Mobilsedia 2000 based in Via Muselle, 751, 37050 Isola Rizza (VR), VAT number, Tax Code 03037850231, as owner of the treatment (hereinafter, "Owner"), informs you, pursuant to art. 13 and 14 of EU Regulation no. 2016/679 (hereinafter, "GDPR") and in compliance with Legislative Decree no. 196/03 (hereinafter, "Privacy Code" as amended by Legislative Decree 101/18), that your data will be processed in the manner and for the following purposes:
1) Object of the treatment
Given the services and products offered by our organization, the Data Controller processes personal, identification and non-specific data (for example: name, surname, social security number, email, telephone number (hereinafter, "personal data" or even "data") from you communicated when requesting services to our organization and / or when defining contractual agreements and / or promotional initiatives and for the purposes listed below. For some services, special data processing may be necessary, ie suitable personal data to detect some sensitive information, for example: racial and ethnic origin, membership of parties, trade unions, associations or organizations, including those of a religious, philosophical, political or trade union nature, state of health and sexual life (hereinafter particular data For some legislative requirements, judicial data may be necessary.
2) Purpose of the processing and legal basis of the processing
Your personal data are processed:
A) Without your express consent, because they derive from legal and / or contractual obligations or refer to legitimate interests (Privacy Code and art.6 - GDPR), for the following purposes:
Manage and maintain the services requested by the interested party and to find the interested party for the organization of the requested services;
Fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
Fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority, including for accounting and tax aspects;
Prevent or discover fraudulent activities or harmful abuses and / or for the purposes provided for by current legislation on anti-money laundering.
Obligatory obligations deriving from requirements of organizational and management models based on specific recognized standards (for example ISO, UNI standards, etc.) required by law and / or by specific contractual requirements requested by the interested party and / or specified as a service requirement.
Exercise the rights of the owner, for example the right to defense in court.
Availability of the interested party for information relating to the services requested and their management;
Allow you to register for the services and allow the sending of useful information to the interested party according to the services requested;
Special data processing for the services requested and falling within the cases listed in art. 9 paragraph 2 from letter "b" to "j".
For legitimate interest related to commercial communications of updating on the initiatives of our organization.
Regarding the data collected from the WEB site
Allow registration on the website
Allowing you to answer your questions posed in the contact "form";
To manage and maintain the website;
Prevent or discover fraudulent activity or abuse harmful to the website; For needs related to operation and maintenance, and any third party services used by it, may collect system logs, which are files that record the interactions and which may also contain Personal Data, such as the User IP address.
For legitimate interest related to communications (including commercial) of updating on the initiatives of our organization and / or deriving from applicable regulatory / legislative requirements
B) Only subject to your specific and distinct consent (Article 7 of the GDPR and as per Legislative Decree 196/03), for the following purposes
B.0 Processing of other particular data necessary and with exclusive use for the provision of the requested service, but which require consent as required by art. 9 paragraph 2 of the reg. 679/16.
B.1 Data processing to improve services and not necessary for carrying out the operations indicated in point 2A, but aimed at improving the services requested, and in any case always obtained directly from the interested party. Requirements for the development of processes and services required by the management systems and organizational models implemented, but not mandatory and not referring to specific standards. The data will be used to expedite subsequent requests for services to our organization
B.2 Marketing and / or commercial: Commercial communications and / or advertising material on products or services that do not fall within the legitimate interest. We inform you that if you are already our customer, we can send you commercial communications relating to services and products similar to those you have already used, unless you disagree (Privacy Code).
For other purposes it will be the responsibility of the owner to define specific information and related needs for consent and / or additions for the processing.
This information does not include any processing by other subjects that can be reached through any links on the site and for which reference must be made to the specific information.
3) Methods and duration of the treatment
The processing of your personal data is carried out by means of the operations indicated by Legislative Decree 196/03 and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes referred to in point 2.A (except for other legislative requirements). For the purposes referred to in point 2B, however, it will process the data until the consent is revoked or after 5 years from the interruption of relations / communications with the data subject from the first collection.
