REGULATION (EU) 2016/679 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA – “GDPR”
In accordance with the EU Regulation 679/2016, OverIT S.p.A. is willing to adequately inform you about the collection, processing and storage of your personal data collected during the market research activities in order to make you fully aware of your rights and of the procedures in order to easily exercise them, with respect to the principles of lawfulness, fairness and transparency of the processing.
Data subject: you as a Natural Person, who hereby shall grant consent to the processing of the personal data you have provided to us.
Processor: OverIT S.p.A., with registered office in Via Ugo Bassi n. 81, 33080 – Fiume Veneto (PN), Italy, in the person of its legal representative Mr. Marco Zanuttini.
Data Protection Officer: in accordance with Art. 37, par. 2, a Data Protection Officer (DPO) has been appointed at group level, as the person designated to carry out support, control, advisory, training and information functions in relation to the application of the Regulation. Hereinafter the name and address of the contact person: Mrs. Mirella Carraro, e-mail: firstname.lastname@example.org
Data collection procedures
Our company collects personal data relating to you which you provide at our premises, in events which we or third parties organize, such as fairs and meetings, or in web pages dedicated to the request for information about our products and services. In any event, the present regulation shall be submitted to you before collecting and processing the data. Furthermore, you can provide us with your personal data when requesting information, during the negotiations, when signing or executing contracts as well as when accepting/providing performances and/or services, whatever they may be.
Purpose of the data processing and legal bases
Your personal data are collected and processed with your consent for:
- OPERATIONAL and MANAGEMENT purposes: it means performing activities connected with our business, administrative, accounting, tax or legal operations;
- COMMERCIAL and MARKETING purposes: it means, for example, sending advertising material, providing commercial information on new products or services, involving you in events and initiatives promoted by our Company or other Group companies, partners or Third parties. We do not perform any profiling activity with your personal data.
Data processing procedures
Your personal data are processed by personnel specifically designated by the Processor because of his or her role in the company, in paper means and/or magnetic, electronic, telematic support or by using suitable tools to ensure the security and the confidentiality. Your personal data are processed within our Company’s premises. Nevertheless, we may also use third-party email marketing platforms, such as, by way of example but not limited thereto, “MailChimp”. We ensure that our service providers are fully compliant with the security standards required by the “GDPR”. Your personal data shall not be transferred to third countries outside the EU which have not been confirmed as “adequate” according to the criteria of the competent authorities (“Commission”) and thus do not ensure sufficient security standards in the management of your personal data.
Duration of the processing
Unless otherwise ordered by the Italian or EU legislation that imposes a legally determined storage period, your data will be kept no longer than necessary for the purposes for which they are collected, in any case for a maximum period of 2 (two) years and shall be then deleted from all our systems and those of any third parties to whom they were disclosed.
We hereby inform you that at any time you will be able to:
- access your data to get information regarding the data processing (Art. 15);
- rectify inaccurate data or integrate incomplete data (Art. 16);
- erase personal data concerning you (Art. 17);
- restrict the use of data, pursuant to Art. 18;
- receive a document, regardless if digital or in other format, containing your personal data (Art. 20);
- revoke consent to the specific data processing. Such withdrawal shall not affect the lawfulness of the data processing performed on the basis of the consent given before its withdrawal;
- lodge a complaint with the competent authorities.
As regards the objection, we inform you that you have the right to object to the use of your personal data in the cases referred to in Art. 21 and in particular:
- object at any time to your personal data processing in compliance with Article 6, paragraph 1, points e) or f) of the GDPR, for grounds relating to your personal situation. In this case, the Company shall no longer process your personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;
- Where personal data are processed for marketing activities, you shall have the right to object at any time to the processing and profiling activities carried out for this purpose.
With reference to the automated decision-making processes, you shall have the right not to be subject to a decision based solely on automated processing, including profiling activities, which produces legal effects on your person.