PRIVACY POLICY CIRCULAR FOR CUSTOMER

PERSONAL DATA PROCESSING POLICY

Microline SRL, with registered legal office at Via Meucci 4, Vittorio Veneto (hereinafter, “the Data Controller”), in its capacity as data controller, hereby informs you, pursuant to Art. 13 of Legislative Decree 30.6.2003 No. 196 (hereinafter, “the Privacy Policy”) and Art.13 of EU Regulation no 2016/679 (hereinafter, “GDPR”), that your data will be processed in the following manner and for the following purposes:

Subject of data processing

The Data Controller will process personal, identifying and non-sensitive data (specifically: name, surname, company name, address, telephone numbers, e-mail addresses, bank and payment details – hereinafter, “personal data” or just “data”) that you provide when stipulating a service contract with the Data Controller.

Your personal data will be processed:

A. without your express consent (Art. 24, paragraphs a), b), and c) of the Privacy Policy and Art. 6, letters b) and e) of the GDPR) for the following service purposes:

  • stipulating contracts for the services provided by the Data Controller;
  • fulfilment of pre-contractual, contractual, and tax obligations deriving from existing dealings with you;
  • fulfilment of the obligations established by law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering measures);
  • exercising the rights of the Data Controller, for example the right to legal defence;

B. Only with your specific and expressed consent (pursuant to Art. 23 and 130 of the Privacy Policy and Art. 7 of the GDPR) for the following marketing purposes:

  • sending you e-mail (to all addresses pertaining to your domain), mail, telephone contacts, newsletters, commercial communications and/or advertising material regarding products or services offered by the Data Controller;

Processing methods

Processing of your personal data is carried out by means of the operations indicated in Art. 4 of the Privacy Policy and Art. 4 No.2 of the GDPR and regards precisely:

the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of data.

Your personal data is subject to both paper and electronic and/or automated processing.

The Data Controller will process your personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of providing services, or until a request is made for the erasure of data that has been gathered for marketing purposes.

Access to data

Your data may be rendered accessible for the purposes referred to in Art 2.A) and 2.B):

  • to employees of the Data Controller, in their capacity as those charged with its processing;
  • to third-party companies or other subjects (credit institutes, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

Communication of data

Without the need for express consent (pursuant to Art. 24 paragraphs a), b), d) of the Privacy Policy and Art. 6 paragraphs b) and c) of the GDPR), the Data Controller may communicate personal data for the purposes referred to in point 2.A) to supervisory bodies, courts, insurance companies for the provision of insurance services, as well as to those persons to whom such disclosure is required by law to carry out the purposes mentioned.

These subjects will process the data in their roles as independent data controllers.

Your personal information will not be disclosed.

Transfer of Data

Personal data is stored on the server located at the registered office of the Data Controller, within the European Union.

The Data Controller, through Cloud services, transfers data to Great Britain, the country that has adopted the GDPR.

In this case, the Data Controller guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the standard contractual clauses stipulated by the European Commission.

Nature of data provision and consequences of refusal to respond

The provision of data for service purposes is obligatory.

The provision of data for marketing purposes is optional. You can therefore decide to not provide any data or to refuse the processing of data provided at an earlier date: in this case, you will not be able to receive newsletters, commercial communications, and advertising material regarding the services offered by the Data Controller.

Interested party rights

In your capacity as an interested party, you are entitled to the rights set forth in Art.7 of the Privacy Policy and Art.15 of the GDPR and more precisely the rights of:

I. obtaining confirmation of whether or not personal data that concerns you exists, even if it has not yet been registered, and its communication in an intelligible format;

II. Obtaining information regarding: a) the source of the personal data; b) the processing purposes and methods; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, those in charge and of representatives in accordance with Art.5, paragraph 2 of the Privacy Policy and Art.3 paragraph 1 of the GDPR; e) of the entities or categories of entity to which the personal data may be communicated, or who could learn about it as appointed representatives in the territory of the State, as processors or persons in charge;

III. obtaining: a) the updating, rectification or, when relevant, integration of data; b) the cancellation, transformation into anonymous form or blocking of unlawfully-processed data, including that which does not need to be kept for the purposes for which the data was collected or subsequently processed; c) certification that the operations as per letters a) and b) were made known, including their contents, to those to whom the data were communicated or disclosed, except where this is impossible or involves a commitment of resources clearly disproportionate to the protected right;

IV. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if it is relevant to the purpose for which it was collected; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without human intervention, by email and/or through traditional marketing methods by telephone and/or mail.

It should be noted that the interested party’s right of opposition set out in point b) above, for direct marketing purposes through automated methods, extends to traditional ones and that, in any event, the subject of the data retains the right to object, even partially.

Therefore, the subject of the data may therefore decide to receive communications using exclusively traditional or automated methods, or neither of the above.

Where applicable, you are also entitled to rights in accordance with Art.16-21 of the GDPR (the right to correction, right to erasure, right to restrict processing, right to data portability, right to opposition), as well as the right to lodge a complaint with a Supervisory Authority.

Exercising your rights

You can exercise your rights at any time by sending:

a registered letter with acknowledgement of receipt to: Microline Srl via Meucci 4 Vittorio Veneto.

or e-mail to: privacy@microline.eu

Data Controller, processor and representatives

The data controller is Microline Srl

The updated list of the people in charge and the staff involved in processing is kept at the registered offices of the Data Controller.