Disclosure and Consent to the Processing of Personal Information
In compliance with the provisions of Italian Legislative Decree 196/2003 (Personal data protection code) and EU Reg. 2016/679 (European general data protection regulation), we are providing you with the required information on the processing of your personal information. This disclosure is provided pursuant to art. 13 of EU Reg. 2016/679 and is also inspired by the provisions of Directive 2002/58/EC (directive on privacy and electronic communications), as updated by Directive 2009/136/EC.
The Data Controller is Clei S.r.l. with registered office at Via G. Marconi, 22060 Carugo (CO) – Italy, which is also the legal representative. To exercise the rights pursuant to art. 7 of Italian Legislative Decree 196/2003 and arts. 15‐22 of GDPR 2016/679 (details of which are provided below) or for any additional information on privacy, you may contact the Data Controller at: e‐mail: firstname.lastname@example.org or tel: +39.031.761666;
2. Personal data
- Pursuant to art. 4, letter a) of the GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- This category includes information such as name, address, telephone number, email address, tax code and bank details. Information that cannot be directly connected to a person ‐ for example preferred websites or the number of users of a certain website ‐ is not considered personal data.
3. Purpose of the processing
- For the establishment and execution of contractual relationships, Clei S.r.l. informs the Customer that it has in its possession personal, registry and tax information, including that obtained verbally directly or through third parties, relating to you, which is considered personal in accordance with European Regulation 2016/679.
- The personal data provided shall be processed in compliance with the conditions of lawfulness pursuant to art. 6 of EU Reg. 2016/679 for the following purposes:
- A. Purposes connected to the management of the contractual relationship and the provision of the Services: the data shall be processed for the following purposes: establishment, management and termination of the contractual and commercial relationship; customer assistance;
- B. Purposes connected to the fulfilment of legal obligations and for the pursuit of legitimate interests: the data shall be processed for the following purposes: anti‐terrorism controls; antimoney laundering controls; tax and accounting related verifications; dispute management;
- C. Purposes connected to marketing activities: with your express consent, the data shall be processed for the following purposes: market research; economic and statistical analyses; marketing; the sending of newsletters, advertising/informational/promotional materials and updates on initiatives, promotions and offers; communications and information on activities and events;
4. Nature of provision and refusal
- The provision of personal information is optional.
- The provision of personal information for the purposes pursuant to point 3.2 letter A (Purposes connected to the management of the contractual relationship and the provision of the Services) of this disclosure is necessary to obtain the specific functions and take advantage of the services offered by the Data Controller, for example to receive a response to a request for information. Failure to provide this personal information may entail the impossibility of obtaining the service requested or taking advantage of the services offered.
- For the purposes pursuant to point 3.2 letter B (Purposes connected to the fulfilment of legal obligations and for the pursuit of legitimate interests), it is not necessary for the Customer to provide consent, as they are justified pursuant to art. 6 letters c) and f) of the GDPR.
- For the purposes pursuant to point 3.2 letter C (Purposes connected to marketing activities), failure to provide consent shall not jeopardise the contractual relationship or the provision of services.
5. Data recipients or categories of recipients
- The personal data provided may be disclosed to employees or associates of the Data Controller who, operating under its direct authority, process the data and are appointed as internal data processing managers or data processors or System Administrators and in this regard shall receive adequate operating instructions from the Data Controller; this shall take place ‐ by the Processors appointed by the Data Controller ‐ with respect to employees or associates of the Processors.
- The Personal Data may also be disclosed to Processors external to the Data Controller appointed pursuant to art. 28 of EU Reg. 2016/679, such as third parties or other parties that carry out activities under outsourcing agreements on behalf of Clei S.r.l.
- Categories of External Processors:
- third‐party suppliers, manufacturers, distributors, resellers and commercial partners of Clei S.r.l.
