, and transform unstructured data into structured content (e.g., appointments, notes, reminders, tasks).
4. Legal basis:
  - Performance of a contract (Art. 6, par.1, letter b) of the GDPR), with regard to active requests by the user to use the Mol-E-AI Assistant feature;
  - Legitimate interest (Art. 6, par. 1, letter f) of the GDPR of the Parties for service improvement and technical management of the features, subject to an impact assessment and minimization.
  - If the user voluntarily enters data belonging to special categories - on explicit consent pursuant to Art. 9, para. 2, letter a) of the GDPR. When activating the Mol-E-Ai Assistant feature, the user will be asked to give their explicit consent to the processing of data belonging to special categories. Processing is not mandatory and the user is free to choose whether or not to use the AI assistant.
5. Source of data:
  - Users and users of the Apps that are part of the Suite.
  - Output generated by the AI assistant.
  - Apps connected to the Suite.
6. Consequences of not providing data
  
  Failure to activate the AI functionality does not compromise the general use of the Suite apps, but limits some of their intelligent and automated functions.
7. Retention period:
  
  10 (ten) years* after its conclusion or from when the rights dependent on it can be enforced (pursuant to Artt. 2935 and 2947 of the Italian Civil Code); as well as for the fulfillment of obligations (e.g., tax and accounting obligations) that remain even after the termination of the contract (Art. 2220 of the Italian Civil Code), for which purposes the Data Controller must retain only the data necessary for their pursuit.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative, or other authority.
Marketing activities
1. Categories of data subjects:
  - Users and users of the Apps that are part of the Suite.
2. Data processed:
  - Personal information (e.g., first name, last name);
  - Contact details (telephone number, email address, postal address);
  - Data and information relating to services, products, events, and activities offered by the Joint Controllers and to which the Data Subject has subscribed and/or requested information and/or in which they have expressed interest.
3. Purpose of processing:
  
  Sending promotional newsletters via email, such as promotional material relating to news, specific promotions, offers, new products or services offered by or through the Joint Controllers, or updates and offers relating to the Apps.
4. Legal basis:
  - Consent of the data subject – Art. 6, para. 1, letter a) GDPR;
  - Legitimate interest of the Joint Controllers with regard to email communications addressed to users of the Suite and relating to products or services similar to those purchased by the latter – Art. 6, para. 1, letter f) GDPR and Art. 130, paragraph 4 of the Privacy Code.
5. Source of data:
  - Data subject.
6. Consequences of failure to provide data:
  
  The provision of data, as well as the related consent to processing where required, is optional and failure to provide it will not affect the proper conclusion and execution of the contractual relationship between the Joint Controllers and the data subject.
7. Retention period:
  
  24 (twenty-four) months* from the provision of consent or from the termination of the contractual relationship with the data subject in the case of processing based on legitimate interest.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative, or other authority.
Profiling activities
1. Categories of data subjects:
  - Users and consumers of the apps included in the Suite.
2. Data processed:
  - Personal information (e.g., first name, last name, date of birth);
  - Contact details (telephone number, email address, postal address);
  - Data relating to User purchases;
  - Content of communications with the Joint Controllers, for example in the event of a support request;
  - Browsing data (browser type, IP address, unique device identifiers, preferred language, referring site, date and time of access, operating system, and mobile network information) relating to each of the Suite's Apps;
  - Information about Users' devices and their use (device ID, operating system, device model);
  - Geolocation data;
  - Cookies and other technologies such as pixel tags and similar technologies;
  - Data from other sources, e.g., when the user connects an App in the Suite to other services.
3. Purpose of processing:
  
  Profiling activities based on your activities and purchases through the Apps belonging to the Moleskine Everyday Suite, aimed at creating marketing campaigns targeted at you based on your activities and preferences.
4. Legal basis:
  - Consent of the data subject – Art. 6, para. 1, letter a) GDPR.
5. Source of data:
  - Data subject.
6. Consequences of failure to provide data:
  
  The provision of data, as well as the related consent to processing, is optional and failure to provide it will not affect the proper conclusion and execution of the contractual relationship between the Joint Controllers and the data subject.
7. Retention period:
  
