INFORMATION EX ART 13 OF EU REGULATION N. 679/2016 WHICH HAS BEEN SUBJECT TO THE TREATMENT, BY THE CONTROLLER DIGICOM S.r.l., OF THE USER’S PERSONAL DATA
With specific reference to personal data pursuant to art. 4 n. 1 of the EU Regulation n. 679/2016 (hereinafter “EU Regulation”) which concern you as an “data subject” pursuant to art. 4 n. 1 of the EU Regulation, the undersigned DIGICOM S.r.l., (C. f. and VAT number 03488160122) (hereinafter “DIGICOM”), in the person of its legal representative pro tempore, with registered office in Legnano (MI), viale Cadorna, 95, as “Controller” pursuant to art. 4 n. 7 and 24 of the EU Regulation, provides you with the following information.
1. Nature and type of your data collected and processed.
1.1. Your data subject to processing as per this information only falls within the category of the so-called personal data ex art. 4 n. 1 of the EU Regulation, collected and subsequently processed by DIGICOM, following your access, registration and use of the App BOND (hereinafter “App“) and the services connected to it.
- Information on “Controller” and “Data Protection Officer”.
2.1. The subject “Controller” of the processing of your personal data better specified in art. 1.1. of this information is DIGICOM S.r.l., (C. f. and P. IVA 03488160122), in person of its legal representative pro tempore, with registered office in Legnano (MI), viale Cadorna, 95, which can be contacted by you at the following address: privacy@digicom.it
2.2. The subject “Data protection officer” of your personal data better specified in art. 1.1. of this information is …………., which can be contacted by you at the following address: …………
2.3. We inform you that any changes or updates regarding the data relating to the subjects mentioned above in the previous art. 2.1. and 2.2. of this information will be properly published by DIGICOM, within the internal website of the Controller.
- Purpose of the processing.
3.1. In compliance with art. 6 paragraph 1 lett. b) of the EU Regulation, your personal data better described in the previous art. 1.1. of this information will be collected and subsequently processed, by the Controller, to fulfill the following purposes:
- a.Configuration, management and proper use of the account you have created, the App and the services connected to it.
3.2. In the event that you express your consent pursuant to art. 6 paragraph 1 lett. b) of the EURegulation, your personal data better described in the previous art. 1.1. of this information, will be collected and subsequently processed, by the undersigned, to fulfill the following purpose:
- b) Activities of cd. geolocation and / or tracking.
3.3. In compliance with art. 6 paragraph 1 lett. f) and of Principle n. 47 of the EU Regulation, your personal data better described in the previous art. 1.1. of this information will be collected and subsequently processed by the Controller, to fulfill the following legitimate interest, provided that you, in accordance with the art. 21 paragraph 2 of the EU Regulation, you have not expressed, at any time, your opposition to this processing:
- c) marketing cd. direct, executable only through the e-mail address you have communicated.
- Nature of consent to the processing of your personal data.
4.1. The treatment, by the owner, of personal data better illustrated in the previous art. 1.1. of this information and for the purposes better indicated in letter a) of the previous art. 3.1. of this information falls within the hypothesis of lawfulness pursuant to art. 6 paragraph 1 lett. b) of the EU Regulation.
4.2. The treatment, by the Controller, of personal data better illustrated in the previous art. 1.1. of this information and for the purposes better indicated in letter b) of the previous art. 3.2. of this information is optional in accordance with and for the purposes of art. 6 paragraph 1 lett. a) of the EU Regulation.
4.3. The processing, by the Controller, of personal data better illustrated in the previous art. 1.1. of this information and for the purposes better indicated in letter c) of the previous art. 3.3. of this information is part of the hypothesis of legitimate interest of the Controller pursuant to art. 6 paragraph 1 lett. f) and of Principle n. 47 of the EU Regulation.
- Scope of communication and disclosure of your personal data.
