Client Privacy Policy
The purpose of this privacy policy is to provide all the information on the processing of personal data by [..] within the context of the contractual relations with its clients (as defined in more detail below).
[..] with registered office address at [..], with VAT Number [..] (hereinafter, the “Data Controller”), provider of the services set forth in the General Conditions and related annexes (hereinafter, jointly, the “Service”) subscribed to by its clients, in its capacity as data controller of the data subjects that represent (or collaborate in any way with) its clients (hereinafter the “Data Subjects”) hereby provides the following privacy policy pursuant to Regulation EU 2016/679 of 27 April 2016 (hereinafter, the “Regulation”, or “Applicable Law”).
The Data Controller takes the utmost account of the right to privacy and the protection of the personal data of its Data Subjects.
Data Subjects may contact Data Controller at any time, using the following methods:
Data Subjects can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: [email protected]
The personal data of Data Subjects that may be collected by the Data Controller for the purposes of concluding or performing the agreement for the provision of the Service, will be lawfully processed by the Data Controller pursuant to article 6 of the Regulation exclusively for the following purposes:
The provision of personal data for the processing purposes stated above is optional but necessary, as failure to provide such data may make it impossible for the Data Controller to establish or to perform the contractual relationship for the provision of the Service.
On the other hand, the provision of data is mandatory when it is required in order to comply with specific legal provisions.
Some of the personal data of Data Subjects (i.e. personal details, contact details and any additional information voluntarily provided within the context of surveys and customer satisfaction questionnaires related to the Service) may also be processed by the Data Controller for marketing purposes (sending of advertising material, direct sales, commercial communications and market research), so that the Data Controller may contact Data Subjects by post, email, telephone (landline and/or mobile, with automated call or call communication systems with and/or without the intervention of an operator) and/or SMS and/or messaging systems and/or social networks in order to: (i) present new products and/or services; (ii) carry out upselling activities, (iii) present offers, promotions and commercial opportunities; and (iv) present surveys and customer satisfaction questionnaires and tests on new products, services or features of products and services already in use to the Data Controller and/or its partners and/or subsidiaries.
If consent is not given to the above processing, Data Subjects will still in any case be able to use the Service.
If, on the other hand, consent is given, Data Subjects may revoke it at any time by sending a request to the Data Controller using the methods indicated in paragraph 8 below.
Data Subjects may also easily object to further promotional email communications by clicking on the appropriate link to withdraw consent, which is found in all promotional emails. Once consent has been withdrawn, Data Subjects will receive a confirmation message. If a Data Subject intends to withdraw his/her consent to the sending of communications by telephone, while continuing to receive communications by email, or vice versa, a request is to be sent to the Data Controller using the methods indicated in paragraph 8 below.
The Data Controller hereby informs Data Subjects that, following the exercise of the right to object to the sending of communications by email, it is possible, for technical and operational reasons (e.g. formation of contact lists already completed shortly before the Data Controller has received the request for objection) that Data Subjects may continue to receive several further messages. Should Data Subjects continue to receive messages after 24 hours have elapsed since the exercise of the right to object, the problem is to be reported to the Data Controller using the contact details indicated in paragraph 8 below.
Contractual obligations and provision of the Service (as described in paragraph 3, letter a)): the legal basis of the processing is art.6 , paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Administrative and accounting purposes (as described in paragraph 3, letter b)): the legal basis of the processing is art.6, paragraph 1, letter b) of the Regulation: i.e. the processing is necessary for the performance of a contract and/or in order to take steps at the request of the Data Subject prior to entering into a contract;
Legal obligations (as described in paragraph 3, letter c) above): the legal basis is art.6, paragraph 1, letter c) of the Regulation, i.e. the processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
Additional purposes of processing: for the processing related to marketing activities (as described in paragraph 4.1) above), the legal basis is art. 6, paragraph 1, letter a) of the Regulation, i.e. the Data Subject has given consent to the processing of his or her personal data for one or more specific purposes. For this reason, the Data Controller requires Data Subjects to provide specific free and optional consent in order to pursue this purpose of processing.
The Data Controller will process the persona data of Data Subjects using manual and IT tools, with systems strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of the data.
The personal data of Data Subjects will be retained for the time strictly necessary to fulfil the main purposes illustrated in paragraph 3 above, or in any case as long as necessary to protect the interests of both the Data Subjects and the Data Controller in civil law (normally, 10 years).
In the case referred to in paragraph 4.1 above, the personal data of Data Subjects will be retained for the time strictly necessary to fulfil the purposes illustrated therein and, in any case, until they withdraw their consent.
The above is without prejudice to any retention periods provided for by the laws or regulations in force.
The personal data of Data Subjects may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer is carried out in compliance with the Applicable Law and, in particular, in accordance with articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to adequate safeguards) of the Regulation.
The personal data of Data Subjects may be disclosed to employees and/or partners of the Data Controller appointed to manage the Service and requests from Data Subjects. These parties, who have been instructed by the Data Controller pursuant to art. 29 of the Regulation, will process the data of Data Subjects exclusively for the purposes indicated in this privacy policy and in compliance with the provisions of the Applicable Law.
The personal data of Data Subjects may also be disclosed to third parties appointed to process personal data on behalf of the Data Controller in their capacity as Data Processors, such as, for example, suppliers of IT and logistics services functional to the operation of the Service or the marketing activities referred to in paragraph 4.1, providers of outsourcing or cloud computing services, professionals and consultants.
Data Subjects have the right to obtain a list of any data processors appointed by the Data Controller by sending a request to the Data Controller using the methods indicated in paragraph 8 below.
Data Subjects may exercise the rights guaranteed to them by the Applicable Law, by contacting the Data Controller at any time, using the following methods:
Data Subjects can also contact the Data Protection Officer (DPO) of the Data Controller at the following email address: [email protected]
Under the Applicable Law, the Data Controller informs Data Subjects that they have the right to be informed about: (i) the origin of personal data; (ii) processing purposes and methods; (iii) logic applied in the event of processing carried out with the aid of electronic tools; (iv) identification details of the data controller and processors; and (v) the parties or categories of parties to whom personal data may be disclosed or which may become aware thereof, in their capacity as authorised parties or processors.
In addition, Data Subjects have the right to obtain:
the deletion, transformation into anonymous form or blocking of the data processed in breach of law, including data that does not need to be stored for the purposes for which it has been collected or subsequently processed;
In addition, Data Subjects have:
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of personal data for this purposes, including profiling to the extent to which it is connected to such direct marketing.
____________
The Data Controller is not responsible for the updating of all the links that can be viewed in this Privacy Policy. Therefore, whenever a link is not functional and/or updated, Data Subjects acknowledge and accept that they must always refer to the document and/or section of the websites referred to in these links.
©MotorK 2023 All Rights Reserved Privacy Policy / Cookie Policy – VAT Number IT 07134830962