Information about personal data processing
We wish to inform you that your personal data (hereinafter, the “Data”) will be processed in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter, the “General Data Protection Regulation”). As per article 13 of the General Data Protection Regulation, we specify that the Data Controller is International Checks Group SRLS, a company with a sole shareholder, subject to the management and coordination of International Checks Group , with a registered office in La Spezia, Via San Bartolomeo,No. 303, FC and VAT number 01472880119, Certified e-mail: email@example.com; that the contact detail of the Data Protection Officer (hereinafter, the “DPO”) is as follows: firstname.lastname@example.org and that your data will be processed in compliance with the principles of lawfulness, fairness and transparency and will be collected in an adequate and relevant extent, limited to the previously determined, explicit and legitimate purposes of the processing.
1) Purposes of the processing
The Data Controller informs you that the Data will be processed for the following purposes:
Without the need for express consent, your data will be processed for the provision of the service indicated in the offer (hereinafter, the “Service”), and this information is an integral part thereof;
Only subject to your prior specific and distinct consent (article 7 of the General Data Protection Regulation), for the following Marketing purposes:O
Sending via mail or postal service and/or text messages and/or phone contacts of any newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and on courses organized by the Data Controller.
Measurement of the customer satisfaction regarding the quality of the services offered.
Sending by mail or postal service and/or text messages and/or phone contacts, of any commercial and/or promotional communications of third parties (other International Checks Group’s companies).
2. Legal basis for the processing
The provision of your data for the purpose referred to in point 1, letter a), of this information is mandatory; therefore, in their absence, we cannot guarantee the requested Service. The provision of Data for the purposes referred to in point 1, letter b), is optional and you can therefore decide not to provide any Data for these purposes or subsequently withdraw the consent previously provided. In this latter case, we remind you that you will not receive any newsletter, commercial communication and advertising material concerning the services offered by the Data Controller. In any case, you will continue to be entitled to the Service referred to in point 1, letter a), of this information.
3. Duration of the processing and storage
The Data Controller will process the Data for the period strictly necessary for the fulfillment of the purpose, namely for the duration of the service covered by the contract, subject to renewal. Your data, provided for the purpose referred to in point 1, letter a), of this information, will in any case be stored for a further period of 10 years from the expiration of the last service performed (variable in the case of particular EU regulations and directives requiring a further retention period) in order to fulfill the legal and regulatory obligations envisaged; while the Data acquired for the aforementioned purposes referred to in point 1, letter b), will be processed until the withdrawal of your consent.
4. Method of the processing
The processing of your personal data is carried out by means of the operations indicated in article 4 no. 2 of the General Data Protection Regulation such as collection, recording, organization, structuring, storage, consultation, adaptation or alteration, retrieval, alignment, use, combination, , disclosure by transmission, dissemination or otherwise making available, limitation, erasure and destruction of the Data. The Data will be stored on electronic and paper form using the measures deemed by the Data Controller to ensure a security level of your Data appropriate to risk.
5. Dissemination of your data
The Data may be communicated to third parties or other subjects (including but not limited to: IT service providers, credit institutes, professional firms, consultants) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external Data Processors. The list of the external Data Processors specially appointed who process your data is at disposal of the Data Controller. Without the need for express consent (article 6, letters b) and c), of the General Data Protection Regulation), the Data Controller may communicate your data for the purpose referred to in point 1, letter a), as far as their respective and specific competence is concerned, to Accreditation Bodies, Certification Bodies, Ministries, Institutes and Associations and, in general, to any public or private entity with respect to which communication is mandatory by law or under a bilateral agreements for the accomplishment of the said purposes. These subjects will process the Data in their capacity as independent Data Controllers.
6. Data transfer in non-EU countries
The Data may also be communicated for the contractual purpose referred to in point 1, letter a), of this information to International Cheks Group’s companies, as well as to Accreditation Bodies and Certification Bodies located outside the European Union. Both the aforementioned companies have joined the Privacy Shield with the European Union and therefore their privacy legislation is deemed compliant with the applicable European provisions.
7. Rights of Data subject
Pursuant to articles 15-21 of the General Data Protection Regulation, you may exercise at any time the rights of access, to rectification, erasure (so-called “right to be forgotten”), restriction of processing, as well as to Data portability by sending a request to the DPO e-mail address: email@example.com.
Pursuant to article 7 of the General Data Protection Regulation, you will have the right to withdraw the consent given for the aforementioned Marketing purposes referred to in point 1, letter b), freely and at any time by sending an email to the DPO e-mail address indicated in point 7 of this information. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
The Data Controller informs you that you have the right to lodge a complaint with a Supervisory Authority at www.garanteprivacy.it.