PERSONAL DATA PROCESSING POLICY
|CONTROLLER Notice pursuant to and for the purposes of Article 13 et seq. of EU Regulation No. 679/2016 of 27 April 2016 (General Data Protection Regulation – GDPR) “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”. Pursuant to and for the purposes of Article 13 of EU Regulation No. 679/2016, we hereby inform you of the following.
|The Controller is Hyphen-Group, with registered office at Via Marconi No. 14 – 37010 Affi (VR), and all subsidiary and associated companies: telephone number: (045) 620 3200, e-mail address: firstname.lastname@example.org(hereinafter: “Controller”).
1 – PURPOSE OF PROCESSING
|– Purpose of processing: to view web pages and use the services offered on the site Enter URL of site (“Site”).
|1.2 – General marketing purposes of the Controller: by way of example, sending – by automated contact methods (e-mail) – promotional and commercial communications relating to services/products offered by the Controller; by way of example, but not limited to, notification of company events, webinars, whitepapers and subscription to newsletters.
|1.3 – Marketing purposes of third parties (with disclosure of data) belonging to the services sector (in particular ICT and digital) and consulting, commerce: sending – with automated methods of contact (such as SMS, MMS, e-mail) and traditional (such as phone calls) – promotional and commercial communications, advertising material relating to offers of services/products, reporting of business events, as well as carrying out market studies and statistical analysis by third parties specified above (subsidiaries), other than the Controller, to which the data may be disclosed for the purpose of the execution of contractual agreements signed with the Customer.
|1.4 – Marketing purposes by the Controller in favour of third parties (without disclosure of data) belonging to the services sector (in particular ICT and digital) and consulting, commerce: sending – with automated methods of contact (such as SMS, MMS, e-mail) and traditional methods (such as telephone calls with operator) – promotional and commercial communications, advertising material related to offers of services/products, reporting of company events, as well as conducting market studies and statistical analysis by the Controller on behalf of third parties.
|1.5 – Profiling purposes: analysis of customer preferences, interests inferred, for example, from online clicks on articles/sections of this website, in order to send commercial communications for targeted promotional actions, business intelligence. The processing of personal data for profiling purposes will take place, in case of consent, with data processing tools that, as a result of overlapping, will create a commercial and Internet behaviour profile. This data processing tool links the data collected during browsing on the Sites through the use of first-party profiling cookies accepted by you with the data collected through registration on the site using the appropriate forms. In addition, such data and/or information will be associated with any and/or further data and/or information already in our possession as a result of a subscription to our services.
|1.6 – Legal obligations: fulfilling obligations required by regulations and by the applicable national and supranational legislation.
|1.7 – Sending newsletters: if requested by you by registering for this service.
|1.8 – Rights of the Controller: if necessary, to ascertain, exercise and defend the Controller’s rights in court.
|1.9 – Operation of the Sites: during normal operation, computer systems and software procedures used to keep the Site operational collect some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but given their nature, could allow for identifying users of the Sites when processed and associated with data kept by the Controller or by others.
2 – LEGAL BASES OF PROCESSING
|2.1 – Contractual purpose: execution of a contract to which you are a party.
|2.2 – General marketing purposes of the Controller: legitimate interest of the Controller according to Art. 6, par. 1, letter f) of the GDPR.
|2.3 – Marketing and profiling purposes: consent (optional and can be withdrawn at any time).
|2.4 – Legal obligations: the need to fulfil legal obligations.
|2.5 – Sending newsletters: execution of a contract to which you are a party, i.e. the subscription to the newsletter.
|2.6 – Rights of the controller: legitimate interest.
3 – STORAGE PERIOD OF DATA
|3.1 – Contractual purposes, legal obligations and sending newsletters: for the whole term of the contract and, after termination, for 24 months.
|3.2 – General marketing purposes of the Controller: until the right of objection is exercised through the unsubscribe button (“Click here”) or by contacting the Controller directly.
|3.3 – Marketing and profiling purposes: until consent for such purposes is withdrawn.
|3.4 – Rights of the Controller: in the case of legal disputes, for the entire duration of the same, until the exhaustion of the terms for actions of appeal.
|3.5 – Operation of the Sites: for the duration of the browsing session on the Site.
|After the above-mentioned storage periods, your personal data will be destroyed, erased or made anonymous, compatibly with the technical procedures of erasure and backup.
|4.1 – PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES – LEGAL OBLIGATIONS – CONTROLLER’S RIGHTS Personal details, contact details.
|Personal details, contact details.
|4.2 – PERSONAL DATA PROCESSED FOR THE CONTROLLER’S GENERAL MARKETING PURPOSES
|Personal details, contact details.
|4.3 – PERSONAL DATA PROCESSED FOR MARKETING AND PROFILING PURPOSES
|Personal details, contact details, data collected by cookies installed by the Site.
|4.4 – PERSONAL DATA PROCESSED FOR SENDING NEWSLETTERS
|4.5 – PERSONAL DATA PROCESSED FOR THE OPERATION OF THE SITES
|The IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), other parameters relating to the user’s operating system and computer environment, information relating to the user’s behaviour on the Site, the pages that have been visited or searched, in order to select and make specific announcements to the user and data relating to the browsing behaviour on the Site using, for example, cookies.
