Information on the processing of personal data according to Article 13 of Regulation (EU) 2016/679 

 

Premise

Regulation (EU) 2016/679 (hereinafter also “GDPR” or “Regulation”) provides for the protection of natural persons concerning the processing of personal data. According to this legislation, the processing of personal data relating to an individual, specifically the data subject (hereinafter also the “Data Subject”), is based on the principles of correctness, lawfulness, and transparency, as well as the protection of privacy and the rights of the data subject.

This is to inform you that according to art. 13 and ss GDPR, A.U.ESSE S.r.l., as data controller (hereinafter also “Data Controller” or “Company”), will process the personal data provided by you in compliance with the aforementioned legislation, with the utmost care, implementing effective procedures and management processes to ensure the protection of treatment. To this end, the undersigned, using material procedures and management to safeguard the collected data, undertakes to protect the information communicated, to avoid unauthorized access or disclosure and to ensure appropriate use of the same.

On this basis, the following information is provided:


  • Personal data collected

 

A.U.ESSE S.r.l., as Data Controller, uses your personal data to best operate in the exercise of its business.

Therefore, you may be asked, even partially, for the following data (hereinafter also “Personal Data”):

  1. personal data, VAT number, name, registered office, residence and domicile;
  2. data to make the relationship with our structure more defined and our collaboration and operational efficiency more effective.


  • Retention Times of Personal Data 

One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by article 5, paragraph 1, paragraph e) of the Regulation that reads “Personal Data are stored in a form that allows the identification of the Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided that they are processed exclusively for purposes of storage in the public interest, scientific or historical research or for statistical purposes, in accordance with Article 89, paragraph 1, without prejudice to the implementation of appropriate technical and organisational measures required by this Regulation to protect the rights and freedoms of the Data Subject”.

In light of this principle, your Personal Data will be stored for the duration of the relationship with our Company and until the pursuit of the mandatory purposes for which they were collected, or, if the processing is aimed at commercial or promotional activities (as specified in clause n. 3 below), for a period not exceeding 2 years from collection. 


  • Purpose of the processing of Personal Data

The main purpose of the processing of Personal Data is to allow a regular establishment and/or evolution, as well as a correct administration, of the relationship specified in the introduction.

The purposes of the processing are, in particular, the following:

  1. customer management;
  2. management of technical and commercial assistance to customers;
  3. provision of services and sale of products presented on the website www.auesse.com;
  4. fulfillment of legal obligations, as well as to comply with administrative, insurance and tax obligations provided for by current legislation and, furthermore, to meet accounting and commercial purposes or, Furthermore, in order to be able to regularly fulfill contractual and legal obligations arising from the legal relationship with the data subject;
  5. participation, at the request of the interested party, in Conferences, Webinars organized by the Owner;
  6. management of direct marketing activities, to be understood, with this term, the performance of marketing activities aimed at promoting products, services, sold and/ or provided by the Owner;
  7. promotional activities, to be understood, with this term, the performance, through the use of the e-mail coordinates provided by the user in the context of previous purchases or contractual relationships, promotional activities by the Owner. This category includes activities carried out to promote products, services, sold and/or provided by the Owner that are in line with those already purchased by the user.
  8. survey of customer satisfaction.

 

The contact methods aimed at direct marketing activities, as in the previous point F. can be both automated (email, sms, mms, whatsapp, telegram, etc.) and traditional (phone calls with operator, postal items). In any case, and as further specified in clause n. 8, the user may revoke the consent, even partially, for example by consenting to the traditional means of contact only.


  • Mandatory or optional nature of the provision of Personal Data and consequences of any refusal

The provision of your data for the purposes referred to in points A., B., C., D., and E of the above clause is mandatory, as it is necessary to carry out the activities indicated therein. Any refusal to provide the data in question will therefore make it impossible for the Data Controller to fulfil the obligations incumbent upon him or to provide the services requested, including those relating to technical assistance.

Consent to the processing of personal data for the purposes referred to in points F. and H. below is, however, optional and cannot be separated from obtaining your consent that must necessarily comply with the conditions set out in Article 7 of the Regulation, thereby determining the lawfulness of the processing of your Personal Data. 

