Purposes and principles of data processing. In fulfillment of the obligations of applicable law, the methods of management of the Company web site are described on this page regarding the processing of the personal data of the consumers who navigate it and interact with the accessible web services by telematic means starting from the address: www.omniatechnologiesgroup.com.
You are informed that OMNIA DELLA TOFFOLA SPA will use your personal data to manage access to the portal and the services included therein, to manage the technical procedures, to perform all activities necessary or useful for the continuous improvement of the service provided, and to ascertain responsibility in case of crimes against the Site and/or offenses committed through the Site. Specific additional purposes relating to individual treatment may be identified in detail through supplementary information as part of the various services included in the portal.
Consultation of the Site may involve the processing of data relating to identified or identifiable persons. The personal data provided by users who consult the Site is processed by the recipient of the communication in order to respond to requests received.
Table of content of subjects
– Types of data
– Purposes of data processing
– Legal basis for data processing
– Logic and forms of organization of data processing
– Internal subjects who process personal data
– Obligatory or optional nature of data communication and consequences of failure to provide data
– Do instances of simplified consent or waivers to obligatory consent for direct marketing purposes?
– Does the data subject’s consent to processing for direct marketing and extended profiling purposes also apply to the communication of data to third parties
– Withdrawal of consent
– Communication of data to third parties
– Transfer of data abroad
– Duration of processing
– Data Controller
– Rights of the data subject
– Policy changes
Types of data
The data we process can be of three general categories: navigation data, data actively provided by the data subject, and data collected from third parties.
When you access this website or use our services (also via smart phone or tablet), during normal operation the computer systems and software procedures used to operate the site acquire certain information about you that qualifies as “personal data”, the transmission of which is implicit in the use of Internet communication protocols.
This data includes your hardware model, operating system and version, information on your mobile network and the country from which access is made, the time of the request, the method used to submit the request to the server, access time, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.. ), details of the itinerary followed through the web pages with particular reference to the pages visited, and other parameters regarding your operating system and computer environment (the browser used, version, geographic location, and the last page visited before accessing the services offered on the OMNIA DELLA TOFFOLA website) and unique device identifiers (e.g., the IP address or domain names of the computers used by users, the Uniform Resource Identifier (URI) address, the Media Access Control (MAC) address).
Although this information is not collected to be directly associated with identified interested parties, by its very nature could in theory allow users to be identified through processing and association with data held by third parties (in particular, third-party providers of internet connectivity services).
We use this data only to obtain statistical information on the use of the site in aggregate and anonymous form in order to better understand the user’s browsing behavior and offer users a better browsing experience, enable all the site’s technical functions, to control and optimize its operation, to improve the quality of services offered by the site, and to ensure the maintenance of its database and IT infrastructure support.
After this processing in anonymous form, all such navigation data is deleted within 12 months from the date of collection.
Navigation data can also be used to ascertain responsibility in case of crimes to the detriment of the website or realized through the Site (malware attempts, spamming, abusive access to computer systems, etc.); in such case, the data will be conserved for all the time required for the protection of OMNIA DELLA TOFFOLA and/or third parties’ rights.
Data provided by the user
The following information is considered data provided by the user:
- – information sent by users in an optional and voluntary manner by filling out and submitting online registration and/or data collection forms and the blogs of companies published on the website (e.g. e-mail address, e-mail subject, name or company name, first and last name, etc.);
– personal data provided by users to take advantage of services accessible on the Site or to participate in initiatives promoted through the Site;
– personal data provided by users who forward requests for clarification, news and/or information material;
– personal data provided by users who send us candidacy proposals (“curriculum vitae”, etc.).
The web forms available on the sites never ask you for “particular” personal data (i.e. personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-union nature or personal data disclosing your state of health and sexual orientation) or data “relating to offences, criminal convictions and security measures” (data on criminal records or regarding the status of accused or suspected persons, etc.).
