ASACERT Srl whose registered office is located in Via Vittorio Veneto, 2 – 20032 Cormano (MI) VAT 04484450962 (From now “ASACERT” or “Data Controller”), is the Data Controller and informs, in accordance with the EU Regulation n. 2016/679 (later abbreviated as “GDPR”) that your data will be used as follows:
A. DATA PROCESSING OBJECT
The Data Controller processes personal identification data (e.g.: name and surname, telephone number, e-mail address, payment details) – afterwards we will refer to them with the terms “personal data” or even “data” – communicated to you at the conclusion of any contract or if these data are required for the performance of a function requested by you (e.g.: filling out the contact form on the website).
B. DATA PROCESSING OBJECT PURPOSE
Your personal data will be used:
- Without your express consent, as indicated in Article 6 letter. b), e) of the GDPR, for the following Service Purposes:
- Conclude the contracts for the services of the Data Controller;
- Fulfil the pre-contractual, contractual and tax obligations deriving from existing relations with yo0075;
- To fulfil the obligations established by the law, by a regulation, by the community legislation or by an order of the Authority (such as in the matter of anti-money laundering);
- Exercise the rights of the Data Controller, for example the right to defence in court;
- Only subject to your specific and distinct consent (Article 7 GDPR), for the following communications by e-mail / post / telephone contacts / newsletter of:
- commercial communications and / or advertising material on products or services offered by the Data Controller and facilitations and incentives relating to them;
- detection of the degree of satisfaction with the quality of services;
- Events, training courses and initiatives;
C. DATA PROCESSING
The processing of your personal data is carried out through the operations indicated in article 4 n. 2) GDPR and more precisely: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are processed either in paper form or in electronic and / or automated form.
The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality relationship and no later than 2 years from the collection of data for the Marketing Purposes.
D. DATA ACCESS
Your data may be made accessible, for the purposes referred to in point C., to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal processing managers and / or system administrators.
Without the need for express consent, see Article 6 lit. b) and c) GDPR, the Data Controller may communicate your data for the purposes referred to in point B.1 to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to all parties to whom the communication is mandatory by law for the completion of the aforementioned purposes. These subjects will treat the data in their capacity as independent data controllers. Your data will not be disclosed.
F. DATA TRANSFER
Personal data are stored on servers located in Cormano (Milan, Italy), within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures, as of now, that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
G. NATURE OF THE DATA PROVISION AND CONSEQUENCES OF THE REFUSAL TO RESPOND
The provision of data for the purposes referred to in point B.1 is mandatory. In their absence, we cannot guarantee the Services of point B.1.
The provision of data for the purposes referred to in point B.2 is optional. You can therefore decide not to give any data or to deny at a later date the right to process data previously provided: in this case, you will not receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in point B.1.
H. RIGHTS OF THE DATA SUBJECT
In your capacity as a Data Subject, you have access rights as per articles 15-21 GDPR, or rather, right of access, right of rectification, right to cancellation (“right to be forgotten”), right of limitation of processing, right to data portability, right of opposition, as well as the right to complaint to the Authority Guarantor.
And precisely the rights of:
- Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form
- Get the indication of:
- the origin of personal data
- purposes and methods of processing
- the logic applied in case of treatment carried out with the aid of electronic instruments
- the identification details of the data controller, data processors and the designated representative pursuant to article 3, paragraph 1, GDPR
- the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as nominated representative in the territory of the State, managers or agents.
- Updating, amendments and integration of data;
- The cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- The attestation that the operations carried out have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or provided, except in the case where such fulfilment proves impossible or involves a use of means clearly disproportionate to the protected right.
- Oppose, totally or partially:
- For legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
- To the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by and -mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition even partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
I. EXERCISE OF RIGHTS
To exercise your rights, you can contact the Data Controller by sending a communication:
- Via e-mail to firstname.lastname@example.org
- By registered letter A/R addressed to Asacert Srl, Via Vittorio Veneto, 2 – 20032 Cormano (MI)
L. CONTROLLERS AND PROCESSORS
The Data Controller is Asacert Srl, Via Vittorio Veneto, 2 – 20032 Cormano (MI) Italy.
The updated list of data processors is kept at the registered office of the Data Controller.