NEW PRIVACY REGULATION
Pursuant to and for the purposes of the provisions of art. 13 of the European Regulation 2016/679 on the protection of personal data ('GDPR') and of the national privacy legislation, we inform you that your personal data will be processed through electronic tools, manual tools and social networks, in Italy and abroad. This information, drafted on the basis of the principle of transparency and of all the elements required by the GDPR, is divided into individual sections, each of which deals with a specific topic so as to make your reading faster,and easier to understand (hereinafter the 'Policy').
WHO IS THE DATA CONTROLLER?
The Data Controller (hereinafter referred to as the ‘Controller’) is ORVED S.P.A., registered office in via dell'Artigianato, 30 30024 Musile di Piave (VE) - Italy
The data controller has not appointed a DPO according to art 38, however you have the possibility to contact our privacy office for all matters relating to the processing of your personal data and the exercise of your rights provided by the GDPR to the following contact data:
WHAT IS THE LEGAL BASIS OF THE PROCESSING?
The legal basis for the processing of your personal data is:
Consent to commerce and use of the service;
FOR WHAT PURPOSES WILL YOUR DATA BE PROCESSED?
A) Your personal data will be processed for service management purposes and fulfilment of legal obligations:
1. Invoicing of amounts due and any additional services.
2. Subscription and activation of the supply of the maintenance and assistance service and related services provided in the supply and/or maintenance and/or assistance contract.
3. Compliance with regulatory obligations including accounting, administrative and tax obligations.
4. Assistance to the Service, in some cases also through the detection of the MAC address and/or IP address and/or other electronic identifiers.
5. Management of complaints and disputes.
6. Fraud prevention and management of delays or non-payments. Protection and possible recovery of credit, directly or through third parties (credit recovery agencies/companies, law firms) to which the data necessary for these purposes will be communicated.
7. Transfer of credit to authorised companies.
8. Storage and use of accounting data relating to the timeliness of payments for reward policies and to refuse future contractual relationships.
9. Reporting and quality control.
10. Commercial and/or technical communications: Communication and/or sending (by e-mail, sms, notifications, mail, telephone contact, etc.), also with automated methods, of commercial and/or technical information and material related to the management of the contract and relating to the existing Service.
11. Web management for access through Login to the personal area.
B) In addition, your personal data with your optional consent will be processed for the purposes of:
1. Commercial Communications: communication and/or sending (by e-mail, sms, mail, notifications, telephone contact, etc.), also with automated methods, of information and commercial offers, of advertising and promotional material on own services and/or also by third parties.
2. Communication of Events: communication and/or sending (by e-mail, sms, mail, notifications, telephone contact, etc.), also with automated methods, of material relating to events, seminars, conferences, directly organised by us or by third-party companies.
The provision of your data is necessary for the achievement of the purposes referred to in point A).
Your failed, partial or incorrect provision could result in the inability to activate and provide the requested service or follow up on the purchase contract and/or maintenance and/or assistance. Moreover, the provision of your data for the specific purposes referred to in point b) is optional, but your refusal makes it impossible for ORVED S.P.A. to process your request and contact you.
In any case and as better specified below, you can withdraw your consent, even partially, for example by consenting only to event and non-commercial communications.
TO WHO WILL YOUR PERSONAL DATA BE DISCLOSED?
Your personal data will be processed exclusively by persons authorised to process and by persons designated as Data Processors in compliance with the GDPR in order to correctly carry out all the Treatment activities necessary to pursue the purposes referred to in this Policy. Your Personal Data may be disclosed to Public Bodies or to the Judicial Authority, if required by law or to prevent or repress the commission of an offence and in any case to:
The legitimate recipient of communications required by law or regulations (such as, for example, Offices and Public Authorities);
The recipient of necessary communications when performing the obligations deriving from the Service and from the signed contract;
Third-party companies specialised in information management;
Commercial and credit-related (such as, for example, call centres, data processing centres, banks, etc.);
Companies and/or collaborators for the management of administrative services which are used to fulfil their legal or contractual obligations;
Other subjects (companies, individuals) who collaborate with the data controller in the services and supplies that he proposes.
With your free and optional consent, only the personal data necessary for the pursuit of the activity (including name, surname, address, e-mail, telephone, address of residence and/or domicile, date and place of birth, fiscal code) will be communicated by ORVED SPA to the following categories of third-party companies:
Companies active in the sector of electronic commerce of products and services to businesses;
Companies operating in the Information Technology sector;
Web Agency and Social Network limited to services offered by us that involve the aforementioned subjects.
It is not expected that personal data of minors under the age of 16 will be processed, unless prior authorization by the holder of parental responsibility is given.
LEGITIMATE INTEREST OF THE DATA CONTROLLER
The Controller has the legitimate interest in transferring personal data to companies within the company structure for internal administrative, analytical and reporting purposes.
HOW LONG WILL YOUR PERSONAL DATA BE PROCESSED?
Your personal data will be kept for the period necessary to pursue the purposes related to point a) above. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, i.e. until the termination of the contractual relationships between you and the Data Controller without prejudice to a further retention period which may be imposed by law.
Moreover, if you decide to release your optional consent relating to the commercial purposes referred to in point b) your data will be kept, unless the consent is withdrawn, for a period of time not exceeding that necessary to achieve the purposes.
Spontaneous delivery of the curricula will be kept for no more than two years from the date of receipt.
Your data will be kept for a further period in relation to the purposes of protests or disputes.
HOW CAN YOU WITHDRAW THE CONSENT GIVEN?
You have the right to withdraw your consent given to the Data Controller at any time totally and/or partially without prejudice to the lawfulness of the Treatment based on the consent given before withdrawal.
To withdraw your consent you can contact the Data Controller at the addresses published in this policy.
WHERE WILL YOUR DATA BE PROCESSED?
Your Personal Data will be processed by the Controller within the territory of the European Union.
If for technical and/or operational issues, it is necessary to make use of subjects located outside the European Union, we inform you as of now that these subjects will be appointed Data Processors pursuant to and for the purposes of Article 28 of GDPR and the transfer of your Personal Data to these subjects, limited to the performance of specific Treatment activities, will be regulated by a special appointment contract in compliance with the guarantees and protections provided by the GDPR.
All the necessary precautions will be taken in order to guarantee the total protection of your Personal Data by basing this transfer on the evaluation of appropriate guarantees, including but not limited to, decisions regarding the adequacy of the recipient third countries expressed by the European Commission; adequate guarantees expressed by the third party recipient in compliance with article 46 of GDPR. In any case, you can request more details from the Data Controller if your Personal Data have been processed outside the European Union, requesting evidence of the specific guarantees adopted.
WHAT ARE YOUR RIGHTS?
We remind you that you will be able to exercise your rights under the GDPR and in particular to obtain:
the confirmation that a Personal Data Processing concerning you is in progress and to obtain access to the data and the following information (purposes of processing, categories of personal data, recipients and/or categories of recipients to whom the data have been and/or will be communicated, retention period);
the correction of inaccurate personal data concerning you and/or the integration of incomplete personal data, even by means of a supplementary declaration; the cancellation of personal data, in the cases provided for by the GDPR;
the limitation to the processing in the cases provided for by the current Privacy Law;
The portability of the data concerning you, if feasible and pertinent with the service provided; the opposition to the treatment at any time, for reasons related to your particular situation, to the processing of personal data concerning you in full compliance with the current Privacy Law.
You can exercise your rights by contacting the email box email@example.com attaching a copy of your identity card where necessary.
In any case, you will always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), in compliance with art. 77 GDPR, if you believe that the processing of your data is contrary to the current Privacy Law.