When using some website services, some Personal Data pertinent to third parties that you sent us may be subjected to processing. In this case, you are the autonomous Data Processing Controller, and as such assume all the obligations and responsibilities required by law, in such way releasing us from any and all liability in disputes, claims, requests for compensation for damages derived by such data processing advanced by the above-mentioned third parties whose Personal Data has been processed as a result of your use of the functions of the website in violation of the Personal Data protection rules applicable. In any case, whenever you provide or otherwise process Personal Data of third parties in your use of the Site, you hereby guarantee that henceforth while assuming all related liability that this hypothesized processing is based on an appropriate legal basis under Article 6 of the Regulation which legitimates the processing of the data in question.
Personal data collected from third parties
We do not collect personal data regarding the Data Subject from third parties.
Purposes of processing
Personal data is processed for the following purposes:
- a) to process the user’s requests for support and contact regarding the transmission of informative or clarificatory materials (newsletters, answers to questions, announcements, specifications, price lists, other documentation, etc.),
b) perform the service or supply the product requested by the user and organize all the managerial and production activities instrumental to such supply (including relations with suppliers and the management of payments by credit card, bank transfer or other instruments),
c) to fulfil the obligations foreseen by the law, regulations and/or Community legislation;
to fulfil all legal obligations connected with or deriving from the contractual relationship terminated with the interested party and/or the organization to which e or she belongs
(all of which constitute the “primary purposes”
The data collected will also be processed for the purposes of:
f1) Direct marketing (execution of market surveys, sending commercial and promotional communications and newsletters through any automated means of communication, email, telephone with operator, text messages, chat messages, social networks, etc..) or non-automated means, such as regular mail, Data will be processed only with the previous consent of the Data Subject (obtained through appropriate online and/or paper forms), and consent is always optional (see below).
f2) Basic profiling* (i.e. analysis, also predictive, of substantial information:
For the internal contacts of our current or potential client companies: the first and last name of the data subject, name and sector of the organization to which the data subject belongs, the role and contact data such as headquarters of the organization to which the data subject belongs, the email address and telephone numbers of the same, topics of professional or economic interest, and the participation of the data subject in events organized by us and/or our partners);
for the internal contacts of our current or potential client companies: the first and last name of the data subject, name and sector of the organization to which the data subject belongs, the role and contact data such as headquarters of the organization to which the data subject belongs, the email address and telephone numbers of the same, topics of professional or economic interest, and the participation of the data subject in events organized by us and/or our partners);
for consumers or individual companies: the first and last name of the data subject, contact data such as his or her residence or domicile, email address and home and office telephone numbers, economic or product sector of activity, topics of professional or economic interest, and participation of the data subject in events organized by us and/or our partners)
The processing of basic profiling takes place without the need for prior consent of the data subject (for the reasons better indicated in the following section “Legal basis of processing”).
* Profiling concerns physical persons only, and for such reason any information regarding subjects other than natural persons is not relevant for the purposes of privacy legislation can thus be freely profiled by us.
- This activity has a twofold purpose: to better understand our customers, both as groups and as individuals, and to analyze marketing effectiveness in order to develop and update products, services and offers in line with the preferences of our targets.
Profiling aims to align the services and goods we offer with current and potential demand, measure the results of specific promotions, take corrective actions to improve business results (e.g. by reducing the risk of investing resources in areas that are marginal to the target audience) and the effectiveness of business processes (e.g. by ascertaining how many promotional messages and content we have sent you have really been seen and clicked on by you), limit the sending of promotional communications that are not relevant to your likely expectations and needs or through channels you do not like).
This means that we do not send the same offers to all interested parties and we will be able to send you advertising communications that come as close as possible to your tastes, interests, and preferences or through your preferred methods of contact, improving your shopping experience to even your own benefit.
Profiling does not exclude you from specific advantages or from the possibility of freely exercising your rights in relation to the personal data we process; in particular, it does not affect the possibility for the person concerned to use our ordinary services (e.g. online pre-registration, purchase of services).