5 – OBLIGATION TO PROVIDE DATA AND OBJECTION TO GENERAL MARKETING BY THE CONTROLLER
|Provision of the personal data referred to in points 4.1 and 4.4 for the purposes referred to in point 1.1 and 1.7 is required. Refusal to provide such personal data does not allow, therefore, the possibility to use the services/contents offered by the Site. The provision of the personal data referred to in point 4.2 for the purpose referred to in point 1.2 is required for the exercise of a legitimate interest of the Controller pursuant to Art. 6, par. 1, letter f) of the GDPR. You may, at any time, decide to stop receiving communications relating to the general marketing activities of the Controller by clicking on the unsubscribe button (“Click here”) at the bottom of any email received. Alternatively, you can contact the Controller at any time by writing to: email@example.com. Providing the personal data referred to in point 4.3 for the purposes referred to in points 1.3, 1.4 and 1.5 is optional and subject to consent. Some personal data referred to in point 4.5 are strictly necessary for the operation of the Site, others are used only to obtain anonymous statistical information on the use of the Site and to check that it is working properly, and are erased immediately after processing. When processing personal data that can directly or indirectly identify you, we adhere to the principle of strict necessity. For this reason, we have configured the Site in such a way that the use of your personal data is reduced to a minimum and in such a way as to limit the processing of personal data that allow for identifying you only in case of need or at the request of the authorities and the police (such as, for example, for data relating to traffic and your stay on the Site or your IP address) or to ascertain responsibility in case of hypothetical computer crimes committed at the expense of the Site.
6 – DATA RECIPIENTS
|Your data may be processed by external entities acting as controllers such as, by way of example, Authorities and supervisory and control bodies and, in general, entities, including from the private sector, entitled to request the data, Public Authorities that expressly make a request to the Controller for administrative or institutional purposes, in accordance with the provisions of applicable national and European legislation, as well as persons, companies, associations and professional firms providing assistance and advice. Your data may also be processed, on behalf of the Controller, by external entities designated as Processors pursuant to Article 28 of the GDPR, who are given appropriate operating instructions. These entities are essentially included in the following categories: companies that provide maintenance services for the websites and information systems. Your personal data may be processed, if you give your explicit consent, by third parties to whom your data will be disclosed. Your personal data will not be disseminated.
7 – ENTITIES AUTHORISED TO PROCESS DATA
|Your data may be processed by employees of the company functions of the Controller assigned to the pursuit of the above purposes, who have been expressly authorised to process them and who have received adequate operating instructions. The personal data processed for the operation of the sites, referred to in point 4.4. collected during browsing on the same will be processed by employees, collaborators of the Controller or external entities, in their capacity as persons in charge and processors, duly instructed by the Controller, who perform tasks of a technical and organisational nature of the Site on behalf of the Controller.
8 – YOUR RIGHTS AS DATA SUBJECT – COMPLAINT TO THE SUPERVISORY AUTHORITY
|By sending a message to our e-mail address firstname.lastname@example.org, data subjects may ask the controller for access to their personal data, and for the erasure, rectification of inaccurate data, to have incomplete data completed, and to restrict processing in the cases provided for by Art. 18 of the GDPR.
|Furthermore, if processing is based on consent or a contract and is carried out by automated means, you may request the portability of your data and to receive them in a structured, commonly-used and machine-readable format and, if technically feasible, to send them to another controller without hindrance.
|You have the right to withdraw your consent at any time for marketing and/or profiling purposes, as well as to object to the processing, for reasons related to your particular situation, of data in the event of the exercise of a public interest or legitimate interest of the Controller as well as for marketing purposes, including profiling related to direct marketing. If you prefer to be contacted for the above-mentioned purposes exclusively through traditional means, you may still express your objection only to receiving communications through automated means. The Controller shall refrain from processing your personal data unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the ascertainment, exercise or defence of a right in court.
|You have the right to lodge a complaint with the concerned supervisory authority in the Member State where you habitually reside or work, or in the State where the alleged violation occurred.
9 – DATA SECURITY
|Your personal data will be processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected and in accordance with the principle of necessity and proportionality, by avoiding processing personal data if the operations can be carried out through the use of anonymous data or by other means. We have taken specific security measures to prevent the loss of personal data, unlawful or unfair use and unauthorised access, but please remember that it is essential, for the security of your data, that your device is equipped with tools such as constantly updated antivirus and that the provider, of the Internet connection, ensures the safe transmission of data through firewalls, spam filters and similar measures.
10 – SHARING CONTENT VIA SOCIAL NETWORKS
|If you decide to share some content via one or more social networks (Facebook, Twitter, LinkedIn, Instagram, Whatsapp etc.) they may access some of your account information if you have enabled sharing of your account data with third-party applications. You can disable the sharing of your account data with third-party applications by accessing your account settings. For further information, please consult the websites of the social networks to which you are registered (www.facebook.com, www.twitter.com, www.linkedin.com, www.whatsapp.com).
11 – TRANSFER OF DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
|Your data may be transferred abroad to non-European countries only after verification of the Standard Contractual Clauses adopted/approved by the European Commission pursuant to Art. 46, par. 2, letters c) and d) of the GDPR or the binding corporate rules set out in Article 47 of the GDPR or, failing that, by virtue of one of the derogation measures set out in Article 49 of the GDPR.