5.1. In accordance with the art. 13 paragraph 1 letter e) of the EU Regulation, we inform you that your personal data better illustrated in the previous art. 1.1. of this information may be communicated by the undersigned Controller to third parties established within the European Union or established in countries outside the EU considered adequate pursuant to art. 45 of the EU Regulation, in order to fulfill obligations or requests of a contractual and/or legal nature, also directly and/or indirectly related to the purposes better illustrated in point a) of the previous art. 3.1. or in point b) of the art. 3.2. or in point c) of the art. 3.3. of this information.
- Retention period of your personal data.
6.1. In accordance with the art. 13 paragraph 2 letter a) of the EU Regulation, we inform you that the retention period of your personal data better illustrated in the previous art. 1.1. of this information will be closely linked and connected to your use of the App and of the services connected to it, possibly extendable in order to fulfill hypothetical processing operations subsequent to the termination of the contractual relationship or deriving from obligations of a legal nature or the need to manage any out-of-court or judicial litigation promoted by or against the Controller.
6.2. In accordance with the art. 13 paragraph 2 letter a) of the EU Regulation, we inform you that the retention period of your personal data better illustrated in the previous art. 1.1. treated for the purposes referred to in point c) of art. 3.3. of this information will last until you express your opposition to this type of processing at any time pursuant to art. 21 paragraph 2 of the EU Regulation.
- Processing methods.
7.1. We inform you that your personal data better indicated in the previous art. 1.1. of this information will be treated with electronic and/or computerized and/or telematic tools and/or supports, in paper and in full compliance with the law, according to the principles of lawfulness and fairness, and in such a way as to protect their confidentiality.
- Principles applied to the processing of your personal data.
8.1. We inform you that your personal data better described in art. 1.1. of this information will be treated in full and total respect of the principles expressed by the art. 5 of the EU Regulation.
Specifically, your personal data being processed will be:
- Treated in a lawful, correct and transparent way towards the interested party (so-called principle of lawfulness, fairness and transparency);
- Collected for specific, explicit and legitimate purposes, and subsequently processed in ways that are not incompatible with these purposes (so-called purpose limitation principle);
- Appropriate, relevant and limited to what is necessary with respect to the purposes for which they are processed (so-called data minimization principle);
- Exact and, if necessary, updated (so-called accuracy principle);
- Stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed (so-called conservation limitation principle);
- Treated in such a way as to ensure adequate security of personal data, including protection, through appropriate technical and organizational measures, unauthorized or unlawful processing and loss, destruction or accidental damage (so-called integrity and confidentiality principle).
- Rights of the interested party.
9.1. In relation to your personal data processed by the Controller, we inform you that you have the right to exercise the following rights, reproduced in full below:
Right of access of the interested party (Article 15 of the EU Regulation)
“1. The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing treatment of personal data concerning him and in this case, to obtain access to personal data and the following information: a) the purposes of the treatment; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) where possible, the retention period of the personal data provided or, if this is not possible, the criteria used to determine that period; e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all information available on their origin; (h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the interested party. 2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the existence of adequate safeguards pursuant to Article 46 relating to the transfer. 3. The data controller provides a copy of the personal data being processed. In case of further copies requested by the interested party, the data controller may charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format. 4. The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others “.
Right of rectification (Article 16 of the EU Regulation)
“The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing an additional declaration “.
Right to cancel (Article 17 of the EU Regulation)
“1. The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists: personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; (b) the data subject revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing ; (c) the data subject opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21 (2); d) personal data have been processed unlawfully; e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject; (f) the personal data have been collected in relation to the information society service offer referred to in Article 8 (1). 2. The controller shall, if he / she has made personal data public and is obliged, pursuant to paragraph 1, to delete it, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform the data controllers who are processing personal data of the request of the person concerned to delete any link, copy or reproduction of his personal data. 3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: (a) for the exercise of the right to freedom of expression and information; (b) for the fulfillment of a legal obligation requiring treatment under Union or Member State law to which the controller is subject for the performance of a task carried out in the public interest or in the exercise of public authority where the data controller is invested; (c) for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3); (d) for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 risks making it impossible or to seriously affect the achievement of the objectives of this treatment; or e) for the assessment, exercise or defense of a right in court “.
