A. Data controller
EOS Mktg&Communication Srl, based in Via Pietro Mascagni, 8, 20811 Cesano Maderno (MB), Italy, as the data controller, hereinafter referred to as “Data Controller”, informs you that, in compliance with Art. 13 of Legislative Decree no. 196/2003 (hereinafter “Personal Data Protection Code”) and Art. 13 of the EU Regulation 2016/679 (hereinafter “GDPR”), your data will be processed in the manner and for the purposes as follow:
1. Object of the processing
The Data Controller processes the personal and identification data (e.g. name, surname, company name, address, telephone, e-mail, bank and payment details – hereinafter “Personal Data” or “Data”) communicated by you at the conclusion of contracts for the services of the Data Controller.
2. Purposes of the processing
Your personal data are processed for correct management of the requested service. In particular, personal data are processed as follows:
A) Without your express consent (Art. 24 letters a), b), c) of the Personal Data Protection Code and Art. 6 letters b), e) of the GDPR), for the following service purposes: - concluding contracts for the services of the Data Controller; - fulfilling pre-contractual, contractual, and tax obligations arising from our relationships with you; - fulfilling the obligations established by the law, a regulation, a community legislation, or an order of the authorities (e.g. for anti-money laundering).
Furthermore, beyond the actual fulfilment of the contract, the data provided may be processed for the achievement of legitimate interests of the Data Controller i.e., for example, for the assessment of legal claims and defence in legal disputes, measures for the operational management and further development of products and services, the control and optimisation of need assessment procedures for direct talks with customers, the prevention of abuse and fraud in the use of our services (e.g. fraudulent activities, spam, etc.), the transmission of data to public authorities provided that they are required in compliance with the legal provisions, and marketing or market research activities, unless you have not objected to the use of your data.
B) Only subject to your specific and distinct consent (Art. 23 and 130 of the Personal Data Protection Code and Art. 7 of the GDPR), for the following marketing purposes: commercial promotion, advertising, purchase solicitation, market research activities, surveys (also by telephone, on-line, or through forms), statistical elaboration activities (with identifying data), other sample surveys, and other types of processing activities in their broadest sense (including subsequent management and administrative activities), e.g. sending by e-mail, mail, SMS and/or telephone newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller or aimed at the assessment of your satisfaction degree with the quality of our services as well as the drafting and processing of statistical data.
Please note that, if you are already a customer of ours, we could send you commercial communications related to services and products of the Data Controller similar to those you have already used, subject to your dissent (Art. 130 c. 4 of the Personal Data Protection Code).
If you gave the Data Controller your consent to the processing of your data for specific purposes (e.g. for marketing purposes), such processing is legal on the basis of your consent. Consent can be revoked at any time. This also applies to the declarations of consent provided to the Data Controller before the entry into force of the GDPR, i.e. before May 25, 2018. The revocation of consent does not affect the lawfulness of any data processing activity in the period prior to the revocation.
3. Types of processing
Your personal data are processed through the operations provided for by Art. 4 of the Personal Data Protection Code and Art. 4 no. 2) of the GDPR, namely: collection, registration, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data.
i) Your personal data are subjected to both paper and electronic and/or automated processing.
ii) The Data Controller will process your personal data for the time needed to fulfil the service purposes and in any case in compliance with its contractual and legal obligations.
As regards the processing of personal data for marketing purposes, these will be held in accordance with the principle of proportionality and, in any case, until the accomplishment of the purposes of the processing or until the withdrawal of your specific consent, as well as for the time necessary to fulfil legal obligations.
4. Access to data
Your data can be made accessible for the purposes referred to in Art. 2.A) and 2.B): - to employees and collaborators of the Data Controller in Italy and abroad, acting as officers and/or internal data processors and/or system administrators; - to third-party companies or other parties (e.g. credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) carrying out outsourced activities on behalf of the Data Controller, acting as external data processors.
5. Communication of data
Without the need for express consent (Art. 24 lett. a), b), and d) of the Personal Data Protection Code and Art. 6 lett. b) and c) of the GDPR), the Data Controller can communicate your data for the purposes referred to in Art. 2.A) to supervisory bodies, judicial authorities, and insurance companies for the provision of insurance services, as well as to subjects to whom such communication is mandatory by law for the accomplishment of the said purposes. These subjects will process the data in their capacity as separate data controllers. Your data will not be disseminated.
6. Data storage and transfer
Personal data are stored on servers located within the European Union. It is in any case understood that, if needed, the Data Controller will have the right to move the servers even outside the EU. In that case, the Data Controller guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of standard contractual clauses provided for by the European Commission.
7. Provision of data
The provision of data for the purposes referred to in Art. 2.A) for service purposes is mandatory. Without them, we cannot guarantee the provision of the services referred to in Art. 2.A).
The provision of data for marketing purposes referred to in Art. 2.B) is optional. You can therefore decide not to provide any data or to subsequently object to the use of data already provided: in that case, you will not be able to receive newsletters, commercial communications, and advertising material related to the services offered by the Data Controller. However, you will continue to be entitled to the services referred to in Art. 2.A).
8. Rights of the Data Subject
As the Data Subject, you have the rights referred to in Art. 7 of the Personal Data Protection Code and Art. 15 of the GDPR, namely: i. obtaining the confirmation of the existence of personal data concerning you, even if not registered yet, and their communication in an intelligible form; ii. obtaining information about: a) the origin of the personal data; b) purposes and methods of processing; c) the rationale applied in case the processing is carried out with electronic tools; d) the identification details of the data controllers and processors and of the designated representative in compliance with Art. 5, c. 2 of the Personal Data Protection Code and Art. 3, c. 1 of the GDPR; e) the parties or categories of parties to which personal data can be communicated or that can access them as designated representatives on the Italian territory, processors, or officers; iii. obtaining: a) the updating, the correction, or, if required, the integration of data; b) the cancellation, anonymisation, or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which they were collected or subsequently processed; c) the attestation that the operations referred to under lett. a) and b), including their content, have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this proves impossible o requires the use of manifestly disproportionate means to the protected right; iv. opposing, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if they are relevant to their collection purposes; b) to the processing of personal data concerning you for the purpose of sending advertising, direct sale, market research, or commercial communications through the use of automated call systems without the intervention of an operator, by e-mail, and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the right to object of the Data Subject for direct marketing purposes using automated methods, as per paragraph b) above, is also extended to conventional methods and that, in any case, the possibility remains for the Data Subject to exercise the right to oppose only partially. Therefore, the Data Subject can decide to receive only communications through conventional methods, only automated communications, or neither of them. Where applicable, the Data Subject also has the rights referred to in Art. 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Guarantor Authority.
9. Exercise of rights
You can exercise your rights at any time by sending: - a registered letter to EOS Mktg&Communication Srl – Via Pietro Mascagni, 8 20811 Cesano Maderno (MB), Italy - an e-mail to: firstname.lastname@example.org
You can send also send your message to the customer security system manager: email@example.com
10. Data controllers, data processors, and officers
The Data Controller is EOS Mktg&Communication Srl, based in Via Pietro Mascagni, 8, 20811 Cesano Maderno (MB), Italy.
The Data Processor is Alessia Venturi.
An updated list of data controllers and processors is kept at the registered office of the Data Controller.