  12 (twelve) months* from the provision of consent or from the termination of the contractual relationship with the data subject in the case of processing based on legitimate interest.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative or other authority.
Providing feedback and/or technical support to Users' requests in relation to the use of the Suite Apps and related Moleskine products
1. Categories of data subjects:
  - Potential and actual users of the Apps that are part of the Suite.
2. Data processed:
  - Personal information (e.g., first name, last name);
  - Contact details (telephone number, email address, postal address);
  - content of communications with the Joint Controllers, for example in the event of a support request.
3. Purpose of processing:
  To provide feedback and/or technical support to Users' requests in relation to the use of the Suite apps and related Moleskine products.
4. Legal basis:
  - Necessity to perform a contract or related pre-contractual measures – Art. 6, para. 1, letter b) GDPR.
5. Source of data:
  - Data subject.
6. Consequences of failure to provide data:
  the provision of data is necessary and, if not provided, it will not be possible for data subjects to receive feedback and/or support for their requests.
7. Retention period:
  10 (ten) years* from contact with the data subject. *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative, or other authority.
Improvement of the service provided by the Joint Controllers through the Apps with data that detects the geolocation of users
1. Categories of data subjects:
  Users and app users.
2. Data processed:
  - Geolocation data.
3. Purpose of processing:
  To improve the service provided by the Joint Controllers through the Apps with data revealing your geolocation.
4. Legal basis for processing:
  Consent* of data subjects – Art. 6, para. 1, letter a) GDPR
5. Source of data:
  Data subject.
6. Consequences of failure to provide data:
  The provision of the data described in this paragraph is optional and failure to provide it will not affect the proper conclusion and execution of the contractual relationship between the Joint Controllers and the data subject.
7. Retention period:
  
  the data will be retained for the period of time strictly necessary for the purposes for which the data is collected. In any case, the data will be removed from the Joint Controllers' systems after 2 (two) years* from the last interaction.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect their rights before a judicial, administrative, or other authority.
Browsing data
When a user navigates within the Apps that are part of the Moleskine Everyday Suite, we collect the following navigation data:
- Technical information, including IP address, information about the devices used by users of the Suite apps, browser and operating systems, etc.
- The app collects usage data through analytics tools, including screens viewed, actions taken, session duration, clickstream, and anonymous technical information, in order to improve the user experience and app performance.
This information is collected for the proper functioning, management, maintenance, and improvement of the apps that are part of the Moleskine Everyday Suite, as well as to ensure that your browsing is secure and to be able to ascertain responsibility in the event of cyber security breaches. It is also used to enable us to obtain statistical analyses on the use of the apps that are part of the Moleskine Everyday Suite, with the possibility of analyzing the data in aggregate form, and to allow you to receive promotional announcements in line with your wishes and interests, if you have given your consent in this regard.

Users are always free to decide whether to allow the collection of browsing data through their device or app settings, for example by disabling tracking in their privacy preferences. However, failure to authorize the use of such data may limit access to essential features of the app and compromise the quality of the user experience. Browsing data is collected using technologies similar to cookies, such as analytics SDKs or anonymous identifiers.
Social network plug-ins and interactions with third-party sites
The Apps that are part of the Moleskine Everyday Suite allow interaction with third-party sites such as social networks (e.g., Instagram, Twitter, LinkedIn, YouTube) or other associations through hyperlinks, share buttons, social plug-ins, and other similar tools.

By accessing one of the areas of the Suite Apps equipped with this type of tool, the Internet browser will connect users of the Suite Apps directly to the servers of the third-party sites in question, thus transferring their personal data to the operators of those sites.

This transfer will be carried out on the basis of the users' consent, expressed through unequivocal positive action pursuant to Art. 4(11) of the GDPR when each user clicks on a specific hyperlink, plug-in button, or other similar tool.