As a whole, all the above-mentioned direct marketing and basic profiling purposes constitute “
Legal basis for processing.
For primary purposes, processing is necessary, as the case may be, for the adoption of pre-contractual measures at the request of the data subject (e.g. requests for clarification, sending of information or commercial offers), for the execution of a contract to which the data subject is a party, or for compliance with a legal obligation to which we are subject (e.g. to allow the verification of the correct fulfilment of legal and contractual obligations towards the data subject or third parties by the administrative and tax authorities, boards of statutory auditors or auditors, etc.) and/or those based on the following legitimate interests
- a) of our company (prevailing over the interests or fundamental rights and freedoms of the data subject) to process the data in order to be able to effectively and efficiently manage the relationship with its users, customers and/or suppliers and to organize the related production, organizational and management processes (including relations with its sub-suppliers and/or with parent, subsidiary or associated companies pursuant to art. 2359 of the Civil Code or with companies subject to common control) aimed at enabling this objective;
b) of third parties, to receive from the Data Controller and process personal data i) for the purpose of verifying the correct fulfilment of legal and contractual obligations existing towards the data subject or towards third parties (for example verification by the public authority regarding the fulfilment of tax obligations, or by the board of statutory auditors or auditors regarding the fulfilment of legal obligations, etc.) or ii) for the purpose of managing activities regarding requests from the Data Controller for support in managing data subject activities.
purposesWithdrawal of consent
- Even after providing consent to the processing of data for profiling and direct marketing purposes, the data subject may notify the Company of a change in intention at any time using any of the following alternative methods:
by clicking on the “unsubscribe” key made available to the user at the foot of promotional emails received, which automatically sends an email to the Company and in such case the name of the data subject becomes registered in a black list that inhibits all further direct marketing actions by the Company in the former’s regard
by transmitting to the Company by ordinary mail or email your declaration of withdrawal of consent
- (which in this case will be manually recorded in the Company’s CRM). This method of communication is always necessary whenever the data subject wishes to express a more analytical and selective intention, either with regard to the use of certain individual means and not others (e.g. only paper, only electronic, refusing transmission by automated systems, etc..) for the receipt, with prior consent, of Company marketing communications regarding individual marketing purposes among those actually possible (choosing for example to receive only newsletters and not inviati (non era forse invece ”inviti”?) invitations to our Events;
As is clarified in the General Measure of the Guarantor dated 4 July 2013 bearing “Guidelines for combating spam”:
- the communication or transfer to third parties of personal data for marketing purposes in general cannot be based on the acquisition of a single and generic consent from the data subject for such purposes;
it is necessary for the Data Controller to acquire a specific consent for the communication (and/or transfer) of personal data to third parties for promotional purposes that is also separate from the consent required of such Data Controller to carry out promotional activities itself; whenever the data subject gives such consent, third parties will be able to conduct promotional activities in regard to the data subject by even using the automated methods referred to in Article 130, paragraph 1 and 2 of the Privacy Code without having to acquire a new consent for promotional purposes.
the Data Processing Controller that intends to collect personal data to communicate (or transfer) the same to third parties for their marketing purposes must first provide the data subjects with appropriate information that identifies each of the third parties or, alternatively, indicate the categories (economic or product) to which they belong.
(direct marketing, profiling) processing is based on the following criteria:a) as regards direct marketing to clients conducted exclusively by transmission of email/newsletters only in promotion of products or services similar to those you have already purchased: in our legitimate interest of promoting our products and/or services to current clients (so-called soft spam);
b) as regards direct marketing to clients conducted exclusively by transmission of email/newsletters only in promotion of products or services that differ from those you have already purchased: with your specific previous consent to the processing of your data for such purpose whenever such consent has not been subsequently withdrawn;
c) as regards direct marketing to clients conducted by automated means other than transmission of email/newsletters (e.g. transmission of text messages, social media messages, and instant messaging services such as Whatsapp etc.): with your specific previous consent to the processing of your data for such purpose whenever such consent has not been subsequently withdrawn.
d) as regards basic profiling, in our legitimate interest of a minimum set of information for the planning of our direct marketing actions to both current and potential clients.
