Basic policy for marketing activities
Who is the data controller?
|Maccaferri Romania s.r.l.||ap B11 Bucharest 014132, Romania|
Who is the data protection officer?
|Colin Partners – Avv. Valentina Fredianifirstname.lastname@example.org|
Who are the recipients?
|external data processors and any additional data controllers and / or joint controllers||
How your personal data will be treated?
will be treated:
The treatment takes place
on the basis of:
concerning you are:
|for execution and management of the request to participate in the event/conference, including archiving and storage and also communication to recipients and/or third parties depending on the contractual relationship and the resulting obligations||activities planned for participation in the event and the consequent fulfillment of activities arising from the request for participation||
|for the fulfillment of IT security obligations||legitimate interest of the data controller or third parties and recipients||logical access|
|For sending promotional communications of the Controller’s services/activities||your consent||
|For the communication of personal data to subsidiaries of the Maccaferri Group for their own purposes also related to marketing (also outside the EU)||your consent||
The Data Controller informs you that you can exercise at any time the right of complaint to the competent authority and the other rights provided for in Articles 15 and ss. of the European Regulation (EU) 2016/679.
For more information, contact us at email@example.com
Information – Marketing activities
Who are we and how do we manage your personal data?
Maccaferri Romania s.r.l., ap B11 Bucharest 014132, Romania (hereinafter also the Data Controller), as data controller, is concerned with the confidentiality of your personal data and to guarantee them the necessary protection from any event that could put them at risk of infringement.
The Data Controller puts into practice policies and practices with reference to the collection and use of personal data and the exercise of the rights that are recognized by the applicable legislation. The Data Controller takes care to update the policies and practices adopted for the protection of personal data whenever this becomes necessary and in any case in the event of regulatory and organizational changes that may affect the processing of your personal data.
The Data Controller has appointed a data protection officer who you can contact if you have questions about the policies and practices adopted by the Company. The contact details of the data protection officer are as follows: firstname.lastname@example.org
How and why does the Data Controller collect and process your data?
The Data Controller collects and / or receives information concerning you, such as:
- name surname
- physical and telematic address
- phone and / or mobile phone number
- relating to commercial and / or professional activity
- logical access
Your personal information will be processed for:
1) management of participation in the event
The processing of your personal data takes place to carry out the preliminary activities and consequent to the management of your relationship with the Data Controller and to those instrumental and functional to its performance, as well as for the fulfillment of any other obligation deriving from it.
The obligations to which the Data Controller must fulfill depending on the contract and specific regulations governing it, are those of:
– monitoring/updating the conditions of the service.
The communication of your personal data takes place mainly towards third parties and/or recipients whose activity is necessary for the performance of the activities related to the aforementioned purposes, and also to respond to certain legal obligations, such as:
1. IT support company and hosting company;
companies that offer website management and maintenance services
2) for IT safety purposes
The Data Controller processes your personal data, including computer data (eg logical accesses) or traffic collected or obtained in the case of services displayed on the website or on platforms referable to the Data Controller (eg for event registration), to the extent strictly necessary. and proportionate to ensure the security and ability of a network or servers connected to it to withstand, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and on the basis of a legitimate interest of the Data Controller.
For these purposes, the Data Controller provides procedures for the management of the violation of personal data (data breach) in compliance with the legal obligations to which it is / are required to fulfill
3) for the activity of sending promotional communications
The processing of your personal data takes place to propose new services / products, and to send you advertising materials and / to carry out market research. The processing of your data (such as name, surname, physical and electronic address, landline and / or mobile phone number, relating to commercial and / or professional activity) can take place for:
- telephone contact even without an operator;
- paper mail.
Processing in question can be carried out if you give your consent for the use of the data also with reference to the methods of communication, both traditional and automated, with which the processing takes place;
4) for communication to Maccaferri Group companies
Furthermore, your data, always with your consent, may be disclosed to Group companies (including OM’s affiliates listed at the following link Consociate Maccaferri hereinafter the “Affiliates”), also located outside the EU for their own purposes, including those related to the promotion of their products / services.
Your personal data will in no way be disseminated or disclosed to indeterminate subjects.
The Data Controller transfers your personal data to non-EU countries, to the Affiliates (here is the list of countries where they are located) on the basis of the consent you may wish to provide. In this sense, we inform you that the transfer in question not being subjected to any specific guarantee provided for by the EU Regulation, may present some risks related to the potential access to your data by Security Authorities and / or similar bodies without you may object to such access.
The personal data that the Data Controller processes for this purpose are, among others:
- name, surname, physical and electronic address, landline and / or mobile phone number
- tax code or VAT number
relating to commercial and / or professional activity.
What happens if you don’t provide your data?
Your data, collected by the Data Controller indicated are considered necessary and failure to provide it will make it impossible for the Data Controller to carry out the activities relating to the main processing, namely to:
- management of the request to participate in the event / conference;
- the obligations, including legal ones, that derive from the established relationship.
What happens if you do not give your consent to the processing of personal data for the purpose of sending promotional communications regarding the activities/services of the Data Controller and for communication to Group companies?
