PCube Srl Unipersonale - Share capital € 10.000 f.p. - C.C.I.A.A. of Venice - P.I. IT03757540277 - Registered Office: Via Friuli Venezia Giulia, 8 - 30030 Pianiga (VE) (hereinafter the " Company "), as data controller provides you below, pursuant to art. . 13 and 14 of the European Regulation 679/2016 concerning the protection of personal data (hereinafter "GDPR"), information concerning the processing of personal data of subjects who have purchased, requested or enjoyed services and /or products supplied by the Company ( hereinafter the " Customer ").
- Type of data processed
- Purpose of processing
- Legal basis of processing
- Processing methods
- Communication, dissemination and transfer of data
- Data transfer abroad
- What are the Customer's rights
- Changes and updates
1. TYPES OF DATA PROCESSED
The personal data processed by the Company include, by way of example and not exhaustively, the following categories of data relating to the Customer:
(i) identification, contact and access data, such as name, surname, email address, telephone number and credentials to access services and /or products provided by the Company;
(ii) navigation data, such as IP addresses, log data or domain names and other parameters relating to the computers, operating system and computer environment used;
(iii) product data, such as data relating to products and /or services provided by the Company, which the Customer has requested, to which he /she has access or access;
(iv) data on preferences, such as data on preferences, activities and spending habits of the customer;
(v) payment and bank details, such as account number or IBAN number;
(vi) data acquired from public sources, such as data of representatives and prosecutors that are collected via, for example, Chambers of Commerce or commercial information services;
(hereinafter jointly defined as "Data").
2. PURPOSE OF TREATMENT
Data processing is carried out by the Company in the performance of its economic and commercial activities for the following purposes:
a) to allow the Customer to request, obtain, access and use the services and /or products provided by the Company;
b) fulfill the obligations deriving from the law, regulations or community legislation (eg tax and accounting obligations);
(the purposes referred to in subparagraphs a) and b) are jointly defined as "Contractual Purposes")
c) to assert and defend their rights, also in the context of debt collection and credit assignment procedures, also through third parties;
d) for the analysis and improvement of services and /or products offered;
e) to carry out a potential merger, sale of assets, sale of a business or a business unit divulging and transferring the Data to the third party (s) involved;
(the purposes of letter c) and e) are jointly defined as the "Legitimate interests of business interests")
f) to provide the Customer, pursuant to article 130 of Legislative Decree 196/2003 (the "Privacy Code"), marketing communications by e-mail on services and /or products similar to those that the Company provides, provided that, at any time, will have the opportunity to oppose the sending of such communications;
g) with the prior consent of the Customer, to provide marketing communications relating to the products and services offered by the Company, to involve it in market research or other customer satisfaction initiatives through traditional communication channels such as paper mail and through tools automated communications such as emails, automated messages and other remote communication tools;
h) with the prior consent of the Customer, to provide marketing communications in the manner referred to in the preceding letters f) and g) relating to the products and services of commercial partners belonging to the distribution network and commercial channels of the Company; to which the Data may be communicated and whose list is available by contacting the Company through the methods indicated in this statement;
i) without prejudice to what is indicated in letter j), to perform, with the prior consent of the Customer, an analysis of the preferences, activities and spending habits of the Customer, in order to send the marketing communications indicated above.
(the purposes of letter f) and i) the "Marketing Purposes" are jointly defined);
j) for the performance of the Client to whom it is possible to send communications for Marketing Purposes pursuant to this information, of non-invasive segmentation forms based, inter alia, on categories of membership such as, for example, the category professional membership, the city /province /region in which it is located and the type of service and /or product provided by the Company.
(the purpose referred to in letter j) is defined as "Legitimate purpose of marketing interests").
3. LEGAL BASIS OF TREATMENT
Data processing is necessary with reference to the Contractual Purposes as such Data are necessary in order to:
- provide the services and /or products required in relation to the cases referred to in Section 2, letter a);
- comply with the provisions of applicable law as required by Section 2, letter b).
Should the Customer decide not to provide the Data necessary for the Contractual Purposes, the Company will be unable to provide the requested services.
The processing of data for the purposes of legitimate business interests is carried out pursuant to Article 6 (f) of the GDPR for the pursuit of the legitimate interests of the Company which is fairly balanced with the interests, rights and freedoms of the Customer as the processing of data is limited to what is strictly necessary for the execution of the operations indicated therein. The treatment for the purposes of legitimate business interests is not mandatory and the customer may oppose the processing in the manner described in this information, but if he decides to object to such processing, his data can not be used for purposes of Legitimate Business Interest, unless the Company demonstrates the presence of prevailing legitimate legitimate reasons or exercise or defense of a right pursuant to Article 21 of the GDPR.
The processing of data for marketing purposes is based on:
- regarding Section 2 letter f), on Article 130 of the Privacy Code, which allows sending marketing communications via e-mail regarding services and /or products similar to those provided, which the Customer may oppose at the time of data collection and in any subsequent communication;
- regarding Section 2, letters g) to i), on the consent of the Customer.
Data processing for Marketing Purposes is not mandatory. Therefore, in case of opposition to marketing communications or refusal to provide the relative consent, or revocation of the same, the Customer will not receive the marketing communications referred to in Section 2 from letters f) to i). In any case, the Customer may revoke the consent to the processing of data and oppose the sending of all marketing communications at any time, through the methods provided for in this statement.
