PERSONAL DATA PROCESSING POLICY
Subject of data processing
The Data Controller will process personal, identifying and non-sensitive data (specifically: name, surname, company name, address, telephone numbers, e-mail addresses, bank and payment details – hereinafter, “personal data” or just “data”) that you provide when stipulating a service contract with the Data Controller.
Your personal data will be processed:
- stipulating contracts for the services provided by the Data Controller;
- fulfilment of pre-contractual, contractual, and tax obligations deriving from existing dealings with you;
- fulfilment of the obligations established by law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering measures);
- exercising the rights of the Data Controller, for example the right to legal defence;
- sending you e-mail (to all addresses pertaining to your domain), mail, telephone contacts, newsletters, commercial communications and/or advertising material regarding products or services offered by the Data Controller;
the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data.
Your personal data is subject to both paper and electronic and/or automated processing.
The Data Controller will process your personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of providing services, or until a request is made for the erasure of data that has been gathered for marketing purposes.
Access to data
Your data may be rendered accessible for the purposes referred to in Art 2.A) and 2.B):
- to employees of the Data Controller, in their capacity as those charged with its processing;
- to third-party companies or other subjects (credit institutes, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Communication of data
These subjects will process the data in their roles as independent data controllers.
Your personal information will not be disclosed.
Transfer of Data
Personal data is stored on the server located at the registered office of the Data Controller, within the European Union.
The Data Controller, through Cloud services, transfers data to Great Britain, the country that has adopted the GDPR.
In this case, the Data Controller guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the standard contractual clauses stipulated by the European Commission.
Nature of data provision and consequences of refusal to respond
The provision of data for service purposes is obligatory.
The provision of data for marketing purposes is optional. You can therefore decide to not provide any data or to refuse the processing of data provided at an earlier date: in this case, you will not be able to receive newsletters, commercial communications, and advertising material regarding the services offered by the Data Controller.
Interested party rights
I. obtaining confirmation of whether or not personal data that concerns you exists, even if it has not yet been registered, and its communication in an intelligible format;
III. obtaining: a) the updating, rectification or, when relevant, integration of data; b) the cancellation, transformation into anonymous form or blocking of unlawfully-processed data, including that which does not need to be kept for the purposes for which the data was collected or subsequently processed; c) certification that the operations as per letters a) and b) were made known, including their contents, to those to whom the data were communicated or disclosed, except where this is impossible or involves a commitment of resources clearly disproportionate to the protected right;
IV. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if it is relevant to the purpose for which it was collected; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without human intervention, by email and/or through traditional marketing methods by telephone and/or mail.
It should be noted that the interested party’s right of opposition set out in point b) above, for direct marketing purposes through automated methods, extends to traditional ones and that, in any event, the subject of the data retains the right to object, even partially.
Therefore, the subject of the data may therefore decide to receive communications using exclusively traditional or automated methods, or neither of the above.
Where applicable, you are also entitled to rights in accordance with Art.16-21 of the GDPR (the right to correction, right to erasure, right to restrict processing, right to data portability, right to opposition), as well as the right to lodge a complaint with a Supervisory Authority.
Exercising your rights
You can exercise your rights at any time by sending:
a registered letter with acknowledgement of receipt to: Microline Srl via Meucci 4 Vittorio Veneto.
or e-mail to: firstname.lastname@example.org
Data Controller, processor and representatives
The data controller is Microline Srl
The updated list of the people in charge and the staff involved in processing is kept at the registered offices of the Data Controller.