Profiling: no data profiling is performed
4) Access to data
You can have access to your data at any time by making a simple request to the addresses indicated in this information.
5) Communication of data
Your data may be made accessible and / or communicated for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to the communications and dissemination made in execution of legal obligations, the Data Controller may communicate your data, in Italy and / or abroad (as indicated in the following points) to:
To employees and collaborators of the Data Controller, in their capacity as persons in charge and / or data processors and / or system administrators;
To technicians and / or collaborators for administrative, fiscal and accounting management and / or to fulfill specific legal obligations or for which external suppliers have been identified.
To our network of agents; factoring company; credit institutions; debt collection company; credit insurance company; commercial information company for the requested services; professionals and consultants; companies operating in the transport sector; technicians and collaborators appointed to provide the services / products requested, to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is mandatory by law for the accomplishment of the aforementioned purposes. To legal entities entrusted with the services referred to in this information.
To companies or other legal entities, qualified and appointed pursuant to art. 28 of Regulation 679/16, for support activities including: management and development of communication, management and development of company processes and projects, communication and promotion systems, for the storage of personal data. Access may be granted to third parties and related companies, which provide services deemed necessary and / or useful by the owner for the management of the company's activities and related or requested support processes. The suppliers include the IT system maintenance companies; credit institutions, professional firms, companies that provide services on computer systems / platforms that the Owner deems useful to use, to companies that carry out outsourced activities on behalf of the Owner, in their capacity as external data processors.
It may be necessary to communicate data to recipients for legislative obligations and / or deriving from the owner's organizational structures that involve the presence of independent subjects with the possibility of being recipients of data to fulfill the legislative obligations deriving from the role held. Among these recipients we could identify supervisory bodies, inspectors of third parties, people who carry out AUDITS to our organization, subjects and / or bodies that carry out checks at our organization.
6) Data transfer
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. Our internal servers are currently located in Europe. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by European Commission. For some mailing or “storage” services, we rely on “cloud” platforms, which may have servers in non-EU countries, but the data is stored only temporarily for the requested service.
7) Compulsory or optional nature of providing data and consequences of refusing to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we could not guarantee the services referred to in point 2.A). The provision of data for the purposes referred to in point 2.B) is optional.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive commercial communications and advertising material relating to the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
8) Rights of the interested party
In his capacity as an interested party, he has the rights referred to in Legislative Decree 196/03 and art. 15-22 GDPR and precisely the rights of:
A) Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
B) Obtain the indication: of the origin of personal data; of the purposes and methods of the processing; the logic applied in case of processing carried out with the aid of electronic tools; the identity of the owner, manager and the representative appointed under the Privacy Code and art. 3, paragraph 1, GDPR; and of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
C) Obtain: updating, rectification or, when interested, integration of data; the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; certification that the operations referred to in art. 8.A) and B) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
D) To object, in whole or in part: for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point B) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, it also has the rights referred to in Articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
9) How to exercise rights
You can exercise your rights at any time by sending:
A registered letter a.r. addressed to: Mobilsedia 2000, Via Muselle, 751, 37050 Isola Rizza (VR).
An e-mail to firstname.lastname@example.org
The Controller's services are not intended for minors under the age of 14 and the Controller does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users. For any needs for the treatment of minors, specific consent and authorization will be required from the person exercising parental responsibility and / or from the holder of parental responsibility (as required by Article 8 of Regulation 679/16).
11) Owner, manager and agents
The Data Controller is Mobilsedia 2000 - in the person of the pro-tempore legal representative. The owner can be found at the addresses listed above. The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.
12) Data Protection Officer
The Data Protection Officer (R.P.D.) or Data Protection Officer (D.P.O.) is not applicable to our organization.
13) Changes to this Information
This information may be subject to changes. It is therefore advisable to check this information regularly and refer to the most updated version.