Depending on the specific agreements in place with the providers of such third-party sites, the Joint Controllers may act as independent Joint Controllers or as joint controllers with such third parties in relation to such data transfers. With regard to the methods of privacy protection and the processing of Personal Data collected by the operators of third-party sites with which the interactions described take place, please refer to the relevant sites.
Aggregate statistical analysis
1. Categories of data subjects:
  all categories of data subjects covered by this Notice.
2. Data processed:
  aggregate statistical information extrapolated from the following data:
  - Country of origin;
  - Language and time zone;
  - Device type;
  - Operating system;
  - App version;
3. Purpose of processing:
  performing statistical analyses in the interest of the Data Controller, after aggregating the data.
4. Legal basis:
  legitimate interest of the joint controllers – Art. 6, para. 1, letter f) GDPR.
5. Source of data:
  sources indicated in this Notice.
6. Consequences of failure to provide data:
  data already in the possession of the joint controllers as reported in this Notice.
7. Retention period:
  
  retention periods indicated in this Notice*. Data retained for longer periods after complete anonymization.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Data Controller or to protect your (or their) rights before a judicial, administrative, or other authority.
Administrative and security purposes
1. Categories of data subjects:
  all categories of data subjects covered by this Notice.
2. Data processed:
  all categories of personal data covered by this Notice.
3. Purposes of processing:
  the Joint Controllers process your personal data, including through their suppliers (third parties and/or recipients), to the extent strictly necessary and proportionate to ensure the security and capacity of a network or servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted.
4. Legal basis:
  legitimate interest of the Data Controller – Art. 6, para. 1, letter f) GDPR.
5. Source of data:
  sources indicated in this Notice.
6. Retention period:
  
  retention periods indicated in this Notice for each of the above processing operations*.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Data Controller or to protect your (or their) rights before a judicial, administrative, or other authority.
Compliance with legal obligations
1. Categories of data subjects:
  all categories of data subjects covered by this Notice.
2. Data processed:
  all categories of personal data covered by this Notice, to the extent that they are relevant and strictly necessary for the pursuit of this purpose.
3. Purpose of processing:
  compliance with legal obligations incumbent on the Data Controller; in addition, the Data Controller has established procedures for managing personal data breaches in compliance with the legal obligations to which it is subject.
4. Legal basis:
  need to comply with a legal obligation – Art. 6(1)(c) GDPR. With regard to special categories of personal data, processing is based on: Art. 9(2)(b) GDPR, if the obligation relates to labor law, social security, and social protection; or Art. 9(2)(g) GDPR, in cases where the obligation arises from legal provisions that pursue reasons of substantial public interest; where necessary, Art. 9, para. 2, letter f) GDPR, in cases where the processing is functional to the establishment, exercise, or defense of a right in court.
5. Source of data:
  sources indicated in this Notice.
6. Consequences of failure to provide data:
  data already in the possession of the Joint Controllers as reported in this Notice.
7. Retention period:
  
  time necessary to fulfill the specific legal obligation in question*.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to protect your (or their) rights before a judicial, administrative, or other authority.
Exercise of a right before a competent authority
1. Categories of data subjects:
  all categories of data subjects covered by this Notice.
2. Data processed:
  all categories of personal data covered by this Notice, to the extent that they are relevant and strictly necessary for the pursuit of this purpose.
3. Purpose of processing:
  exercise or defense of a right of the Data Controller before a judicial, administrative, or other authority.
4. Legal basis:
  legitimate interest of the Data Controller – Art. 6, para. 1, letter f) GDPR. With reference to special categories of personal data, the processing is also based on Art. 9, para. 2, letter f) GDPR, as it is necessary to ascertain, exercise, or defend a right of the Data Controller in court, before an administrative authority, or in another competent forum.
5. Source of data:
  sources indicated in this Notice.
6. Consequences of failure to provide data:
  data already in the possession of the Joint Controllers as reported in this Notice.
7. Retention period:
  
  time necessary to exercise or defend a right before a judicial, administrative, or other authority*.
  
  *= This is without prejudice to the need to extend the retention period if this is necessary to comply with a legal obligation incumbent on the Joint Controllers or to protect your (or their) right before a judicial, administrative, or other authority.

METHOD OF PROCESSING AND DATA PROTECTION

The personal data of data subjects will be processed using IT, telematic, and/or paper-based tools in accordance with the principles of fairness, lawfulness, transparency, accuracy, integrity, data minimization, and purpose and storage limitation, as well as in accordance with the provisions of the GDPR and current legislation on the protection of personal data, and with the adoption of appropriate security measures.