You must give or withhold your consent, separately, respectively for i) the processing we conduct, and ii) our communication of such data to autonomous third-party holders of such processing for the same purposes.
The logic and forms of organization of data processing will be closely related to the individual purposes respectively indicated above. Processing will be conducted in electronic, telematic and/or paper form. During processing, personal data is subjected to the protective measures we adopt against the risk of unauthorized access or processing, and can be consulted only by staff members we authorize, which must still respect the established limits of use in which they have been trained after access to the various software applications has been granted by entering the personal passwords required.
Internal subjects who process personal data
The data collected is processed by our internal subjects who require the same for the execution of their duties (e.g. staff in the sales department, marketing department, administrative department, call center, technical employees for the maintenance of the company computer system, etc.).
Obligatory or optional nature of data communication and consequences of failure to provide data
For primary purposes, the conferment of data is compulsory whenever such data is necessary for the fulfillment of legal obligations and the failure to provide such data renders the stipulation of the contract with the data subject and/or the organization to which he or she belongs impossible; in other cases in which you are not obliged to provide us with your personal data, we will be unable to establish the pre-contractual relationships, the online registration of the data subject in the Website, and/or the delivery of services or the sale of products/services for which we require such registration and/or the conferment of data.
Non-registered users may browse the Website and view only the content and materials available without registering.
For secondary purposes that require your prior consent (direct marketing) and separately, for the purposes of our communication of data to third parties who process it for the same purposes in a different capacity from that of our managers:
– your consent is always optional (free and deniable);
– failure to provide data or consent to processing will prevent us from processing and/or, respectively, communicating to third parties such data for such secondary purposes, whereas it will not interfere with our existing relationship with you or your organization.
Do instances of simplified consent or waivers to obligatory consent for direct marketing purposes?
As allowed by the General Provision of the Privacy Guarantor dated 15.05.2013 – “Consent to the processing of personal data for the purpose of “direct marketing” through traditional and automated means of contact“), the consent required for the secondary purposes of direct marketing is unitary and comprehensive for all possible channels used by us (electronic, paper, postal) and for all possible sub-purposes of direct marketing (you do not need to provide us with multiple consents for each distinct marketing purpose).
Does the data subject’s consent to processing for direct marketing and extended profiling purposes also apply to the communication of data to third parties?
We communicate some of your data to other companies in our Group or to the third parties we sub-contract as “data processors” to the processing of data on our behalf and under our supervision. In this case, the third parties use the same consent (including that to communications provided to third parties for such purposes) you have already provided.
Exclusively after your further, separate, and additional consent, we can also communicate or transfer data to third parties (usually third partners in the promotion of events) that will process them as co-Data Controllers or independent Data Controller s for direct marketing purposes.
Note: we can process personal data through the use of telephone calls with operator and the use of ordinary mail for the above-mentioned secondary purposes without the data subject’s prior specific consent (in this case, the latter reserves the right to oppose processing using simplified methods and also electronically by registering his or her telephone number and other personal data regarding subscriptions in the paper and electronic directories available to the public in the Public Register of Oppositions (http://www.registrodelleopposizioni.it/) as specified in Decree of the President of the Republic n. 178/2010).
Note: when we request – for direct marketing purposes – your telephone number and you provide optional and specific consent to its use, we can use it to call you even if you have registered it in the Public Register of Objections because in this case the number was not taken from public telephone directories.
