INFORMATION NOTICE CONCERNING THE PROTECTION OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 679/2016
Issued in July 2019
Sixtus Italia Srl, as Data Controller, with its legal headquarters in Via Tourcoing, 23 - 59100 Prato, manages the processes for gathering contacts through participation at fairs and/or exhibitions in accordance with current regulations.
Sixtus Italia Srl shall operate according tothe principles of itsprofessional Code of Ethics, whilst ensuring professionalism and pursuing certified quality objectives.
1. DATA COLLECTION
1.1 Data collection may take place through requests for business cards at trade fairs, conferences or seminars or by sending a request from the website to Sixtus Italia Srl.
1.2 The sending or issuing of his business card to Sixtus Italia Srl or of his data by the person concerned represents:
- a) specific acceptance of the policy on marketing;
- b) acceptance of sending commercial communications about products;
- c) consent to receive invitations to any initiatives that can also be viewed on the Sixtus Italia Srl website or on other sites/social networking site linked to Sixtus Italia Srl.
1.3 The data collection will only involve the common data that will be processed within the limits strictly relevant to the obligations, tasks and purposes referred to in the following paragraph 2.
The person concerned is therefore asked not to provideany data that can reveal his state of health, ethnic or racial origin, religious convictions, political views, sex life and any information classified as special or sensitive data.
2. PURPOSES OF PERSONAL DATA COLLECTION AND METHODS OF PROCESSING
2.1 Personal data are collected and processed for the purpose of performing by Sixtus Italia Srl marketing activities and commercialisation of products, invitations for exhibitions and events or other;
2.2 If personal data are provided to Sixtus Italia Srl spontaneously by the person concerned, through the Website, consent must be indicated by filling out the relevant consent section;
2.3 Methods of processing, In relation to the purposes mentioned in the previous point, personal data areprocessed manually, by computer and telematically, using logicsstrictly correlated to said purposes, even through the use of fax, telephone, mobile phone, e-mail or other remote means of communication; personal data will be managed by implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk according to art. 32 GDPD.
2.4 Methods of retention
- a) All the data collected will be kept for no longer than 10 years, except where the withdrawal of consent is specifically requested (article 7, as below described).
3. NATURE OF DATA PROVISION AND CONSEQUENCES OF A REFUSAL TO CONSENT
3.1 The provision of personal data by the person concerned, for the purposes referred to in paragraph 2, is optional. However, we inform you that any failure to confer the data requested, may make it impossible for Sixtus Italia Srl to carry out the above-mentioned marketing activities.
4. DATA COMMUNICATION
4.1 For the pursuit of the afore-mentioned purposes, the personal data you provide may be communicated to public or private entities who have been appointedon behalf of Sixtus Italia Srl.
5. RECIPIENTS OF PERSONAL DATA
Your Personal Data can be shared, for the purposes mentioned in the section above, with:
a) Subjects who typically act as those responsible for treatment i.e.:
- i) persons, Sixtus Italia Srl or professional firms providing assistance and advice to Sixtus Italia Srl with particularreference to issues in accounting, administrative, legal, debt recovery, tax and financial matters as regards the provision of Services;
- ii) subjects with whom it is necessary to interact for the provision of services;
- iii) or subjects delegated to perform technical maintenance(including maintenance of the network devices and electronic communication networks);
- b) Subjects, entities or authorities to whom it is obligatory to communicate your personal data by virtue of provisions laid down by law or orders by the authorities;
- c) Persons authorised by Sixtus Italia Srl to process Personal Data necessary to carry out activities closely related to the provision of the Services, who have committed themselves to confidentiality or are under a statutory obligation of confidentiality, such as the employees of Sixtus Italia Srl;
d) Business partners for their separate and independent purposes, only if you have given a specific consent. The full list of those responsible for treatment is available by e-mailing your request to:email@example.com.
The communication will only be made following prior consent of the person concerned, which will be formalised in writing:
- By the means described in 3.2
- Alternatively, by handing over your business card voluntarily
- e) The data shall not be subject to disclosure.
6. LEGAL NATURE
Legal basis and mandatory or optional nature of treatment.
