Dear Customer/Supplier
Information for the processing of personal data pursuant to article 13, Legislative Decree 30 June n. 196 and of the articles 13 and 14 of EU Regulation 2016/679
Premise
In compliance with Legislative Decree 30 June 2003 n. 196 and EU Regulation 2016/79 (hereafter "Regulations"), Idea Group IGM srl, as data controller, is required to provide you with information regarding the purposes and methods of managing your personal data (of hereinafter we will refer to you as "Interested"), as well as the scope of communication and dissemination of the same, the nature of the data in our possession and their provision.
Purpose of the treatment
Personal data is processed within the normal activity of the company for the following purposes:
a) execution of obligations deriving from contracts entered into with Idea Group IGM and/or fulfillment of pre-contractual activities for specific requests from the interested party;
b) fulfillment of obligations established by laws, regulations or community legislation (e.g. accounting, invoicing and payment processes);
c) other activities connected and instrumental to the management of relations with the interested party, creditworthiness investigations, information and commercial activities, carried out by letter, telephone, electronic messages, newsletters, profiling, and subscription to our mailing lists.
Owner of the treatment
The owner of the processing of personal data referred to in this Information is the company of GABRIELE GOTTANI, legal representative of the Company IDEA GROUP IGM S.RL. PI 02404300309 with registered office in PADUA in Via TRIESTE 28 BIS.
Method of treatment
The processing will be carried out in an automated and/or manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed for this purpose.
Scope of communication, dissemination and treatment
Your data, subject to processing, will not be disclosed, but may instead be communicated to associated companies, abroad and within the limits of the law in order to comply with contacts or purposes connected to third parties belonging to the following categories:
1- subjects that provide services for the management of the company's information system and telecommunications networks (including e-mail);
2- service companies for the acquisition, registration and processing of data from documents or supports supplied and originals by the customers themselves and having as their object massive processing relating to payments, bills, checks, and other securities;
3- subjects who carry out customer assistance activities (e.g. call centres, help desks, etc.)
4- studies or companies in the context of assistance and consultancy relationships;
5- subjects who carry out control, audit and certification duties of the activities carried out by the company also in the interest of customers;
6- subjects that provide services for the management of communication processes (including the mailing list).
Your data will be managed and stored in European Union countries, or in third countries deemed adequate by the European Commission, or in countries with which the European Union has established special agreements (e.g. the so-called "Privacy Shield" with the USA) , for the duration of these agreements.
The joint data controllers will be responsible for the same protection that this information assigns them.
Data conservation period and protection of the same
The data will be kept without time limitation. The data is subject to a constant back-up procedure by Idea Group IGM or in the envisaged processing areas.
Nature of the provision
The provision of data for activities requested by the interested party is acquired and mandatory without a further request for consent in execution of obligations deriving from contracts stipulated with Idea Group IGM and/or fulfillment of pre-contractual activities for specific requests from the interested party.
The provision of your data for all other purposes is optional for you. The owner also informs that any non-communication, or incorrect communication, of one of the mandatory information necessary for the contract, has as a consequence:
1- the impossibility of the owner to guarantee the adequacy of the treatment itself to the contractual agreements for which it is performed;
2- the possible non-correspondence of the results of the treatment itself to the obligations imposed by the tax, administrative or labor legislation to which it is addressed.
The optional consents for the management of the data of the interested party are documented according to procedures considered unequivocal (such as two-factor authentication and the "double-opt-in" system), according to the exchange of communications with the interested party, or through the authorization expressed provided in written or digital forms.
Responsability and risk management
The data controller constantly adjusts the data management and procedures in order to ensure the application of the regulations in force. The activities and workflows take into account the data from the origin of the processing and have been considered compliant with the type of data managed, limiting unnecessary processing for the activity. The processing register has not been adopted as the outcome of this verification and the legislation do not provide for it for our structure.
The data controller has adopted the following security procedures:
– Identification of data processors;
– Personal password;
– Access restrictions;
– Alarm system;
– Check privacy procedures in the context of additional owners and service providers;
– Constant copying of data;
– Updating of systems;
– Verify absence of sensitive data;
– Request for the implementation of security procedures by the service providers;
– Verification and reporting procedure in case of unauthorized access to premises or data.
Right of access to personal data and other right
You can assert your rights as provided for by current legislation by contacting the data controller directly with a written request. We also inform you of the rights that the current legislation assigns you:
1- The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
2-The interested party has the right to obtain the indication:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identifiers of the owner, of the managers and of the designated representative pursuant to article 5, paragraph 2; of the subjects or categories of subjects to whom the personal data may be communicated or who can become aware of them as appointed representative of the territory of the State, managers or agents.
3- The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose conversation is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters: a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means manifestly disproportionate to the protected right.
4- The interested party has the right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.
5- The interested party has the right to request a copy of personal data, or to request its transfer to third parties.