Pursuant to current legislation - 2016/679 EU Regulation (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Privacy Code)-, in relation to personal data concerning you and which will form object of treatment, we inform you of the following.
Pursuant to said law, your personal data will be processed in accordance with principles of fairness, lawfulness, relevance, transparency and protection of your confidentiality and of your rights.
DATA PROCESSOR AND DATA PROTECTION OFFICER
The Data Processor is Ediscom S.p.a. in person of the legal representative pro tempore, based in Turin, via Vittorio Alfieri 11.
You can request cancellation by writing to Ediscom S.p.a. via Vittorio Alfieri 11, 10121 Turin or by sending an email to: email@example.com.
Pursuant to Art. 37 GDPR, the company has appointed a Data Protection Officer (DPO). The DPO can be contacted at the email address: firstname.lastname@example.org
1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
a) is to perform the services offered through the portal and manage requests or subscriptions to initiatives reserved for registered users; the legal basis of the processing is its requirement in order to fulfil the request of the data subject according to article 6 (1)(b) of GDPR;
b) with your express consent is to collect data for marketing purposes in order to send commercial communications by traditional means (post and landline) or automated means (email, mobile text, RCS, MMS, push notification , instant messaging’s app, livechat, chatbot, social media, whatsapp and telegram) related to the activity of the controller or of their third-party clients, stakeholders or partners; the legal basis of the processing is the consent of the data subject according to article 6 (1)(a) of GDPR;
c) Processing with your express consent may be carried out for the purpose of conducting market and statistical analysis and profiling and preferences aimed at carrying out marketing activities, so that we can offer you products and services more in line with your needs and a whole series of personalized promotions and discounts. As part of some Ediscom initiatives, there may be specific questions aimed at creating your profile based on your tastes, preferences, habits, needs and/or consumption choices so that we can offer you marketing communications in line with your interests; the legal basis for the processing is the consent of the data subject in accordance with Article 6(1)(a) of the GDPR;
d) with your consent, the processing may be carried out for the communication of data to third parties as specified in point 6 below for the performance of marketing activities. As part of some Ediscom initiatives, there may be specific applications aimed solely at communicating your data to third parties that fall into product categories more in line with your interests. In addition, technical clashing operations, prior to the actual communication of your data to third parties, may be put in place between databases in encrypted format to ensure that such communication is in your interest; the legal basis of the processing is the consent of the data subject, pursuant to Article 6(1)(a) of the GDPR;
e) Processing may be directed at tracing perpetrators only in the event of specific requests and on behalf of the competent authorities; legal basis for processing is the protection of the holder's rights in relation to legal obligations to which it is subject.
2. DATA PROCESSING METHODS AND DATA STORAGE TIME
a) is performed via operations or sets of operations as defined in applicable law: collection, recording and organization; processing, including alteration, alignment, combination; use, including consultation, disclosure, selection, extraction; blocking of disclosure, erasure, destruction; security, protection, including availability, confidentiality, completion, protection;
b) is performed by electronic or automated means, with the insertion and collection of data in electronic databases belonging to Ediscom S.p.a., through which operations listed in a) are then conducted;
c) is also performed to complete and enhance the data collected with freely and lawfully available data, by non-electronic means and organized in paper-based filing systems;
d) is performed directly by the controller’s organization, as well as possibly by third parties to provide services to their clients.
e) data collected to perform activities for the purposes described can be transferred abroad in accordance with the rules provided for in applicable law, by taking all appropriate precautions to ensure an adequate level of protection of said data.
Data will be processed by appointees or persons authorized to the processing appointed by the owner to carry out activities instrumental to the purposes described above. The data may also be processed by data processors, who act on behalf of Ediscom S.p.a. ex art. 28 of the GDPR. In particular, the data may be made available to third-party companies that carry out activities on behalf of Ediscom S.p.a. in outsourcing, to companies that provide business information and authorized to access public offices, registers and bulletins, and to banks for the purposes provided for by law. The identification data of any appointed managers may be acquired by writing to Ediscom S.p.a. at email@example.com or at the physical address of the headquarters of Ediscom S.p.a.
