PRIVACY DISCLAIMER MOD. INF
REV. 0 DATED 05.01.22
Pursuant to art. 13 of regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter GDPR, the Company IVPC Service S.R.L., as Controller, informs you of the following:
A) Purposes and legal basis for the processing of personal data
Your personal data will be processed exclusively for the following purposes:
to pursue, in accordance with art. 6.1, point f) of the GDPR, one's own legitimate interest, consisting in guaranteeing the security of the Site and the information exchanged on it, i.e. the ability of this Site to resist, at a given level of confidence, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered by or made accessible via this system;
to allow the fulfilment of pre-contractual and contractual obligations following requests for evaluation/information, any legal and/or regulatory obligations (e.g., tax and accounting obligations, etc.) and internal controls;
to manage the relationship with the customer, in particular responses to requests to facilitate the continuation of communication;
to comply with legal obligations, regulations, national and EU laws and legislation deriving from rulings made by competent authorities (such as for example anti-money laundering);
to exercise the right of the Controller, for the example, in a court of law;
Method of personal data processing
Your data will be processed in accordance with the current legislation above. In particular, personal data will be processed using manual and IT and/or telematic tools, in order to guarantee the security and confidentiality of the same, as well as full compliance with the law.
B) Categories and origin of personal data
Personal data processed are those you provide by filling the CONTACT US NOW form on the website www.ivpc.com, as well as any data transmitted by e-mail or telephone.
C) Provision of data
Your processed personal data are collected directly by the interested party.
With reference to the purposes referred to in points A1), A2), A3), A4) and A5), the provision of data is necessary in order to fulfil the aforementioned purposes as well as legal and contractual obligations. The processing of data for this purpose does not require your consent.
D) Scope of communication
Within the limits relevant to the purposes of the indicated data processing, only processors belonging to the organizational structure of the Data Controller may become aware of the same.
It should be noted that your data may be transmitted to the following recipients:
- Internal authorized person who processes the data for the provision of the service;
- Suppliers and/or partners to the extent necessary for the execution of their service;
- IT company;
The list is available at the headquarters of the Data Controller.
E) Data Retention
In accordance with the principle of "storage limitation" referred to in art. 5 of Regulation (EU) no. 679/2016 (GDPR), the data collected subject to processing for the purposes indicated above, will be stored according to the deadlines set by the law and, subsequently, for the time in which the Company is subject to conservation obligations by law or regulation. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
F) Data Profiling and Disclosure
G) Rights of the Data Subject
Pursuant to art. 15 of GDPR, Data Subject has the right to:
H) Data Controller and Data Protection Officer
- obtain confirmation as to whether or not his personal data exist, even if not yet registered, and their communication in an intelligible form;
- obtain information about: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identity of the owner, managers and designated representative pursuant to art. 3, paragraph 1 of GDPR; e) the person or class of persons to whom personal data may be communicated or who can learn about them as appointed representative in the State, as manager or authorized;
- obtain: a) updating, rectification or, when interested, integration of data; b) the erasure, transformation into anonymous form or blocking of data unlawfully processed, including data which need not to be kept for the purpose for which data were collected or processed; c) notice that the operations referred to in paragraph a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except in the case in which this fulfilment is impossible or involves the use of means manifestly disproportionate to the protected right;
- object, in whole or in part, at any time to processing of personal data: a) for legitimate grounds, even if pertinent to the purpose of the collection; b) where personal data are processed for direct marketing purposes or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, through e-mail and/or through traditional marketing methods by telephone and/or paper mail. Therefore, the Data Subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
- Right to rectification of his personal data in the event that they are modified and do not correspond to those previously acquired or communicated (art. 16)
- Right to erasure (“right to be forgotten” art. 17). Where one of the following grounds applies, IVPC Service S.R.L. deletes the data from all databases and archives where it is contained:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent and there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Art. 21, paragraph 1, and there are no overriding legitimate grounds for the processing, or the data subject objects pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1.
- Right to restriction of processing (art. 18). The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment exercise or defence of legal claims;
- the data subject has objected to the processing pursuant to art. 21, paragraph 1, pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to object (art. 21-22): the data subject shall have the right to object, on grounds relating to his particular situation, at any time to processing of personal data concerning him which is based on point e) or f) of Article 6(1), including profiling based on those provisions. IVPC Service S.R.L. does not submit data to automated individual decision-making.
Propose a complaint to the supervisory authority (Authority for the protection of personal data - based in Rome, Piazza di Monte Citorio no.121 - www.garanteprivacy.it );
The controller of the processing is IVPC Service S.R.L. having its registered office at Vico S. Maria a Cappella Vecchia n. 11 - 80121 NAPOLI - VAT and Business Register no. 01969560646.
The Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org