ART. 13 AND 14 OF REGULATION (EU) 2016/679
DATA TYPES AND SOURCE OF DATA
ITALTEL processes your personal data as you are the legal representative, attorney and/or interface designated by the client company in the management of contractual relationships between the customer and ITALTEL, or other companies of the ITALTEL Group.
Your personal data are made up of common data such as personal data and digital and telephone details, the role/responsibility held by you within the company/Italtel Client, together with the economic and financial data, company name, registered offices, and bank details of the client company itself.
The aforementioned personal data have been collected from you or have been provided by your employer or in any case by the company/Client on whose behalf you operate and perform your professional activity.
The personal data may be processed for the following purposes:
- execution of the contractual relationship between ITALTEL and the company/Client of which you are the connection and/or the legal representative or the prosecutor; such a contract can be without limitation a sale, services, licensing, maintenance contract, etc.
- execution of related managerial, administrative and accounting obligations
- fulfilment of legal obligations
- promotion of new products similar to those already sold by the Data Controller, by sending promotional brochures, informative material, invitations to symposia, special events, conferences, seminars, workshops, etc.
- for market research prior to the development of new products/services that are similar and the identification and evaluation of the needs of the market (e.g. by filling out questionnaires) in relation to the sector of the market in which the Data Controller operates
- cyber security
- any defensive needs.
THE LEGAL BASIS OF THE PROCESSING
The processing legal basis is constituted by the fulfilment of contractual obligations between the parties from the related legal obligations by vested interests and the consent of the data subject.
Legitimate interest is established by the needs of security and defense of the Date Controller. You can always object to the processing carried out for t legitimate interests of Data Controller
The Data Controller, in the event of exercising the right to object, refrains from further processing of personal data unless he/she demonstrates compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the data subject for the establishment, exercise or defence of legal claims.
For the purpose of direct marketing of products and services similar to those that ITALTEL has already sold you, your prior consent for the use of your email at the issued time is not necessary but you can withdraw consent at any time, easily and freely rejecting such use, for example, using the links for the opt-out option on in each commercial communication.
PROCESSING METHODS AND PROTECTION
The processing will be done using manual and/or computerised and digital instruments, that are appropriate for guaranteeing data security and confidentiality strictly related to the purposes of the pursued processing.
Your data are stored for ten years starting from the termination of the contractual relationship, which is until the expiration term of the rights that you or the company/Client who has relations with ITALTEL could claim and, in case of initiating legal action, until the conclusion of all judicial levels of any process.
Data provision is optional but necessary for the execution of the contractual relationship and, in particular, to fulfil the contractual obligations and any related administrative and accounting obligations.
Company/Client data and, where necessary, personal data can be communicated to:
- auditing company for legal tax and accounting obligations
- suppliers of products and services for the execution of the contractual relationship or for related obligations
- public subjects and other customers for confirming the technical and professional requirements limited to the data concerning economic activity performance in accordance with Art. 24, paragraph 1, letter d)
- public administration and public entities for complying with the law
- banking institutions and insurance companies for the participation in tenders
- third parties to ensure the exercise of the right of defence (law firms) or judicial authorities, in compliance with similar orders.
The above subjects will operate as autonomous Data Controllers (e.g. public entities), or as Data Processors or agents external to the processing of data. The concerned data may be communicated to other parties only if necessary for the purposes of the prevention, detection or repression of crime, in compliance with the regulations governing the matter.
TRANSFER OUTSIDE THE EU
Some of your personal data may also be communicated to other companies belonging to the ITALTEL Group. This can be abroad to non-EU countries for the purpose of contract implementation or promotional purposes, or to agents or promoters for promotional or referencing purposes, again extra-EU.
The transfer will be done in relation to Countries with an adequate level of protection recognised by a decision of the European Commission, or in the presence of the conditions provided for by Art. 46 of the GDPR of appropriate safeguards, including but not limited to, standard contractual clauses, binding rules of the company, adherence to codes of conduct or certification systems. Nevertheless, considered the core business of Italtel, which may involve extra-EU transfer to Countries that do not have an adequate level of personal data protection, or for which sufficient safeguards are not in place, ITALTEL represents that the conditions referred to in Art. 49, paragraph 1, letters b) and c) of the GDPR, and that such transfers may import a greater risk to both the lack of security measures aimed at defining the privacy risks (e.g. unauthorised third-party access, non-observance of the principles of lawfulness, etc.) both the absence of regulatory instruments in these Countries, suitable for protecting your personal data.
All non-EU countries in which there are companies in the ITALTEL Group where your data could be transferred are listed on the www.italtel.com Web site, while the updated list of countries having personal data protection legislation considered adequate by the European Commission is accessible from the official Web site of the Italian Privacy Authority by clicking on this link: http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi.
In addition, ITALTEL may adhere to its industry’s Codes of conduct or to the certification mechanisms that would enable the transfer of data outside the EU in accordance with Art. 46 of the GDPR and that, when needed, will also give the proper information through its own institutional Web site.
At any time, you may exercise your rights towards the Data Controller referred to in Chapter III of the GDPR, such as the right of access, rectification, integration, erasure, processing restriction, portability and the right to object in the presence of the legal conditions.
The right to oppose (opt-out) the processing for direct marketing can be invoked at any time.
In order to assert your rights, you shall send a communication to the registered address of ITALTEL by specifying the subject “Privacy” to the recipient. Alternatively, such communication can be transmitted via email to the email address firstname.lastname@example.org, or by contacting the Data Protection Officer (DPO) by sending an email to the email address email@example.com. In the same manner, you can request the list of internal and external processors.
Finally, please remember that you may lodge a complaint before the Guarantor for the protection of personal data (www.garanteprivacy.it).
Settimo Milanese, 25 May 2018