The processing of your personal data will not take place for these purposes; this will not affect the processing of your data for the main purpose, nor for that for which you have already given your consent, if requested.
In case you have given authorization and you should subsequently revoke it or oppose the processing for marketing purposes, your data will no longer be processed for marketing activities, without this having consequences or detrimental effects for you.
How and for how long are your data stored?
Data processing is carried out through paper supports or IT procedures by specifically authorized and trained internal subjects. They are allowed access to your personal data to the extent and to the extent that it is necessary for the performance of the processing activities that concern you.
The Data Controller periodically checks the tools by which your data are processed and the security measures envisaged for them which require constant updating; verifies, also through the subjects authorized to process, that personal data that do not need to be processed are not collected, processed, archived or stored; verifies that the data are kept with the guarantee of integrity and authenticity and of their use for the purposes of the treatments actually carried out.
The data is stored in databases, paper, computer and telematic archives located within the European economic area, and adequate security measures are ensured. Any transfers that you have authorized with your consent are reserved (see point 4 above)
The Data Controller may process, store, and transfer your personal information in and to a foreign entity listed at the following link, with different privacy laws and the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. If you have any questions regarding the transfer of your personal information, please contact Data Controller at email@example.com.
For how long
The personal data processed by the Data Controller are kept for the time necessary to carry out the activities related to the management of the contract and up to ten years following its conclusion or from when the rights that depend on it can be asserted (pursuant to articles 2935 and 2947 of the Italian Civil Code); as well as for the fulfillment of obligations (eg tax and accounting ones) that remain even after the conclusion of the contract (Article 2220 of the Italian Civil Code), for the purposes of which the Data Controller must keep only the data necessary for their pursuit. The cases in which the rights deriving from the contract should be asserted in court are reserved, in which case your data, only those necessary for these purposes, will be processed for the time required for their pursuit.
Personal data processed for marketing purposes (direct, research and market surveys) will be kept for 24 months in compliance with the ruling on the point of the national guarantor authority, although still effective, unless the consent you have given is revoked and / or unless you object to the processing.
However, your right to object to processing based on legitimate interest for reasons related to your particular situation is reserved at any time.
Once all the purposes that legitimize the storage of your personal data have been exhausted, the Data Controller will take care to delete them or make them anonymous.
What are your rights?
The rights that are recognized to you allow you to always have control of your data. Your rights are those of:
- withdrawal of consent;
- limitation of processing;
- opposition to processing;
Your rights are guaranteed to you without special charges and formalities for their exercise which is essentially free of charge. You are entitled:
- to obtain a copy, also in electronic format, of the data you have requested access to. Should you require further copies, the Data Controller may charge you a reasonable fee;
- to obtain the cancellation of the same or the limitation of processing or even the updating and correction of your personal data;
- to obtain, in the latter cases, that other data controllers to whom, if your data have been communicated or the recipients of the same, are made part of your request and the outcome of the exercise of your rights so that also they arrange to cancel, suspend or interrupt the processing or to rectify your data;
- to obtain any useful communication regarding the activities carried out following the exercise of your rights without delay and in any case, within one month of your request, unless extended, justified and up to two months, which must be duly communicated to you.
For any further information and in any case to send your request, contact the Data Controller at firstname.lastname@example.org
Basically you, at any time and free of charge and without special charges and formalities for your request, can;
- obtain confirmation of the treatment carried out by the Data Controller
- access your personal data and know its origin (when the data are not obtained from you directly), the purposes and purposes of the processing, the data of the subjects to whom they are communicated, the retention period of your data or the criteria useful to determine it;
- update or rectify your personal data so that they are always exact and accurate;
- withdraw consent at any time, if this constitutes the basis of the processing. In any case, the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before the withdrawal itself;
- delete your personal data from the databases and / or archives, including backups, of the Data Controller in the event, among others, in which they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and always if they exist the conditions required by law; and in any case if the processing is not justified by another equally legitimate reason;
- limit the processing of your personal data in certain circumstances, for example where you have contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. You must also be informed, within a reasonable time, of when the suspension period has been completed or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked;
- obtain your personal data, if received or processed by the Data Controller with your consent and / or if their processing takes place on the basis of a contract and with automated tools, in electronic format also in order to transmit them to another data controller.
The Data Controller must proceed in this sense without delay and, in any case, at the latest within one month of receiving your request. The deadline can be extended by two months, if necessary, taking into account the complexity and number of requests received. In such cases, the Data Controller, within one month of receiving your request, must inform you and make you aware of the reasons for the extension.
How and when can you object to the processing of your personal data?
For reasons relating to your particular situation, you can object to the processing of your personal data at any time if it is based on legitimate interest, by sending your request to the Data Controller at email@example.com.
You have the right to delete your personal data if there is no legitimate reason overriding the one that gave rise to your request, and in any case in the event that you have opposed the processing for marketing purposes (direct, research and surveys of market).
Who can you lodge a complaint with?
Without prejudice to any other administrative or judicial action, you can lodge a complaint with the supervisory authority for the protection of personal data (following the instructions given by the Garante at the link).