Withdrawal of consent
Even after providing consent to the processing of data for profiling and direct marketing purposes, the data subject may notify the Company of a change in intention at any time using any of the following alternative methods:
– by clicking on the “unsubscribe” key made available to the user at the foot of promotional emails received, which automatically sends an email to the Company and in such case the name of the data subject becomes registered in a black list that inhibits all further direct marketing actions by the Company in the former’s regard
– by transmitting to the Company by ordinary mail or email your declaration of withdrawal of consent
- (which in this case will be manually recorded in the Company’s CRM). This method of communication is always necessary whenever the data subject wishes to express a more analytical and selective intention, either with regard to the use of certain individual means and not others (e.g. only paper, only electronic, refusing transmission by automated systems, etc..) for the receipt, with prior consent, of Company marketing communications regarding individual marketing purposes among those actually possible (choosing for example to receive only newsletters and not invitations to our Events;
 As is clarified in the General Measure of the Guarantor dated 4 July 2013 bearing “Guidelines for combating spam”:
– the communication or transfer to third parties of personal data for marketing purposes in general cannot be based on the acquisition of a single and generic consent from the data subject for such purposes;
– it is necessary for the Data Controller to acquire a specific consent for the communication (and/or transfer) of personal data to third parties for promotional purposes that is also separate from the consent required of such Data Controller to carry out promotional activities itself; whenever the data subject gives such consent, third parties will be able to conduct promotional activities in regard to the data subject by even using the automated methods referred to in Article 130, paragraph 1 and 2 of the Privacy Code without having to acquire a new consent for promotional purposes.
– the Data Processing Controller that intends to collect personal data to communicate (or transfer) the same to third parties for their marketing purposes must first provide the data subjects with appropriate information that identifies each of the third parties or, alternatively, indicate the categories (economic or product) to which they belong.
– by sending a clearly evident informal telephone notice of withdrawal of consent to the Company that when such opt-out request is received, the Company will proceed to remove and delete the data from the databases used for processing for direct marketing purposes and, where possible, will inform any third parties to whom the data has been communicated for the same purposes. The simple receipt of the cancellation request will automatically be considered as a confirmation of cancellation.Whenever you wish to withdraw consent to advertising communications sent to you from social channels (e.g. Facebook, Twitter, etc.), you must communicate such intention directly to the individual social platform in the ways communicated case by case by the same and/or the browser you use (given that our Company is not technically capable of influencing third-party social platforms in this regard).
- The above-mentioned opposition will have no effect on the execution of activities stipulated by currently valid contracts.
Communication of data to third parties
The Company communicates your personal data to third parties only when necessary and functional to achieve the purpose of data processing conducted in regard to the service or product you have requested, and in any case proceeds to communication only after informing you, and where necessary, collecting your consent to do so. Communication to third parties will always be limited to the data strictly necessary for the purposes.
The third-party receivers of such data – as better identified below – will process the data, as appropriate, a) as “external controllers” (i.e. on our behalf and according to our written directives aimed at ensuring compliance with privacy regulations during processing and under our supervision), or b) as joint controllers (i.e. on the basis of a written agreement governing their respective activities and responsibilities in relation to personal data), or in the capacity of independent controllers (in this case, the data subject will be provided with all the necessary information on such processing required by applicable law).
For primary purposes and in particular when the data subject stipulates a contract with our Company, personal data may be disclosed to all third parties whose intervention in processing is useful on the basis of the services required by the data subject and/or legal obligations or required by regulations or other legislation, such as when the following are involved: parent companies, subsidiaries or affiliates of the Group and/or third-party partners who conduct functional or complementary activities to the supply of products or services required by the data subject (e.g. management of requests for information, estimates, orders, contracts, after-sales service), third parties responsible for conducting activities linked with and/or instrumental to such processing (such as commercial agents, banks for the management of collections and payments, business information companies, credit recovery companies, credit transfer companies, companies providing electronic payment services, couriers, carriers and shippers, factoring companies, insurance companies, lawyers and law firms, chartered accountants, accounting experts, auditors and auditing firms, members of supervisory bodies pursuant to Legislative Decree no. 231/2001 regarding organizational models aimed at preventing certain categories of crime, auditors, third parties appointed to carry out web hosting and/or maintenance services for this website and/or the computer systems used by it and/or the electronic archives connected to the site; carriers and forwarding agents appointed to the transport of goods; and public safety authorities and computer forensics companies, in the case of requests connected to criminal and civil investigations and/or suspected offences or other abuses or offences committed to the detriment of NAME and/or third parties.