The processing and storage of the personal data of data subjects will be carried out using methods and tools that guarantee the security and confidentiality of the data. In particular, appropriate technical, IT, organizational, logistical, and procedural security measures will be adopted, and access to personal data will be granted only to persons authorized to process it by the Joint Controllers or by the persons designated by them.

The processing of data concerning you is carried out using both electronic means and tools (including fax, telephone, even without operator assistance, e-mail, SMS, and other computerized and/or automated communication systems) and manual means made available to persons acting under the authority of the Joint Controllers and authorized and trained for this purpose. These individuals are allowed access to your personal data to the extent and within the limits necessary for the performance of the processing activities that concern you.

The Joint Controllers shall periodically and constantly verify the measures taken to guarantee the confidentiality of the personal data processed, stored, and retained by them.

The Controllers periodically verify the tools used to process your data and the security measures provided for them, which are constantly updated; they verify, including through the persons authorized to process the data, that no personal data is collected, processed, stored, or retained which processing is not necessary; verifies that the data is stored with the guarantee of integrity and authenticity and that it is used for the purposes of the processing actually carried out.

Once all the purposes that justify the storage of your personal data have been fulfilled, the Joint Controllers will take care to delete them or make them anonymous.

TO WHOM WE COMMUNICATE THE PERSONAL DATA OF DATA SUBJECTS

To the extent necessary for the purposes described in this Notice, your personal data may be disclosed to the following parties:

Artificial intelligence technology providers

Personal data provided through the "Mol-E AI Assistant" feature may be transmitted to external technology providers, including OpenAI, LLC, which provides artificial intelligence infrastructure via API.

Further information on data processing by OpenAI is available in their Privacy Notice, which can be consulted at the following link: https://openai.com/policies/privacy-policy

Data processors

The Joint Controllers with other companies that enable them to manage their business. These companies provide various services (e.g., IT consulting, CRM platforms, etc.) and in some cases have access to your personal data. However, they are not authorized to use your data for their own purposes, and the Joint Controllers have appointed them as data processors. These entities have been selected from among professionals who guarantee the implementation of appropriate technical and organizational measures, so that processing is always carried out in compliance with applicable regulations and ensuring the protection of your rights.

Partners of the Joint Controllers

The personal data you choose to provide us with may be shared with official partners of the Joint Controllers.

Legal obligations

Where necessary for the exercise or protection of our rights, as well as to comply with legal obligations, your personal data may also be disclosed to third parties such as judicial and/or administrative authorities, law enforcement agencies, legal advisors, or auditors.

You may request the contact details of the parties to whom the Joint Controllers may disclose your personal data by contacting the Joint Controllers in the manner indicated in the "How to Contact Us" section of this Notice.

TRANSFER OF DATA OUTSIDE THE EEA

For the purposes of the processing described in this Notice, your personal data may be transferred to countries outside the European Economic Area ("EEA"), which includes all Member States of the European Union, Norway, Liechtenstein, and Iceland. In this case, we ensure that all possible transfers outside the EEA will be carried out in such a way as to guarantee the full protection of your rights and freedoms. In particular, with regard to the third country to which the data is transferred, if no adequacy decision has been made by the European Commission, data transfers will be carried out by adopting appropriate safeguards in accordance with Art. 46 of the GDPR. In addition, an assessment of the impact of the data transfer will always be carried out in view of the applicable legislation of the third country in question, in order to determine the effective protection of your data in the event of transfer outside the EEA or the need for additional security measures.

THE RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM

In accordance with applicable law, and in particular with the provisions of the GDPR, the rights of data subjects in relation to personal data processed under this Notice are as follows:

Access: data subjects may obtain information about the processing of their personal data and a copy of such data (Art. 15 of the GDPR). Essentially, you will be able to know the origin of the data (when the data are not obtained directly from you), the purposes and aims of the processing, the data of the subjects to whom they are communicated, the retention period of your data or the criteria used to determine it. If the data subject requests additional copies, the Data Controller may charge a reasonable fee;
Rectification: if you believe that your personal data is inaccurate or incomplete, you may request that it be corrected or amended in accordance with your instructions (Art. 16 of the GDPR);
Erasure (so-called "right to be forgotten"): except as provided by applicable laws, each data subject has the right to request the erasure of their personal data when: (i) the data is no longer necessary for the purposes for which it was collected and processed; (ii) they withdraw their consent to the processing if the processing is based on their consent; (iii) you object to processing for direct marketing purposes or processing for other purposes and there are no overriding legitimate grounds for continuing the processing; (iv) your data is processed unlawfully; (iv) erasure is required by law (v) you are a minor and your personal data has been collected in relation to the direct offer of information society services (Art. 17 of the GDPR); the personal data of the data subject will be deleted from the databases and/or archives, including the Data Controller's backup archives;
Restriction: each data subject may request the restriction of the processing of their personal data when: (a) they contest the accuracy of the personal data for the period necessary to verify its accuracy; (b) the processing is unlawful and they request the restriction of its use instead of erasure; (c) the Data Controller no longer needs the personal data for the purposes of the processing, but the data subject needs it to establish, exercise, or defend legal claims; (d) you have objected to the processing pursuant to Art. 21(1) pending verification of whether the legitimate grounds of the Data Controller override those of the data subject (Art. 18 of the GDPR); the data subject must also be informed, within a reasonable time, when the suspension period has expired or the reason for the restriction of processing has ceased to exist, and therefore the restriction itself has been lifted;
Objection: for reasons related to your particular situation, you have the right to object to the processing of your personal data based on the legitimate interest of the data controller (Art. 6(1)(f) of the GDPR) and the data controller will continue to process your data only for compelling legitimate reasons that override your interests and rights and/or to promote, exercise, or defend legal action. The data subject's right to object to direct marketing purposes is absolute and may be exercised at any time in the manner indicated in the "How to contact us" section (point 7 of this Notice). Your objection to processing carried out using automated means also applies to processing carried out using traditional means (Art. 21 of the GDPR);
Withdrawal of consent: if the processing of your personal data is based on consent, you have the right to withdraw your consent at any time (Art. 7 of the GDPR); however, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Data portability: if the processing is based on consent or a contract and is carried out using automated tools, each data subject has the right to obtain - in a structured, commonly used and machine-readable format - the personal data they have provided to us and, if technically feasible, to have it transmitted to another data controller.

Your rights are guaranteed without any particular charges or formalities for their exercise, which is essentially free of charge. The Data Controller shall comply with this request without delay and, in any case, no later than one month after receiving your request. The deadline may be extended by two months, if necessary, taking into account the complexity and number of requests received. In such cases, the Data Controller shall inform you within one month of receiving your request and explain the reasons for the extension.

HOW TO CONTACT US

To exercise your rights and for any questions or clarifications on how personal data is processed and used in accordance with this Notice, each data subject may contact the Joint Controllers at the following email address: privacy@moleskine.com

If a data subject decides to contact us, all data provided will be processed exclusively for the purpose of providing a prompt response and ensuring the proper management of their requests.

PROTECTION OF DATA SUBJECTS' RIGHTS

Without prejudice to any other administrative or judicial action, each data subject, in order to protect their rights and personal data, may, at any time, decide to lodge a complaint with the competent supervisory authority or take action before the competent national courts. In Italy, the competent supervisory authority is the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) (tel. +39 06.696771, email address: protocollo@gpdp.it or urp@gpdp.it ; certified email address:protocollo@pec.gpdp.it ).

CHANGES TO THIS NOTICE

This Notice is subject to periodic updates. To this end, the last update date is indicated at the beginning of the Notice.

Any changes that substantially affect the processing of the personal data of the data subjects will be communicated to them through the appropriate channels.

PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA

MOLESKINE EVERYDAY SUITE

FROM A PAGE IN YOUR HANDS TO A REALM IN YOUR DEVICE

YOUR NOTEBOOK, REIMAGINED IN THE DIGITAL REALM

TOOLS FORGED FOR CREATORS, DREAMERS, AND WANDERERS

TOOLS FORGED FOR CREATORS, DREAMERS, AND WANDERERS

WRITE YOUR STORY IN A LEGENDARY WORLD

Support

Company

Legal