INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA
RegalGrid Europe Srl with registered office in via Manin 73, Treviso, hereinafter referred to as the “Data Controller”, informs you pursuant to art. 13 of Legislative Decree no. 196 of 30.6.2003, hereinafter referred to as the “Privacy Code” and art. 13 EU Regulation no. 2016/679, hereinafter referred to as the “GDPR” (General Data Protection Regulation) that your data will be processed in the following manner and for the following purposes:
Object of the processing
The Data Controller processes personal data, such as name, surname, company name, address, telephone numbers, e-mail addresses, bank and payment details, hereafter referred to as “personal data” or even “data”, that you have communicated during the stipulation of contracts for the services provided by the Data Controller.
Purpose of the data processing
Your personal data is processed:
- without your express consent (art. 24 letters a), b), c) of the Privacy Code and art. 6 letters b), e) of the GDPR), for the following purposes:
- to enter into contracts for the Data Controller’s services;
- to fulfil the pre-contractual, contractual and tax related obligations resulting from current business relations with you;
- to fulfil the obligations established by law, by a regulation, by community legislation, or by an order of an Authority (such as for anti-money laundering);
- to exercise the rights of the Data Controller, for example the right to defence in court;
- only subject to your specific and clear consent (art. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following marketing purposes:
- to send newsletters, communications and/or advertising material regarding products or services offered by the Data Controller by e-mail, mail and telephone contacts.
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of the GDPR and more specifically: the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
Your personal data is processed both using paper and electronic means either manually or with automated methods.
The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of providing the service.
Personal data collected for marketing purposes will be retained until the consent is revoked.
Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees of the Data Controller, in their capacity as internal processors;
- to third-party companies or other subjects (credit institutions, professional firms, consultants, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
Without the need for express consent (pursuant to art. 24 letters a), b), d) Privacy Code and art. 6 letters b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes.
These subjects will process the data in their capacity as independent data controllers. Your personal data will not be disseminated.
Personal data is stored in Italy through Cloud services. In any case, it is understood that the Data Controller, if necessary, shall have the right to move the servers even outside the EU.
In this case, the Data Controller hereby ensures that the transfer of data outside the EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
Provision of the data and consequences resulting from the refusal to provide it
The provision of data for the purposes of service is mandatory.
The provision of data for marketing purposes is optional. You can therefore decide not to provide any data or to subsequently deny the right to process the data already provided: in this case, you will not be able to receive newsletters, business communications, and advertising material concerning the Services offered by the Data Controller.
Rights of the data subject
In your capacity as a data subject, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR, and specifically the right to:
- obtain the confirmation of the existence of personal data which concerns you, even if not yet registered, and its communication in an intelligible form;
- obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) the information identifying the Data Controller, the Data Processor and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as a designated representative in the territory of the State, data officers, or data processors;
- obtain: a) the update, correction, or supplementation of the data; b) the deletion, transformation into an anonymous form, or blocking of data processed unlawfully, including data the retention of which is unnecessary for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data has been communicated or disseminated, except in the case where this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right;
- object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even though it is relevant to the purpose of the collection; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct sales, or for the performance of marketing or business communication surveys even through the use of automated call systems without the intervention of an operator, by e-mail and/or through traditional marketing methods using telephone calls and/or paper mail. It should be noted that the data subject’s right to oppose the processing of data, set out in point b) above, for direct marketing purposes through automated methods also extends to all traditional methods and that in any case the data subject maintains the right to object partially. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communications.
Where applicable, the data subject can also exercise the rights referred to in articles 16-21 of the GDPR (Right to rectification, to deletion, to restriction of processing, to data portability, to object), as well as the right to file a complaint with the Italian Data Protection Authority.
How to exercise your rights
You can exercise your rights at any time by sending:
- a registered letter with recorded delivery to: RegalGrid Europe Srl via Manin 73 Treviso.
Data Controller, Data Processor and Persons responsible for processing
The Data Controller is RegalGrid Europe Srl.
The updated list of persons responsible for processing is kept at the registered office of the Data Controller.