PROCESSING OF PERSONAL DATA RELATING TO CUSTOMERS / USERS ("interested")
EU Regulation 2016/679
As part of the continuous updating of our procedures aimed at respecting the privacy of our Customers / Users and the obligations imposed by the legislation on the protection of personal data, we have considered it appropriate to summarize in this document all the elements concerning the treatments of personal data already present in the documentation made available to users, integrated with more specific indications in order to give maximum transparency to our work.
1. WHICH DATA ARE PROCESSED
> data provided by the User / Customer, or by subject / body acting on your behalf including data personal data (name and surname, residence / domicile, place and date of birth, nationality) tax code, identity document details, contact details (number of telephone / fax, e-mail address);
> data, always provided by the interested party, contained in any reports / requests;
> data relating to payments made by the Customer.
The legislation establishes particular safeguards for judicial data (relating to criminal convictions and offenses) and for "particular categories of data" as defined by art. 9 of EU Reg. 2016/679: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person .
The data can be processed, always in relation to the purposes indicated below:
> as necessary to fulfill obligations deriving from a contract of which the interested party is a party, and to the related legal obligations (in particular for the purposes referred to in point 3 letters a b c )
> as necessary for the pursuit of a legitimate interest of the data controller, consisting in the optimization of the organization of activities, in the security of the systems, credit protection (in particular for the purpose referred to in the following point 3 letters d and f h i)
> as necessary to assert or defend a right in court or to assess whether there is a right to be effectively protected in court
> as they come from public registers accessible to anyone and / or made manifestly public by the interested party;
> having the interested party given his consent, (in particular in relation to the processing of some particular categories of personal data communicated by the interested party and the use of different contact details from the e-mail address provided at the time of signing the contract for communications of a commercial and advertising nature referred to in the following point 3 letters f g h)
2 ORIGIN OF DATA
Taking and updating of personal data can take place:
- through the interested party himself or, if a minor, through the person exercising parental authority (parents or guardians);
- through intermediaries authorized by the interested party (e.g. family members);
- from sources freely accessible to anyone.
3 PURPOSE OF THE TREATMENT - WHY THE DATA ARE PROCESSED
The treatments carried out have the following purposes:
a) fulfill obligations deriving from community laws, rules and regulations, regional laws; fulfillment of provisions issued by the Judicial Authority, or by other Authorities to which the current legislation confers this right.
b) fulfill contractual, accounting and tax obligations;
d) customer database management, directories and statistical calculations within the company, - Statistical analysis carried out only through the aggregation of previously anonymous data;
c) possibly protect a legitimate interest, assert or defend a right;
d) feed the system for acquiring customer knowledge, necessary for checking, improving and therefore designing a service that is increasingly adequate to demand through surveys and surveys, also in anonymous form, of the degree of customer satisfaction, also carried out with telephone interviews or request to fill in questionnaires;
e) purposes related to public relations, marketing, advertising, promotional proposals.
In particular, the contact details, postal and e-mail addresses provided may be used for sending communications relating to promotional initiatives and / or OPERA snc products. It is understood that the user has right to oppose this treatment at any time
In this regard, it should be noted that Paragraph 4 of art. 130 of Legislative Decree 196/2003 allows the use for this purpose of the e-mail address provided by the interested party when purchasing a travel ticket / season ticket provided that the same does not refuse such use;
And, as regards the management of user reports:
h) Ensure a certain and timely response to user reports, facilitating the creation of an effective communication channel between the Company and the customer-user
i) Power up the registration system and systematic analysis of service discrepancies to correct defects
4. HOW THE DATA ARE PROCESSED methods of treatment and storage
In relation to the aforementioned purposes, the processing of personal data may take place with paper, IT and telematic tools. Always guaranteeing the most absolute confidentiality, relevance and not excess with respect to the purposes described above, in terms of registration and data retention periods.
The personal data referred to in point 1 above, without prejudice to the provisions of the regulations on the conservation of administrative documentation, will be kept exclusively for the time allowed / imposed by the law in force applicable to the specific purpose for which the data are processed.