With regard to the purpose referred to in point G. of clause n. 3 above, it should be clarified that pursuant to article 6, paragraph 1, point f) of the Regulation, the Data Controller may carry out this activity based on his legitimate interest, regardless of the data subject’s consent and, in any case, up to his opposition to such processing as explained in Recital 47 of the Regulation in which it is “considered legitimate interest to process personal data for direct marketing purposes”. This will be possible following the assessments made by the Data Controller regarding the possible prevalence of your interests, rights, and fundamental freedoms over its legitimate interest.


  • Method of treatment

Pursuant to and for the purposes of Articles. 13 and ss. of the GDPR, we inform you that the Personal Data communicated will be recorded, processed, and stored in our archives, paper and electronic, in compliance with the appropriate technical and organizational measures pursuant to art. 32 GDPR. 

However, due to the nature of the online medium, such measures cannot limit or exclude in any way any risk of unauthorized access or data loss. 

To this end, we recommend that you periodically check that your computer is equipped with software devices suitable for the protection of data transmission in the network, both incoming and outgoing (such as updated antivirus systems), and that the Internet service provider has taken appropriate measures for the security of data transmission over the network (such as firewalls and spam filters).

The processing of Personal Data may consist of any operation or complex of operations among those indicated in Art. 4, first paragraph, point 2 GDPR.

The processing of Personal Data will take place, in any case, through the use of appropriate tools and procedures to ensure its security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually using paper media, either by means of computer or electronic means. 


  • Communication and dissemination

Personal Data may be disclosed to specific subjects considered recipients of such Personal Data. In fact, Article 4 in point 9) of the Regulation defines the recipient of Personal Data as “the natural or legal person, the public authority, the service or another body that receives communication of personal data, whether or not they are third parties” (hereinafter referred to as “Recipients”).

In this context, in order to properly carry out all the processing activities necessary to pursue the purposes referred to in this policy, the following Recipients may be in a position to process your Personal Data:

  • third parties that carry out part of the processing activities and/or activities related and instrumental to them on behalf of the Data Controller. These subjects have been appointed data processors, having to be understood individually with this expression, pursuant to Article 4 in point 8) of the Regulation, “the natural or legal person, the public authority, the service or other body that processes Personal Data on behalf of the Data Controller” (hereinafter the “Data Controller”);
  • individuals, employees, and/or collaborators of the Data Controller, who have been entrusted with specific and/or more processing activities on Personal Data. These individuals have been given specific instructions on the security and proper use of Personal Data and are defined, in accordance with Article 4 in point 10) of the Regulation, as “persons authorized to process Personal Data under the direct authority of the Data Controller or Data Processor” (hereinafter referred to as “Authorised Persons”).

The above operators will only be provided with the information necessary to provide the services commissioned and will be required to respect confidentiality, prohibiting the use of the data provided for a purpose other than that agreed.

  • Where required by law or to prevent or repress the commission of a crime, Personal Data may be disclosed to public bodies or judicial authorities without being defined as Recipients. In fact, pursuant to Article 4 of point 9) of the Regulation, “public authorities that may receive communication of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients”.










  • Transfer of personal data abroad

Personal Data will be processed by the Data Controller within the European Union.

In case of technical and/or operational issues, it is necessary to make use of entities located outside the European Union, we inform you from now on that these subjects will be appointed Data Processors pursuant to and for the effects referred to in Article 28 of the Regulation and the transfer of your Personal Data to such subjects, limited to the performance of specific processing activities, will be regulated in accordance with Chapter V of the Rules. All the necessary precautions will be taken to guarantee the total protection of your Personal Data by basing this transfer: (a) on adequacy decisions of the third country recipients expressed by the European Commission; (b) on adequate guarantees expressed by the third party recipient pursuant to article 46 of the Regulation; (c) on the adoption of binding corporate rules, c.d. corporate binding rules.

 

  1. Withdrawal of the consent you have given

As required by the Regulation, the data subject may, at any time, revoke all and/or part of the consent given without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

The methods of withdrawal of consent are very simple and intuitive: just contact the Data Controller using the contact channels reported in this Policy and respectively to clause n. 11 below.

In addition to the above and for the sake of simplicity, if the data subject is in a position to receive e-mails that are no longer of interest to him, it will be enough to click on the unsubscribe button at the bottom of them to no longer receive any communication even through further contact channels for which your consent had been obtained (SMS, MMS, paper mail, phone calls).


