Information on the treatment of personal data(Art. 13 G.D.P.R. - General Data ProtectionRegulation - n. 679 del 27 aprile 2016 and D.Lgs. 196/2003 e ss. mod. e int.)
- Personal data and processing of personal data
“Personal data” is any information that relates to an identified or identifiable living individual (the subject to whom the aforementioned data refers to is referred to as ‘data subject’). Personal data is distinguished in “identifiers” (for example: name, surname, date and place of birth, home address, social security number, VAT or other tax code, phone numbers, email addresses, bank references, chamber of commerce company registration report), “special categories”(racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to the health, life or sexual orientation of the person) and data relating to criminal convictions and offenses.
‘Processing of personal data’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Types of data which are subject to the processing
Our company processes, in compliance with the current legislation, your personal “identification” data only, which will be collected, directly or indirectly, in an analogical or digital way, by our employees and/or collaborators, for the purposes referred to in the articles below.
The data mentioned above may be provided directly by you or, in some cases, may also be acquired by third parties (e.g. public and private credit assessment databases) in the initial phase of the contract and to follow up on specific requests (deferred payments, leasing requests, credit insurance etc.).
In any case, the above mentioneddata is used to follow up on your requests and is processed only if in case it shall be necessary.
- General data principles of processing of personal data
The personal data you will provide shall be processed exclusively for the purposes and according to the modalities set out by law (principle of lawfulness), in compliance with ethical and moral values (principle of fairness), allowing you to access the information and the communications regarding their processing at any time (principle of transparency). Furthermore, the data will be processed only for the purposes listed in this policy (purpose limitation) and ensuring appropriate security and confidentiality (integrity and confidentiality); data shall be adequate, relevant and limited to what is necessary in relation to the aforementioned purposes (data minimisation), accurate and, where necessary, kept up to date (accuracy) and kept for no longer than is necessary for the aforementioned purposes (storage limitation).
- Methods of processing of personal data
We also wish to inform you that we use analogical (paper) and digital (IT and telematic) tools, and adopt all the appropriate technical and organizational measures to guarantee the security, integrity and protection of the personal data you wish communicate to us.
The data controller is "Demas S.r.l.", with registered offices atCirconvallazione Orientale n. 4692 - Rome (RM), VAT 00935301002 – Phone +39 06.417905 - E-mail address: firstname.lastname@example.org.
The Data Controller has appointed a Data Protection Officer (DPO), who can always be reached at the following address: Demas S.r.l., Personal Data Protection Officer - Circonvallazione Orientale n. 4692 - 00175, Rome (RM) or by e-mail at the following address: email@example.com.
- Purpose of the processing
Your personal data will be processed:
- to fulfil contractual and pre-contractual obligations (by way of example and not limited to: preparation of quotations, onlineordersand orders in our stores, purchases, payments, financing, product returns, dispute resolution, complaints, invoicing, reporting, answers to your questions and / or requests for information online, etc.);
- tofulfil contractual and pre-contractual obligations in case of purchase of our specialized software (including, by way of example and not limited to: software installation, on-site and remote assistance, without copying and/or storing your and/or your customers’ data by our company and/or the technicians involved, staff training activities, on-site and remote connection to the clinic and laboratory equipment, resolution of problems related to software on site and remotely, recovery and restoration of data following the resolution of any problems, without copying and / or storage of the same by our company and / or the technicians involved, etc.);
- to fulfill legal obligations or to comply with inquiries from governmental authorities (by way of example only: to prevent money laundering and for anti-terrorism purposes, response to any requests from the judicial authorities, communication of data to medical equipment suppliers in compliance with current national and European legislation, etc.);
- to exercise the rights of the Controller, also in court (by way of example and not limited to: protection of the interests of the Controller, debt collection, verification of the entitlements and obligations, damage claims, etc.);
- to pursue our legitimate interest (by way of example and not limited to: proof of transactions, management of the IT system, including shared platforms, business continuity and security of IT systems, management and functioning of the corporate websites, etc.);
- for sending newsletters, promotional campaigns, commercial offers, invitations to events organized by Demas and/or by third parties, general communications and commercial information;
- for the communication of your data to our commercial partners for sending newsletters, promotional campaigns, commercial offers, invitations to events organized by Demas and/or by third parties,general communications and commercial information;
- to analyze your preferences, habits and purchase choices in order to send you personalized commercial communications and offers, as well as to carry out general analysis for strategic commercial orientation, also through the issue of a fidelity card, with which you can participate in prize competitions that may be organized by our company, take advantage of discounts and promotions dedicated to you and obtain purchase vouchers by accumulating points as per our loyalty programs. We specify that, in any case, the release of the fidelity card is not subject to your consent to this data processing concerning profiling.
