- Data Controller and Data ProtectionOfficer Data controllers, pursuant to art. 26 of EU Regulation 2016/679, in relation to all data provided by the customer and in relation to the purposes described below are: ♦ ABPS Commercialisti Associati, with registered office in Piazzale Biancamano 2, 20121 (Milano), Italy, can be contacted at the following address: firstname.lastname@example.org.
- Purpose of data processing
- Pro vision of the service/fulfillment of contractual and pre-contractual obligations: for purposes relating to the performance of obligations under the contract signed (or under negotiation).
- Legitimate overriding interest of the Company: for verification and evaluation of the results and performance of the relationship, as well as the risks associated with it (such as, but not limited to, the following) truthfulness of the data provided, solvency even during the relationship); to transmit questionnaires and make telephone calls to improve the efficiency of products and services offered by the Company having as its object the level of customer satisfaction; to draw up statistics, anonymously, on the services provided; to draw up statistics on participation in trade fairs, events, seminars and any other initiative aimed at promoting the services of the Company; the provision of Personal Data for this purpose is not required, but otherwise it will not be possible to provide any Service.
- Obligations of law to which the Company is subject: for compliance with the law and / or provisions of public bodies, which require the Company to collect and / or further processing of certain types of personal data.
- Sending promotional offers to its Customers: the processing for this purpose is based on the legitimate interest of the Company to transmit marketing communications via e-mail and to make telephone calls regarding products and services similar to those already purchased by Users.
- Marketing: to send marketing communications about the Company’s products and services to anyone who has given their prior consent, including market research and surveys, by e-mail, SMS, telephone, banner, instant messaging, by an operator, by mail and through the Company’s official social pages (RSS, Linkedin and YouTube).
- Legal basis and mandatory or optional nature of the processing
The legal bases used by the Company to process Personal Data, according to the purposes indicated in Article 2 above, are as follows:
- – Provision of the service/fulfillment of contractual/pre-contractual obligations: the processing for this purpose is necessary for the execution of the contract signed (or under negotiation), between the Company and the interested party and therefore, to be able to use the services contractually agreed. The provision of Personal Data for this purpose is not mandatory, but otherwise it will not be possible to provide any Service;
- – Legitimate overriding interest of the Company such as: processing carried out to carry out checks and evaluations on the results and performance of the contractual relationship, as well as on the risks associated with it (i.e.: truthfulness of the data provided, solvency even during the relationship). Processing carried out to improve the quality of the services offered by the Company: to this end, questionnaires and market surveys may be transmitted or telephone calls or chat sessions may be made. These questionnaires/market surveys in general will be designed in such a way as to minimize the use of Personal Data;
- Legal obligations: processing for this purpose is necessary for the Company to fulfill any legal obligations. The Personal Data provided to the Company will be processed in accordance with the applicable legislation, which may involve their storage and communication to the relevant authorities;
- Promotional communications to its customers: the processing for this purpose is based on the legitimate interest of the Company to transmit marketing communications regarding the integration of products and services already purchased by our customers or the promotion of similar products and services. The interested party may interrupt, at any time and free of charge, the receipt of these communications, by writing to email@example.com, and without prejudice to the lawfulness of the processing during the period of validity of the same consent;
- Marketing: the processing for this purpose is based solely on the consent of the customer, freely revocable at any time and without prejudice to the lawfulness of the processing during the period of validity of the same consent. In case of revocation, the Company will not proceed to make any further communication.
- Recipients of personal data
The Personal Data of the Interested Party may be shared with the subjects indicated below (“Recipients“):
- – Subjects that typically act as data processors, i.e.: persons, companies or professional firms that collaborate and/or provide assistance and advice to the Company in accounting, administrative, fiscal, legal, tax, financial, labour, credit recovery, in relation to the provision of Services, mailing of advertising material or contractual communications, companies that perform analysis and market research; a complete list of all data processors can be requested by contacting the e-mail address: firstname.lastname@example.org
- – Subjects with whom it is necessary to interact for the provision of Services (platforms for the management of e-mail services, online questionnaires, webinars, which specifically are also responsible for following up any cancellation requests made by customers);
- – Subjects with whom it is necessary to interact for the provision of communication services, events and seminars, including online;
- – Subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks);
- – Persons authorized by the Company to process Personal Data, necessary to carry out activities strictly related to the provision of Services; a legal obligation of confidentiality applies to such persons;
- – Factoring companies, credit institutions, credit insurance companies;
- – Professional Associations or Training Bodies accredited with such Associations;
- – Subjects, bodies or competent Authorities to whom the Personal Data must be communicated in order to comply with legal obligations, prevent abuse or fraud, or by order of the Authorities.