Regarding processing for secondary purposes (direct marketing, profiling), in accordance with the General Provision of the Guarantor of July 4, 2013 bearing “Guidelines for combating spam”, we will also communicate data to: our Group’s parent companies/subsidiaries, advertising agencies, marketing analysis companies, communications companies and/or public relations companies, companies responsible for the design, printing and maintenance of editorial advertising or promotional materials and/or their management online, website production companies, web marketing companies, direct e-mailing service companies (e.g. Mail-Up or similar), consultants and/or other entities to which we entrust functional activities for such purposes; maintenance companies of the computer systems on which our databases reside or through which they are processed; and suppliers of electronic communication and ICT services
Such data will not be disclosed.
Transfer of data abroad
The Controller transfers personal data to the following third country(ies):
– Microsoft Corporation, headquartered at 1 Microsoft Way, Redmond, WA 98052, USA, as provider of the individual productivity cloud application service (referred to as “Office 365”), for the performance of the contractual service towards the customer (e.g. for email management or document editing) and/or for the fulfillment of related legal obligations.
Other inactive data, however, particularly data that differs from as indicated above, may be transferred from the EU to the USA for the service in question and this transfer is not occasional.
Regarding this hypothesis, the Company applies adequate guarantees consisting in the stipulation – automatically upon activation of the service – of Standard Contractual Clauses (SCC) as a result of which as regards the processing within its competence, the supplier agrees to comply with privacy obligations substantially equivalent to those specified in the GDPR for the Company. These SCC have been previously submitted by Microsoft to the Article 29 Working Party of the European Union and have obtained the relevant approval.
In theory, the risk that in certain occasional situations on the basis of US legislation (art. 702 of FISA and Executive Order EO 12333) for national security purposes, the American public authority will access personal data transferred by the Data Controller from the EU to the USA cannot be excluded with absolute certainty. The possibility that in practice public interest in gaining access to the data (of which the supplier by law may not inform to the Company) may arise appears objectively limited, however, given: i) the Company’s core business ii); the type of personal data processed by the Company; and iii) the limited categories of data subjects to whom such data may refer (candidates, employees, customers and suppliers). Therefore, the aforementioned SCCS guarantee a protection of the rights of data subjects that is substantially identical to as specified in the GDPR. The adoption of any further GUARANTEE measures will be communicated to the data subjects by the Company.
Duration of processing
Personal data processed for primary purposes is normally processed for the entire duration of the pre-contractual and/or contractual relationship established with the data subject, in particular:
- in the pre-contractual phase, for the time necessary to manage the requests sent by the data subject to the Company (e.g. requests for documentation, brochures, information, etc.) and to track the successful completion of the Company’s replies and thereafter until the data subject communicates objection to processing for the aforementioned purposes;
- in relation to the contract stipulated with the data subject, for the entire duration of the contractual relationship established with the data subject; and
after the termination of the contractual relationship established with the interested party, for the time necessary to fulfil all the legal obligations connected to the terminated contractual relationship (in particular, to demonstrate the fulfilment of fiscal and civil law obligations to the control authorities) and in any case, until the civil law term of the action for the compensation of damages due to the data subject ex Art. 2946 c.c., and precisely, for 10 years from the termination of the contract).
Personal data processed for IT security purposes (e.g. log recordings) will be kept for the time necessary to conduct the respective security checks and evaluate the results (1 year from the moment of collection).
Whenever an extrajudicial or judicial dispute arises with the data subject and/or third parties, the data will be processed for the time strictly necessary to exercise full protection of the rights of the Data Controller.