- professional individuals, companies or firms which perform assistance, consulting or collaboration activities for Clei S.r.l. on accounting, administrative, legal, tax and financial matters with respect to the General Sale Conditions;
- credit institutions for aspects relating to collections and payments;
- companies that carry out activities on behalf of Clei S.r.l. under outsourcing agreements, including IT technicians who manage the relative electronic communication infrastructures necessary for this, appointed as data processors;
- external suppliers that provide support services to Clei S.r.l., appointed as data processors;
- Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request;
- For administrative or accounting purposes, the data may be transmitted to commercial information companies for assessments of solvency and payment habits and/or to other parties for debt collection purposes.
- The parties belonging to the above‐mentioned categories act as Data Processors, or operate with full autonomy as distinct Data Controllers.
- The list of designated Data Processors is continuously updated and available at the registered office of Clei S.r.l. and may be consulted by sending an email to: email@example.com
6. Transfer of Data to a third country and/or international organisations
- Clei S.r.l. does not share, sell, transfer or otherwise disseminate your personal information to third parties located in a third country and/or to international organisations, and it shall continue not to do so in the future, unless required by law, provided this is not necessary for the purposes laid out in the contract or you have not provided your explicit consent to such processing.
- If you have provided your consent for purposes connected to marketing activities, your data may be transferred to non‐EU countries (more specifically to the US) and may be stored on the servers of electronic platforms (e.g., Microsoft). Clei S.r.l. carries out this transfer after entering into Standard Contractual Clauses with the providers of servers and/or services assigned to third parties, or after the verification of the Data Processor’s registration within the “Privacy Shield” system.
7. Place, Method of processing and Data storage period
- The Personal Data are processed primarily at the registered office of the Data Controller and in the places where the External Data Processors are located. For additional information, contact the Data Controller.
- The Personal Data shall be processed by means of data collection, organisation, storage, consultation, processing, modification, selection, extraction, comparison, utilisation, interconnection, blocking, communication, deletion and elimination operations.
- The Personal Data shall be processed with IT/automated procedures as well as with hard copy methods, with approaches strictly correlated with the above‐mentioned purposes, by means of databases or the electronic platforms managed by Clei S.r.l. or by third parties specifically appointed as data processors.
- Processing shall be carried out with methods and instruments intended to guarantee the utmost security and confidentiality, by parties engaged specifically for this purpose.
- In compliance with the provisions of art. 5, paragraph 1 letter e) of EU Reg. 2016/679, the personal data collected shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, and in any event deleted with no unjustified delay.
- To learn about the criteria underlying the data storage period, you may write to firstname.lastname@example.org
- The Data Controller has adopted a wide range of security measures to protect the Customer against the risk of loss, abuse or alteration of the Data. In particular: it has taken the measures pursuant to arts. 32‐34 of the Privacy Code; it stores the Data on servers located in Europe or, in the case of electronic platforms and Microsoft, they may be transferred to the US.
- The data shall not be distributed or communicated in any way to external parties, without prejudice to the obligations in this regard set forth by law.
- Personal information provided for the purposes pursuant to point 3 of this disclosure must be given by a subject older than 16 years of age.
- 8.2. For subjects under 16 years of age, the data may be provided and as a result processed by the Data Controller only with the express explicit consent of the parents or guardian.
9. Rights of the Data Subjects
- You may enforce your rights as expressed in arts. 15, 16, 17, 18, 19, 20, 21 and 22 of EU Regulation 2016/679 by contacting the Data Controller at email@example.com
- You are entitled to ask the Data Controller for access to your personal data, as well as for their adjustment, deletion or limitation to processing at any moment.
- You are also entitled to object to the processing of your data (including automated processing) as well as the portability of your data at any time.
- Without prejudice to any other administrative or legal recourse, if you believe that the processing of your data violates the provisions of EU Reg. 2016/679, pursuant to art. 15, letter f) of the abovementioned EU Reg. 2016/679, you are entitled to submit a complaint to the Personal Data Protection Authority and, with reference to art. 6, paragraph 1, letter a) and art. 9, paragraph 2, letter a), you are entitled to revoke your consent at any time.
- In the case of a request for data portability, the Data Controller with provide you with your personal data in a structured, commonly used format readable by an automatic device, without prejudice to paragraphs 3 and 4 of art. 20 of EU Reg. 2016/679.