Finally, the processing of the Data for the Purpose of Legitimate Interest of Marketing is functional to the pursuit of a legitimate interest of the Company adequately balanced with the interests, rights and freedoms of the Client in light of the limits imposed in Section 2 letter j). Also in this case, the treatment for the purposes of legitimate marketing interests is not mandatory and the customer can oppose this treatment with the methods set out in this statement, but if you have to oppose such processing you will no longer receive the relevant communications, without prejudice to the case where the Company demonstrates the presence of prevailing binding legitimate reasons or the exercise or defense of a right pursuant to Article 21 of the GDPR. In the event that the Customer wishes to obtain more information about the balancing of interests, rights and freedoms, he can contact the Company at any time in the manner indicated in this statement.
4. PROCESSING METHODS
The Data will be processed by the Company with electronic and manual systems according to the principles of correctness, loyalty and transparency provided by the applicable law on the protection of personal data and protecting the privacy of the customer through technical and organizational security measures to ensure a adequate level of security.
5. DATA CONSERVATION
The Data will be kept for the period of time necessary for the pursuit of the purposes for which such Data were collected, as stated in this statement. In any case, the following retention terms will apply with respect to data processing for the following purposes:
a) for the purposes of the Contractual and Legitimate Business Interest the Data are kept for a period equal to the duration of the supply of the services and /or products requested by the Customer and for the 10 years following the cessation of supply, without prejudice renewals and cases in which the conservation for a subsequent period is required for any disputes, requests by the competent authorities or in accordance with the applicable legislation;
b) for the Marketing Purposes referred to in Section 2, letters f) and g) and for the purpose of legitimate marketing interests, the Data are kept for a period equal to the duration of the supply of the requested services of the Customer and a period of 24 months following the last contact with the Customer, including, among others, participation in an event of the Company, the use of a product or service provided by the Company or the opening of a newsletter (jointly defined as " Last Contact ");
c) for the purposes of marketing referred to in Section 2, letter h), the Data are retained for a period of 12 months from registration;
d) for the Marketing Purposes referred to in Section 2, letter i), the Data is kept by the Company for a period equal to the duration of the supply of the services and /or products requested by the Customer and a period of 12 consecutive months to the Last Contact, while they are kept by third parties for a period of 12 months from registration.
6. COMMUNICATION, DIFFUSION AND DATA TRANSFER
For the Contractual Purposes, the Data may be transferred to the following third parties that perform functional activities to those provided for the provision of the services and /or products requested by you located inside and outside the European Union: ( a) third-party suppliers of assistance and consultancy services for the Company with reference to the activities of the sectors (merely by way of example), technological, accounting, administrative, legal, insurance; (b) in cases where the provision of the services and /or products requested by you involves the intervention of our business partners, the Company may share certain Data with the distributors, resellers, partners and suppliers belonging to the chain of distribution of the Company's products and services; (c) subjects and authorities whose right of access to the Data is expressly recognized by law, regulations or provisions issued by the competent authorities.
For the purposes of legitimate business interests, the data may be transferred to the following categories of recipients, located inside and outside the European Union: (a) third-party providers of support and consulting services for the Companies with reference to the activities of the sectors (merely by way of example) technological, accounting, administrative, legal, insurance, (b) potential purchasers of the Company and entities resulting from the merger or any other form of transformation concerning the Company, (c) competent authorities .
For the purposes of marketing and for the purposes of legitimate marketing interests, the data may be transferred to third parties responsible for processing the data providing assistance and consulting services for the Company with reference to the activities of sending marketing communications located inside and outside the European Union.
These recipients, as the case may be, process the Customer Data as owners, managers or processors. The complete and updated list of the subjects that process the Data as data controllers is available upon request to the Data Protection Manager, according to the contact methods indicated in this statement.
7. TRANSFER OF DATA ABROAD
Data may be freely transferred outside the national territory to countries located in the European Union, but could also be transferred outside the European Union and in particular in the United States. With reference to transfers outside the territory of the European Union to countries not considered appropriate by the European Commission, the Company adopts the appropriate and appropriate security measures to protect the Data. Consequently any data transfer to countries outside the European Union will, in any case, comply with the appropriate and appropriate safeguards for the purpose of the transfer, such as the standard data protection clauses, in accordance with applicable legislation and in particular Articles 45 and 46 of the GDPR. /p>
In the event that the Customer wishes to obtain further information regarding the existing guarantees and request a copy thereof, he may contact the Company at any time in the manner indicated in this statement.
8. WHAT ARE THE CUSTOMER'S RIGHTS
In relation to the processing of the Data described in this statement, the Customer may exercise at any time the rights established by the GDPR (articles 15-21), including:
- receive confirmation of the existence of the data and access their content (access rights);
- update, modify and /correct the Data (right of rectification);
- request the deletion or limitation of the processing of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or otherwise processed (right to be forgotten and the right to limitation);
- oppose the treatment (right of opposition);
- revoke the consent, where provided, without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
- to propose a complaint to the Supervisory Authority (Guarantor for the protection of personal data www.garanteprivacy.it) in case of violation of the regulations regarding the protection of personal data;
- to receive an electronic copy of the Data relating to it, to transfer it to itself or to a different service provider, in the event that the Company processes the Data on the basis of its consent or on the basis of the circumstance that processing is necessary for the provision of the requested services and /or products and the Data are processed using automated tools (right to data portability).
To exercise these rights, the Customer can contact the Data Protection Officer, who can be contacted by sending a request to firstname.lastname@example.org or by directing the communication via e-mail to the address of the Company indicated at the beginning of the present informative indicating "to the ca of the Data Protection Officer ".
When contacting us, you must ensure that you include your name, email /postal address and /or telephone number (s) to be sure that your request can be properly managed.
9. CHANGES AND UPDATES
This information may be subject to changes also as a result of any changes and /or regulatory amendments. The changes will be notified in advance and the text of the constantly updated information will be available on the website www.pcube.it .
INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to art. 13 and 14 of the Regulation (EU) 2016/679 GDPR concerning the protection of individuals with regard to the processing of personal data