Personal data processed for secondary purposes (marketing) is normally processed for the periods below:
- whenever you are not already a client of ours – until you withdraw the consent previously granted for the purposes above; or
whenever you are already a client of ours – until you withdraw the consent previously granted for the purposes above.
The Data Controller of the processing of personal data is OMNIA DELLA TOFFOLA S.p.A, Via Feltrina 72, Signoressa di Trevignano (TV) 31040 – e-mail contact: email@example.com
The data subject can obtain a complete and updated list of external managers at the Company upon written request.
Rights of the data subject
With regard to the processing of personal data, a data subject may exercise the following rights by contacting our company without any particular formalities:
- request confirmation as to whether or not personal data concerning him/her is being processed and, if so, to obtain access to the personal data and the following information:
- the purposes of processing;
the categories of personal data involved;
the receivers or categories of recipient to whom such personal data has been or will be disclosed, particularly if there are receivers in third countries or international organizations;
whenever possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine such period;
the existence of the right of the data subject to request Company to rectify or cancel personal data or to limit the processing of personal data concerning him or her or to oppose their processing;
the right to lodge a complaint with a supervisory authority whenever the data has not been collected from the data subject, and all available information on its origin;
the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
Whenever personal data has been transferred to a third-party nation or an international organization, the data subject has the right to be informed of the existence adequate guarantees regarding transfer;
request, and obtain without undue delay, the rectification of inaccurate data, bearing in mind the purposes of processing and the integration of incomplete personal data also by providing a supplementary statement;
request the cancellation of data, if:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
the data subject withdraws the consent on which processing is based and no other legal basis for processing exists;
the data subject objects to processing, if there is no overriding legitimate reason to proceed with the processing, or objects to the processing being carried out for direct marketing purposes (including the profiling functional required for such direct marketing);
the personal data has been processed unlawfully;
the personal data must be deleted in order to comply with a legal obligation under European Union or member nation law to which our Company is subject;
the personal data has been collected in connection with the offer of information company services using our company’s database;
request the limitation of processing that concerns the data subject whenever any of the following hypotheses occurs:
- the data subject contests the accuracy of the personal data; in such case, the limitation of processing (i.e. the suspension of the same) may occur for the period necessary for our Company to verify its accuracy;
the processing is unlawful (e.g. because the data subject has not been provided with the information required by law) and the data subject opposes the deletion of his/her personal data (i.e. he/she prefers that they be kept in our paper and/or computer archives) and asks instead that their use be limited as above;
although our Company no longer needs the data for processing purposes, the personal data are necessary to the data subject for the establishment, exercise or defense of legal claims;
the data subject has objected to processing carried out for direct marketing purposes, pending verification of the possible prevalence of the legitimate reasons of our Company over those of the data subject;
obtain from our Company, upon request, the communication of the third-party receivers to whom such personal data has been transmitted;
to withdraw consent to processing in any moment whenever previously communicated, for one or more specific purposes of personal data, while remaining understood that this will not affect the lawfulness of the processing based on the consent given prior to such withdrawal;
to receive in a structured, commonly-used and machine-readable format the personal data concerning the data subject provided by this latter to our Company and, if technically feasible, to have such data transmitted directly to another Data Controller without hindrance on our part whenever the following condition (cumulative) occurs:
- processing is based on the consent of the data subject for one or more specific purposes or on a contract to which the Data Subject is a party and for the performance of which the processing is necessary; and
processing is conducted by automated means (software) (with the overall right to so-called “portability”);
The exercise of the right to portability is without prejudice to the right to cancellation as provided above;
- Not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject and affects him or her in a similar significant way. Note: Our company does not make any automated decisions of the type above.
Propose a complaint to the competent supervisory authority under the GDPR (that of its place of residence or domicile). In Italy: Garante per la protezione dei dati personali, Piazza Venezia n. 11, 00186 ROMA (firstname.lastname@example.org, tel. +39 06 69677.1, fax +39 06 69677.3786).