Privacy Policy on the Processing of Personal Data

Artt. 13-14 of the Regulation (EU) 2016/679

 

Data Subjects: Customers and prospects

In compliance with the Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), as Data Controller of your personal data, TECHNACY S.R.L. informs you herewith that the above-mentioned regulation provides for the protection of data subjects as to the processing of their personal data and that such processing shall be carried out according to the principles of lawfulness, fairness, transparency and protection of your privacy and rights. 

To achieve its purposes for the management of the relation with you, the Data Controller needs to acquire some personal data, such as name and surname, telephone number or mobile number, address, e-mail address, tax code/VAT registration number, as well as other data or information on the type of service requested, only if strictly required for the specified purposes according to the principle of data minimisation. 

Your personal data shall be processed in compliance with the provisions of the above-mentioned regulation and the confidentiality obligations set forth therein. 

 

Purpose and legal basis of processing

 

In particular, your data shall be processed for the following purposes connected with the fulfillment of obligations relating to: 

 

a. Customer management; legal basis: fulfillment of contractual obligations and/or pre-contractual measures;
b. Fiscal and accounting obligations; legal basis: legal obligation;
c. Management of any electronic payments; legal basis: legal obligation;
d. Obligations set forth by the laws in force; legal basis: legal obligation;
e. Marketing activities: advertising, promoting and marketing, including by sending advertising/information/promotional material, products and services,      sending updates on new initiatives such as events/workshops/webinars; legal basis: consent;
f. Detection of approval ratings through anonymous surveys (legal basis legitimate interest) and/or surveys suitable to collect the company name                 and possibly the logo of the company being interviewed, as well as the role of the person interviewed, following the expression of explicit consent.

 

Consequences of failure to provide the required data

Except for the purposes sub. e) and f), data processing is necessary for customer relationship proper management. Consequently, the failure to provide or the incorrect communication of any requested information may make it impossible for the Data Controller to guarantee the service requested.

Data processing method

The processing shall be carried out using manual and/or IT and telematic systems so as to ensure the security, integrity and confidentiality of data in compliance with the physical and logical organisational measures provided for by current regulations in order to minimize the risks of destruction, loss, unauthorised access, unauthorised change or disclosure of data, pursuant to article 5 and 32 of the GDPR.

Recipients

In order to carry out some activities or support the functioning and organization of the activities, some data may be communicated or disclosed to the following categories of recipients:

Third parties: disclosure to natural or legal persons, public authorities, entities or institutions other than the data subject, the Data Controller, the Data Processor and authorised persons responsible for data processing, including:

- Banks for the management of collections and payments;
- Companies managing traditional or computerised postal services (if required for the specified purposes);
- Consultants and freelancers, including in associated form, providing legal and other services as independent data controllers;
- Entities/subjects legally allowed to access your data by virtue of a legal obligation.

Data Processors: the natural or legal person, or public authority, entity or institution that processes personal data on behalf of the Data Controller:

- Companies and other entities,as well as consultants and freelancers entrusted with the fulfillment of mandatory fiscal, administrative, accounting,            legal advice and other obligations;
- Providers of IT, web, or other services required to achieve the purposes necessary for managing the relation with you.

Recipient inside the company: your data shall only be processed only by personnel expressly authorized thereto by the Data Controller, and subject to a confidentiality obligation, and in particular by:

- Administrative staff;
- Secretarial staff.

Disclosure

Your personal data shall not be disclosed in any way.

Transfer of personal data to third countries

The Data Controller shall not transfer any personal data to any non-EU country. Should any transfer of data be necessary, the data subject shall be informed thereof in advance and appropriate safeguards shall be adopted for the transfer of data to the relevant recipients, which, as the case may be, might consist in the check of the existence of any adequacy decisions by the Commission with regard to the country of destination, the signing of standard contractual clauses or, in the event of the USA, the check of the accession to current international agreements. In the absence of such safeguards (in relation to art. 49 of the GDPR), it shall be checked whether any contract or any pre-contractual measures in favour of the data subject do exist or if the data subject has given his/her consent to the transfer of data.

Retention period

it should be noted thatin compliance with the principles of lawfulness, purpose limitation and data minimisation pursuant to art. 5 of the GDPR, your personal data required to carry out the requested services shall be kept for no longer than it is necessary for the purposes for which the personal data are collected and processed. In particular, in order to fulfill tax and accounting obligations under current legislation, the data collected will be retained for up to 10 years after the last report.

Retention period for marketing purposes

In this case, your personal data will be retained for 24 months, which is the time necessary for secure and correct processing, beyond which it will be deleted or anonymized. Whether we receive a request for deletion of your personal data, we will remove it from our databases within 30 days as required by EU Regulation 679/2016.

The information collected through the administration of surveys will be kept until the opposition of the interested party, unless the previous anonymization of the data.

Data controller

According to the regulations in force, the Data Controller shall be TECHNACY S.R.L., with registered office and operational headquarters in Via Molveno 5, 48015 Cervia (RA), Italy, Tax Code and VAT registration number 02399920392, represented by its legal representative pro tempore.

For further information on the data provided, you may send an email to dpo@technacy.it. Additional information on the privacy policies adopted by our company is available on our website www.technacy.it.

The Data Protection Officer (“DPO”) can be contacted at the following email address: dpo@technacy.it.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 - Rights of the Data Subject

1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her do exist, even if not yet recorded, and communication of such data in an intelligible form.

2. The data subject shall have the right to obtain the information about:

a. the origin of personal data;
b. the purposes and methods of processing;
c. the logic applied in the event of processing using electronic systems;
d. the identification data of Data Controller, Data Processors and designated representative pursuant to art. 5, par. 2, of the GDPR;
e. the entities or categories of entities to which the personal data may be disclosed or which may acquire such data as designated representative        on the country’s territory, Data Processors or entities in charge of data processing.

3. The data subject shall have the right to obtain:

a. the updating or rectification of data as well as to have incomplete personal data completed, if he/she wishes;
b. the erasure or anonymisation of the data as well as the blocking of the data processed in violation of the law, including those that do not need          to be kept in relation to the purposes for which data have been collected and then processed;
c. the confirmation that the subjects to which the data have been communicated or disclosed have been informed of the operations under letter a)      and b), including their content, unless this proves impossible or would involve a disproportionate effort with respect to the protected right;
d. data portability.

4. The data subject has the right to object, in whole or in part:

a. to the processing of personal data concerning them for legitimate grounds, even though such data are relevant for the purpose for which        they are collected;
b. to the processing of personal data concerning them for the purposes of sending advertising materials or for direct marketing, market                        researches or commercial communications

Right to lodge a complaint

If applicable, the data subject shall also have the right to lodge a complaint with the Italian supervisory authority called “Garante per la protezione dei dati personali” according to the established procedures. For further information and to exercise your rights, please apply to the Data Controller using the above contact details.

 

 

 

Customer Policy Rev. 3/2023