Right of limitation of treatment (Article 18 of the EU Regulation)
“1. The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs: a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court; d) the interested party has opposed the treatment pursuant to Article 21 (1), pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. 2. If the processing is restricted pursuant to paragraph 1, such personal data shall only be processed, except for storage, with the consent of the data subject or for the establishment, exercise or defense of a right in court. or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or of a Member State. 3. The data subject who has obtained the processing restriction pursuant to paragraph 1 shall be informed by the controller before the limitation is revoked “.
Right to data portability (Article 20 of the EU Regulation)
“1. The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him / her provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller to whom he has provided them if: a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b); and b) processing is carried out by automated means. 2. In exercising its rights relating to the portability of data in accordance with paragraph 1, the data subject shall have the right to obtain direct transmission of personal data from one controller to another, if technically feasible. 3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right does not apply to the treatment necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority as the data controller is invested. 4. The right referred to in paragraph 1 shall not affect the rights and freedoms of others “.
Right of opposition (Article 21 of the EU Regulation)
“1. The interested party has the right to oppose at any time, for reasons connected with his particular situation, to the processing of his personal data pursuant to Article 6, paragraph 1, letters e) of), including profiling on the basis of these provisions. The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court. 2. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him / her for such purposes, including profiling in so far as it is related to such marketing direct. 3. If the data subject objects to processing for direct marketing purposes, personal data are no longer processed for these purposes. 4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the interested party and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject. 5. In the context of the use of information society services and without prejudice to Directive 2002/58 / EC, data subjects may exercise their right to object by automated means using technical specifications. 6. Where personal data are processed for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1), the data subject shall have the right to object to the processing of personal data for reasons connected with his particular situation concerning him, unless the treatment is necessary for the execution of a task of public interest “.
Right to propose a complaint to the supervisory authority (Article 77 of the EU Regulation)
“1. Without prejudice to any other administrative or judicial remedy, the person concerned who considers that the processing concerning him / her is in violation of this Regulation shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he normally resides, works or the place where the alleged violation has occurred. 2. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status or outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78. “
Right to an effective judicial remedy against the supervisory authority (Article 78 of the EU Regulation)
“1. Without prejudice to any other administrative or out-of-court appeal, any natural or legal person has the right to bring an effective judicial remedy against a legally binding decision of the supervisory authority concerned. 2. Without prejudice to any other administrative or out-of-court appeal, each interested party has the right to bring an effective judicial remedy if the supervisory authority which is competent pursuant to Articles 55 and 56 does not deal with a complaint or does not inform him within three months of state or outcome of the complaint submitted pursuant to Article 77. 3. Actions against the supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established. 4. Where actions are taken against a decision of a supervisory authority which was preceded by an opinion or a decision of the committee under the consistency mechanism, the supervisory authority shall transmit the opinion or decision to the court or tribunal “.
9.2. In accordance with the art. 12 paragraph 1 of the EU Regulation, the Controller undertakes to provide you with the communications referred to in articles from 15 to 22 of the EU Regulation in a concise, transparent, intelligible, easily accessible and with a simple and clear language: such information will be provided in writing or by any other electronic means or, at the request of the interested party, will be provided orally, provided that the identity of the interested party is proved by other means.
9.3. In accordance with the art. 12 paragraph 3 of the EU Regulation, the Controller informs you that undertakes to provide you with information regarding the action taken regarding a request pursuant to articles from 15 to 22 without undue delay and, in any case, no later than one month after receipt of the request itself; this deadline may be extended by two months if necessary, taking into account the complexity and the number of requests.
9.4. In order to be able to exercise the rights described above in this article, the interested party can make use of the contact details specified in art. 2 of these “Information”.
…….,……..
DIGICOM S.r.l.
(in the person of his legal representative pro tempore)
□ Read this information carefully, I express – in a free, specific, informed and unequivocal way – consent for the processing of my personal data for the purpose of the execution, by DIGICOM S.r.l., of the purposes better illustrated in point b) of art. 3.2. of this information.
□ I express my opposition pursuant to art. 21 paragraph 2 of the EU Regulation to the processing of my personal data for the purposes better explained in point c) of art. 3.3. of this information.