Privacy Policy Section

Privacy Policy Section 2018-11-21T10:44:54+00:00

Information regarding data processing

Pursuant to current legislation in the framework of the 2016/679 EU Regulation (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Privacy Code), and in relation to personal data concerning you and which will form object of treatment, we inform you of the following.

Pursuant to said law, your personal data will be processed in accordance with principles of fairness, lawfulness, relevance, transparency and protection of your confidentiality and of your rights.

 

  1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

The purpose of data processing

  1. a) is to perform the services offered through the portal and manage requests or subscriptions to initiatives reserved for registered users; the legal basis of the processing is its requirement in order to fulfil the request of the data subject
  2. b) with your express consent is to collect data for marketing purposes in order to send commercial communications by traditional means (post and landline) or automated means (email, mobile, text, MMS, fax, social media) related to the activity of the controller or of their third-party clients, stakeholders or partners; the legal basis of the processing is the consent of the data subject
  3. c) with your express consent can be to perform market research and statistical analyses: marketing and for analysis and definition of profiles and preferences; the legal basis of the processing is the consent of the data subject
  4. d) with your express consent can be to disclose data to third parties as described in point 6 below for marketing purposes; the legal basis of the processing is the consent of the data subject
  5. e) can be to trace the perpetrators of possible crimes only in case of specific requests from and on behalf of the competent authorities; the legal basis of the processing is the protection of the controller’s rights in relation to legal obligations.

 

  1. DATA PROCESSING METHODS AND DATA STORAGE TIME

Data processing:

  1. a) is performed via operations or sets of operations as defined in applicable law: collection, recording and organisation; processing, including alteration, alignment, combination; use, including consultation, disclosure, selection, extraction; blocking of disclosure, erasure, destruction; security, protection, including availability, confidentiality, completion, protection;
  2. b) is performed by electronic or automated means, with the insertion and collection of data in electronic databases belonging to Ediscom Spa, through which operations listed in a) are then conducted;
  3. c) is also performed to complete and enhance the data collected with freely and lawfully available data, by non-electronic means and organised in paper-based filing systems;
  4. d) is performed directly by the controller’s organisation, as well as possibly by third parties to provide services to their clients.
  5. e) data collected to perform activities for the purposes described can be transferred abroad in accordance with the rules provided for in applicable law, by taking all appropriate precautions to ensure an adequate level of protection of said data.

Data will be processed by internal and external officers and by those assigned by the controller to perform activities for the purposes described above. Specifically, data can be made available to third-parties that perform outsourcing services on behalf of Ediscom Spa, to companies that provide commercial information and are authorised to access public offices, registers and bulletins and to banks for the purposes provided for by law. Identifying data of assigned processors will be available at the headquarters of Ediscom Spa

Data provided by the data subject can be consulted by banks where lawfully available and used to update, rectify and complete information already provided and to verify compliance with requirements to access specific benefits and advantages.

Moreover, personal data can be disclosed to third parties and to government departments in order to comply with contractual obligations and the law.

Data will be stored as long as necessary for the pursued purposes, in accordance with legal obligations and restrictions provided for by law regarding data erasure.

 

  1. COOKIES

Cookies are text files that websites send to a visitor’s computer or other device connected to the internet, to uniquely identify the visitor’s browser itself or to save information or settings on the browser.

We use cookies to improve our website and to provide clients with better service and functionality. Specifically, we use them to remember the information provided by the user and to memorise the user’s preferences when using the website, allowing Ediscom Spa to improve the performance and design of the website. They may be shared with analytical instrument suppliers and may also enable the provision of promotional information.

You can limit or disable the use of cookies via your browser, however in that case, some features of the websites could become inaccessible.

Ediscom Spa uses Google Analytics, offered by Google to understand how visitors use our website, in order to improve it. The information collected is completely anonymous and does not identify individual visitors.

Users can disable Google Analytics by searching for and installing the opt-out add-on via the procedure described on the following link: https://tools.google.com/dlpage/gaoptout/

 

  1. PROVISION OF DATA

Without prejudice to the autonomy of the data subject, providing personal data shall be:

  1. a) obligatory under domestic or EU law or regulations;
  2. b) strictly necessary for implementing the services offered, as well as to fulfil accounting and tax requirements;
  3. c) optional with the aim of performing informational, marketing and promotional activities regarding the services available to the data subject. The controller maintains that any mistake in communicating data considered obligatory (a-b) may render it impossible for the controller to guarantee the suitability of the processing pursuant to the contractual conditions for which it was provided, and may also result in the absence of communication of the data processing results according to legal obligations.
  4. d) moreover, please note that should you provide data and consent, you can at any point exercise your rights set forth in point 9 below, and that any consent given in relation to receiving messages through traditional or automated means can be revoked or limited to just one of the communication methods mentioned above.