- Personal data tranfer
For purposes related to the execution of the contract, some data may be disclosed to recipients located outside the EU Economic Area. If this happens, the Company ensures that the processing of personal data by these recipients will be in compliance with the applicable legislation. The subjects to whom the data will be communicated will be appointed as Data Processors. A complete list of Company Managers can be requested by contacting the e-mail address: email@example.com.
- Methods of treatment
The processing of personal data is carried out by means of the following operations: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are processed electronically and/or automatically through the use of a storage space hosted on hardware owned by the Company located in Italy. The data will be processed in such a way as to guarantee continuous security and confidentiality and may also be carried out with the aid of electronic and/or automated means. In accordance with European regulations and national laws on data protection, the Company has put in place specific procedures to prevent unauthorized access to data, as well as their improper or unlawful use, as well as to prevent the destruction or loss, even accidental, of the data. Only personnel duly authorized by the data controller may have access to the data during the course of their work.
- Storage of personal data
The Personal Data processed for the purpose of “Provision of Services/Contractual Fulfilments” will be kept for the time strictly necessary to achieve the above purpose. In any case, since such Personal Data are processed to provide the Services, the Company may keep them for a longer period, in particular as may be necessary to protect its interests from possible liability relating to the Services provided. The Personal Data processed for marketing purposes will be kept by the Company until the revocation of the consent given by the person concerned. Once the consent has been revoked, the use of the data for such purposes will cease, but the related data may be retained in order to protect the interests of the Company from possible liability based on such processing. The Personal Data processed for the purpose of sending commercial information will be kept by the Company until the interested party objects to the processing through the procedure available at the bottom of each e-mail. The Personal Data processed for the purpose of fulfilling legal obligations, will be kept by the Company for the period provided for by specific legal obligations or applicable legislation.
- Rights of the Data Subject
The interested party has the right to ask the data controller at any time:
- – Access to your Personal Data, (and/or a copy of such Personal Data), as well as further information on the processing in progress on them;
- – The rectification or updating of your Personal Data;
- – The deletion of your Personal Data from the databases;
- – The limitation of the processing of your Personal Data;
- – To exercise the right to data portability, i.e. to obtain in a structured format, commonly used and readable by automatic device a copy of their Personal Data provided to the Company, or to request its transmission to another Holder;
- – To oppose the processing of their Personal Data;
- – Revoke your consent for marketing purposes.
The Data Controller shall provide the Data Subject with information relating to one or more of the actions undertaken in the above list without justified delay and, in any case, at the latest within one month of the request itself. This period may be extended by two months, taking into account the complexity and number of requests, with consequent information to the Interested Party of this extension and the reasons for the delay, to be provided within one month of receipt of the request. The Interested Subject also has the right to lodge a complaint with the competent Control Authority (for Italy, Privacy Guarantor, http://www.garanteprivacy.it), if the Interested Subject considers that the processing of his/her Personal Data is contrary to the legislation in force. The interested party may exercise the rights referred to in this article by sending an e-mail to the following address: firstname.lastname@example.org, or to the e-mail address of the data controller.
This Information Notice has been in force since May 26, 2018. The Company reserves the right to modify or simply update the content, in part or in full, also due to changes in the applicable legislation. The Company invites the interested party to regularly visit the specific section of the website to become aware of the most recent and updated version of the Information in order to be always updated on the Personal Data collected and on the use made by the Company.
- – personal data: means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity;
- – processing: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- – controller: means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his designation may be determined by Union or Member State law;
- – joint controller: means, where two or more controllers jointly determine the purposes and means of processing, that they are joint controllers of the processing;
- –controller: means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- – recipien: shall mean the natural or legal person, public authority, agency or other body that receives a communication of personal data, whether or not that person is a third party. However, public authorities which may receive communication of personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by such public authorities shall comply with the applicable data protection rules for the purposes of the processing;
- – third party: means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the controller and persons authorized to process personal data under the direct authority of the controller or owner;
- – consent of the data subject: means any free, specific, informed and unequivocal expression of the will of the data subject, by which the data subject gives his or her consent, by means of an unequivocal statement or positive action, that his or her personal data will be processed;
- – personal data breach: means a security breach which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
- – supervisory authority- binding corporate rules: means the personal data protection policies applied by a controller or a controller established in the territory of a Member State to the transfer or set of transfers of personal data to a controller or a controller in one or more third countries, within an enterprise group or a group of enterprises pursuing a common economic activity;
- – supervisory authority: means the independent public authority established by a Member State pursuant to Article 51;
- – supervisory authority concerned: a supervisory authority concerned by the processing of personal data because: (a) the controller or the controller is established on the territory of the Member State of that supervisory authority; (b) data subjects residing in the Member State of the supervisory authority are or are likely to be substantially affected by the processing; or (c) a complaint has been lodged with that supervisory authority.
- – Cross-border processing: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or controller in the Union where the controller or the controller is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or controller in the Union but which substantially affects or is likely to affect data subjects in more than one Member State;