5. RESPONSIBLE AND RESPONSIBLE
For the same purposes, the data may be processed by the following categories of appointees and / or managers:
- Management and management,
- production and logistics personnel,
- marketing and communication staff,
- administrative staff for the management of administrative aspects,
- the corporate Information Technology which has the task of ensuring the functionality of the systems, data security and backup operations,
- other offices of Opera snc within the limits of their competences, always for the purposes indicated in the previous point 3,
- other subjects (companies / professionals appointed as Managers) who need to access some data as they are responsible for carrying out auxiliary activities for the purposes indicated above, within the limits strictly necessary to carry out the tasks entrusted to them such as : assistance in the fulfillment or direct execution of tax / accounting obligations, management of information systems, financial services, online sales; in this regard, it should be noted that these subjects will always and in any case be bound to full compliance with the rules and procedures aimed at guaranteeing the widest protection and protection of personal data adopted and imposed by the Data Controller also and not only in compliance with the legislation in force
- for user reports: in addition to the staff assigned to receive user reports, the data may be processed, with the exclusion of the identification elements of the interested party, by the company functions concerned by the topic of the report for the preparation / implementation of internal investigations and for the resolution of the causes always and only within the limits of what is actually necessary to carry out their functions.
6. SCOPE OF COMMUNICATION TO WHO CAN BE COMMUNICATED
Without prejudice to communications made in compliance with legal obligations, the personal data in question may be communicated or made available:
- to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits established by these rules,
- limited to accounting and tax data to banks, credit institutions, data processing companies and credit card issuers, for related activities the execution of the service provided to users and / or the related administrative and financial aspects,
- to other subjects (companies / consultants) who need to access some data for purposes auxiliary to the management of the services requested by the interested parties, within the limits strictly necessary to carry out the tasks entrusted to them such as: assistance in the fulfillment or direct execution of tax / accounting / assistance obligations, management of information systems, financial services,
- to entities, consortia, professionals and companies with the purpose of credit recovery and protection; credit insurance company, commercial information company,
Of course, all the communications described above are limited only to the data necessary for the recipient body / office (which will remain the independent Data Controller for all subsequent processing) for the performance of its duties and / or for the achievement of the purposes connected to the communication. itself.
6.1 transfer abroad
Personal data will be transferred to subjects located outside the European Union to the country in which the interested party resides or is located exclusively in fulfillment of the legitimacy conditions referred to in point 1 and in compliance with current legislation
THE DATA IN QUESTION WILL NOT BE DISCLOSED
7 COMMUNICATION AND UPDATING OF DATA - WHEN IT IS COMPULSORY TO COMMUNICATE YOUR DATA
The communication and updating of your data is mandatory only as regards the performance of contractual and tax obligations required by current legal regulations and the execution of the obligations deriving from the contract (ref. Letters a-b-c of point 3) . Failure by the interested party to comply with this obligation would make it impossible for OPERA snc. to satisfy your requests and to process the order. Obviously, on a case-by-case basis, an indication is always given of the data whose communication is mandatory in relation to the aforementioned purposes depending on the means used.
It should be remembered that most of the treatments carried out are not subject to the obligation to obtain consent because:
- are collected and held on the basis of obligations established by community laws, rules and regulations
- come from public registers, lists, deeds or documents that anyone can know;
- are necessary to satisfy the requests of the interested party or for the fulfillment of legal and / or contractual obligations;
8. DATA CONTROLLER
The data controller is: Opera snc di Ciacci G & C. Loc. Drove - via Ombrone, 2 - 53036 Poggibonsi (SI)
OPERA snc has appointed a Data Protection Officer, who has the task of supervising, in full independence and in the absence of conflicts of interest, compliance with the legislation on protection of personal data. The Data Protection Officer can be contacted at the e-mail address: firstname.lastname@example.org
With regard to the treatments necessary for the fulfillment of orders relating to specific immunotherapy products intended for the person identified by name, in some cases Opera snc will act as Manager pursuant to art. 28 eg. EU 679/2016 appointed by the body that forwarded the order itself, already known by the interested party, which will remain the Data Controller.
9. RIGHTS OF THE INTERESTED PARTY
The interested party has the right:
> to ask the data controller for access to personal data and the rectification or cancellation of the same or the limitation of the processing of personal data concerning him and to oppose to their treatment,
> if the processing is carried out by automated (computer) means and on the basis of your consent, to receive in a structured format, commonly used and readable by an automatic device, personal data concerning him and / or to obtain direct transmission to another data controller, if technically feasible,
> to withdraw their consent at any time (without prejudice to the lawfulness of the treatment based on the consent before the revocation), obviously for the treatments carried out on the basis of this assumption,
> to lodge a complaint with a supervisory authority: Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 00186 ROME - Fax: (+39) 06.69677.3785 - Telephone switchboard: (+39) 06696771 - E-mail: email@example.com - certified mail with @ pec protocol .gpdp.it
Interested parties can contact the Data Controller: by calling 0577 562905 specifying to the operator the nature of the request or problem highlighted, via the e-mail box firstname.lastname@example.org bearing in mind that it will not be possible to respond to requests received by telephone if there is no certainty about the identity of the applicant..