 

  1. REFUSAL TO PROVIDE DATA

Should the data subject refuse to provide personal data

  1. a) in cases referred to in point 1, a), they will be unable to use the services offered through the portal;
  2. b) in cases referred to in point 1 b), c) and d), there will be no consequences on legal relationships that have been previously established, but it will exclude the possibility of performing informational or promotional activities regarding other initiatives available to the data subject.

 

  1. DISCLOSURE OF DATA
  2. a) With your express consent, personal data can be disclosed to Ediscom Spa’s affiliates, subsidiaries and commercial partners for marketing purposes
  3. b) with your express consent, personal data can also be disclosed to Ediscom Spa’s third-party clients, stakeholders and partners who, acting as independent data controllers, disseminate commercial communications via the internet, post, email, phone (text message, MMS, telemarketing). These third parties (the updated list of which is always available upon request from the Controller) belong to the product categories described below:

Communications: ICT products and services etc.;

Finance and banking sector: financial firms, insurance companies, investments, social security etc.;Leisure: publishing, tourism, sport, collecting, photography, hobbies, communication and entertainment, art, music etc.;

Distribution and business: electronics, computers, image and sound, fashion, accessories, clothing, textile, bazaar, cosmetics and sanitary hygiene, chemical, pharmaceutical and bio-technology, agro-food, supermarkets, drinks, office supplies, furniture etc…

Automotive: products and services related to cars, industrial vehicles, bicycles and motorcycles, trucks, mechanics and metallurgy etc…

Energy and water: products related to electricity, hydrocarbons, gas, water and utilities etc.;

NGOs and charities: products and services related to not-for-profit organisations, foundations etc.;

Education, training, university etc.;

Communication and services: advertising agencies, marketing firms, event managers, consultancies, PR firms, advertising sales companies, media centres, telecommunications, market researchers, etc.; mobile marketing agencies etc.

Ecology and environment;

Construction, civil engineering and real estate products/services: construction, decoration, home, design, real estate agencies etc;

Exhibitions and events etc.

IT, internet, e-commerce websites etc…

If you want to kown the third companies detailed list to which data are transmitted, visit this webpage: https://www.ediscom.it/numeriche-telefoniche/

  1. 2 Data could therefore be disclosed, transferred or provided under license with your express consent to natural and/or legal persons belonging to the categories described above, for the same purposes as those described in this document. These parties operate as “independent controllers” or as “processors”.

The data provided may be transferred to countries belonging to the European Union and to countries outside the EU, in order to comply with the aforementioned purposes. The data will be transferred according to Article 44 – General principle for the transfer; Article 45 – Transfer on the basis of an adequacy decision; Article 46 – Transfer subject to adequate guarantees, specifically the data will be transferred:

– to third countries or international organizations for which the Commission has intervened with an adequacy assessment (Article 45 of the EU Reg. 2016/679)

– towards third countries or international organizations that have provided adequate guarantees and in which the person concerned has rights to action and effective remembrance (article 46 EU Reg. 2016/679, also with contractual clauses and the other provisions referred to in Article 46 (3))

– towards third countries or international organizations on the basis of exceptions in specific situations (Article 49 of the EU Reg. 2016/679).

  1. DISSEMINATION OF DATA

Personal data are disseminated to the parties described in point 6.

Any disclosure or dissemination in addition to those described above will only occur subject to your explicit consent.

  1. CONTROLLER AND DATA PROTECTION OFFICER

The controller is Ediscom Spa in the person of its pro tempore legal representative

Identifying data of the personal data processor can be acquired at the headquarters of Ediscom Spa with its registered office in Turin, via Lagrange n. 35.

It is possible to request erasure of the data by writing to Ediscom Spa, Via Lagrange n. 35 10123 Turin, or by sending an email to: responsabileprivacy@ediscom.it.

To object to receiving text messages, notwithstanding the possibility of sending an email to the above-mentioned email address, you can simply reply straight to the text received, with “Cancel” or “Stop”.

The company has designated, pursuant to art. 37 GDPR, a Data Protection Officer. The DPO can be contacted at the appropriate email address: dpo@ediscom.it

  1. DATA SUBJECT RIGHTS

Within the limits and conditions provided for by law, the controller shall be obligated to respond to the data subject’s requests regarding their personal data. Specifically, under applicable law:

  1. The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and in such cases, access to the personal data and to the following information:

the purposes of the processing;

the categories of the personal data concerned;

the recipients or categories of recipients to whom the personal data have been or will be transferred, in particular recipients in third countries or international organisations;

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

the right to lodge a complaint with a supervisory authority;

where the personal data are not collected from the data subject, any available information as to their source;

the existence of automated decision-making, including profiling

  1. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  2. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay within the limits and cases provided for by applicable law. The controller shall inform all recipients to which personal data were transferred of any rectification or erasure or restriction of the processing, within the limits and conditions provided for by applicable law.
  3. The data subject shall have the right to obtain from the controller restriction of processing.
  4. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

 

This version of the notice on personal data processing was updated on 13 September 2018.