- Consent and legal framework of the processing purpose
We inform you that for all the processing purposes indicated in letters a), b), c), d) and e) of the previous article, no explicit consent is required. Failure to provide your personal data may make it impossible to proceed with the execution of contractual obligations. On the contrary, regarding the hypotheses referred to in letters f) and g), you are free to refuse your consent for the processing of your personal data for the indicated purposes, bearing in mind that in case of denial you will not receive newsletters from us and/or by our commercial partners, communications regarding promotional campaigns, demonstrations, events and prize contests that may be offered. Also with reference to article 7 letter h) you are free to refuse your consent bearing in mind that, in this case, it will not be possible to send you communications and/or commercial information adhering to your tastes and/or preferences and/or needs; however, it will be possible to issue the fidelity card, if requested by you. The legal basis for the processing of personal data highlighted in the previous article is:
- letters a) and b) fulfilment of contractual and/or pre-contractual obligations,
- letter c) fulfilment of a legal obligation or an order from the Authority,
- letters d) and e) legitimate interest of the Data Controller,
- letters f), g) and h) your explicit consent
- Data access and disclosure to third parties
Your data will be accessible, for the aforementioned purposes, to the employees and collaborators of the Data Controller that are designated and responsible for the processing, in accordance with their functions and the instructions they have received from the Data Controller and exclusively for the purposes indicated in this policy and in compliance with the current legislation. They could also be made accessible to professionals and third-party companies (by way of example: commercial agents, credit institutions, companies offering postal services, couriers, leasing companies, professional firms, consultants, insurance companies for insurance products, companies, technicians and professionals in charge of the maintenance, the update and the management of softwares, suppliers for the traceability of particular types of medical equipment, suppliers for carrying out audits, board of statutory auditors named "Collegio sindacale", Auditor named "Revisori dei conti", Supervisory board named "Organismo di Vigilanza", Data Protection Officer, etc.), who carry out outsourced activities on behalf of the Data Controller in their role as external data processors, always in accordance with the purposes of the processing itself.
Personal data may also be disclosed to commercial partners of our company for marketing purposes, if you have given consent to do so.
The list of data processors is available at the headquarters of the data controller.
- Data retention
Your data will always be processed for the time that is necessary to fulfill the purposes for which it was collected. In particular, for the purposes referred to in art. 7 lett. a), b), c), d) and e), your data will be kept for the time allowed by the Italian law (art. 2946 italian civil code e s.s.) and, in any case, no later than ten years from your last commercial transaction. For the purposes referred to in art. 7 lett. f) and g), your personal data will be processed until the revocation of your consent, or for twenty-four months from the date of registration. For the purposes referred to in art. 7 lett. h), your personal data will be processed until the revocation of your consent, or for twelve months from the date of registration. Sono sempre fatti salvi i casi in cui i dati dovessero risultare necessari per l'accertamento, l'esercizio o la difesa dei diritti del Titolare, anche in sede giudiziaria, che ne potrebbe giustificare il prolungamento sino al raggiungimento dello scopo. The cases in which the data are necessary for the assessment, exercise or defense of the rights of the Controller, even in court, which could justify the extension until the purpose is achieved, are always reserved.
- Personal data of third parties
We also inform you that any conferment of personal data of third parties represents a processing of personal data for which you are considered as an independent Data Controller and, therefore, you take all the obligations and responsibilities provided by the G.D.P.R. 679/2016 and by the Italian Legislative Decree 196/2003 (the Personal Data Protection Code) and and subsequent amendments and additions. In this regard, you guarantee to Demas S.r.l. that you have acquired the data provided in full compliance with current national and European law provisions. Therefore, you grant the widest indemnity against us, with respect to any dispute, claim, request for compensation for damage from treatment, etc. that should reach us, from any third party, due to the provision of the data indicated by you in violation of the applicable rules on the protection of personal data.
- Data transfer to other countries and place of processing of personal data
Your personal data is processedin our main office and in our operationalheadquarters. The aforementioned data can be transferred within the European Union, always in compliance with the limits and with the observance of the obligations set by EU Regulation 679/2016.
- Profiling and dissemination
Your personal data is not subject to disclosure or to any fully automated decision-making process. No profiling process is performed by us, unless expressly authorized by you pursuant to art. 7 letter h).
- Video surveillance
With the occasion, if you decide to visit us in our stores, we wish to inform you that video surveillance systems are installed inside the stores for the purpose of protecting company assets. The processing of the data acquired through the aforementioned systems is based on the assumptions of necessity, legitimacy, proportionality and purpose.
We also inform you that:
the person in charge for the video surveillance is the Data Controller;
the cameras do not film the toilets;
only the Data Controllerand the Workers' Safety Manager will have access to the registrations;
the recordings will be kept for a period of twenty-four hours (except in cases of special needs during the holidays or in the case of a specific investigative request by the Authorities), at the end of this period, the system automatically deletes them, by overwriting;
the images will not be divulgatedexternally in any way
- Rights of the data subject
We inform you that you have the right to:
- access your personal data, in order to know and obtain communications relating to the methods and the purposes of its processing;
- b. ask to update, amend and/or rectify your data;
- delete your data: if it is no longer necessary, if it does not serve the purposes for which it was collected or processed, if you decide to withdraw the consent previously given and there is no other legitimate reason to continue with the processing of the data, if it is necessary to fulfill an obligation established by the law of a State of the European Union;
- request to restrict the processing concerning your data in case: I) of contesting of the accuracy of the personal data, for the period that is required to verify; II) the data has been unlawfully processed and you oppose erasure and request restriction instead; III) the Data Controller no longer needs the data but the data is necessary for the Data Subject in order to establish, exercise or defend a legal claim;IV) pending opposition to the processing and verification of the existence of the possible prevalence of the legitimate reasons of the Controller with respect to those of the interested party (the individual has objected to you processing their data under Article 21(1), and you are considering whether your legitimate grounds override those of the individual);
- request the transmission (portability) of your personal data package (in a structured, commonly used and machine readable format) to another Controller indicated by you;
- to object to the processing of your Data for legitimate interest reasons, for marketing purposes or for historical, scientific and statistical processing.
- towithdraw the consent, where applicable, keeping in mind that it shall not affect the lawfulness of processing based on consent before its withdrawal.
- to file a complaint with the control Authority (the Italian Data Protection Authority - Garante per la protezionedeidatipersonali) by following the procedures and the instructions published on the official website of the Authority www.garanteprivacy.it
- Modalities for the exercise of the rights of the data subject
To exercise your rights you can send a request by registered letter with return receipt to the address of the Data Controller or by e-mail at firstname.lastname@example.org