Hyphen-Group

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

DATA CONTROLLER
Notice pursuant to and for the effects of Article 13 and subsequent articles of the EU Regulation no. 679/2016 of April 27, 2016 (General Data Protection Regulation – GDPR) “concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).” Pursuant to and for the effects of Article 13 of EU Regulation no. 679/2016, we inform you of the following: The Data Controller is Hyphen-Group, located in Affi (VR), via Marconi n° 14 – 37010 and all its controlled and associated companies: phone number: 045 620 3200, email address: datamanager@hyphen-group.com (hereinafter: “Controller”).

1. TYPES OF DATA PROCESSED

1.1. Browsing Data
The IT systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical IT crimes against the site: except for this possibility, the web contact data does not persist for more than seven days.

1.2. Data Provided Voluntarily
Information entered in any forms present on the site (name, surname, company, email, phone number, and other non-mandatory additional information contained in the message). The optional, explicit, and voluntary sending of emails to Hyphen Group entails the subsequent acquisition of the address necessary to respond to requests, as well as any other personal data included in the email itself. If sensitive (“particular”) data not requested are included, they will not be kept but will be immediately deleted by the Data Controller.

2. PURPOSES OF PROCESSING

2.1. Purposes of Data Processing for Compliance with Legal Obligations

  • Data processing and entry into the company CRM and database.
  • Data processing in web management. This includes, among other things, the obligation to adopt all appropriate technical measures to ensure data security. For security purposes (spam filters, firewalls, virus detection), automatically recorded data may include personal data such as the IP address, which could be used, in accordance with current laws, to block attempts to damage the site itself or to harm other users, or in any case harmful or criminal activities.
  • Storing access data in server log files: storing access data in server log files, such as the name of the requested file, date and time of access, data volume transferred, and requesting provider. We use these data exclusively to ensure efficient operation of the site.

2.2. Direct Marketing Purposes of the Controller

For example, sending – with automated contact methods (email) – promotional and commercial communications related to services/products offered by the Controller; for example, notifying of company events or webinars, whitepapers, or newsletter subscriptions.

2.3. Third-Party Marketing Purposes (with Data Communication)
Concerning the service (particularly ICT and digital) and consultancy, commerce sectors: sending – with automated contact methods (such as SMS, MMS, email) and traditional methods (such as phone calls) – promotional and commercial communications, advertising material related to service/product offers, company event notifications, as well as conducting market studies and statistical analyses by third parties specified above (controlled companies), in relation to the Controller, to whom the data may be communicated for the execution of the contractual agreements signed with the Customer.

2.4. Profiling Purposes
Analysis of the Customer’s preferences, interests inferred, for example, from clicks on articles/sections of this website, in order to send commercial communications for targeted promotional actions, business intelligence. The processing of personal data for profiling purposes will take place, with consent, using data processing tools that, after cross-referencing, will create a commercial and behavioral profile on the web. This data processing tool relates data collected during browsing on the Sites through the use of first-party profiling cookies accepted by you with data collected through site registration via the appropriate forms. Furthermore, these data and/or information will be associated with any additional data and/or information already in our possession following adherence to our services.

2.5. Purposes Arising from Legal Obligations
To comply with obligations provided by regulations and applicable national and supranational legislation. If necessary, we will process the data to ascertain, exercise, or defend the Controller’s rights in court.

3. LEGAL BASES OF PROCESSING

3.1. Express Consent
Art. 6, para. 1, letter f) GDPR based on the new General Regulation (art. 4 GDPR), is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify their agreement to the processing of personal data relating to them. The consent given applies to all processing activities carried out for the same or the same purposes.

3.2. Legal Obligation
Art. 6 (1)(c) GDPR: We must process some of your data to comply with the legal obligations to which we are subject (billing, etc.).

3.3. Legitimate Interest of the Controller
Art. 13(2) e-Privacy Directive and pursuant to art. 6, para. 1, letter f), of the GDPR.

  • In reference to the exercise of the Controller’s rights;
  • In reference to the Controller’s direct marketing only in the following cases and methods:
    • for the transmission of messages by email (not for telephone communications);
    • the email must be the one indicated in the context of the sale of a product or service;
    • messages must be sent for the direct sale of products and/or services provided by the Controller (and not by third parties);
    • the product or service must be similar to those already purchased by the data subject;
    • the recipient must not have refused at the beginning or during subsequent communications such promotional communications;
    • the recipient must have the possibility to oppose the processing of data at any time, free of charge, and in a simple manner.

4. RETENTION PERIOD OF PERSONAL DATA

4.1. Contractual Purposes, Legal Obligations, and Sending of Newsletters
For the entire duration of the contract and, after its termination, for 24 months.

4.2. Generic Marketing Purposes of the Controller
Until the right of opposition is exercised, which can be exercised via an appropriate unsubscribe button (“Click here”) or by directly contacting the Controller.

4.3. Marketing and Profiling Purposes
Until the consent for this purpose is revoked.

4.4. Controller’s Rights
In case of judicial dispute, for the entire duration of the dispute, until the exhaustion of the terms of possible appeals.

4.5. Operation of the Sites
For the entire duration of the browsing session on the Site. After the above-mentioned retention periods, your personal data will be destroyed, deleted, or anonymized, in line with technical deletion and backup procedures.

