Policy regarding the processing of data pursuant to EU Regulation 679/2016
Unicol Srl with offices at via del Commercio 2, Fontanelle (TV), Italy (hereinafter the “Controller”), as the Controller in terms of processing personal data, informs you, pursuant to Italian Legislative Decree 101/18 (hereinafter the “Privacy Code”) and article 13 of EU Regulation 2016/679 (hereinafter the “GDPR”), that your data will be processed with the following methods and for the following purposes:
1. Data subject to processing
The Controller will process personal data and identifying data (for example, first name, last name, address, telephone number, email address and any other data needed whilst not being excessive) – hereinafter the “data”, communicated by you to the legal representative or his/her delegate when compiling the personal details sheet and on any other relevant occasion. In order to achieve the purpose for which data is collected, data of a health and/or criminal nature will not be processed. In the event that, unsolicited, you provide such data to us, we will assess whether the data is useful and, if not, it will be destroyed.
2. Purpose for which data is processed
Your data will be processed:
A) without your express consent (Privacy Code and article 6(b) and (e) of the GDPR), for the following Service Purposes:
– to carry out the services contractually requested;
– to fulfil legal obligations (administrative, fiscal, accounting and tax related) as a result of a regulation, EU legislation or an order from an authority;
– to exercise the Controller’s rights, for example, the right to defend itself in a court of law;
B) only with your specific, express consent (Privacy Code and article 7 of the GDPR), for the following Marketing Purposes: the Controller states that marketing purposes shall not be pursued.
3. Methods by which data is processed
Your personal data will be processed by means of the operations indicated in the Privacy Code and article 4(2) of the GDPR and, specifically, the: collection, recording, organisation, storage, consultation, adaptation, alteration, selection, retrieval, comparison, use, interconnection, block, communication, erasure and destruction of data. Your personal data will be processed by both paper and electronic means. Data will not be transferred outside the Company and data will be stored in our IT systems. The Controller will process personal data for the time needed to achieve the purposes referred to above and, in any case, for no longer than 10 years from the end of the relationship for administrative purposes.
4. Access to data
Your data may be made available for the purposes referred to in article 2.A) and 2.B):
– to the Controller’s employees and partners and/or its legal representative in their capacity as internal appointed parties and/or processors of data and/or system administrators;
– to third-party companies and other parties (by way of example, credit institutions, professional firms, insurance consultants, etc.), in their capacity as external processors of data, who perform activities – which have been outsourced – on behalf of the Controller.
5. Communicating data
Without the need to express consent (Privacy Code and article 6(b) and (c) of the GDPR), the Controller may communicate your data for the purposes referred to in article 2.A) to a judicial authority in the event that such an authority makes a specific request, as well as to those parties to which such communication is mandatory, as per the law, in order to achieve the aforementioned purposes. These parties will process data in their capacity as independent Controllers. Your data will not be disseminated.
6. Transferring data
Personal data is stored in our IT systems and will not be transferred outside of Italy. It is, in any case, understood that the Controller, if it should be necessary, shall have the right to move servers to a server farm or farms located within the EU. In this case, the Controller hereby guarantees that the transfer of data will be done in accordance with the applicable legal provisions, subject to stipulating standard contractual clauses, as provided for by the European Commission.
7. The nature of providing data and the consequences of refusing to respond
Providing data for the purposes referred to in article 2.A) is mandatory. Without this data, we are unable to guarantee the Services given under article 2.A).
8. The Data Subject’s rights
In your capacity as a Data Subject, you have the rights referred to in the Privacy Code and in article 15 of the GDPR and, specifically, you have the right:
i. to obtain confirmation of the existence or otherwise of the personal data that concerns you, even if not yet recorded, and to have this data communicated to you in a legible form;
ii. to obtain the indication of: a) the origin or origins of the personal data; b) the purpose or purposes for which and the method or methods by which data is processed; c) the logic applied in the event that processing is done by electronic means; d) the identity and identifying details of the Controller, the Processors and the appointed representative pursuant to article 5(2) of the Privacy Code and article 3(1) of the GDPR; e) the subject and categories of subjects to whom personal data may be communicated or who may become aware of such data in their capacity as an appointed representative in the State, Processors and appointed parties;
iii. to obtain: a) the update, rectification or, when appropriate, the integration of data; b) the erasure, transformation into an anonymous form or the blocking of data processed in breach of the law, including that data which need not be kept for the purposes for which the data was collected or subsequently processed;
c) confirmation that the operations referred to in letters a) and b), above, have been brought to the notice, including with regard to their contents, to every party to whom the data has been communicated, except in the case in which fulfilling this right proves to be impossible or involves means which are manifestly disproportionate compared to the protected right;
iv. to object, in whole or in part: a) for legitimate reasons, to processing the personal data that concerns you, even if pertinent to the purpose or purposes for which such data was collected; b) to processing the personal data that concerns you in order to send advertising material. It should be noted that a Data Subject’s right to object, given in point b), above, for direct marketing purposes using automated means extends to traditional means and that, in any case, the possibility remains for the Data Subject to exercise his/her right to oppose such processing including partially. Hence, a Data Subject may decide to receive just communications through traditional methods or just through automated communications or through neither of the two types of communication.
Where applicable, you have those rights referred to in articles 16-21 of the GDPR (the right to rectification, the right to be forgotten, the right to restrict processing, the right to data portability, the right to object), as well as the right to lodge a complaint with a Supervisory Authority. It should be noted that it is your responsibility to promptly update your data and, therefore, to communicate any changes, by email or by registered letter with return receipt, to the organisation which will update its databases.
9. How to exercise your rights
You may exercise your rights at any time by sending:
– a registered letter with return receipt to our operating offices: Unicol Srl, via del Commercio 2, Fontanelle (TV), Italy
– an email to firstname.lastname@example.org
10. The Controller, Processor and Appointed Parties
The Controller is Unicol Srl with offices at via del Commercio 2, Fontanelle (TV), Italy and its privacy contact person is Monica Del Toro of DHF Sicurezza srl. The updated list of processors and appointed parties is held at this company’s registered offices.