  • Rights under Articles 15 and ss. GDPR

As provided for in Article 15 et seq. of the Regulation, the interested party may access the Personal Data, ask for its rectification and updating, if incomplete or erroneous, ask for its cancellation if the collection took place in violation of a law or regulation, as well as opposing processing for legitimate and specific reasons.

In particular, the following are your rights that the data subject may exercise, at any time, against the Data Controller:

  • Right of access: you will have the right, pursuant to Article 15 of the Regulation, to obtain from the Data Controller the confirmation that your Personal Data is being processed or not and in this case, to obtain access to such Personal Data and the following information: a) the purposes of the processing; b) the categories of Personal Data in question; c) the Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients of third countries or international organizations; d) where possible, the envisaged retention period of Personal Data or, if not possible, the criteria used to determine that period; e) the existence of the right of the Data Subject to ask the Data Controller to rectify or delete the Personal Data or to restrict the processing of Personal Data concerning him or her or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the Data Subject. 
  • Right to rectification: you may obtain, in accordance with Article 16 of the Regulation, the rectification of your Personal Data that are inaccurate. Moreover, taking into account the purposes of the processing, you can obtain the integration of your Personal Data that are incomplete, also by providing an additional declaration.
  • Right to cancellation: you can obtain, pursuant to article 17 of the Regulation, the cancellation of your Personal Data without undue delay, and the Data Controller will be obliged to delete your Personal Data if there is only one of the following reasons: a) Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed; b) you have withdrawn the consent on which the processing of your Personal Data is based and there is no other legal basis for their processing; c) you have opposed the processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there is no longer any overriding legitimate reason to proceed with the processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data in order to comply with a legal obligation provided for by a Community or national law. In some cases, as provided by Article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to provide for the cancellation of your Personal Data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, for the establishment, exercise or defense of legal claims.
  • Right to restriction of processing: you may obtain the restriction of processing, pursuant to Article 18 of the Regulation, in the event that one of the following occurs: a) you have contested the accuracy of your Personal Data (the limitation will last for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) the processing is unlawful but you have opposed the cancellation of your Personal Data asking, instead, that its use is limited; c) although the Data Controller no longer needs it for the purposes of the processing, your Personal Data serves to ascertain, exercise or defend a right in court; d) you opposed the processing pursuant to Article 21, paragraph 1 of the Regulation and you are waiting for the verification regarding the possible prevalence of the legitimate reasons of the Data Controller with respect to yours. In case of limitation of the Processing, your Personal Data will be processed, except for the storage, only with your consent or for verification, the exercise or defense of a right in court or to protect the rights of another natural or legal person or on grounds of the relevant public interest. We will inform you, in any case, before this restriction is lifted.
  • Right to data portability: you may, at any time, request and receive, pursuant to Article 20, paragraph 1 of the Regulation, all your Personal Data processed by the Data Controller in a structured format, of common and legible use, or request its transmission to another data controller without hindrance. In this case, it will be the responsibility of the data subject to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by giving us written permission.
  • Right to object: pursuant to Article 21 of the Regulation, you may object, at any time, to the processing of your Personal Data a) if these are processed for direct marketing purposes or b) for reasons related to the particular situation of the data subject, if your Personal Data is processed on the basis of the legitimate interest of the Data Controller, unless there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights, and freedoms or that the processing is necessary for the investigation, the exercise or defense of a right in court.


  • Identification details of the Data Controller 

The company that will process the Personal Data for the purposes specified in clause n. 3 of this Policy and that, therefore, will play the role of the data controller as defined in article 4 in point 7) of the Regulation, “the natural or legal person, the public authority, the service or other body that, individually or together with others, determines the purposes and means of the processing of personal data” is A.U.ESSE S.r.l., based in Albairate (MI), Via Per Castelletto, 23.


  • Esercizio dei diritti 

Exercise of rights 

To exercise all your rights as described above in clause n. 9 above, simply contact the Data Controller in one of the following ways:

  • writing to A.U.ESSE S.r.l., based in Albairate (MI), Via Per Castelletto, 23;
  • by sending an e-mail to auesse@auesse.it.

 

Having read the information above, I declare that I have understood it and I give my consent for the mandatory purposes referred to in clause 3, points A., B. C., D., E

I agree with it

 

Having read the information above, I declare that I have understood it and I give my consent for the optional purposes referred to in clause 3, points F and H.

I give consent   I do not give consent