Data provided by the data subject can be consulted by banks where lawfully available and used to update, rectify and complete information already provided and to verify compliance with requirements to access specific benefits and advantages.
Moreover, personal data can be disclosed to third parties and to government departments in order to comply with contractual obligations and the law.
Data will be kept for the time strictly necessary in relation to the purposes pursued, taking into account legal obligations and the limits provided by law in relation to the deletion of data. In particular, the retention period of the data for marketing purposes is limited to the period during which the user is active or until the user revokes consent to the processing.
Cookies are text files that websites send to a visitor’s computer or other device connected to the internet, to uniquely identify the visitor’s browser itself or to save information or settings on the browser.
4. NATURE OF THE PROVISION OF DATA
Without prejudice to the autonomy of the data subject, providing personal data shall be:
a) obligatory under domestic or EU law or regulations;
b) strictly necessary for implementing the services offered, as well as to fulfil accounting and tax requirements;
c) optional with the aim of performing informational, marketing and promotional activities regarding the services available to the data subject. The controller maintains that any mistake in communicating data considered obligatory (a-b) may render it impossible for the controller to guarantee the suitability of the processing pursuant to the contractual conditions for which it was provided, and may also result in the absence of communication of the data processing results according to legal obligations.
Moreover, please note that should you provide data and consent, you can at any point exercise your rights set forth in point “DATA SUBJECT RIGHTS” below, and that any consent given in relation to receiving messages through traditional or automated means can be revoked or limited to just one of the communication methods mentioned above.
5. REFUSAL TO PROVIDE DATA
Should the data subject refuse to provide personal data:
a) in cases referred to in point 1, a), they will be unable to use the services offered through the portal;
b) in cases referred to in point 1 b), c) and d), there will be no consequences on legal relationships that have been previously established, but it will exclude the possibility of performing informational or promotional activities regarding other initiatives available to the data subject.
6. DISCLOSURE OF DATA
a) With your express consent, personal data can be disclosed to Ediscom S.p.a.’s affiliates, subsidiaries and commercial partners for marketing purposes;
b) with your express consent, personal data can also be disclosed to Ediscom S.p.a.’s third-party clients, stakeholders and partners who, acting as independent data controllers, disseminate commercial communications via the internet, post, email, phone (text message, MMS, telemarketing). These third parties (the updated list of which is always available upon request from the Controller) belong to the product categories described below:
Communications: ICT products and services.
Finance and banking sector: financial firms, insurance companies, investments, social security.
Leisure: publishing, tourism, sport, collecting, photography, hobbies, communication and entertainment, art, music.
Distribution and business: electronics, computers, image and sound, fashion, accessories, clothing, textile, bazaar, cosmetics and sanitary hygiene, chemical, pharmaceutical and bio-technology, food, restaurants with food administration license, supermarkets, drinks, office supplies, furniture.
Automotive: products and services related to cars, industrial vehicles, bicycles and motorcycles, trucks, mechanics and metallurgy.
Energy and water: products related to electricity, hydrocarbons, gas, water and utilities.
NGOs and charities: products and services related to not-for-profit organizations, foundations.
Education, training, university.
Communication and services: advertising agencies, marketing firms, event managers, consultancies, PR firms, advertising sales companies, media centers, telecommunications, market researchers; mobile marketing agencies.
Cosmetic and dental industry.
Ecology and environment.
Construction, civil engineering and real estate products/services: construction, decoration, home, design, real estate agencies.
Exhibitions and events etc.
IT, internet, e-commerce websites.
If you want to know the third companies detailed list to which data could be transmitted, visit this webpage.
Any communication beyond those indicated above and any further dissemination will take place only with your explicit consent.
This list also corresponds to the product categories to which Ediscom's clients belong for whom it directly carries out commissioned marketing campaigns, acting, in that case, as the Data Processor.
c) Data could therefore be disclosed, transferred or provided under license with your express consent to natural and/or legal persons belonging to the categories described above, for the same purposes as those described in this document. These parties operate as “independent controllers” or as “processors”.