5. AUTHORIZED OBJECTS OF PROCESSING

Your data may be processed by employees of the Controller’s corporate functions tasked with pursuing the above-mentioned purposes, who have been expressly authorized to process and have received appropriate operational instructions. Personal data processed for the operation of the sites, collected during navigation on the same, will be processed by employees, collaborators of the Controller, or external subjects, as data processors, duly instructed by the Controller, who perform technical and organizational tasks for the Controller.

6. DATA RECIPIENTS

Data can be processed by external entities acting as data controllers, such as, for example, authorities and supervisory and control bodies, and, in general, subjects, including private individuals, entitled to request data, Public Authorities that expressly request them from the Controller for administrative or institutional purposes, according to the provisions of current national and European legislation, as well as individuals, companies, associations, or professional firms providing assistance and consultancy. Data may also be processed, on behalf of the Controller, by external entities designated as Data Processors pursuant to Article 28 of the GDPR, to whom appropriate operational instructions are given. These subjects essentially fall into the following categories: companies offering website and IT system maintenance services. Your personal data may be processed, with your explicit consent, by third parties to whom the data is communicated. Personal data will not be disseminated.

7. THIRD PARTIES – SOCIAL NETWORKS

If you decide to share certain content via one or more social networks (Facebook, Twitter, LinkedIn, Instagram, WhatsApp, etc.), they may access some information from your account if you have activated data sharing of your account with third-party applications. You can deactivate data sharing of your account with third-party applications by accessing your account settings. For more information, please consult the website of the social networks you are registered with (www.facebook.com, www.twitter.com, www.linkedin.com, www.whatsapp.com).

8. DATA TRANSFER OUTSIDE THE EU

Data may be transferred abroad to non-European countries only after verifying the standard contractual clauses adopted/approved by the European Commission pursuant to Article 46, paragraph 2, letters c) and d) of the GDPR or the binding corporate rules referred to in Article 47 of the GDPR or, in the absence of such clauses, based on one of the derogations referred to in Article 49 of the GDPR. The voluntary use of link connections and social plugins may lead to the circumstance that your data may be shared with services located outside the European Union area (LinkedIn and Instagram) according to the privacy policies of each service and legal entity. Any cross-border transfer of data to countries is carried out in compliance with current legal provisions and in accordance with the decisions of the European Court of Justice and national and foreign authorities on personal data protection. In the absence of consent, your personal data will not be disclosed. In any case, the transfer of personal data to countries outside the European Economic Area (EEA) or to an international organization is allowed provided that the third country or organization is recognized as adequate by a decision of the European Commission (Article 45 of Regulation EU 2016/679). In the absence of such a decision, the transfer is allowed where the controller or processor provides adequate safeguards that include enforceable rights and effective remedies for the data subjects (Article 46 of Regulation EU 2016/679).

9. YOUR RIGHTS AS A DATA SUBJECT – COMPLAINT TO THE SUPERVISORY AUTHORITY

You can claim several rights as a data subject (Articles 15 and following GDPR):
Right to Information
You can ask us which of your personal data we are actually processing.

Right to Access
You can access your personal data being processed and request a copy.

Right to Rectification
You can rectify your personal data at any time by requesting the correction of inaccurate data and the completion of incomplete data.

Right to Erasure
You can request the deletion of your personal data at any time.
However, please note that the right to erasure is not an absolute right; therefore, in some cases (for example, to fulfill a legal obligation), the request may be lawfully denied. The email, with the subject “Deletion of personal data,” must contain:

  • The requester’s first and last name;
  • Written request for deletion;
  • The email address used for registration;
  • Password to access your personal area (if available);
  • A copy of the identity card or passport;
  • Contact address and phone number.

Right to Data Portability
You can request the portability of your data, meaning receiving your personal data in a structured, commonly used, and machine-readable format. Therefore, you have the right to ask us to transmit your data to another controller.

Right to Object
You can object to a particular processing of your personal data without necessarily requesting deletion. Upon deletion, Hyphen Group will cease data processing.
However, in case of a dispute, it might be of interest to suspend processing while maintaining the availability of the data for dispute resolution and judicial determination.

Right to Restriction
You can request the restriction of the processing of your personal data. In certain cases, for example, when exercising the right to object, restriction is a natural consequence. In the case of processing restriction, any use of the data will only be possible with your consent.

Right to Lodge a Complaint with a Supervisory Authority
We work with you to achieve a fair resolution of any complaint regarding data protection. You have the right to lodge a complaint with the Data Protection Authority if you believe that our processing of your personal data violates the data protection law.
The Data Protection Authority: https://www.garanteprivacy.it/

10. DATA SECURITY

Your personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principle of necessity and proportionality, avoiding the processing of personal data when operations can be carried out using anonymous data or through other means. We have adopted specific security measures to prevent the loss of personal data, unlawful or incorrect use, and unauthorized access. However, please remember that it is essential for the security of your data that your device is equipped with constantly updated tools such as antivirus software and that the provider supplying your internet connection ensures the secure transmission of data through firewalls, anti-spam filters, and similar measures.

11. RELEVANT LEGAL TEXTS

The provisions of the GDPR are available at the following address:
https://eur-lex.europa.eu/legal-content/ENG/TXT/PDF/?uri=CELEX:32016R0679&from=IT

*Campi obbligatori

*Champ obligatoire

*Mandatory field

Fill out the form and you will be contacted within 24 hours.

*Mandatory field