PURSUANT TO REG. EU n° 2016/679 (“GDPR”)
Pursuant to EU Regulation n° 2016/679 (hereinafter GDPR) considering provisions on protection of personal data, the company COVIND S.p.A. (VAT number 03699000018), with registered office in Strada della Cebrosa 68, 10036 Settimo Torinese (To) as Data Controller, The following provides you with the main information regarding the use of your data:
1. Legal basis of the processing and data processed
The data of a "personal" nature that we are in possession of or that will be communicated to us by you or by third parties will be collected and processed to implement pre-contractual measures such as, for example request for information or a quote, for the management of your contractual relationship and the fulfillment of all related obligations, as well as for the pursuit of legitimate interest of the data controller or third parties for reasons of security and business organization, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. By way of example, "personal data" is information regarding:
- identification and contact data: name, surname, date of birth, tax code, telephone, e-mail, address, details of personal identification;
- data relating to the user's navigation, such as the IP address, date or time of request, resources visitor accesses which are automatically and independently acquired by the software that oversees the correct functioning of the site.
- bank details: IBAN, credit card number etc..
2. Purpose of the processing
Your personal data are processed as follows:
- without your express consent (Article 6 letter b), c), e) f) GDPR), for the following purposes:
- to conclude and execute contracts for the Controller's services;
- fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in to be;
- fulfill the obligations established by law, by a regulation, by legislation Community, to the requests of the Authority (such as for anti-money laundering) of the supervisory bodies;
- exercise or defend, if necessary, the rights of the Data Controller in court or out of court;
- with your specific and distinct consent (art. 6 letter A) and art. 7 GDPR), for the following purposes:
- to send you newsletters and communications for informational, promotional and commercial purposes relating to the services and products of the owner, as well as detect your degree of satisfaction with the quality of products and services purchased;
- carry out internal statistical analyzes as well as market research aimed at design of commercial offers.
3. Processing methods
The processing of yours will be carried out by authorized subjects through the support of tools paper, and / or computerized to store, manage and transmit the data with logic strictly related to the purposes themselves and in any case by adopting technical measures and organizational measures to prevent access, disclosure, modification or destruction not authorized of your personal data. The Company's web portal (www.covind.it
- processed lawfully and fairly;
- collected and recorded for specific, explicit and legitimate purposes;
- accurate and, if necessary, updated;
- relevant, complete and not excessive in relation to the purposes of the processing.
4. Subjects authorized to process
Your data may be made accessible for the purposes referred to in the previous art. 2) to employees or collaborators of the Data Controller in their capacity as authorized and / or Data Processors, all of whom are adequately instructed. The data may also be transmitted to third-party companies that carry out outsourced activities for account of the Data Controller, in their capacity as Data Processors and on the basis of an agreement legally binding for the protection of data protection, or to other subjects, including autonomous owners, such as authorities and supervisory and control bodies, or other subjects, public or private individuals who have the right to request data. The categories of third parties who may have access to such data are for example:
- IT suppliers (e.g. data back-up services, e-mail, WEB / cloud computing, hosting, network monitoring, sending e-mails, website maintenance, etc.);
- consultants (e.g. employment consultant, accountant, legal and other professionals, banking institutes, etc.);
- public and private entities with social security, welfare or insurance purposes (also integrative), Tax Offices, etc .;
- juridical authorities and other subjects for legal obligations;
- other Authorities.
The updated list of managers and those authorized to process the datas is kept at the headquarters legal status of the Data Controller.
5. Duration of data retention and processing upon expiry
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes. In particular:
For the purposes referred to in art. 2 B), for 24 months from the registration of the consent. Once the storage terms indicated above have elapsed, the data will be destroyed, deleted or made anonymous, compatibly with the state of the art of the technique.