The data provided may be transferred to countries belonging to the European Union and to countries outside the EU, in order to comply with the aforementioned purposes. The data will be transferred according to Article 44 - General principle for the transfer; Article 45 - Transfer on the basis of an adequacy decision; Article 46 - Transfer subject to adequate guarantees, specifically the data will be transferred:
- to third countries or international organizations for which the Commission has intervened with an adequacy assessment (Article 45 of the EU Reg. 2016/679)
- towards third countries or international organizations that have provided adequate guarantees and in which the person concerned has rights to action and effective remembrance (article 46 EU Reg. 2016/679, also with contractual clauses and the other provisions referred to in Article 46 (3))
- towards third countries or international organizations on the basis of exceptions in specific situations (Article 49 of the EU Reg. 2016/679).
7. DATA SUBJECT RIGHTS
Within the limits and conditions provided for by law, the controller shall be obligated to respond to the data subject’s requests regarding their personal data.
During the period in which Ediscom processes your data, as a data subject, you may at any time exercise the following rights:
a) Right of access - you have the right to obtain confirmation as to whether or not a processing concerning your Data exists, as well as the right to receive any information relating to the same processing, and if so, to obtain access to your personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;
- when possible, the intended retention period of the personal data or, if not possible, the criteria used to determine this period;
- the existence of the data subject's right to request from the data controller the rectification or erasure of personal data or the restriction of processing of personal data concerning him or her or to object to the processing of personal data concerning him or her
- the right to lodge a complaint with a supervisory authority;
- where the data are not collected from the data subject, all available information about their origin;
- the existence of an automated decision-making process, including profiling;
b) Right to rectification - you have the right to obtain the rectification of your Data in our possession, if it is incomplete or inaccurate;
c) Right to erasure (so called "right to be forgotten") - under certain circumstances, you have the right to obtain the deletion of your Data held within our records if it is not relevant to the management of the contractual relationship or necessary due to legal obligation;
d) Right to restriction of processing - under certain circumstances, you have the right to obtain the restriction of processing concerning your Data, if not relevant to the management of the contractual relationship or necessary for legal obligation;
e) Right to portability - you have the right to obtain the transfer of your Data in our possession in favor of a different data controller;
f) Right to object - you have the right to object to the processing of Data about you based on the lawful condition of legitimate interest or the performance of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate grounds for the Controller to continue the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a legal claim
g) Right to withdraw consent - You have the right to withdraw your consent to the processing of your Data at any time, without prejudice to the lawfulness of the processing based on your consent prior to withdrawal.
The above rights, including the cancellation of your data, may be exercised by sending an email to firstname.lastname@example.org or by contacting the DPO by sending an email to email@example.com or by writing to Ediscom S.p.a., at its registered office located at via Vittorio Alfieri 11, Turin, 10121.
To oppose the sending of sms, without prejudice to the possibility, for some types of text messages without a personalized sender, to respond directly to the received text message by entering the text "Unsubscribe" or "Stop," it is possible to send an email to the above address to obtain access to the data and cancellation.
You also have the right to file a complaint with the Supervisory Authority or appeal to the Judicial Authority - if Ediscom refuses to comply with your requests, the reasons for the refusal will be provided.
If applicable, you have the right to file a complaint by lodging a petition directly with the Privacy Guarantor (Garante per la protezione dei dati personali, Piazza Venezia, 11, 00187, Rome or your National Privacy Guarantor) or, alternatively, by lodging an appeal with the competent Judicial Authority.
You also have the option of registering, free of charge and at any time, your landline and/or mobile phone number or physical mail address, with the Public Register of Oppositions ("RPO"): https://registrodelleopposizioni.it/. Registration cancels all consents you have previously given to any Holder, solely with respect to telemarketing activities (operator or automated calls) and the sending of commercial communications by paper mail. On the other hand, sms or email marketing activities do not fall within the scope.
This version of the notice on personal data processing was updated on the 01/06/2023.