Pursuant to current legislation in the framework of the 2016/679 EU Regulation (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Privacy Code), and in relation to personal data concerning you and which will form object of treatment, we inform you of the following.
Pursuant to said law, your personal data will be processed in accordance with principles of fairness, lawfulness, relevance, transparency and protection of your confidentiality and of your rights.
CONTROLLER AND DATA PROTECTION OFFICER
The controller is Across srl in the person of its pro tempore legal representative, with headquater in Turin, Via Confienza 11, pec: email@example.com.
The company has designated, pursuant to art. 37 GDPR, a Data Protection Officer. The DPO can be contacted at the appropriate email address: firstname.lastname@example.org
1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
The purpose of data processing
a) is to perform the services offered through the portal and manage requests or subscriptions to initiatives reserved for registered users; the legal basis of the processing is its requirement in order to fulfil the request of the data subject
b) with your express consent is to collect data for marketing purposes in order to send commercial communications by traditional means (post and landline) or automated means (email, mobile, text, MMS, fax, social media, whatsapp, telegram) related to the activity of the controller or of their third-party clients, stakeholders or partners; the legal basis of the processing is the consent of the data subject
c) with your express consent can be to perform market research and statistical analyses: marketing and for analysis and definition of profiles and preferences; the legal basis of the processing is the consent of the data subject
d) with your express consent can be to disclose data to third parties as described in point 6 below for marketing purposes; the legal basis of the processing is the consent of the data subject
e) can be to trace the perpetrators of possible crimes only in case of specific requests from and on behalf of the competent authorities; the legal basis of the processing is the protection of the controller’s rights in relation to legal obligations.
f) This site uses services and interactions with external platforms in order to offer the best browsing experience. These external services and platforms may collect, for the Controller, information, always anonymous and never identifying, about the user's behavior. Also, these external services and platforms may collect certain user data, governed directly by their privacy settings.
2. DATA PROCESSING METHODS AND DATA STORAGE TIME
a) is performed via operations or sets of operations as: collection, recording and organisation; processing, including alteration, alignment, combination; use, including consultation, disclosure, selection, extraction; blocking of disclosure, erasure, destruction; security, protection, including availability, confidentiality, completion, protection;
b) is performed by electronic or automated means, with the insertion and collection of data in electronic databases belonging to Across srl, through which operations listed in a) are then conducted;
c) is also performed to complete and enhance the data collected with freely and lawfully available data, by non-electronic means and organised in paper-based filing systems;
d) is performed directly by the controller’s organisation, as well as possibly by third parties to provide services to their clients.
e) data collected to perform activities for the purposes described can be transferred abroad in accordance with the rules provided for in applicable law, by taking all appropriate precautions to ensure an adequate level of protection of said data.
The data will be processed by appointees, i.e. persons authorised to process the data, appointed by the data controller to carry out activities instrumental to the purposes described above. The data may also be processed by data processors, who act on behalf of Across S.r.l. ex art. 28 of the GDPR. In particular, the data may be made available to third party companies that carry out activities on behalf of Across S.r.l. in outsourcing, to companies providing commercial information and authorised to access public offices, registers and bulletins, and to banks for the purposes provided for by law. The identification data of any appointed data processors can be acquired by writing to Across S.r.l. at email@example.com or at the physical address of the headquarters of Across S.r.l.
Data provided by the data subject can be consulted by banks where lawfully available and used to update, rectify and complete information already provided and to verify compliance with requirements to access specific benefits and advantages.
Moreover, personal data can be disclosed to third parties and to government departments in order to comply with contractual obligations and the law.
Data will be stored as long as necessary for the pursued purposes, in accordance with legal obligations and restrictions provided for by law regarding data erasure.
Cookies are text files that websites send to a visitor’s computer or other device connected to the internet, to uniquely identify the visitor’s browser itself or to save information or settings on the browser.
4. PROVISION OF DATA
Without prejudice to the autonomy of the data subject, providing personal data shall be:
a) obligatory under domestic or EU law or regulations;
b) strictly necessary for implementing the services offered, as well as to fulfil accounting and tax requirements;
c) optional with the aim of performing informational, marketing and promotional activities regarding the services available to the data subject.
The controller maintains that any mistake in communicating data considered obligatory (a-b) may render it impossible for the controller to guarantee the suitability of the processing pursuant to the contractual conditions for which it was provided, and may also result in the absence of communication of the data processing results according to legal obligations.
Moreover, please note that should you provide data and consent, you can at any point exercise your rights set forth in point “Data subject rights”, and that any consent given in relation to receiving messages through traditional or automated means can be revoked or limited to just one of the communication methods mentioned above.
