The IJS company, as Data Controller of personal data in accordance with Articles 4 and 28 of Legislative Decree 30 June 2003, n. 196 – Privacy Code (hereinafter “Code”) and of articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereafter referred to as the “Rules”) pursuant to art. 13 of the Code and 13 of the Regulations that will proceed to the processing of personal data referred to customers or to those who request information via the form.
Subject of treatment
The data processed are: personal data; Identity card; contact information such as telephone number, e-mail address) paying special attention to “hidden” data such as eg IP address.
The treatment will be carried out with digital / analogical means. The data will not be subject to public dissemination.
Purpose of processing
The processing of data will be carried out to allow the carrying out of activities related to the establishment and management of the service requested to the holder. Only if expressly authorized by means of appropriate flag / check the data will be used for sending commercial information.
The data will be processed in a lawful manner, according to correctness and confidentiality, in compliance with the minimum security measures as provided for by the Code and the Regulations.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for: no more than 10 years from the conclusion of the contract; no more than 2 years from the request for information; In case of consent to the processing for sending commercial information, the email that will be inserted in the sending list will be used for the above mentioned purposes until the cancellation by the user and in any case no later than 5 years from the sending of the last email containing commercial information.
The Data Controller may communicate the data for the purposes referred to in art. 2 to supervisory bodies.
Storage and Data Transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in -indicate the country-.
Furthermore, for the purposes -indicate purposes (eg webmarketing) – the Owner, intends to move the location of the servers in non-EU countries. The Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission. In particular – indicate the reference to appropriate or appropriate warranties and the means to obtain a copy of such data or the place where they were made available – look at art.46-]
Rights of the interested party
The customer in his capacity as an interested party, has the rights set forth in art. 7 of the Privacy Code and art. 15 of the Rules and precisely:
1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him / her, even if not yet registered, and their communication in intelligible form.
2. The interested party has the right to obtain the indication:
a) of the origin of personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identifying details of the holder, the managers and the representative;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
3. The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.
4. The interested party has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him / her for the pursuit of purposes not contemplated by art. 2.
Also in accordance with articles 15 and following of the GDPR, the user has the right to ask at any time, access to his personal data, the correction or cancellation of the same, the limitation of treatment in the cases provided for by art. 18 of the GDPR, obtaining, in a structured format, in common use and readable by automatic device, the data concerning him, in the cases provided for by art. 20 of the GDPR. At any time, the user can revoke ex art. 7 of the GDPR the consent given; propose a complaint to the competent supervisory authority pursuant to Article 77 of the GDPR if it considers that the processing of your data is contrary to the law in force.
The user can make a request for opposition to the processing of his personal data pursuant to Article 21 of the GDPR in which to give evidence of the reasons justifying the opposition: the Owner reserves the right to evaluate the application, which would not be accepted in case of existence of legitimate binding reasons to proceed with the processing that prevail over the interests, rights and freedom of the user.
The interested party at any time can exercise the rights referred to in the previous article by sending an e-mail to: firstname.lastname@example.org
Data protection officer.
The holder informs that he has appointed IJS as data protection manager, who can be contacted at the following addresses: email@example.com
cell: +39 031 564565.