- For the purposes referred to in art. 2 A) sub. to. and sub b., unless otherwise required by law, no later than 10 years from the termination of the Contract;
- For the purposes referred to in art. 2 A) sub. c in accordance with the specific legislation;
- For the purposes referred to in art. 2 A) sub. d the data will be kept for the duration of the dispute and for the terms of appeal;
6. Data transfer
Your personal data are processed at the Data Controller's operational headquarters and in any other place where the parties involved in the processing are still located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer such data abroad in non-European countries. In this case, the Data Controller ensures from now on that the transfer of data outside the European Union will take place in compliance with the applicable legal provisions, subject to the stipulation of the contractual clauses standards provided by the European Commission. Specifically, your data will be transferred abroad to non-European countries, only if the level of data protection of the Third Country was considered adequate by the European Commission pursuant to art.45 of the GDPR. However, in the absence of an adequacy decision, the data transfer can be carried out in the presence of one of the exceptions provided for by art. 49 of the GDPR (e.g. consent, transfer necessary for contractual or pre-contractual purposes in relation to a contract stipulated with the interested party or in his favor, ascertaining, exercising or defending a right on site judicial, etc.).
7. Mandatory nature of the assignment and consequences of any decline
The provision of your data for the purposes referred to in Article 2 A) is mandatory and does not require your consent. Your eventual failure, partial or incorrect provision and / or any express refusal to process will make it impossible for the Data Controller to follow up on your requests, to fulfill the contractual obligations deriving from the mandate conferred or a legal obligation to which the Owner is subject. The provision of data for the purposes referred to in Art. 2 B) is optional, with the consequence that you may decide not to provide your consent, or to revoke it at any time.
8. Rights of the interested party
You have the right to obtain from the Data Controller confirmation that a processing of personal data concerning him and in this case to obtain:
- access to personal data for:
- acknowledgement of the type of data processed, the purposes for which they were processed, the recipients or the categories of recipients to whom such data have been or will be communicated, the period of time within which the data will be stored or a forecast of the duration, their rights, the existence of adequate guarantees if the data are transferred to a third country, if a process is underway automated decision making, including profiling (at least in such cases with information significant on the logic used, importance and consequences of this process); Obtain a copy of the personal data being processed without affecting the rights and freedoms of others.
- Obtain a copy of the personal data being processed without affecting the rights and freedoms of others.
- The rectification of inaccurate data, or when it is in your interest, the carrying out of the appropriate additions;
- the cancellation of your personal data in the following cases:
- when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- when your personal data have been unlawfully processed;
- when withdrawing consent if there is no other legal basis for the treatment;
- when you object to the processing in the absence of prevailing contrary rights or obligations;
- there is a legal obligation to this effect for the Data Controller.
The Data Controller is obliged, without undue delay, to proceed with the deletion of data and to take reasonable steps to inform any others data controllers who are processing the data, to proceed with their cancellation.
- the limitation of the processing of your data in the following cases:
- when the accuracy of the data is contested;
- When the unlawful processing of data is assumed;
- For the assessment, exercise or defense of a right in court;
- When the processing has been opposed, pending verification of the concrete existence of that right.
You also have the right:
- to oppose in whole or in part:
- to the necessary processing for the performance of a task of public or related interest the exercise of public authority vested in the data controller;
- to the necessary processing for the pursuit of the legitimate interest of the Data Controller treatment or of third parties, provided that the interests or rights and freedoms do not prevail fundamental data of the interested party that require the protection of personal data, in particular if the person concerned is a minor. The Data Controller must reply to your request within one month from the exercise of the right. The answer must be in writing, including in electronic format, unless you verbally request it. The answer must be concise, accessible and intelligible.
- To request portability, in the event that processing is based on electronic processing in whole or in part of their personal data.
- To lodge a complaint with the competent supervisory authority in the Member State in which you usually reside, work, or in the place where the alleged occurred violation.
9. How to exercise the rights
To exercise your rights, you can:
- Send an e-mail to firstname.lastname@example.org
- Send a registered letter with return receipt to Covind S.p.A., strada della Cebrosa 68, 10036 Settimo Torinese (To).
10. Changes to this document