5. REFUSAL TO PROVIDE DATA
Should the data subject refuse to provide personal data
a) in cases referred to in point 1, a), they will be unable to use the services offered through the portal;
b) in cases referred to in point 1 b) and c), there will be no consequences on legal relationships that have been previously established, but it will exclude the possibility of performing informational or promotional activities regarding other initiatives available to the data subject
6. DISCLOSURE OF DATA
a) With your express consent, personal data can be disclosed to Across srl’s affiliates, subsidiaries and commercial partners for marketing purposes
b) with your express consent, personal data can also be disclosed to Across srl’s third-party clients, stakeholders and partners who, acting as independent data controllers, disseminate commercial communications via the internet, post, email, phone (text message, MMS, telemarketing). These third parties (the updated list of which is always available upon request from the Controller) belong to the product categories described below:
Communications: ICT products and services;
Finance and banking sector: financial firms, insurance companies, investments, social security, Credit Ratings;
Leisure: publishing, tourism, sport, collecting, photography, hobbies, communication and entertainment, art, music;
Distribution and business: electronics, computers, image and sound, fashion, accessories, clothing, textile, bazaar, cosmetics and sanitary hygiene, chemical, pharmaceutical and bio-technology, agro-food, catering with administration supermarkets, drinks, office supplies, furniture;
Automotive: products and services related to cars, industrial vehicles, bicycles and motorcycles, trucks, mechanics and metallurgy;
Dental and cosmetic sector;
Energy and water: products related to electricity, hydrocarbons, gas, water and utilities;
NGOs and charities: products and services related to not-for-profit organisations, foundations;
Education, training, university;
Communication and services: advertising agencies, marketing firms, event managers, consultancies, PR firms, advertising sales companies, media centres, telecommunications, market researchers; mobile marketing agencies;
Ecology and environment;
Construction, civil engineering and real estate products/services: construction, decoration, home, design, real estate agencies;
Exhibitions and events;
IT, internet, e-commerce websites;
If you want to known the third companies detailed list to which data are transmitted, please write to firstname.lastname@example.org, since the list of partners and clients changes very often, we’ll provide you a complete and update list.
Any communication in addition to the above and any further dissemination will only take place with your explicit consent.
6.2 Data could therefore be disclosed, transferred or provided under license with your express consent to natural and/or legal persons belonging to the categories described above, for the same purposes as those described in this document. These parties operate as “independent controllers” or as “processors”.
The data provided may be transferred to countries belonging to the European Union and to countries outside the EU, in order to comply with the aforementioned purposes. The data will be transferred according to Article 44 - General principle for the transfer; Article 45 - Transfer on the basis of an adequacy decision; Article 46 - Transfer subject to adequate guarantees, specifically the data will be transferred:
- to third countries or international organizations for which the Commission has intervened with an adequacy assessment (Article 45 of the EU Reg. 2016/679)
- towards third countries or international organizations that have provided adequate guarantees and in which the person concerned has rights to action and effective remembrance (article 46 EU Reg. 2016/679, also with contractual clauses and the other provisions referred to in Article 46 (3))
- towards third countries or international organizations on the basis of exceptions in specific situations (Article 49 of the EU Reg. 2016/679).
7. DATA SUBJECT’S RIGHTS
Within the limits and conditions provided for by law, the controller shall be obligated to respond to the data subject’s requests regarding their personal data. During the period in which Across S.r.l. is processing your data, as a data subject, you may at any time exercise the following rights:
(a) Right of access - you have the right to obtain confirmation as to whether or not your Data is being processed, as well as the right to receive any information relating to such processing and, if so, to obtain access to your Personal Data and the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations
- where possible, the period for which the personal data will be retained or, if not possible, the criteria used to determine that period
- the existence of the data subject's right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing
- the right to lodge a complaint with a supervisory authority;
where the data are not collected from the data subject, all available information on their origin;
- the existence of an automated decision-making process, including profiling;
b) Right to rectification - you have the right to obtain rectification of the Data we hold on you, if the Data are incomplete or inaccurate;
c) Right to erasure (so called "right to be forgotten") - in certain circumstances, you have the right to obtain the deletion of your Data held in our archives if they are not relevant to the management of the contractual relationship or required by law
d) Right to the restriction of processing - under certain circumstances, you have the right to obtain the restriction of the processing of your Data if it is not relevant to the management of the contractual relationship or necessary for legal obligation; and
e) Right to portability - you have the right to obtain the transfer of your Data in our possession to a different data controller;
f) Right to object - you have the right to object to the processing of Data relating to you based on the lawfulness of the legitimate interest or performance of a task carried out in the public interest or in the exercise of official authority, including profiling, unless there are legitimate grounds for the Controller to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims
g) Right to withdraw consent - you have the right to withdraw your consent to the processing of your Data at any time, without prejudice to the lawfulness of the processing based on your consent prior to the revocation.
The above rights, including the cancellation of your data, may be exercised by sending an email to email@example.com or by contacting the DPO by sending an email to firstname.lastname@example.org or by writing to Across S.r.l., at the headquater located in Via Confienza n.10, cap 10121.
To oppose the sending of SMS, without prejudice to the possibility, for some types of SMS without a personalized sender, to reply directly to the SMS received, by inserting the text "Cancel me" or "Stop", it is possible to send an email to the above address to obtain data access and cancellation.
You also have the right to lodge a complaint with the Italian Supervisory Authority or appeal to the Judicial Authority - if Across refuses to comply with your request, the reasons for the refusal will be provided. If applicable, you have the right to lodge a complaint directly with the supervisory authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome) or, alternatively, to lodge a complaint with the competent judicial authority.
If you live in Italy, you also have the option of registering, free of charge and at any time, your fixed and/or mobile telephone number or your physical mail address in the Italian Public Opposition Register ("RPO"): https://registrodelleopposizioni.it/. Registration invalidates all consents previously given by you to any Data Controller, solely with reference to telemarketing activities (operator or automated calls) and the sending of commercial communications by paper mail. Marketing activities via sms or email are not covered.
This version of the notice on personal data processing was updated on 15 November 2022.