6.1 Purpose of treatment.
Personal data are processed:
A) Without yourexpress consent (art. 24 letter a), b), c) of the Privacy Code and art. 6 letter b), e) GDPR), for the following purposes:
- to finalise the contracts for the Data Controller services
- to fulfil the pre-contractual, contractual and tax obligations deriving from the existing relationships with You
- to fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for money laundering prevention)
- to exercise the rights of the Data Controller, for example the right to defense in court.
B) With your express consent:
- art.130 paragraph 1. Without prejudice to the provisions of Articles 8 and 21 of Legislative Decree No. 70 of 9th April 2003, the use of automated calling and communication systems without the intervention of an operator for sending advertising or direct marketing material or for the completion of market research or for commercial communication is permitted only with the consent of the contractor or the user. ((In any case, the terms of Article 1, paragraph 14, Law No. 5 of the 11th of January 2018 are fully maintained.))
- art. 130 paragraph 4. Without prejudice to the provisions of paragraph 1 Art.130, if the data controller uses, for direct marketing of its own products or services, the e-mail address provided by the person concerned in the context of the sale of a product or service,the consent of the person concerned may not be requested, provided that they are services similar to those being sold and the person, properly informed, does not refuse such use, initially or at the time of subsequent communications. At the time of the collection and at the time of the submission of any communication made for the purposes of this paragraph, the person concernedshall be advised of the possibility of objecting at any timefor such processing, easily and free of charge.
6.2 Methods and duration of data processing
The processing of your personal data is carried out by means of the operations indicated in Article 4 Privacy Code and Article 4 No 2 of GDPR, namely: collection, registration, storage, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, dissemination, blocking, cancellation and destruction of the data. Your personal data are processed both in paper, electronic and/or automated means. The Data Controller will processyour personal data for the time it takes to fulfil the above purposes, for a period of 10 years following termination of the relationship for the purposes of Service and given the particular usefulness of the service offered by the Data Controller; for 30 years following the data collection for technical support, copying and remaking of data, and details of previous services offered.
7. SUBJECT’S RIGHTS
Under Articles 7, 15, 16, 17, 18, 20, 21 and 22 of the EU Regulation 2016/679, the person concerned shall have the right to obtain confirmation as to whether or not personal data concerning him/her are being processed and, in that case, to obtain access to the data and the following information: the person concerned has the right to obtain an indication:
- a) of the purpose of treatment;
- b) of the categories of personal data in question;
- c) of the recipients or categories of recipients to whom personal data have been or will be disclosed, particularly if the recipients are from third countries or international organisations;
- d) whenever possible, of the expected period for which the personal data will be stored, or if that is not possible, of the criteria used to determine that period;
- e) of any available information as to their source where the personal data are not collected from the data subject;
- f) of the existence of an automated decision-making process, including profiling.
In addition, the person concerned shall have:
- a) the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her;
- b) the right to obtain from the controller the erasure ("right to oblivion") of personal data concerning him or her without undue delay;
- c) the right to obtain from the controller restriction of processing;
- d) the right to object at any time to processing of personal data concerning him or her for reasons related to its particular situation;
- e) the right to receive data concerning him or her in a structured format, commonly used and readable by automatic device;
- f) the right to withdraw his or her consent at any time;
- g) the right to lodge a complaint with a supervisory authority;
- h) the right to be informed of the appropriate safeguards if personal data are transferred to a third country or to an international organisation;
- i) the right to obtain a copy of the data being processed. In order to exercise these rights, the person concerned can contact the Data Controller at the contact points specified in the Data Controller paragraph by submitting a specific request by registered letter, fax and/or e-mail.
8. TRANSFER OF PERSONAL DATA ABROAD
In accordance with the relevant legislation, the personal data provided may be transferred for the purposes outlined in the previous section to the countries of the European Union. Sixtus Italia Srl ensures that the processing of your Personal Data by these Recipients takes place in accordance with the Regulation. Further information is available from the Data Controller.
10. CONTROLLERS AND PROCESSORS
The constantly updated list of the controllers and data processors responsible/authorised for processing personal data is kept at the registered office of the Data Controller.
11. DATA CONTROLLER
11.1 Sixtus Italia Srl, located in via Tourcoing 23, 59100 (PO) is the Controller responsible for the processing of the data referred to herein.