Industrial and operational data
- Sensor data
- Equipment information
- Plant performance indicators
- Alarms and events
- Production and process data
- Maintenance-related data
Privacy and compliance
Privacy, GDPR & Data Protection
MOSAICO is designed to support industrial digitalization while protecting operational data, user information and customer ownership of data.
MOSAICO supports industrial companies in monitoring assets, processes, KPIs, notifications, reports and workforce interactions. Data protection is therefore a core part of the platform design, with particular attention to confidentiality, security, transparency and customer control.
Our approach
Data protection is part of the service design.
MOSAICO treats privacy, security and transparency as operational requirements. The platform is designed to process only relevant data, control access to information and support data processing activities consistent with the GDPR and applicable contractual documentation.
Privacy by design
Security by design
Data minimization
Controlled access
Transparency for customers and users
GDPR-aligned processing
Types of data processed
Data categories depend on the customer configuration.
User and account data
- Name and surname
- Business email
- Role or department
- Login credentials
- Access permissions
- Usage logs
Mobile and application data
- App interactions
- Notification preferences
- Device information
- QR code interactions
- Feedback submitted through the application
Reports and analytics data
- KPI dashboards
- Automatically or manually generated reports
- Event summaries
- Performance and reliability insights
MOSAICO does not aim to process unnecessary personal data and the exact categories of data may depend on the configuration agreed with each customer.
Roles under GDPR
Responsibilities are defined by the processing context.
The customer is generally the Data Controller for data processed through MOSAICO in its industrial environment. DIGITA may act as Data Processor when processing data on behalf of the customer. In limited cases, DIGITA may act as an independent Data Controller for website, commercial or administrative interactions.
| Context | Typical role |
|---|---|
| Website contact form | DIGITA as Data Controller |
| Platform used by customer employees | Customer as Data Controller, DIGITA as Data Processor |
| Technical support | Depending on context, DIGITA may process data as Processor |
| Commercial communication | DIGITA as Data Controller |
Customer data ownership
Customer data remains under customer control.
All industrial, operational and customer-generated data remain under the ownership and control of the customer. MOSAICO does not claim ownership over customer plant data, production data, sensor data, reports or workforce-related information processed through the platform.
Customer retains ownership of its data.
Data are processed only to provide and improve the contracted service.
Access is limited to authorized users.
Data export and deletion may be handled according to contractual terms.
Security measures
Technical and organizational safeguards for industrial environments.
Security measures are adapted to the deployment model, customer requirements and contractual arrangements.
Role-based access control
Authentication and authorization
Encrypted communications where applicable
Audit logs and traceability
Infrastructure security
Restricted technical support access
Backup and recovery procedures
Incident management
Data hosting and deployment
Deployment can be configured according to enterprise requirements.
MOSAICO can be configured according to customer requirements, security policies and contractual arrangements.
Cloud deployment
Private cloud
On-premise or customer-controlled infrastructure, where applicable
Data residency, hosting location and infrastructure responsibilities are defined in the applicable agreement with each customer.
Retention and deletion
Retention follows service, security and legal requirements.
Personal data and operational data are retained only for the time necessary to provide the service, comply with contractual obligations, ensure security, maintain auditability and meet applicable legal requirements.
Retention periods may vary depending on customer configuration.
Customer may request deletion or export according to contractual terms.
Backups may follow separate technical retention cycles.
Data subjects' rights
GDPR rights can be exercised according to the applicable role.
Data subjects may have the right to request access, rectification, deletion, restriction, objection, portability and to lodge a complaint with the competent supervisory authority.
Access
Rectification
Deletion
Restriction
Objection
Portability
Complaint to supervisory authority
Where MOSAICO acts as Data Processor, requests from end users may need to be addressed primarily to the customer acting as Data Controller.
Third-party providers
Sub-processors and providers are managed through appropriate safeguards.
Where third-party infrastructure, hosting, analytics, communication or support providers are used, DIGITA applies appropriate contractual, technical and organizational measures to protect data.
The list of relevant sub-processors may be made available upon request or included in the applicable Data Processing Agreement.
Documents and resources
Privacy and contractual resources.
Contact
For privacy, GDPR or data protection enquiries, please contact us.
Our team can provide the relevant documentation and coordinate privacy or contractual requests related to MOSAICO.
Via Verdi, 3 - 24121 Bergamo, Italy
Email: info@digita.work
Website: www.digita.work
This page is provided for general information purposes and does not replace the applicable contractual documentation or legal notices.